Spam prevention

ricardo3 · December 11, 2018, 3:07am

End user spam prevention

When we talk about messaging there is always three different types of messages users send: public, group and private.

Private:

Tribute-to-talk would be required to message a user which does not have you in their contact list. I see it as “please, add me as contact, I pay your fee.”.
When someone sends a valid payment and other user accept payment (or we could just add automatically?) then the messages from that contact would appear in the messages list.
The smart contract we have ready accepts some captcha or some sort of challange from the receiver to be accepted, e.g. the same captcha would be shown to both users but the requester would solve it first.

github.com

status-im/contracts/blob/096-tribute-to-talk/contracts/communication/MessageTribute.sol#L60


      
           * @return fee amount of tokens
           */
          function getRequiredFee(address _from) public view 
              returns (uint256 fee) 
          {
              Fee memory f = getFee(_from, msg.sender);
              fee = f.amount;
          }
          
          /**
           * @notice Approve/Deny chat request to `_to`
           * @param _approve Approve or deny request
           * @param _waive Refund deposit or not
           * @param _secret Captcha solution
           * @param _timeLimit time limit of audience request
           * @param _requesterSignature signature of Audience requestor
           * @param _grantorSignature signature of Audience grantor
           */
          function grantAudience(
              bool _approve,
              bool _waive,

Group:

Spam in group chats can be easily mitigated if administrator removes them. But the Spam feature can actually be used to spam against users by joining them in groups.
Tribute-to-talk can prevent it as it would do for private messaging, and the group invitation would be considered a private message.
We could discuss how to make the moderation of group chats a democratic process based on any type of token. It’s possible to create “Public Private Groups”, where joining requires the payment to the democracy (or a single individual).

Public:

Spam in chats can be prevented with a visibility stake, which user needs to lock some amount of SNT for some time to users/nodes consider the message valid. A moderation using democracy could be implemented to slash deposit of “bad behavior, such as scammers”, but is not necessary.
Would be possible to allow PoW messages without stake. The PoW should be accounting for the message size, so big messages would require a bigger PoW.

This preventions are “end user”, however status-nodes should not relay invalid messages, and delete messages as they become invalid (user removed deposit)

Transport layer incentivize

This ideas can work together with a incentivize on the transport layer, as

which prevents spam in a lower level and provide incentives in the protocol that would guarantee the availability and continuity of the decentralized service.

I see that all this ideas together would provide a very robust spam protection, better then competitor’s solutions, and accidentally provide income to famous people that use Status…

rachel · December 11, 2018, 4:19pm

On the topic of the smart contract we already have… I think the Tribute to Talk swarm should take prior work on TtT into account during research, but define specs for the feature independent of previous designs.

It’s possible that the smart contract may require changes, and I could definitely use a refresher on how it works and the features it supports.

Is this documentation still relevant @ricardo3? Would you or @rramos like to take part in this swarm?

ricardo3 · December 12, 2018, 12:33pm

Good point, that should be used, would be nice if someone share the links of those UI design as they are now owned by slack.
@rramos should join the swarm because of his expertise on whisper communication, which is used on TtT.

Regarding the concept of current TtT implementation:

Status Chat would be configured to accept or auto reject message from non contacts. TtT acceptance would make user add unknown user on contacts and accept receive messages.
The agreement is done offchain, and the smart contract is only used to settle the agreement. The agreement process is handled automatically by the client in backgroud.

Bob set TtT fee and listen to TtT contract (blockchain)
Alice is an unknown user to Bob, so it sends a payment signature,
Bob validates and answers with a acceptance signature.
Alice submit to TtT contract her payment signature and Bob acceptance signature.
Bob receives event of TtT and start accepting messages from Alice

Another flow for TtT would be blocking

Alice don’t likes what Bob said and set an arbitrary value TtT for Bob by sending transaction to contract
Bob notice the block by event
Bob feels Alice is important and sends the signature of payment
Alice verify payment signature and sends an acceptance signature
Bob submit to contract both signatures
Alice receives event from contract and accept Bob message

ricardo3 · December 12, 2018, 12:36pm

There is an optional captcha solution that will be studied, which I think the correct way is payment sender should also solve a puzzle (as captcha) sent by payment receiver,

This also could be used the other way, but I think the captcha should be an alternative to accepting free tribute to talk with no spam risk.

ricardo3 · December 12, 2018, 1:57pm

I did a version of the TtT contract which autoaccept the Tribute-to-talk:

github.com

status-im/contracts/blob/096-tribute-to-talk-autoaccept/contracts/communication/MessageTribute.sol

pragma solidity >=0.5.0 <0.6.0;

import "../token/ERC20Token.sol";


/**
 * @title MessageTribute
 * @author Richard Ramos (Status Research & Development GmbH) 
 *         Ricardo Guilherme Schmidt (Status Research & Development GmbH)
 * @dev Inspired by one of Satoshi Nakamoto’s original suggested use cases for Bitcoin, 
        we will be introducing an economics-based anti-spam filter, in our case for 
        receiving messages and “cold” contact requests from users.
        token is deposited, and transferred from stakeholders to recipients upon receiving 
        a reply from the recipient.
 */
contract MessageTribute  {

    event AudienceGranted(address indexed from, address to);

    mapping(address => mapping(address => uint256)) public feeCatalog;

This file has been truncated. show original

In this version the flow is:

Bob set TtT fee and listen to TtT contract (blockchain)
Alice is an unknown user to Bob, so it sends a payment to TtT contract
Bob hears the event and start accepting Alice messages

When blocking:

Alice don’t likes what Bob said and set an arbitrary value TtT for Bob
Bob reads the event and see it got blocked,
Bob pays the tribute to talk
Alice see events and start accepting messages

Should be possible to bypass the TtT if both users add each other in contact list, so they accept messages without needing to pay TtT.

rramos · December 12, 2018, 2:00pm

I’m happy to help on this swarm.

Documentation is obsolete in regards to the latest changes introduced by @ricardo3, which simplifies the logic of the contract. ~~Will be updated today.~~

Edit: updated documentation for auto-accept-tribute version of the contracts - https://github.com/status-im/contracts/blob/096-tribute-to-talk-autoaccept/TributeToTalk.md

rachel · December 13, 2018, 10:10am

Thanks so much @rramos. FYI @yenda and @vitaliy—I think as an output of the TtT research phase, we should have a list of user stories that the current contract supports, as well as any constraints or shortcomings. I can help with this but would be great to have you both review the contract against MVP user stories.

ricardo3 · December 19, 2018, 5:39pm

Tribute to talk discussion also happening here MVP 1 Tribute to Talk · Issue #7121 · status-im/status-mobile · GitHub

The auto accept of fee is being considered because the reply can be easily automated, it brings additional final user steps and additional complexity for a unconventional use-case, as we expect all users to accept the tributes to talk because they are incentivized to.
Also accepting or not user would have to dismiss the message anyway, so accepting it automatically makes more sense, as the dismiss would be also just deleting the user again.

In talk we decided to first try using the smart contract only as “value setting”, and try use a normal transfer. This is interesting because it gives a bit more privacy to this process, as they are not obviously revealing the purpose of Tribute to Talk, and uses less gas.

For blocking/resseting tribute to talk a specific user would be by auto reply message requesting payment would be given, and all messages are deleted/filtered until not (re)paid.

A default fee is shown necessary to automatically protect users from spam.

The designs need to be updated to reflect those changes.