@indiewebcamp San Francisco had a really good first day. Got a chance to talk about design, #Vouch https://indieweb.org/Vouch and more processes around helping people connect to one another with safety in mind.
WeChat ID
aaronpk_tv
#vouch
-
Some select quotes from this fantastic post by someone who used to work on the Gmail anti-spam systems. -
> Another approach would be to allow cross-signing - an entity with good reputation can temporarily countersign mail to give it a reputational boost and trigger cross-propagation of reputations. That entity could employ whatever techniques they liked to verify the senders legitimacy.
-
Francis Hwang
https://twitter.com/fhwang
•
Aug 1
Has anyone suggested a decentralized protocol that would solve the spam problem we saw with pingbacks? (Is this possible?)
@fhwang Vouch is an extension to Webmention (successor to Pingback) meant to address the spam issue: http://indieweb.org/vouch -
An interesting experiment of generating Vouch URLs based on Hashcash proof-of-work. I'm posting this note so that http://hash-for-vouch.herokuapp.com can be used as a Vouch URL when sending webmentions to my site.
-
@BarnabyWalters I was actually thinking about doing exactly that, treating twitter.com/aaronpk as aaronpk.twitter.com and running the approval algorithm as normal. That said, it's not the highest priority because the main goal of vouch is to stop automated spam and that happens relatively less frequently on silos like twitter
-
Trying to finish up the last of the vouch verification over drinks tonight. So close, so many edge cases!
-
Going to start IndieWebCamp Day 2 by working on http://indiewebcamp.com/vouch
• Step 1: create an approval algorithm
• Step 2: when accepting webmentions, check against the approval algorithm
** if the source passes your initial approval algorithm, accept the webmention as normal
** if the source does not pass, return HTTP 449 to indicate the sender should re-try sending with a vouch parameter
• Step 3: when a webmention comes in with a vouch, check webmention as normal, then verify the vouch:
** check if I approve the vouching domain (it passed my approval algorithm)
** fetch the vouch URL, verify that it actually does link to the source's domain without rel=nofollow
** if vouch verification fails, return HTTP 400
