1337tuxLemmy exceeds million users (maybe more accurately accounts)
JASN_DEHow much do you think is the percentage of bot accounts?
...yes.
Is Lemmy having problem with bot farming?
Will have one at some point. For not it seems most of them are created, but don't post anything (yet).
Think what will happen when they start to post and comment. They will probably just get defederated.
Edit: Now that I looked the stats, there's huge spike in posts and comments.
Jumutayou can't just defederate individuals accounts, these bots have their home on places like shit and world
The moderator can block them?
individualy delete thousands? sure, it could be done, but that's a lot of work and sure to create some false positives.
JohnEdwaYup. But you can always go beehaw and defederate them anyway - as they did with both of your examples.
squirrelYes, there's a bot problem. fedidb.org now shows the following message:
A spambot influx has been observed on Lemmy instances, inflating total user counts.
We recommend using Active Users as a better metric to gauge growth.
freebrickOk so how is the active user growth?
YMSExtremely low compared to the total growth: Per https://lemmy.fediverse.observer/dailystats Lemmy grew from 150,000 to 1,150,000 total users in the last four days, but for the active users, the growth was 30,000 to 39,000. If you extrapolate that, there are maybe 200,000 real Lemmy users now.
Compared to account growth that's low but a 33% growth in four days is hard to call "low"
That's why I said "compared to". The percentages were +666% and +30%. 30% growth in four days is enormous, but not at all when compared to 666%.
genoxidedev1Do you know how active users are defined because I don't usually make my own posts but I upvote and comment every now and then?
Something like fedi observer can probably only gauge posts and comments, so active users will severely undercount people actually using the platform. But we should expect posting users to grow proportionally with less visible but active users.
Head's up, it looks like your comment was posted 3 times
Ulu-Mulu-no-dieHow much do you think is the percentage of bot accounts?
Probably half of them are bots.
Is Lemmy having problem with bot farming?
Yes, and it's quite serious.
The bright side IMO is lemmy is being recognized as a valid alternative to reddit, if it wasn't, bots would have no reason to try and be here.
mrmanagerWhy do you think they are bots? I haven't seen any signs of that...
It's not "me" thinking, there are several posts bringing this problem to the attention of admins, basically they took advantage of servers with open registration to "spam create" thousands of accounts, you don't see signs because they're "dormant" for now (that's what bots do when a spam campaign is not currently active), you can recognize it by confronting number of users with user activity, for example, if you see a server with 6k users and only 5-6 posts, it means it's a bot farm waiting for a spam campaign to start.
greeen_tomatoI saw some very big instances on fedidb yesterday. I looked at a few.... Completely empty instances, no communities, no posts, but 24k users.
I'm pretty sure those are all bot/spam accounts. So the numbers right now are very inflated imho.
It certainly didn't take long to spot servers like that on fedidb! I wonder what is causing people to make those? Load testing? Spam farm? Social experiment to see if people will sign up to an empty instance? Trying to setup an automated simulated social network like people joked reddit was where everyone is a bot except for you?
I think the most realistic answer is that they're test instances either by a tech company that believes they have a path to monetize a fediverse project or by some kind of spam farm, but the lack of any posts is still positively weird
I wonder how people come up with the bot superstition? Just a feeling or is there any valid indication of massive influx of bot accounts?
Experience, mainly.
I used to run a phpbb forum, on average the bot signups outnumbered the real people 10 or 20 times. And that was with some fairly robust anti spam measures in place - something I think this platform is too new to have properly sorted out yet.
I may be wrong, I don't know how the back end here works, but any place where people can post publicly will be infested with bot signups very quickly. The only real variable is how good the anti spam measures are.
What is something someone can gain by swarming an instance or forums like yours with bots? I cant wrap my head around it. Also if someone has an instance and swarms it with bot accounts, it may seem like you got a popular instance but where is the revenue if there are noone who is able to click an ad? Do they do it just for the lols?
