this post was submitted on 17 Apr 2024
929 points (96.0% liked)

Technology

60086 readers
2209 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 8 months ago (1 children)

An artificial delay should discourage flood attacks.

You didn't explain how. It doesn't matter to wait a little bit. It's not like they're using only one connection and one account.

It's also not clear to me how waiting longer suddenly charged how easy it is to detect bots.

[–] [email protected] 0 points 8 months ago (1 children)

Well, you have to limit the number of accounts they can possibly have by whatever method possible, either by charging per account or some sort of proof of work or phone number verification or something that limits the amount of accounts that they can have. Once you have done that, what you need to do is cost them something such as how proof of work costs computing resources. If it takes 10 seconds to post a tweet, then sending out 1 million tweets takes 1 million times 10 seconds or 10 million seconds, or 166,666 minutes or 2777 hours or 115.7 days And that's all from a 10 second Proof of work requirement. For a regular user, that's not a problem. For a spammer, that's a huge problem.

[–] [email protected] 1 points 8 months ago

What your talking about is rate limiting. And pretty much every social media already does that. The issue with adding requirements like phone number etc, is that it also makes it more difficult and annoying for regular users. Besides, bot account owners litteraly have large amounts of fake valid mobile phone numbers they can use to "verify" their bot accounts. Then they also use change their ip addresses, so rate limiting can't be enforced. Instagram also has a massive bot issue, but its just an endless amount of bot accounts, not just one that is spamming all over the place.

Adding a fake 10 second delay would stop absolutely nothing and make the experience even worse for regular users.