One of the most obvious ways to reduce fake connections is penalizing flagged users. So honest users should be educated to flag any stranger that send connection requests to them as
One of the concerns that should be solved is false flags. The question is how we can ensure that someone who is flagged really sent spam connection request? What if someone share Trump BrightID somewhere and ask everyone flagging him.
As discussed before, we can add a signature to the connection request, to be used as the proof that the qr/link creator accepted that he created and requested the connection.
In this way the user that want to flag someone as spammer can include that sig in the request to prove he was requested to make the connection and anyone is responsible to not request connection and share connection link with someone that they do not know.
What about if spammers ask others to send them the link? If attacked users be educated, they will reject, but is there a way to report such spammers? One possible approach is to accept the chance of being reported and share the link with them and wait for them to first connect to you and then report them as spammer based on the fact that they connected first.
If we want to follow this approach for reporting spammers who request the link instead of sharing that, it’s better to update the client to only show the profile info of the other side to the link generator after who shared the link with submit the connection. In this way spammers who are phishing connections and do not generate the link themselves, will be forced to first connect to the targets to be able to have their connection, but those attacked users can report them instead of making connection to them. Also the client should only show
just met if the other side selected
just met as confidence level to not allow attackers avoid getting reported by selecting
just met and wait for the other side to select
Another challenge for applying strict rules on sharing connection links is the group connection links. What if spammers share group connection links? Do we want to allow anyone join a group connection flag anyone that generated the link and also others joined before them? What about seeds sharing those links to strangers not to spam them but they can flag the seeds?
One of the solutions can be limiting the group connection links to
just met so users do not see any
already know option in the confirmation screen. If someone want to update level to
already know should go through the connections list manually. In this way we can disable reporting on such connection requests, but such requests can not help attackers in phishing
already know connections.
To sum up the discussion:
- You can report someone as spammer if:
- they shared one-to-one connection code with you
- they connected to you as
- Group connection codes can only be used to make
just met connections