AskLemmy temporarily closed

Bluetreefrog@lemmy.worldmod to Ask Lemmy@lemmy.world – 143 points –

We have temporarily locked posting on AskLemmy until the CSAM posting stops.

85

You are viewing a single comment

this account holder has this name on that instance

How would that help? A spam bot could just make lots of blockchain wallets.

you get all sorts of unspoofable benefits from that

what are the benefits? I struggle to come up with any benefits.

The issue that was being discussed was blocking accounts from posting if they were younger than a certain age. The blockchain has an unspoofable timestamp on its records.

I see. I'm not convinced that proving the account creation date makes much of a difference here. Obviously the instance records when you sign up, so you would only need this to protect against malicious instances. But if a spammer is manipulating their instance to allow them to spam more, you have a much bigger problem than reliably knowing their account creation date.

It's a matter of trust. A random instance can always lie and you can only determine "that was a malicious instance that was lying to me" in hindsight after it's broken that trust. Since a malicious instance-runner can spin up new instances almost as easily as creating new fake accounts you end up with a game of whack-a-mole where the malicious party can always get a few bad actions through before getting whacked. Whereas if user account creation was recorded on a blockchain you don't need to ever trust the instance in the first place. You can always know for sure that an account is X days old.

A malicious instance-runner could still spin up fresh instances and fake accounts ahead of time, but it forces them to do it X days in advance and now if they want to keep attacking they have a longer delay time on it. A community that's under attack could set the limit to 30 days, for example, and now the attacker is out of action for a full month until their next crop of fake instances is "ripe." As always with these sorts of decentralized systems there's tradeoffs and balances to be struck. The idea is to make things as hard for malicious users as possible without making it harder for the non-malicious ones in the process. Right now the cycle time for the whack-a-mole is "as fast as the attacker wants it to be" whereas with a trustworthy account age authentication layer the cycle time becomes "as slow as the target wants it to be."

Thank you for writing the explanation! I still think that this doesn't need a blockchain. Instances could broadcast user creation, so each instance could validate user age on its own (or ask other trusted instances when they first "saw" that user).

Fundamentally, blockchain solves the problem that there is no central source of trust, but in the Fediverse people necesarily trust the instance that they sign up, so a blockchain can't add much in my opinion.