exmp's avatar
exmp 6 months ago
So I now understand that Tor nodes can enable PoW as a defense mechanism against DDoS attacks, as described in
GitLab
proposals/327-pow-over-intro.txt · main · The Tor Project / Core / Tor Specifications · GitLab
Tor Specifications and Proposals
 The goal is to mitigate connection-level flooding, such as when a botnet with thousands of compromised machines overwhelms onion services by initiating millions of introduction requests. This is fundamentally a DDoS prevention mechanism, not an anti-spam strategy. In contrast, if (or when?) Nostr relays are flooded with millions of spammy notes per second, one might consider applying a similar PoW-based throttle—e.g., requiring a 20-bit PoW, which takes about one second to compute. This would theoretically reduce the spam rate to thousands of notes per second per spammer node. Would this actually be effective as an anti-spam?
↑ Parent

Replies (2)

exmp's avatar
exmp 6 months ago
PoW is effective in the context of DDoS attacks, where an attacker generates millions of connections in a short time. In such cases, even a small computational cost per request, when multiplied by millions, becomes significant for the attacker, but remains manageable for legitimate users. Spam, however, is a different problem. A spammer publishing just 1,000 notes per hour could still inflict substantial damage on Nostr relays, overwhelming storage and flooding the relay global feed. In this case, the computational cost of PoW (especially at < difficulty levels) is negligible for the attacker and not a meaningful deterrent. The situation is much closer to the email spam problem, where PoW was also explored and ultimately abandoned due to its ineffectiveness. In fact, Nostr's case is arguably simpler from the spammer’s perspective: notes are public, require no targeting, and have virtually no delivery constraints. So my initial point remains: NIP-13 is unlikely to be effective as a spam prevention mechanism, just as PoW proved ineffective against spam emails.
1 replies ↓