Could it just just be disconnecting and reconnecting various UDP connections? You wouldn’t need millions at once, just what you’re trying to access.
My concern is someone just creating a piece of software that turns a ton of accounts into a giant monster account that can store an endless amount of data for free. And then if it existed, why not just use that software? It’s open source and autonomous, so there’s nothing to control.
What do you mean by “integrate the data from all the separate accounts.” It’s just basic file management, isn’t it?
Each account is a node on the network. How fast is node switching on the network? Surely it would result in a very sluggish data access. As for integrating many separate file systems, ok that may be easy, I don’t know.
Yes, and in one of several topics we talked about this I recalled how in the early days it was considered a best practice to turn off Skype when you don’t use it because the PoS could leach on your bandwidth like crazy.
I agree and I think the fact that “intermediate” (caching) nodes aren’t rewarded (because only storage is) is a weakness.
You make some great points @Russell. I might just be me but I can’t see any concrete answers to the kind of attacks you are mentioning. Would anyone care to elaborate on how you’d stop the automated creation and control of a very large number of accounts/nodes without involving a ‘cost’ to create or run them?
It’s also my understanding that reputation is important for controlling attacks of malicious nodes (or groups of nodes). Would anyone care to elaborate on these points as it’s all pretty interesting to learn (even if only from a laypersons perspective)
Essentially with a trust level system any person can gain trust level;
Also any person can reduce their trust level through Network abuse therefore any person’s incentive is to maintain their trust level at a constant place.
An average human can keep track of 150 people in their field. Therefore; if a person say has 5000 “friends” those “friends” are getting spammed, because that one person does not at all know each and every 5000 people there.
In the system where the person has control over who is allowed to input into their stream can rank any person as intrusive. Thus this interaction will be blocked and clog the space of the spammer:
An interesting way to rank content; for example imagine:
A project site;
each project has several essential skills.
If those skills correspond to someone, that person can rank the project within their list. Others who rank the project in their list will see others who have ranked that project. Therefore the trust level of these people increases for eachother and messaging could be enabled for those only who have the trust level of ranking that specific project.
These people there can then individually select eachother to rank on their list. And once they are done suppose there are no common interests among those people; once the project is done, they can move on to their own lives.
The idea of free space should be tested; perhaps a certain network trust level could afford someone a free space; or into the future there will be an assessment to free space;
However, empirical evidence from such services at gmail and dropbox - these require a centralized anti spam mechanism. Though with decentralization automation with time I think we will see much improvement to these systems permitting spam less storage, etc.
There are many solutions being discussed, some already referenced by @dallyshalla. We are brainstorming to find the most effective way to manage this issue. All ideas are welcome.
Remove the Reason
The easiest way is to remove the reason for a person or bot to create multiple accounts. If the goal was to exploit storage, then we use a (resource in = resource out) system. In other words, remove the free amount. A user can only consume what they first provide or pay for in Safecoin. In this system, multiple bot accounts would have to stay connected and provide resource to the Network in order to gain any kind of resource consumption in return. This POR (Proof of Resource) system drags on the Network because it has to police resources of each user (Non-Client node). Who wants to surf a Network when you have to wait 5-10mins each time for it to check your resource credits?
Time Based Reward
Another way is a time-based reward system, where a user would stay connected in Non-Client mode for 1hr and therefore gain the ability to use the Network for 1hr in Client mode. Your PUT upload limit can be set by the amount of Claim Space you provided from your vault. This is a simple system where the Network doesn’t micro manage every resource. As long as the the API is running (unmodified) and doing what it is supposed to do, then being connected will reward the user with the amount of time access they provide. We already have a node ranking system to boot nodes that are behaving badly.
There are pros and cons with everything. I’m most interested to find a workable solution. It may not be perfect, that comes later with experience.
End users contribute a lot of value to the network.
How? Is this an objective statement, i.e. the network is viable or more robust because of end users, even those who do not contribute, is this a marketing statement, more users means more people hear about Maidsafe, or is this a moral statement, data should be free, etc.
In the conventional model, end users are valuable because the business model is based on ads, which require a level of data harvesting that I didn’t think was compatible with the Maidsafe concept.
Think of the network as the infrastructure for a large digital society. Who in a society contribute value to it? The people in the society contribute the value!
I think everyone here agrees with you. I know I do. But that value needs to be determined in other markets and can’t be determined by an autonomous system. A [generic] contribution the network (be it a scientific paper, a piece of music, art, writing, a new social network, etc) to can’t entitle you to Safecoins or storage because there’s no system of determining it’s value.
To me, the true value of the Safe Network’s plan is to add value to storage and processing in order to create a competitive market to drive interest in contributing. By creating a means to monetize of resources, you create a market, generate more interest, and hopefully culminate in a robust and secure system.
