[Pmwiki-users] Hashcash ... an interesting idea for preventingspan

Fri Dec 3 07:10:29 CST 2004

I agree with Nathan in that hashcash and captcha (sp?) are computational 
resource deterrents to massive single-source activities.

<discussion about effectiveness>
For hashcash, the amount of deterrent is on the order of the size of the 
activity space.   For instance, spammers sending millions of messages would 
incur a great total computational cost with hashcash, but bots roaming 
across a hundred wikis might not be deterred by a few extra CPU cycles.  
Therefore, this is great for spammers whose activity space is large.

Captcha's are a bit harder, because the claim is that given the present art 
of computer science, only humans can discern the letters/numbers within the 
images.  I've seen a few of these, and note that many involve criss-cross 
lines and other obvious artifacts.  IMHO, it is only a matter of time before 
computational geometry and image recognition are able to overcome these 
limitations.  When they do, there is still computational cost associated 
with it, and thus protection from captchas reduces to the same effect as 
hashcash.
</discussion about effectiveness>

Captchas and hashcash are generally unable to prevent wiki vandalism because 
there is no element of authentication involved.  Anyone can read a captcha 
and anyone can compute a hashcash suffix.  Therefore, these are IMHO useless 
to address vandalism.

The other respondents' points are valid.  What you need is a distributed 
authentication and approval system for edits.  This can take many forms, as 
mentioned (e-mail and RSS notifications that allow quick roll-back, which is 
a kind of "veto" power and is, in essence, authentication; also the 
"slashdot" moderated variation with a single approver of all changes).  
Warning: cookies as authentication are not a good idea, because they can be 
captured and shared.

One other option is quorum approval - a threshold of approvers must accept 
an edit.  A researched technique is group key cryptography, in which a 
majority of principals must all agree on something for it to be approved 
("signed," specifically).  For Wiki, this can be a simple case of an 
approver list, any one of the approvers can approve an edit.  In essence, 
multiple moderators become possible.

I wanted to point out the problems with hashcash as some kind of 
authentication method.  That said, thanks to the initial poster for bringing 
this to my attention; I have not heard of it, and it sounds like a useful 
technique in certain cases.  For instance, the world would be a better place 
if  Microsoft required it on all RPC services to stop the rapid spread of 
worms.

Russ