[maqp]

>proof-of-work scheme using a memory-hard hash function like scrypt

So who's doing the computation? The spammer can't afford to run 3 second key derivation time per spam device? Or how long do you think normal user will wait while you burn their battery power before saying "Screw it, I'll just use WA"? Or is this something the server should be doing?

>Captcha

LLMs are getting quite good at getting around captchas.

>invite-code system

That works in lobste.rs when everyone can talk together, and recruit interesting people to join the public conversation. Try doing that with limited invites to recruit your peers to build a useful local network of peers and relatives. "I'm sorry Adam, I'm out of invites can you invite my mom's step-cousin, my mom needs to talk to them?"

>Signal's architects already knew that when they started designng it.

I think they really did, and they did what the industry had already established as the best practice for a hard problem.

The only reasonable alternative would've been email with heavy temp-mail hardening, or looking into the opposite end of Zooko's triangle and having long, random, hard-to-enumerate usernames like Cwtch and other Tor-based messengers do. But even that's not removing the spam-list problem of any publicly listed address ending up in a list that gets spammed with contact requests or opening messages with spam.

[kragen]

Those are reasonable questions, but they suggest that you don't understand the landscape very well.

The user's device has to do the computation for it to be effective. How long does it normally take to sign up for a new messaging service like WhatsApp? Five minutes? You should burn the user's cellphone battery for about half that long, 150 seconds, 50 times more than you were thinking. Plus another half-minute every time you add a new contact. Times two for every time someone blocks you, up to a limit of 150 seconds. Minus one second for each day you've been signed up. Or something like that.

The value of signing up for Signal is much higher to a real user than it is to a spammer, so you just have to put the signup cost somewhere in the wide range in between.

LLMs didn't exist when Signal was designed, and Captchas still seem to be getting a lot of use today.

Invite codes worked fine for Gmail, and would work even better for any kind of closed messaging system like Signal; people who don't know any users of a particular messaging system almost never try to use it. The diameter of the world's social graph is maybe ten or twelve, so invite codes can cover the world's social graph with only small, transitory "out of invites" problems.

The "industry" had "established" that they "should" gather as much PII as possible in order to sell ads and get investments from In-Q-Tel.

[cyphar]

> Invite codes worked fine for Gmail

Back in 2004, sure. Today, Gmail asks you for a phone number when signing up because of the spam problem.

[NorwegianDude]

To be fair, Gmail asks for a phone number, but you dont have to add one.

[cyphar]

This might depend on the country you're in, but I'm quite certain I've gotten locked out of the signup flow in the past when I refused to provide a phone number.

[wkat4242]

It depends what you do it from. If you do it from an android device you don't have to. If you do it from the web you do.

[cyphar]

I just tried it from my Android phone (GrapheneOS) and it still asks to verify a phone number when trying to create an account via a web browser. (Strangely, even though it's a private browser session it just asks to confirm my number by sending an SMS, not asking me for my phone number like it does on desktop -- I wonder how that works...)

If you're saying that the account creation flow through the system accounts application doesn't require a phone number, how are you sure that Google doesn't just collect the phone number directly from your device (they could even silently verify it through a class-0 silent SMS)?

Does it also not ask for a phone number if you factory reset, remove the SIM card, and do not register the phone with a Google account? Maybe they track the IMEI instead?

[kragen]

I don't think that's why they ask for it, no.

[account42]

Exactly, just like all those site that added SMS 2FA didn't do it for the extra security.

[cyphar]

More than one thing can be true at once.

In the case of Twitter, there is evidence that the initial implementation was meant to just be a security mechanism but later someone else noticed they had a handy database of user phone numbers and decided to treat them as free marketing contact information.

[lukeschlather]

> How long does it normally take to sign up for a new messaging service like WhatsApp? Five minutes? You should burn the user's cellphone battery for about half that long, 150 seconds

If you actually do that you're going to crash a lot of cellphones and people will rightly blame your app for being badly coded.

[kragen]

What, their CPUs will overheat? I've run infinite loops on cellphones lots of times without that happening. In fact, I'm running four of them right now, and have been for the last five minutes as I write this comment. The battery drain is annoying but I haven't seen instability. I've run plenty of compiles on cellphones (things like BLAS and Numpy) that take longer than that, and I've never seen one crash a phone.

[maqp]

>but they suggest that you don't understand the landscape very well.

Yeah, what could I possibly know about secure messaging.

>Plus another half-minute every time you add a new contact.

Can you point to some instant messaging app that has you wait 30 seconds before talking to them? Now niché is it?

You want proper uptake and accessibility to everyone, you need something like Samsung A16 to run the work in 150 seconds. Some non-amateur spammer throws ten RTX 5090s to unlock access to random accounts at 80x parallelism (capped by memory cost), with the reasonable time cost of whatever iterations that is, with quite a bit shorter time than 150 seconds. 121.5GFLOPs vs 10x104.8 TFLOPs leads to overall performance difference of 8,800x. And that account is then free to spam at decent pace for a long time before it gets flagged and removed.

The accounts are not generated in five minutes per random sweat shop worker: https://www.youtube.com/watch?v=CHU4kWQY3E8 has tap actions synced across sixty devices. And that's just to deal with human-like captchas that need to show human-like randomness. Proof-of-work is not a captcha, so you can automate it. Signal's client is open source for myriad of reasons, the most pressing of which is verifiable cryptographic implementations. So you can just patch your copy of the source to dump the challenge and forward it to the brute force rig.

Either the enumeration itself has to be computationally infeasible, or it has to be seriously cost limited (one registration per 5 dollar prepaid SIM or whatever).

>Invite codes worked fine for Gmail

Yeah and back in ~2004 when Hotmail had 2MB of free storage, GMail's 1,000MB of free storage may have also "helped".

[immibis]

If the PoW cost is a low-end cellphone CPU for 2.5 minutes, then it's nothing to the spammer with the 200-core hourly AWS server. If each spammer can create 10000 identities (not connections, identities) per hour, then you might as well not have a limit at all. If they could even create only 2 identities per day that would be enough to spam with (yet still unacceptable to actual users). 250000 identities per day is way too many.

[kragen]

The speed ratio is much smaller than you say with memory-hard PoW problems, which depend on the amount of RAM you have (and its response time). But it's surely true that a spammer could create many accounts per day, perhaps 1000 per hour on a big server, which could then go on to spam a few accounts each before becoming uneconomical to keep using.

But that would still put the CPM of the spam around US$2, which very few spammers can afford. Maybe mesothelioma lawyers and spearphishers.

You don't have to make spamming physically impossible, just unprofitable.

[immibis]

A single identity can send messages to hundreds or thousands of users.

[kragen]

You're talking about a different proposal than the one I wrote in the comment you were replying to, then.

[vel0city]

Invite codes worked fine for Gmail, but you weren't limited to only the people on Gmail to talk to. It was a full, regular email service. You could email anyone and receive mail from anyone. I doubt it would have been very successful if it was invite only and you could only email other Gmail users for the first few years.

Waze was also invite-only, G+ was initially invite only. Did that model help or hurt them?

[kragen]

I think it helped them. Gmail had more trouble with invite codes because some people wanted a Gmail account, but didn't know any existing Gmail users, because Gmail was useful for communication with non-Gmail users.

G+ didn't have that problem so much, but I don't remember it using invite codes.

[vel0city]

Sorry, not Waze, Wave.