>>1224
>just leave it hanging
>your apparent conclusion
It appears there's been a miscommunication; I was just listing out further obstacles in the hopes of additional discussion, or for someone more knowledgeable to pick up the torch. While the Sybil attack is a serious issue in the age of GPT-3, everything else is definitely manageable for someone with formal cryptographic experience. To give some ideas:
>have an audited ring signature implementation to build this with
This is important because there are many non-obvious side-channel attacks in even the most innocuous cryptosystems. However, if post generation is performed offline, then perhaps Cryptol (https://cryptol.net) could be used as a decent compromise since it eliminates large classes of programming errors and opens the code to scrutiny.
>the set of posts the user is aware of or has downloaded serves as a fingerprint
This can potentially be mitigated by either Freenet or Private Information Retrieval techniques. I didn't mention these because the former has other issues related to the way it provides plausible deniability, and the latter because it has serious performance issues.
>the server can mount a Sybil attack on the user to reduce their anonymity set
The issue with this one is it's essentially the same kind of catch-22 as trying to ban people while preserving anonymity. Even if everyone knew eachother IRL, and then the account extension to the scheme was used, a user could still flood the forum with fake posts. In principle, PoW could be applied, but given that even relatively large cryptos are "cheap" to 51% attack, I doubt anything short of 4chan or reddit-sized populations would benefit from it. The only thing working in our favor here is that GPT-3 is still discernible in conversations, so users could potentially notice such attacks in action.
>the user's client can itself be fingerprinted.
Freenet also solves this problem, since everyone's using the same client. However, I would prefer to build on a simpler protocol that allows people to write or use clients that they trust, instead of relying on a large centralized project that may be compromised. Then again, I use and rely on tor. As for the possibility of just doing it all in the browser, the issue here is that you have to trust the server to send uncompromized code. There might be a solution in using bookmarklets to act as a trusted codebase that bootstraps the rest, but I don't know of any research that confirms it as a valid tool; in the very least, there's a tension between allowing updates to the code and keeping old, well-verified code around. There's also the fact that javascript is a trash fire.
>why not take a whack at it?
Because it feels like an overwhelming task and I'm terrified that I'm full of shit and could put a lot of people in serious danger. I am also not in a good position to provide hosting, unless people are willing to donate enough XMR for me to anonymously buy it. If people are seriously interested in the idea, I guess I could give it a stab if only to raise awareness. That is, it bears repeating: