[Pmwiki-users] Hashcash ... an interesting idea for preventingspan
Fri Dec 3 07:10:29 CST 2004
I agree with Nathan in that hashcash and captcha (sp?) are computational
resource deterrents to massive single-source activities.
<discussion about effectiveness>
For hashcash, the amount of deterrent is on the order of the size of the
activity space. For instance, spammers sending millions of messages would
incur a great total computational cost with hashcash, but bots roaming
across a hundred wikis might not be deterred by a few extra CPU cycles.
Therefore, this is great for spammers whose activity space is large.
Captcha's are a bit harder, because the claim is that given the present art
of computer science, only humans can discern the letters/numbers within the
images. I've seen a few of these, and note that many involve criss-cross
lines and other obvious artifacts. IMHO, it is only a matter of time before
computational geometry and image recognition are able to overcome these
limitations. When they do, there is still computational cost associated
with it, and thus protection from captchas reduces to the same effect as
</discussion about effectiveness>
Captchas and hashcash are generally unable to prevent wiki vandalism because
there is no element of authentication involved. Anyone can read a captcha
and anyone can compute a hashcash suffix. Therefore, these are IMHO useless
to address vandalism.
The other respondents' points are valid. What you need is a distributed
authentication and approval system for edits. This can take many forms, as
mentioned (e-mail and RSS notifications that allow quick roll-back, which is
a kind of "veto" power and is, in essence, authentication; also the
"slashdot" moderated variation with a single approver of all changes).
Warning: cookies as authentication are not a good idea, because they can be
captured and shared.
One other option is quorum approval - a threshold of approvers must accept
an edit. A researched technique is group key cryptography, in which a
majority of principals must all agree on something for it to be approved
("signed," specifically). For Wiki, this can be a simple case of an
approver list, any one of the approvers can approve an edit. In essence,
multiple moderators become possible.
I wanted to point out the problems with hashcash as some kind of
authentication method. That said, thanks to the initial poster for bringing
this to my attention; I have not heard of it, and it sounds like a useful
technique in certain cases. For instance, the world would be a better place
if Microsoft required it on all RPC services to stop the rapid spread of
More information about the pmwiki-users