I don’t think you realistically can. I’d instead approach it from limiting the reach of new accounts until proven as good actors.
Or switch it back to invite only, as there’s a massive userbase now, and if you invite a problematic account it becomes a problem for your account too. Operate on a vouch system.
Aha... dont be naïve... what is the definition of "good" in 2024? Take the US population for example... 50% will say your intentions are "good", the other half will not!
Moderation lists and labellers honestly already get you most of the way there. Labellers are very effective at flagging spam/botted content and accounts that continuously show up on labellers as spam/bot content get referred to moderation lists dedicated to specific types of spam and bot content.
So you can already start by using a labeller and just hiding that content behind a warning (kind of like the NSFW wall), hiding it entirely, or just attaching a visual tag to it (based on preferences). And then to filter out more consistent perpetrators you can rely on mute/block lists.
No one's saying the quiet part out loud. Pay for an account. Even $1, one time, is enough to cut almost all those bot farms down.
Is it realistic? yes. Is it viable? I'm not sure. People claim to care more about privacy but will choose ads and trackers over a subscription any day of the week. Anyone operating a website or app with a subsciption knows this.
Considering that some bot operators [1] and spammers [2] on Twitter are willing to pay the $8 a month for fake verification, I don't expect a $1 sign-up fee to be very effective.
What about using TPM modules? I've been researching these modules lately, primarily for use in online video games. From my understanding, you can use TPMs to effectively ban players (TPM ban) based on their hardware. This would mean every time an account is banned, the bad actor would have to switch to a different TPM. Since a TPM costs real money, this places a limit on the scalability of a bad actor.
Cool, if you can require them for every possible interaction on a platform but even that violates privacy if you have one universal value that ties it all together (the identifier of the specific TPM).
It's just the phone number/email issue but tied to hardware. If you think these things won't leak and allow bad actors to tie your accounts across services then I have some lovely real estate in Florida you may be interested in.
It also appears that resetting a fTPM works around this since it fully resets the TPM. Even if it didn't then people buying used CPUs could find that they're banned from games that they've never even played or installed on their system before
> It also appears that resetting a fTPM works around this since it fully resets the TPM. Even if it didn't then people buying used CPUs could find that they're banned from games that they've never even played or installed on their system before
It depends how the TPM utilization was applied in practice. The initial manufacturer key (Endorsement Key) is hardcoded and unextractable. All the long-lived keys are derived from it, and can be verified by using the public part of the EK. Usually EK (or cert created from it) is directly used for remote attestation.
> What about using TPM modules? I've been researching these modules lately, primarily for use in online video games. From my understanding, you can use TPMs to effectively ban players (TPM ban) based on their hardware. This would mean every time an account is banned, the bad actor would have to switch to a different TPM. Since a TPM costs real money, this places a limit on the scalability of a bad actor.
It is even worse for privacy than phone number. You can never change it and you can be linked between different services, soon automatically if Google goes forward with the plans.
> I think if you can realistically solve that you'd be a millionaire already.
Please.
If I knew how to do that, or even how to reduce bots even with SMS verification etc., I'd be a multi-billionaire at least.
Making a twitter clone is relatively easy, making a community with a good vibe that's actually worth spending time using is the one single problem that makes none of the clones stand out to normal users.
One idea I had (feel free to steal this idea for your own use) was a one-time crypto payment to create an account. Of course you can't prevent bots from doing that, but if the price is right then I think it might greatly limit the number of bots on the platform as well as possibly limit the number of low-quality accounts.
But you don't know what you don't know, so I might be missing something that makes this pointless.
Bad actors were willing to pay for whatever Twitter's premium thingie was called at the time, shortly after Musk started changing what the blue tick meant.
I think if you can realistically solve that you'd be a millionaire already.