[Pmwiki-users] Hashcash ... an interesting idea for preventing span

John Feezell JohnFeezell
Thu Dec 2 22:08:56 CST 2004 

On Fri, 3 Dec 2004 14:18:18 +1100, Nathan Jones <pmwiki at optimo.com.au>  
wrote:

> John Feezell wrote:
>> <http://www.hashcash.org/>
>>
>> I'm wondering about the possibility of combining a small swf file
>> (estimates are that about 98% of browsers can handle this
>> type of file without any additional download) with the
>> hashcash concept and relating them to the edit process in PmWiki.
>
> How are you expecting it to work, or rather, what do you expect it should
> do? Prevent a machine/bot from editing pages? Make it difficult for
> people (but only naughty people) to edit pages?

Well, I would hope that it would be possible to address both the  
machine/bot
and naughty people editing issues.  However, I'm not sure that I have  
enough
knowledge to answer your question about machine/bot since I don't have a  
clear
understanding about how a machine/bot edits a page.  I'm assuming that
there is a program that runs a script that interacts via http with a
site using "typical" edit procedures.  This may be way off base.  However,
if this is somewhat close to reality, then the introduction of a required
manual action should act as a deterrent.  Additionally, as I understand
the concept of the hashcash, the required calculation of the hash adds
a burden and "time" constraint to the spamming process that is expensive
for the machine/bot.

In simple terms what I could see for the machine/bot issue is the  
following.
A function in PmWiki computes a hashcash using the date and some key
"string" that would perhaps include the ip of the machine requesting to
edit a page.  This becomes a "stamp" that the person receiving would need
to "cancel," i.e., validate before sending the page back to PmWiki for
processing.  My idea then was to create a small Flash (swf) file that
would become part of the PmWiki edit page.  The swf file would be used
to submit the page back to PmWiki for processing.  That file would
return the "validated" stamp. (It could calculate the return hashcash.)
Without the "validated" stamp, the page would not be saved and no entry
would be made in the history of the page.

This would suggest that PmWiki would need to provide an "invitation" for
each potential page edit using the hashcash concept and each page  
submission
would need to respond to the "invitation."

As I said before, these ideas may be way off base so feel free to correct
and/or instruct me in the "error" of my ways.

I'm still thinking about the naughty person issue.

/JF

More information about the pmwiki-users mailing list