Spam/abuse hardening #1941
Description
As we start to think about building out new protocols (https://github.com/snarfed/bridgy-fed/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22new%20protocol%22 ), we should think more about hardening. We have a few of these features already, but we should probably consider more? #773 would help a ton here, but barring that, here are some thoughts.
Right now, depending on network, we already:
- require name
- require profile picture
- require account age older than 1w
- per domain/instance, can limit bridging all users to only user profiles, not posts or other interactions, until at least one person follows them across the bridge
We could also consider
- Rate limit tasks by user #1788
- Nostr: limit total number of users per NIP-05 domain #2219
- block duplicate content; don't allow the same text/image/mention/etc from the same user, or instance, or protocol, more than once per day/week/month
- rate limit some "heavier" operations (eg posting) exponentially, rather than linearly, which we do now (Rate limit tasks by user #1788)
- ...or even apply a circuit breaker, ie stop altogether for a while if they exceed some threshold
- apply some of these limits at a heavier, more expensive resource level, eg pay-level domain, or end user/client IP (except we rarely get that)
- ask @manton about his experience with Nostr on micro.blog!
- more ideas from https://nostrify.dev/policy/ and https://docs.soapbox.pub/ditto/policies