Daniell Mesquita wrote a post at ZeroMedium: (part 2) How do I envision ZeroNet to be ready for mass of users. I posted a comment about the user ID verification system he proposed, but it turned out ZeroMedium had no support for markdown in comments, nor it allowed editing them. So I repost it here.
ZeroID should have a user verification feature, in which Nofish (verified user on Generation 1), can verify other users (they will be also Generation 1). Then when the Generation 1 users (except Nofish) verifies other users, they will be Generation 2, and following at this form.
I don't think it's an option.
Any verification system is a kind of 3rd-party censorship, and ZeroNet is totally about not having any 3rd-party censorship and moderation ever possible in a forced way. It is up to the user to decide, what content she wants to see and what she doesn't.
Nofish, or any other trusted user, has no actual knowledge about users he verifies. Nothing can prevent a spammer from sending humanish-looking automated verification requests and getting lots of new accounts.
Speaking about it, a manual verification system cannot scale and can be easily DoSed.
Generation 1, 2 and so on actually look like we have first-class and second-class citizens. The system is not only unfriendly to new users, but also looks really scaring. I believe, many people will wonder: "Do you develop some kind of nazism there?"
An idea just came to my mind. I recently posted the proposal for 3-way white/gray/black-list-driven processing of user data. If it will be implemented, we can also add more ranking algorithms, not just pretty random one, I proposed there. So, we can require some proof-of-work from a gray user to recieve, store and dispatch her files.
It is calculated as
p = pow(N, user_cert), with N included in the
content.json - I mean, it is pow for your ID, not for your data, so you don't have to recalculate it on every message. N can be changed at any time, so you can run mining on your computer and use your ID at the same time. While you have a poor PoW, you are probably considered as a spammer by the most hosts, but getting better and better PoW allows you to become trusted enough for most of the network.
Since a pow is applied to an ID, the network can require a costly enough pow, without being to laggy for an end user. (If you ever try sending a large message via BitMessage - it takes veeeery looooong time, since pow is calculated for all the data). If you're a real user, you can even pay some money to a mining farm to get nice pow. And if you're a spammer, you just have no profit, paying for each new short-living ID. Probably, hosts can guess the optimal pow limit, based on typical pow values of whitelisted users and adjust it dinamically.