I don’t see spam jet, but it will arrive eventually.
Some ideas:
One simple way is mutual adding of the contacts; mutuals should bypass any other mechanism because allows full control for both contacts (removing a contact would be equivalent to blocking).
Another idea is to enable notifications for new contacts for a short configurable time (few hours).
Another idea is to generate a temporary id (could be the current id + a time based auth code) valid for a longer time (~1 week)
The last two options can be both in the QRcode sharing screen, and I’d leave “enable interactions with unknown contacts” disabled by default.
It doesn’t need to be One Right mechanism, different users may want more or less convenience, at the cost of risk of spam.
I totally agree that anti-spam features are really needed for messaging software. As we saw with Signal, the potential of spam can really grow with the growing user base. Unfortunately I don’t really see what could be done further as anti spam technique?
From what I understand, a way to spam Jami would be to generate a lot of usernames and spam other users with contact requests. How could Jami handle such spam despite it’s decentralised nature? I think that this is a really important part to think about!
I think simply the option to limit incoming friend requests should do the trick. The ability to quickly create new accounts is actually good for combating spam because you can easily create ‘burner’ accounts for people you think might share your ID.
The problem would not be a friend of mine sharing my id, but just doing brute force attacks by just testing all possible ids available. Or maybe if they are smarter to test all ids registered on the blockchain.
In my original message I proposed some mechanisms (and suggested to implement more than one because of different use cases).
Please don’t go off topic, let’s discuss those proposed mechanisms or, propose alternatives and when doing so compare them to the ones already proposed!