There are already spammers all over Lemmy. There’s a coordinated effort to remove spam, it just doesn’t include IP addresses (which aren’t that helpful because they change and with CG-NAT entire neighbourhoods can share them, and with VPNs people not near each other can - plus if you have a dynamic IP then restarting your router can give you a new one).
Ah, so you do know how it all works.
During the Reddit exodus, at least, there were a lot of instances that required very little for you to make a new user. I’ve put down the lack of mass abuse (that I’ve seen) to the small level of traffic, but that won’t last. The standard thing is to require an email address, and for email providers to require either another email address or something like a phone number with a meatspace papertrail. That way, they can bother an abuse department which can bother other abuse departments.
Of course, there’s still ways around it, as you probably know, but they’re not free, and so a Nash equilibrium is achieved where stuff is usable.
You can buy valid gmail address by the thousands. Email validation is one part of a multilayered approach. It cuts some out, but you need more layers. Captchas work, they cut some proportion out, but not all.
Probably the most effective is registration applications, but this is a huge barrier to entry. If we want Lemmy to grow, we are going to have to change the current state (most instances require an application to join), or change peoples expectations. You can sign up for a reddit account just like that, and start using it without waiting for approval. Why would people choose Lemmy? On our instance we had a drop in registrations to about 1/10 of what we had with open registrations.
Unfortunately I don’t know the answer. It probably involves taking on strategies like reddit if we are going to scale that big (auto-mod, karma, etc). Unfortunately we will have even more trouble, because in the users host instance doesn’t ban them then an admin on every other instance has to ban them for that instance. So we probably need to be able to follow ban lists to auto-ban users that have been banned on other trusted instances or something like that. As we grow, I’m sure we will have more pain before it gets better, but I’m hopeful that we will solve issues as they arise.
You can buy valid gmail address by the thousands
Yep, although the economics of that depend on what you’re doing. I’m trying not to mention too many details, because internet hooliganism is one of the few things I think I could make worse just by publicly and accessibly explaining, haha.
Probably the most effective is registration applications, but this is a huge barrier to entry.
I know of people with similar mechanisms who had problems with very sincere-sounding bad actors before ChatGPT. Best of luck with it, though. It’s how I got into my instance.
Unfortunately I don’t know the answer. It probably involves taking on strategies like reddit if we are going to scale that big (auto-mod, karma, etc).
Hey, unrelated, but do you know if they ever got the database code cleaned up? One of these days that’s actually going to start to bite; my instance already had to do a hardware upgrade once.
I should try and figure out how a list of bad IPs would best fit into ActivityPub. It sounds like it would be easy enough to add.
As we grow, I’m sure we will have more pain before it gets better, but I’m hopeful that we will solve issues as they arise.
It’s been done, we can do it again!
