TryQuiet / quiet

A private, p2p alternative to Slack and Discord built on Tor & IPFS
https://www.tryquiet.org
GNU General Public License v3.0
1.98k stars 87 forks source link

Add some basic rate limiting. #42

Open holmesworcester opened 2 years ago

holmesworcester commented 2 years ago

We want to prevent someone from making the app unusable just by sending too many messages.

I've asked orbitdb folks, but it's not clear how to do this and it might be tricky, given the incompatibility of CRDTs with limits based on time and absolute limits.

Some ideas:

  1. limit the total number of messages a single user can add to a DB to something reasonable, and cycle through DBs for channels daily or weekly. (This relates to an idea for how we'd do timed deletion.)
  2. Declare messages from a given user invalid after a certain point.
  3. Define a set of rate limits and make passing them grounds for removal from the community. (This assumes that removal is complete.) If necessary, like if the rate limited thing isn't just entries in the orbitdb, let any "witness" user post a proof of bad behavior to the orbitdb which will trigger removal by other users.

Of these, I think 3 is the best. We don't have to worry about consistency; we just ensure removal.

holmesworcester commented 2 years ago

I don't think this is actually done, just based on looking at the change here. What was changed?