Maybe the long-term solution for such attacks is to hide most of the internet behind some kind of Proof of Work system/network, so that mostly humans get to access to our websites, not machines.
How about a reputation system?
Attached to IP address is easiest to grok, but wouldn't work well since addresses lack affinity. OK, so we introduce an identifier that's persistent, and maybe a user can even port it between devices. Now it's bad for privacy. How about a way a client could prove their reputation is above some threshold without leaking any identifying information? And a decentralized way for the rest of the internet to influence their reputation (like when my server feels you're hammering it)?
Do anti-DDoS intermediaries like Cloudflare basically catalog a spectrum of reputation at the ASN level (pushing anti-abuse onus to ISP's)?
This is basically what happened to email/SMTP, for better or worse :-S.
Services need the ability to obtain an identifier that:
- Belongs to exactly one real person.
- That a person cannot own more than one of.
- That is unique per-service.
- That cannot be tied to a real-world identity.
- That can be used by the person to optionally disclose attributes like whether they are an adult or not.
Services generally don’t care about knowing your exact identity but being able to ban a person and not have them simply register a new account, and being able to stop people from registering thousands of accounts would go a long way towards wiping out inauthentic and abusive behaviour.
The ability to “reset” your identity is the underlying hole that enables a vast amount of abuse. It’s possible to have persistent, pseudonymous access to the Internet without disclosing real-world identity. Being able to permanently ban abusers from a service would have a hugely positive effect on the Internet.
It would be way to easy for the current regime (whomever that happens to be) to criminalize random behaviors (Trans People? Atheists? Random nationality?) to ban their identity, and then they can't apply for jobs, get bus fare, purchase anything online, communicate with their lawyers, etc.
Of course everything sounds plausible when speaking at such a high level.
> It would be way to easy for the current regime (whomever that happens to be) to criminalize random behaviors (Trans People? Atheists? Random nationality?) to ban their identity, and then they can't apply for jobs, get bus fare, purchase anything online, communicate with their lawyers, etc.
Authoritarian regimes can already do that.
I think perhaps you might’ve missed the fact that what I was suggesting was individual to each service:
> Reputation plus privacy is probably unsolvable; the whole point of reputation is knowing what people are doing elsewhere. You don’t need reputation, you need persistence. You don’t need to know if they are behaving themselves elsewhere on the Internet as long as you can ban them once and not have them come back.
I was saying don’t care about what people are doing elsewhere on the Internet. Just ban locally – but persistently.
Look at the HN karma system--you start with limited features, and as you show yourself a good user, you get more features (and also trust/standing with the community). "Resetting" your identity only ever loses you something.
Apply the same thing to a git host getting hammered or something--by default, users can't view the history online or something (can still clone), but as your identity establishes reputation (through positive interactions, or even just browsing in a non-bot-like manner), your reputation increases and you get rate-limited access or something.
This is essentially where a lot of spam ended up--it used to be that your mail was deliverable until you acted poorly, then your reputation was bad and your deliverability went down. Now it more closely resembles this--your reputation is bad until you send enough good mail and take enough good actions (DKIM/SPF, etc) to show yourself as good.
The issues really all stems from "resetting your identity gets you back in good standing". Once you take that out of the mix, you no longer need to worry much about limiting identities, tying them to the real world, ensuring they're persistent, or many of the other hard problems that come up.