GizmoLionSpin up 50 bots.
Sign them all up for lemmy.
Let accounts interact/age.
Sell accounts to companies who want to advertise as one of the cool kids.
Happened on reddit nonstop.
Except that Lemmy doesn't show overall karma, so there's no use in doing any of that here.
TheDeadGuyAny conversation, be it political or commercial. All it takes is something sounding confident, a grain of truth and lots of upvotes to convince people.
That's why I like seeing downvoted as a red flag people can pay attention to
Pretty much why Reddit removed downvotes I think... brands got tired of users raining downvotes on them for shilling lol.
In my particular case (as was the case with most forums in the day), it was really just about spamming boards with links to whatever shitty ED pills or crypto scam they were trying to sell.
They were never really sophisticated, but never really had to be either. A spammer could spend a few minutes writing a script for a bot to crawl the web looking for phpbb signup pages, then try to create an account on any it could find and immediately post the links. They could post hundreds of links on dozens of different forums with just a few minutes work - and then do it all again tomorrow with a bunch of new signups.
I asked the same question. The answer is that there are a bunch of instances (probably 15-20) which have thousands or tens of thousands of new accounts (<1 week old) but have barely dozens of posts. Here's a sheet made by @sunaurus showing the effect. A bunch of the explosion is in open signup (no email, no captcha, no verification) and there is zero interaction on the instance. Could we be seeing half a million lurkers on instances with <200 comments combined between them in the last couple of days? I suppose it's possible, but it seems unlikely.
Thank you for the clarification. Do you have by any chance data at hand about the development of active users? Or may you direct me to a community of where I get these kinde of data?
I can always appreciate a good /r/TheoryOfReddit post on bots. But yeah. Despite the regularity that bots are blamed for everything, rarely is there any proof other than an expressed feeling by a live user.
You see a bunch of instance pop up with zero reputation and a large number of brand new users, basically none of which have any posting history m, you can be pretty sure what those accounts are.
I think it's a combination of things. There are real users who have migrated to Lemmy because of reddit's horrible treatment of its users and there are also bots being created but that's normal on the internet.
poVoqI think the growth in the last couple of days has been mostly bots.
l can see a sharp decline in real sign ups on my instance after the initial big wave before and during the 3 day Reddit blackout.
Maybe there will be another wave early next month but currently it has nearly completely dried up.
Why do you think it's bits? I haven't noticed any bot activity.
They are currently dormant, but those thousands of new accounts on some instances clearly show every sign of being auto-generated.
rm_dash_r_starThe admins and mods are keeping them at bay, but it could easily get out of control. At this point it's transparent which it normally is when mods and admins are holding the line, but the soldiers are at the gates.
I'm on kbin, wanted to create an account on lemmy.world but apparently iCloud doesn't let confirmation email coming through so... kbin it is
I'll probably stick to kbin as well. I tried to create an account on beehaw, wrote a nice little paragraph about why I wanted to join and with no explanation my request was denied.
So it went from a few thousand users to a million within the timespan of less than a month. That's insane
Have all of the Lemmy instances (and kbin ones, too) now added email requirements, captcha, and maybe the little paragraph asking why you should have an account that Beehaw does?
Also, how do you identify bot accounts? Can you bulk ban accounts or.do they all have to be examined and dealt with individually?
ETA: I wasn't suggesting the paragraph. Just wondering what the instances are putting in to prevent bots. I actually tried to sign up for Beehaw, wrote my little paragraph, and then got the pinwheel of death, lol. I was never able to sign up, but lucked out with a kbin.social account. I have to add that it's pretty disappointing to be downvoted for simply asking a question. Feels like what I left at Reddit.
good grief i hope not. Email & captcha are reasonable; a short form essay on why you should be graced with the ability to participate is super cringe.
Join request forms do a good job at doing what they're designed to do.
