zlatinb / muwire

MuWire file sharing client for I2P
GNU General Public License v3.0
192 stars 26 forks source link

SPAM (bulk unsolicited private message, SCAM) received #63

Open slrslr opened 3 years ago

slrslr commented 3 years ago

Hi,

after using MuWire for more than 1 month (last build is maybe 6 days old?) i have received first SPAM private message 15 minutes ago. It was sent in bulk to 67 recipients and is a SCAM message.

(click to enlarge)

Some ideas:

zlatinb commented 3 years ago

I received the message too :(

Unfortunately there is no technical "solution" to spam; with email it took many years to get spam under control and even that is debatable. Some of the solutions that helped with email will not work at all with MuWire due to its anonymous nature, i.e. the spammer can generate infinite number of fake identities to send messages from.

Some comments on your ideas:

I guess the only silver lining is that there is little to no incentive for someone to spam MuWire users. The main motivation spammers have is money, and I would speculate that MuWire users are a very unlikely audience for profitable spamming. This spammer was probably testing if it was technically possible to spam; if there is no money to be made they will eventually stop.

Spam is a problem with search results as well, which is one of the reasons the trust functionality exists. Ultimately the best thing to do is to have a large contact list and to allow messages only from trusted contacts. But I don't want to make that setting the default because a new user will be completely unable to successfully communicate with others.

slrslr commented 3 years ago

Allow bulk message if at least one recipient has the sender in his contacts - I'm not sure exactly what you mean by this

I was assuming that the bulk message is meant to contact people you usually already know so one would assume that people you are contacting A) already have you in contacts or B) sent you a message already. Though likely it is stupid idea to and Muwire unable to verify this.

spammer can easily circumvent the enforcement if they build from source

yes, though it may limit some potential spammers who will give up upon being denied to send bulk message too often or at all due to mentioned time limits (new user+new muwire build)

What may also help is that user can write his/her blacklist, if phrase is found in the message, message gets automatically deleted.

True that user can still disable messages from unknown sources entirely. Sub-option of this "Not accept bulk messages by default" would not make sense, because user can still send unlimited single-recipient messages to users?

zlatinb commented 3 years ago

Bulk message is only one way of spamming; a determined spammer can script sending direct messages in a loop in which case any restrictions on bulk messages will be circumvented.

I think this specific spammer sent the message from the MuWire gui. This is very inefficient and will very quickly become tedious for repeated spamming. If someone were to seriously spam, they would need to build a spamming tool - and they can then bypass any limits on bulk sending.