[hashcash] centralization and the effect of the "abuse system"
- From: Adam Megacz <megacz@xxxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Mon, 24 Jul 2006 15:26:57 -0700
One last thing to add on a more philosophical/big-picture level:
I personally am not very interested in a system that uses
"reputations", shared blacklists/brownlists, etc. The beauty of
proof-of-work is that aside from the protocol specification, it is
100% purely decentralized. If you're willing to accept some sort of
centralized authority or repository you might as well use a mature
system like Vipul, DCC, or even [shudder] SpamCop/DNSRBLs.
I was on the wrong end of a lot of abuse complaints during the
beta-testing phase of my C/R system. From this I learned that the
spam problem is causing much more serious harm than simply filling up
peoples' inboxes: it's forcing the network operators to form what
essentially amounts to an arbitration/judicial/law-enforcement system
authorized to punish people not just for the *volume of packets* they
send (ie a [D]DoS attack), but for the *content* and *context* of
those packets.
This is becoming extremely dangerous to innovators: it's getting near
the point where if what you do is too different from what the average
user does, you're going to get hassled a lot by the "abuse framework".
You'll have a harder time getting top-tier hosting (I almost got
kicked out of MAE West). SpamCop in particular has generated an
immensely contorted "legal code" specifying what you are and aren't
allowed to do with the SMTP protocol, and it's choking off any sort of
innovation that involves automation combined with SMTP.
A decentralized system for combatting spam would steal a lot of the
momentum behind the development of this sort of ossifying
superstructure. Hopefully it could keep things in the state where the
abuse system is reserved for:
a) abusive *quantity* of packets / flooding
b) things that would be illegal even via "snail mail" (extortion,
child pornography, fraud, etc).
When the network-operator-managed abuse system goes beyond those two
jurisdictions it worries me a lot -- the people who run this system
are rarely aware of emerging technologies and how to handle them.
- a
Other related posts:
