[Pmwiki-users] Hashcash ... an interesting idea for preventing span

Nathan Jones pmwiki
Fri Dec 3 05:01:36 CST 2004

John Feezell wrote:
>However, if this is somewhat close to reality, then the introduction
>of a required manual action should act as a deterrent.  Additionally,
>as I understand the concept of the hashcash, the required calculation
>of the hash adds a burden and "time" constraint to the spamming
>process that is expensive for the machine/bot.

Machine generated spam and human generated spam are separate problems and
are best dealt with separately. 

Using a captcha scheme makes it almost impossible to automate the
generation of wiki spam, so there is little use for Hashcash, which would
only slow it down slightly. (Hashcash doesn't require manual action - the
only deterrent it offers is a time burden.)

Moving onto human generated spam, where a person clicks Edit Page and
pastes in his spam. Something that slows down this process is also going
to slow down people who edit the wiki legitimately. Hashcash is
designed to make it expensive (in computation time) to automatically
send millions of emails. It's only a minor impediment when the number of
attacks is low (ie. a person is doing it).

Since a computer can't effectively tell the difference between a spammer
and a legitimate user, I think the only options for beating human
generated spam are those that rely on other humans:

- People watching RSS feeds.
- Admins using mailposts.
- Passwords or other forms of access control may be suitable for
  some wikis.
- Link approvals.

>This would suggest that PmWiki would need to provide an "invitation" for
>each potential page edit using the hashcash concept and each page  
>submission would need to respond to the "invitation."

A spamming program could be designed to respond to the invitation, which
means that all you're doing is slowing down the attack. If you really
want to slow down the Edit Page process, you can just tell PmWiki to
sleep for a few seconds [1]; there is no need for a Flash program to
be sent to the browser.

However, if you can think of a way to require human interaction, then you
have a possible alternative to captchas, although an expensive and
complex one.

Nathan Jones

[1] One last thought on slowing down the process. It wouldn't have to be
a case of waiting -after- clicking Save. PmWiki could log when the user
clicks Edit Page and require that a certain amount of time passes before
a Save is done.

More information about the pmwiki-users mailing list