On Friday 22 May 2009 17:22:45 Evan Daniel wrote: > No, that is not sufficient. The attack that makes it necessary (which > is also possible on FMS, btw -- in fact it's even more effective) is > fairly simple. A spammer gets a dummy identity trusted manually by > other people. He then has it mark several other identities as > trustworthy. Those identities then spam as much as is worthwhile > (limited only by message count limits, basically). The spammer then > removes them from the dummy identity published trust list, adds new > spamming identities, and repeats. The result is that his one main > identity can get a large quantity of spam through, even though it can > only mark a limited number of child identities trusted and each of > them can only send a limited amount of spam.
If the spammer removes them from his main identities identity's trust list, then Freetalk will not download messages from them any more because there is no "route of trust" from the root of the trust tree (your own identity) to the "several other identities"! So the several other child identities will not have a positive score anymore. - If he does not remove his child identities from his main identity's trust list, then getting rid of the spammer is a matter of distrusting his main identity. At least that's how I've understood the current code of the WoT plugin. Correct me if I'm wrong.. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090524/801cd089/attachment.pgp>
