"Network full" error

[purplesyringa]

Hello. I tried to register the second username today and got a "Network full, please try again later." error. I asked people at ZeroTalk and someone told me they got the same error when they tried registering after 8chan collapse. So it looks like "Network full" means that, uh, ZeroID network is full. If I guessed correctly, can we increased that limit or remove it completely? This might and will cause problems in future. If not, what is the reason and can I fix it locally somehow?

I'm using Tor Browser if that matters, by the way.

[HelloZeroNet]

The registrations are IP limited, so probably someone has already registered an ID from your exit node IP address recently.

[HelloZeroNet]

I have added some changes to try to avoid automated id request and did a reset to the filter, so it should work now.

[purplesyringa]

The registrations are IP limited, so probably someone has already registered an ID from your exit node IP address recently.

Hm, I used to get "Please try again later" error before when I tried to register several usernames from a single IP (without Tor). But I never got "Network full, please try again later" error, so I think it's not related to a single IP rate limit, it might be per-subnet limit (e.g. /24) or something. Could you please explain in what cases I can get "Network full" error?

Also, according to this ZeroTalk thread, ZeroID can sometimes respond with Python errors. However, the ZeroID backend in this repository is written in PHP and there's no Python code here, and it's also slightly outdated (there is no ratelimit.php here, which I asked about at least a year ago). ZeroID is not open-source anymore, and it's difficult to debug what's going on if you don't have access to source code. Could you please release the latest backend or at least explain why you don't want to do that?

[HelloZeroNet]

Network full error is displayed if more than 30 request were made within a hour.

Looks like someone is try to create large amount of ZeroID registrations. I just did same more changes to try to detect these registrations.

The ratelimit.php is not published on purpose: it's easier to trick the system if you know the exact rules.

[purplesyringa]

The ratelimit.php is not published on purpose: it's easier to trick the system if you know the exact rules.

Ok, I get it now. Thanks for explaining the reason. I'm closing the issue.

[purplesyringa]

Thinking more about it, having a global limit means that anyone can paralyze the network just be registering 30 ids. Isn't that a major flaw?

[purplesyringa]

@HelloZeroNet ?

[HelloZeroNet]

Yeah, it's not the best solution, but there has to be some kind of limit on the registrations.

[purplesyringa]

Why though? Just let people register however many accounts they want to. If ZeroNet doesn't provide inbuilt anonymity support, registering several ZeroIDs is a good solution (though it's kinda hacky). Also, if there was some spam it means that it can be repeated in the future, so the network might get paralyzed. If we remove the limit, there won't be such a problem. Am I missing some issues?

[HelloZeroNet]

The account creation is limited to have some possibility to fight against spam. It's still pretty easy to create large amount of accounts this way, but I have not found any better solution.

[purplesyringa]

Hm, could we use captchas too? That should lower the speed of fake account creating.

[purplesyringa]

Is ZeroID DoSed?

inb4: that's not me.