this post was submitted on 19 Jul 2024
450 points (99.3% liked)
Technology
59174 readers
3285 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Ditching CAPTCHA systems because they don't work any more is kind of obvious. I'm more interested on what to replace them with; as in, what to use to prevent access of bots to a given resource and/or functionality.
In some cases we could use human connections to do that for us; that's basically what db0's Fediseer does, by creating a chain of groups of users (instances) guaranteeing each other.
What prevents the adversaries from guafanteeing their bots that then guarantee more bots?
The chain of trust being formed. If some adversary does slip past the radar, and gets guaranteed, once you revoke their access you're revoking the access of everyone else guaranteed by that person, by their guarantees, by their guarantees' guarantees, etc. recursively.
For example. Let's say that Alice is confirmed human (as you need to start somewhere, right?). Alice guarantees Bob and Charlie, saying "they're humans, let them in!". Bob is a good user and guarantees Dan and Ed. Now all five have access to the resource.
But let's say that Charlie is an adversary. She uses the system to guarantee a bunch of bots. And you detect bots in your network. They all backtrack to Charlie; so once you revoke access to Charlie, everyone else that she guaranteed loses access to the network. And their guarantees, etc. recursively.
If Charlie happened to also recruit a human, like Fran, Fran will also get orphaned like the bots. However Fran can simply ask someone else to be her guarantee.
[I'll edit this comment with a picture illustrating the process.]
EDIT: shitty infographic, behold!
Note that the Fediseer works in a simpler way, as each instance can only guarantee another instance (in this example I'm allowing multiple people to be guaranteed by the same person). However, the underlying reasoning is the same.
Thanks fpr the explanation.
You're welcome.
Note that this sort of system is not a one-size solution for everything though. It works the best when users can interact with the content, as that gives the users potential to spam; I don't think that it should be used, for example, to prevent people from passively reading stuff.