On 1/1/2023 7:11 PM, John R Levine wrote:
The exception to that in my current code is that there is one message, a
contact request message that is authorized by default. So, if I have your
contact address (john@xxxxxxxxxxx, @john_levine, whatever) and I don't
already have you in my contacts, the first message I send, is a contact
exchange request saying 'Hi I am PHB, can I send you messages'.
The introduction problem is very hard. Speaking as a spammer, I plan to
buy lists of millions of addresses (which are widely and cheaply
available) and send introduction requests to all of them. If they don't
say yes, I'll do it over and over, maybe with slightly different
identities and requests, and we've just moved the spam into the
introductions. The only way I know of to prevent that is to add
friction to limit the number of requests you can send, but now you have
to figure out how to tell that requests from many different addresses go
into the same friction bucket because they are from the same sender, for
some version of "same".
Yes indeed. If the system cam say "Joe Example wants to connect with
you", it can also say "Joe Example who has access to a pharmacy selling
cheap and exciting meds wants to connect to you". I saw exactly that
kind of scenario playing out on Skype. And then we also see the "attack
of the clones" on Facebook, "Your buddy Joe Example, same name, same
picture, wants to be your friend." Etc., etc.
-- Christian Huitema
