Carlos on Nostr: TLDR: Spammers will only actually spam with PoW if it makes economic sense. This ...
TLDR: Spammers will only actually spam with PoW if it makes economic sense. This means PoW mining has a price at which it is profitable, which means there will be miners specializing in selling event hashrate at the cheapest price. This is great news for mobile clients, who can tap into that and simply buy PoW if they so desire. If spammer GPU miners make hashrate cheap for spammers, they will also make it cheap for honest users. The spammers are at a disadvantage though, as a sustained attack means continuous costs. For honest users, worst case this means a one-time cost (post as anon during spam attack, see below).
---
A dynamically adjusted PoW requirement by relays is IMO an easy and cheap way to reduce spam:
- A sustained spam attack on one relay is impractical. To keep the spam going = spammers have to keep burning lots of energy continuously.
- A sustained spam attack on multiple relays is extremely impractical, as every relay can have its own "PoW gateway" even for the same event (see AUTH example below).
At best, spammers might venture for short bursts of spam, affecting a few relays for short periods of time.
Most clients won't even be affected during a spam attack. If they only read, they see no difference. If they want to post, they only see a difference if they post
1) at the time of the attack,
2) to a relay that is under attack,
3) have no history or subscription to that relay (see below), and
4) do not wish to buy even moderate amounts of PoW.
Worst case, they can simply wait a bit and post a few seconds later. Or buy some PoW and post now.
Relays can use PoW in a bunch of ways that make life harder for spammers while sparing real users, like for example:
- plain PoW for every new event: dynamically adjust up or down based on server load (spammers must mine now or stop spamming; honest users can simply post later, when PoW threshold is lower)
- plain PoW for every session: same as above, but only ask for PoW in the AUTH event, which is once per session. Authenticated users can have fair-use or common-sense rate limiting, like max 1 event per second per session. If spammers want to go faster than that, they'd have to re-AUTH, so mine again.
- plain PoW for AUTH for anons, no PoW (or lower) for subscribed paying members: Paid accounts have their npubs whitelisted from PoW requirements. The higher the subscription level, the higher the chance they're not spammers, so the bigger the PoW discount can be. This adds another incentive for paid subscriptions to relays.
- plain PoW for new events from new keys: Combination of the above, where strictest POW requirement apply only to new events from fresh keys with no previous activity.
What affects spammers for 100% of their activity, and reduces their attack to short bursts -- benefits the honest users 100% of their time, and reduces their inconvenience to short bursts, if at all.
---
A dynamically adjusted PoW requirement by relays is IMO an easy and cheap way to reduce spam:
- A sustained spam attack on one relay is impractical. To keep the spam going = spammers have to keep burning lots of energy continuously.
- A sustained spam attack on multiple relays is extremely impractical, as every relay can have its own "PoW gateway" even for the same event (see AUTH example below).
At best, spammers might venture for short bursts of spam, affecting a few relays for short periods of time.
Most clients won't even be affected during a spam attack. If they only read, they see no difference. If they want to post, they only see a difference if they post
1) at the time of the attack,
2) to a relay that is under attack,
3) have no history or subscription to that relay (see below), and
4) do not wish to buy even moderate amounts of PoW.
Worst case, they can simply wait a bit and post a few seconds later. Or buy some PoW and post now.
Relays can use PoW in a bunch of ways that make life harder for spammers while sparing real users, like for example:
- plain PoW for every new event: dynamically adjust up or down based on server load (spammers must mine now or stop spamming; honest users can simply post later, when PoW threshold is lower)
- plain PoW for every session: same as above, but only ask for PoW in the AUTH event, which is once per session. Authenticated users can have fair-use or common-sense rate limiting, like max 1 event per second per session. If spammers want to go faster than that, they'd have to re-AUTH, so mine again.
- plain PoW for AUTH for anons, no PoW (or lower) for subscribed paying members: Paid accounts have their npubs whitelisted from PoW requirements. The higher the subscription level, the higher the chance they're not spammers, so the bigger the PoW discount can be. This adds another incentive for paid subscriptions to relays.
- plain PoW for new events from new keys: Combination of the above, where strictest POW requirement apply only to new events from fresh keys with no previous activity.
What affects spammers for 100% of their activity, and reduces their attack to short bursts -- benefits the honest users 100% of their time, and reduces their inconvenience to short bursts, if at all.