SalamanderIt is too easy to fake e-mails. You can set up a catch-all e-mail domain and spam the registration like that. I am not a fan of giving my e-mail nor collecting other people's e-mails.
My current message contains the following:
Please leave a short message (a sentence or two is enough) stating why you would like to join this instance and I will accept your application as soon as possible. The purpose of this form is to filter out spam bots, not to judge your motivation for joining.
It is not about them writing an essay to be let in. It is a very effective strategy to weed out spam accounts being registered in masse. One step is to make sure that the user made a cohesive sentence that addressees the question, and the other step is to check whether there is a sudden spike of similar new applications. Even ignoring the actual text, it is useful to be able to monitor whether you getting rate-limited bursts of account creations, and having the ability to approve/deny allows you to respond with less effort than if they succeed at creating the accounts.
JackFromWisconsinSounds like it sorts out the right kind of people? I’m not aware of anyone actually asking you to write an essay, no one would do that. 2 short answer questions does not an essay make.
Yeah I was a bit weirded out by that, it's like what, am I joining a cult? Anyway I actually signed up on a number of instances in search of one I like and only a couple were using an application. The rest were just captcha plus email.
I think they should come up with a better mechanism than an application. I understand the need to verify a signer is actually a human being, but an application is pretty off-putting. Problem is there's bots that can get around captcha and email authentication, AI keeps getting smarter.
ඞmir“ChatGPT, write me a paragraph about why I want to join an internet forum in first person”
Yeah ChatGPT could fill out an application as well. In fact AI is getting to the point now where it would be hard to tell even by voice. Though it's also a matter of effort on the part of the exploiter. They don't have to make it zero occurrence, just enough to keep it at bay.
It may be an AI, or it can also be a real human that is lying. The point of the application filter is to significantly slow down these approaches to bring their impact to a more manageable level. An automated AI bot will not be able to perform much better than a human troll with some free time because any anomalous registration patterns, including registration spikes and periodicity, are likely to be detected by the much more powerful processor that resides in the admin’s head.
On the other hand, a catch-all domain e-mail, a VPN with a variable IP, and a captcha-defeating bot can be used to generate thousands of accounts in a very short amount of time. Without the application filter the instance is vulnerable to these high-throughput attacks, and the damage can be difficult to fix.
If understand how Fediverse software works, I think you can just set up a server, install the software, then boom, you're federated with any instances that don't explicitly defederate you. That being the case, anyone can set up an instance, put however many accounts they want on it, then federate. The only safeguard is defederation by each instance individually. If I'm not wrong about that, it's definitely a security issue that needs to be addressed Fediverse wide.
DessalinesDon’t pay attention in the slightest to total users, active users is what counts.
Active users will probably drop off as the Reddit dust settles, but I'm liking it so far, not really that much of a jarring change once you get past the ActivityPub shananigans.
It’ll drop a little, but to a significantly higher level than it was before.
Yeah, something similar happened to VRChat a year ago, Neos and ChilloutVR had crazy spikes in signups in the first few days of the controversy but eventually ended up with around 2x-5x online users afterwards.
AceFourYeah, Lemmy bot net. I looked at one server and it was ridiculous the number of users vs active. My guess is the servers that had open signups got hammered with bot signups
It's also possible people are making accounts to see what it is but not doing anything yet, but I agree there are probably lots of bots
BlueÆtherI had about 20 bot accounts on mine before turning on more 'security', but it looks like that some instances had 10/20/30 thousand bot accounts in 24h
AninjanameddaryllThere's obviously bots, but some folks do multiple accounts as default (I do for sure), and others just want to have a bit of padding against instance failure. Others don't realise you don't need to have an account on an instance to access it lol.
Others don’t realise you don’t need to have an account on an instance to access it lol.
this, i think, is going to be the biggest hurdle for getting people to join the fediverse. we need seamless ways to view and subscribe to magazines on other instances than our own. either that or we need one to get big enough that it simply eats the smaller instances.