Discussion: How to avoid "malicious" requests? (Inconsistent source attack)

[lrubiorod]

Currently, all the requests included in the network as considered as valid to solve by the node operators. But there are some cases where to solve a request has a risk to lose reputation, wits and/or anonymity:

• A request with a strict filter.
• A request with a source that retrieval random values.
• A request that expose our anonymity (an API that retrieval our IP)
• ...

The idea would be to discuss about how to improve the witnessing logic to detect and avoid this kind of requests

[drcpu-github]

Leaving some input here to indicate what I would love to see.

1. A blacklist of API endpoints that is maintained by the community and which could be loaded into the Witnet binary (ideally while running). Think of this as a Witnet specific version of Pi-Hole [1]. This can stop all attack types when identified. It has to be a blacklist and not a whitelist, because otherwise it negates one of the advantages of Witnet where the data requester can request any kind of data from any API. This does have the disadvantage of being a reactionary policy and an attack has to be noticed quickly to not inflict too much damage. However, I believe this downside is far outweighed by the downside of a data requester not being able to choose his / her API endpoint.

2. A set of variables that any node can set on its own to ignore data requests that fit those parameters. I am thinking of parameters such as minimum amount of witnesses (potentially thwarts the 3rd attack type), minimum witness reward, collateral and consensus percentage modifiers.

One disadvantage to all of this is that it does pave the path to (inadvertent) collusion of nodes, but given that this will be necessary in the long run (because these types of attacks will happen on mainnet), we might as well take control over this feature.

[1] https://pi-hole.net/