@elqntdotorg
Just watched the youtube video. Looks good.
What are your thoughts regarding anti DOS measures? Can the attacker DDOS other users with lots of encrypted meaningless data which the user will then have to decrypt and thus consuming the CPU.
When a user creates a sell offer, does this offer get broadcasted to the whole network? What's preventing attackers from creating fake offers and spamming the system?
The simple answer, as the network stands now, is yes - it's vulnerable.
Three ways that I'm addressing integrity around listing + messaging data right now --
1. I've built in mechanisms to handle user spoofing + spoofed edits of existing listings.
2. I'm going to be limiting the amount of listings a user can post to 1 at launch.
3. I've made the decision (since posting the video) to limit listing posts to 7 days of visibility + messages for those listings to 14 days of accessibility (purged from the network by all peers after that).
Those three measures prevent the majority of attacks in the form of corruption / manipulation and, to an extent, flooding / spamming.
Going forward --
Reputation is the next big functionality that I'm going to be building in after launch.
This will allow us to much more effectively address DDOS + spamming potential in that:
1. Peers can automatically reject messages from peers deemed to be spamming even before any decryption is necessary
2. The peer server can auto-kick users from the network who are spamming
This is an ongoing thought process for me as I continue to engineer the network. Would love any feedback on the above and/or other thoughts.
Best,
Stephen