Plebbit pubsub spam resistance proof of concept

[estebanabaroa]

Plebbit is a theoretical design for a Reddit alternative built partly using IPFS' experimental pubsub feature. View the whitepaper.

One of the design that needs to be tested is how big can the pubsub network scale, and how much spam resistance does the captcha service over pubsub provides.

Multiple scenarios should be tested:

1. How much time does it take on average to complete a full captcha challenge request-answer-validation exchange.
2. What is the maximum amount of posts per minute that can be published without breaking.
3. Can the captcha service successfully prevent attackers from spamming captcha challenge requests.
4. Can the captcha service successfully prevent attackers from spamming captcha challenge answers that are incorrect.

Deliverables

The "captcha puzzle" doesn't need to be implemented, the captcha challenges and answers should be simulated for the experiment. The captcha answers validation and blocking of peers who submit too many incorrect captcha answers (or too many captcha challenge requests without answers) should be implemented. This might require forking the IPFS go client to add the functionality of blocking a pubsub peer. It might be possible without forking using IPFS swarm filter.

The experiments should be done using at least 3 nodes on 3 servers: A subplebbit owner's node running the simulated captcha service, one (or more) well behaving nodes publishing posts, and one spammer node trying to break the pubsub.

A video running the experiments and explaining the conclusion should be uploaded to Youtube so that we don't have to set it up and run it ourselves. Each iteration will require uploading a new video until the work is approved.

Everything should be written in Node.js/Javascript or Typescript, using the IPFS go CLI client, and preferably/optionally using Docker (though Docker can sometimes cause P2P problems with IPFS).

Submit PRs to this repo inside this folder /proof-of-concepts/pubsub-spam-resistance

For more in depth explanation of the task contact me on telegram @estebanabaroa or discord estebanabaroa#2853

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 0.5 ETH (2031.79 USD @ $4063.58/ETH) attached to it as part of the Plebbit fund.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin's Discord
  • $6,720,451.85 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Workers have applied to start work.

These users each claimed they can complete the work by 264 years, 11 months from now. Please review their action plans below:

1) fluksurasak has applied to start work _(Funders only: approve worker | reject worker)_.

0x8D5f16308EF34FE8199527315bAfec3edDD08437

Learn more on the Gitcoin Issue Details page.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Workers have applied to start work.

These users each claimed they can complete the work by 264 years, 6 months from now. Please review their action plans below:

1) josef9292 has applied to start work _(Funders only: approve worker | reject worker)_.

I have no questions, everthing is clear! 2) joejoe135791 has applied to start work _(Funders only: approve worker | reject worker)_.

The directions are pretty straightforward. I can beta test the code to ensure that it works 3) janitachalam has applied to start work _(Funders only: approve worker | reject worker)_.

I will ensure that the experiment will test both the scalability of the pubsub captcha system as well as spam resistance 4) benkrueger has applied to start work _(Funders only: approve worker | reject worker)_.

I have professional experience with node and react, know how to setup dockerized test services, and have experience with distributed systems and web services. I have never done anything with IPFS but I am familliar with it and the plebbit project.

Learn more on the Gitcoin Issue Details page.

[yeehi]

Plebbit plans to use CAPTCHAs to prevent spam. Here are some examples of CAPTCHAs and also some links to discussion relating to why CAPTCHAs have been a problem:

@LoudLemur

Human Presence (proprietary) https://www.humanpresence.io/

Visual Captcha (abandoned, i think) https://visualcaptcha.net/demo/#

Captchas.net (good candidate?) http://captchas.net/

FriendlyCaptcha https://friendlycaptcha.com/

SecurImage https://www.phpcaptcha.org/

Hcaptcha https://www.hcaptcha.com/#plans

svgCAPTCHA (from MIT) https://openbase.com/js/svg-captcha

hCaptcha https://www.hcaptcha.com/

Problems: https://github.com/google/recaptcha/issues/296

Why CAPTCHAs are considered harmful: https://ezinearticles.com/?Captchas-Considered-Harmful---Why-Captchas-Are-Bad-And-How-You-Can-Do-Better&id=1104207

W3 https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts