Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is a fine line to walk. However, I think one easy not filtering solution might be to sell a cryptographic solution on the open market for a price high enough that it would be infeasible to fake that. Think of it like X's premium feature but with no credit card involved. Imagine going to Target or Best Buy, smacking down a hundred dollar bill, and getting your "trusted human level $100" token. You could then use the thing to register an anonymous account anywhere you like, and the price(s) of your token(s) could even be public (in case someone did decide to pay a high price for tons of fake bot accounts, you could potentially detect it). You would have to still prevent the thing from being linked to your real identity, but that should be doable. It would also be possible for these accounts to vouch for each other. So, you know, you get some web-of-trust type of fuzzy feeling about various accounts.

Now that I think of it, maybe this can be done with TLS certs, although I don't know any CA that can take anonymous payment.



That works for the half of it, which blocks people from massing many accounts. Other part is flow control, limit posts to X per unit time e.g. every 5 minutes. That second part is key because we need to be operating under the assumption that said "token account" still has a clever programmer controlling it with selenium / bot. But if we have $100 / 100 posts/day on social media for 1 year or similar, that's now significantly limiting the power of any party to mass advertise. Of course those numbers would need to be tweaked, limits optimized, and then still one worries about state actors and deep pockets.


> That works for the half of it, which blocks people from massing many accounts.

No it doesn't, unless you're going to somehow limit the # of "tokens" per human, which seems to me to be impossible if the goal here is anonynimity.

> then still one worries about state actors and deep pockets.

You and OP seem to assume that driving the cost up will scale the cost of an attack at the same rate - it won't. These actors will just commit more crimes in order to acquire more "tokens" - either phishing/hacking them, or stealing from distributors, or...

At the same time, you'll be making it difficult/impossible for poor people to access the Internet freely, further widening income and class inequality both on the Internet and likely in reality too.

"Buy an NFT to access the Internet anonymously" is a terrible idea in every conceivable way.


>No it doesn't, unless you're going to somehow limit the # of "tokens" per human, which seems to me to be impossible if the goal here is anonynimity.

The intent is not to limit the number of tokens per human. The intent is to establish confidence that an account is real by allowing tokens to be associated with it. Additionally, the system would do well to have a database of all accounts associated with a single token. If someone wants to have 10 accounts with 10 separate tokens, that is fine. At least you know it's probably not a bot farm running thousands of fake accounts, because nobody could afford it.

>You and OP seem to assume that driving the cost up will scale the cost of an attack at the same rate - it won't. These actors will just commit more crimes in order to acquire more "tokens" - either phishing/hacking them, or stealing from distributors, or...

Increasing cost does limit the scale of attacks. You might as well be saying that the high price of drugs is not a limit to the scale of drug abuse because people will steal them lol. Committing more crimes is not free of cost. It requires time, opportunity, and expertise. I think a system like I have described can be used to track the tokens and prevent abuse, while allowing people to obtain them anonymously. Every crime committed adds a trail of evidence that can be used to uncover abuse.

>At the same time, you'll be making it difficult/impossible for poor people to access the Internet freely, further widening income and class inequality both on the Internet and likely in reality too.

No, that is all BS. All this means is that they may have to pay more to be anonymous. People of all social classes already have to pay more for guaranteed anonymity, whether it be through buying additional devices, VPN subscriptions, or travel costs as they go to Internet cafes. If you are poor, you still have the option of being less anonymous. We're talking about being provably anonymous here and instilling confidence in one being a real person here, which is a distinctly different problem from being online in general.


> You might as well be saying that the high price of drugs is not a limit to the scale of drug abuse because people will steal them lol

...I can't even respond to this.

> system like I have described can be used to track the tokens and prevent abuse, while allowing people to obtain them anonymously.

How do you track the tokens to prevent abuse while ensuring anonymity?


>...I can't even respond to this.

OK it's not a great example but what you wrote is an example of arguing that exceptional cases dominate the whole situation. Like "It's stupid to lock your door because a criminal can just break your door/wall to get in."

>How do you track the tokens to prevent abuse while ensuring anonymity?

The same company that sells the tokens can cooperate with any client that uses them to validate accounts to maintain a database of where the tokens are used and how many times they are used. That would allow you to disconnect accounts from each other as much as you like, but you could not register 100 accounts with a single token without raising some eyebrows. It would be on you to not connect the token to your real identity, if you don't want to be identified by that token.


I don't have $100 to spare, so I guess I won't be able to be anonymous?


I suppose it can be dependent on the platform. For example, any given platform can provide options to ignore anonymous users who lack a certain level of verification. So, you can either trust the platform with your real identity (and hide it), or else you can pay to be truly anonymous. This could get ridiculous with higher and higher prices but it's on us to resist anything too unreasonable in that situation.


I really don't think injecting even more wealth inequality to privacy and freedom on the Internet is a great idea.

Not to mention that this would do nothing to stop the problem of bots, as bad actors will simply do what they do now and buy/hack verified accounts.


The idea is to discourage botnets by increasing the cost of building a botnet. It is about as good of an idea as you're going to find. Of course there would be other ways but this is more effective than captchas, and lets you decide how important it is to you to prove that you are a human or how important it is to you that you are only dealing with humans.

You could make a system like this based on IRL contacts but that would potentially compromise your privacy even more. It's also easier to exploit in some ways than a simple payment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: