Comments (3)
From @alfhg on May 10, 2018 21:56
Re captcha should be required to prove being a human. Each time when someone adds new member, both parties must complete re captcha. This way it's more costly and slower to add fake members. (But someone can still spend all day creating fake connections, and there will be incentive for it if there is UBI)
from brightid-node.
C. Adam Stallard, [28.09.18 21:40]
Also, what I said above
C. Adam Stallard, [28.09.18 21:41]
I think that'd make it really hard to spam us with thousands of connections per second.
C. Adam Stallard, [28.09.18 21:43]
thousands a day for sure, but not enough to bring down the network so its unresponsive, just enough to add a bunch of garbage to the graph. I fully expect 10% of the graph to be people doing garbage stuff like this. We could also find ways to automatically clean it.
C. Adam Stallard, [28.09.18 21:49]
I also think that if a node isn't experiencing high load, it could let two new users connect to each other. We only need to enforce that restriction if the load starts to get high.
C. Adam Stallard, [28.09.18 21:50]
And then IP addresses that are sending the low quality requests would get automatically blacklisted or throttled.
C. Adam Stallard, [28.09.18 21:50]
That should wear down a DDOS attack quickly
Titusz, [28.09.18 21:51]
new request could come in from peer nodes...
C. Adam Stallard, [28.09.18 21:51]
Sure, but each node would be equipped with the same defenses
C. Adam Stallard, [28.09.18 21:55]
I guess if there's a malicious peer node doing the spamming, that peer node could also be blacklisted
C. Adam Stallard, [28.09.18 21:56]
"good" nodes would know not to forward that many low quality requests to other nodes, so they wouldn't risk being blacklisted
from brightid-node.
Re captcha should be required to prove being a human. Each time when someone adds new member, both parties must complete re captcha. This way it's more costly and slower to add fake members. (But someone can still spend all day creating fake connections, and there will be incentive for it if there is UBI)
I have worked with anti-captcha services before. Their service cost $0.002 for solving each google recaptcha.
https://anti-captcha.com/
Also it's not good approach to rely on centralized services.
from brightid-node.
Related Issues (20)
- Use a single secret key for the node configuration
- Linking a contextId that's too long makes `signed=eth` unusable for other contextIds HOT 1
- redesign channel limits of profile service HOT 1
- get app generated ids in different expiration periods
- a bug in the consensus service
- remove constant parts of the wISchnorrPublic from GET /state
- support linking with Ethereum-signed messages for the soulbound apps
- limit the number of operations that every user/app should be able to send in a duration
- there is an issue in the "recovery connections" tests
- don't send duplicate sponsor operations
- [DRAFT] Change channel expiration behaviour HOT 2
- add appsOperationsLimit
- automate app registry HOT 3
- Sponsoring by contract should be able to accept both "HTTP" and "WS" PRC endpoints
- Adopt signature linking to v6
- Backend for recovery by seed phrase
- Stop calculating a verification per user for each app/expression in scorer
- Use incremental backup/restore for snapshots
- Remove other signing keys after social recovery
- Simplify Sponsoring
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brightid-node.