So then specifically on the Safe Network, storage will have value. The Safe Network is ideally determining value of storage by acting as a arbitrator between parties for the usage of space. So only the raw storage has value. The content’s value needs to be determined through other means. It doesn’t entitle the user to storage, something of specific and dynamically defined value on the network.
By creating an attack vector that could potentially allow massive amounts of free space, the value for this commodity becomes questionable. And as I see it, it’s the core functionality of what makes the network powerful. The same way Bitcoin-the-Network and bitcoin-the-currency are both necessary for the functionality of that network. One cannot exist without the other.
I don’t believe it’s an attack vector for a network takedown, but rather a way to game the system and reduce the value of something that the project is specifically trying to apply value to: storage and resources.
So this is in the way of a moral statement. I do not disagree at all on a moral level, to the extent that a particular society has resources, it has a moral obligation to recognize that the purpose of infrastructure is the end users.
However, I fail to see how that question, true as it is, has relevance to the building of the network. Right now we are not dealing with the moral obligation of an established society to recognize the moral value of end users. I think that everyone agrees with that point, otherwise we would be supporting the current internet, dominated by banks and other large corporations.
We are dealing with the question of how to persuade stakeholders to sacrifice their resources to build the infrastructure, which is quite a different proposition.
I would say that the raw storage has the value determined by the demand for it. Let’s say there is a billion terabytes of storage available and the demand for only one terabyte. Then there is an enormous amount of unused space. And I believe there will be huge amounts of storage available in the network because so many people will set up farming computers. Even with all the botnets in the world grabbing free quota there will still be a lot of unused space. That’s my guess.
If there is 1 GB of free quota, then what would botnets do with that if they could use thousands of user accounts simultaneously? Wouldn’t the botnets be more profitable when used as farming equipment?
Even if an attacker used thousands of user accounts simultaneously, could that result in a denial of service attack? In that case the network isn’t robust enough imo.
The SAFE network should be able to support the Internet of Things (IoT). That means zillions of nodes. If the network can’t handle a few botnets then the architecture will need to be redesigned.
It’s not that messy. You couldn’t create millions, but you could create dozens and even hundreds. Data from accounts could be integrated by exporting VFS as NFS shares. I stated this earlier: all you need is a small space to scam a bit of money and there will be millions who will do it because it’s easy. You have millions of people who click on stupid ads to make 5 cents a day. Why not, if that helps you increase your income by 5%?
Why would you do that if you don’t get much out of it? If you get 1/4 of your space in exchange for contributing, you may want to do it, so if you have 50GB of crap and 500 GB of free space, you may want to allocate 300 GB to farming and get 75 or so GB on SAFEnet to backup your crap “for free”. That’s a good deal. But you need to get something in return.
Yet Google can manage all the click frauds. Will not the SAFE network be able to deal with the fraud and still be able to deliver a decent amount of free quota? In other words, design the network with an estimated amount of fraud as a given.
One problem is if someone can register thousands of accounts and then use them for farming. A kind of vicious loop.
Yes Google can, because it harvests data to try and identify real/distinct people, and uses that data to estimate real v. bot clicks. I don’t think that approach will be possible on the SAFE network, and if it is, it shouldn’t be.
Yes, Google fights fraud successfully because they have literally no competition in the ad engine space so their margins are enormous and they have enough money to cover those losses. If your margin is slim and you cannot track anyone (in the sense that a single person can “click” (e.g. have 100 MaidSafe accounts), then you may not be able to afford that (or price of storage would have to go up) and you may not be able to easily detect the abusers.
If someone uses thousands of accounts for farming, that is not a problem because the network punishes bad farmers. The problem is if there is a 50GB freebie per account and then you have people set up “freebie farms”.
Not talking about botnets necessarily, or autonomous systems, or DoS attacks. I’m talking about an average, non-technical user choosing one open source software over another to utilize the network.
Instead of using MaidSafe Brand Data Access Software, I’m using BillyBob’s Data Aggregator. If both interfaces are clean and simple, I’m choose the one that gives me endless free space instead of the one I have to pay the network for.
Sure. But the inverse is also possible. If this network functions as promised, I believe it will probably have a lot of unused space. But why bother making a prediction about how the network will function and risk a flaw as opposed to just letting the market determine?
Also a user gets a bit of free space that, as you’ve stated, will end up being already dirt cheap, bordering on free. If they’re joining the network and planning to contribute, they’ll need an understanding of Safecoin to begin with. So to assume they won’t understand it or they won’t be able to afford it is most likely untrue.
All I mean is, in both scenarios you described, it seems like not giving users free space is the smartest choice.
The market needs to be created in the first place. If all the new users first need to get safecoins then that seems like an unnecessary hurdle that will stifle user adoption.
But this objection is rebutted by the underutilized resource point.
The underlying theory of Maidsafe is that there enough people with underutilized hard drive space and internet access, to make the network viable, and provide more value added than syncthing or a similar service.
