If you get a suspicious group link sent to you, the only thing you can do is report the group link creator as a spammer. If you click the link and don’t report the creator, then yes, there could be a mix of attackers and victims in the group, and you will be sharing your profile.
Why can’t you click a group link and report it as spam (i.e. just the creator of the link) before you share your profile or see anyone in the group connection?
I agree, the other attackers in the group could avoid being punished for spamming, since they would only appear once the victim has already shared their profile. Is that your point?
Yes, the group creator can simply be not main attacker but an account with no connection. The bots created for phishing already know connections can join after you.
Since you brought this up again in keybase://chat/brightid#anti-sybil/4506 , I will state what I think is the simplest solution.
We already implemented 1-to-n (star connections). That helps with connection parties.
I think we both agree that being able to mark a spammer before sharing your profile is very helpful in letting normal users flag spammers.
I think it’s ok to hold the group creator responsible if spam is created anywhere in the group connection. We should warn people creating group connections to be careful not to share the code publicly or with untrustworthy people. If anyone reports spam within the group connection, that flag goes to the group creator for initiating a bad group connection.