alertProtect. Moderate. Purge. Your. Sever.
Look up the origins of IRC's EFNet.
FrostBoltNow that’s a name I’ve not heard in a long time… a long time
Folks running new federated networks gotta learn this stuff!
https://en.wikipedia.org/wiki/EFnet
that was my home network for many years
amittenWow it’s been so long since I’ve thought about IRC. Does anyone you know still use it regularly?
Pfff, all the cool kids were on DALnet
Mine got blown up a day or two ago before I had enabled Captch. About 100 accounts were created before I started getting rate-limited (or similar) by Google.
Better admin tools are definitely needed to handle the scale. We need a pane of glass to see signups and other user details. Hopefully it’s in the works.
Crappily malicious username you have there, are you the baddie?
Lmao are you the guy from yesterday?
OptimusPrimeRibWhats the purpose of these bots?
DudeBoyTo spam and vote manipulation are the two biggest concerns.
talVotes are visible to the world, unlike with Reddit, so that'll be vulnerable to data analysis.
Please calm down lol
dedaledude, it's important.
The admin https://lemmy.dbzer0.com/u/db0 from the lemmy.dbzer0.com instance possibly made a solution that uses a chain of trust system between instances to whitelist each other and build larger whitelists to contain the spam/bot problem. Instead of constantly blacklisting.
For admins and mods maybe take a look at their blog post explaining it in more detail. https://dbzer0.com/blog/overseer-a-fediverse-chain-of-trust/
FedoraNeat, but I appreciate the email model of spam protection more than simple dumb whitelists. I won't list my domain on any whitelist as whitelists discourage what Lemmy needs the most: People who run their own instances. At the end of the day, spammers will automate the process of listing themselves, and the person who runs their own instance has to go around doing everything manually.
The blog post dives into how it's hard for spammers to automate adding themselves onto the whitelist because its a chain of trust. You have to have an existing instance owner to vouch for you, which they can revoke at any time. A spammer couldn't do things like run a "clean" instance, and then whitelist off that, because presumably someone would try to contact the owner of the presumed "clean" instance to get them to remove the spam. When they don't respond, or only partially address the issue, it's possible to pull rank and contact the person further up the chain of trust.
In short, it's real people talking to each other about spam issues, but in a way that scales so that an owner of one instance doesn't need to personally trust and know every other instance owner. It should allow for small single user instances to get set up about as easily as any other instance. Everyone has to know and talk to someone along the chain.
The real downside of the system is that people are human, and cliques are going to form that may defederate swathes of the fediverse from each other. I kinda think that's going to happen anyways though.
A chain of trust is the best proposal I've seen for addressing the scaling issues associated with the fediverse. I'm not associated with that guy at all, just saying I like his idea.
Regarding your edit, it can’t be that easy since spammers could just generate thousands of AI-written responses to questionnaires
Right, an instance owner has to endorse another on an ongoing basis though. So for instance, if an instance owner named Bob initially trusts a spammer based on a questionnaire, and then that guy immediately generates 100 bot accounts to start spamming with, then Bob can revoke the trust and the spammers instances get defederated.
You also need to own a domain to run a Lemmy instance. The cheapest of which are only a few dollars a year, which isn't much but it does put at least some floor on peoples ability to generate instances that'll just get banned.
Aren’t in e-mail it basically impossible to host your own servers anymore?
db0 probably knows what they’re talking about, but the idea that there would be an “Overseer Control Plane” managed by one single person sounds like a recipe for disaster
I hear you. For what it's worth it is mentioned in the end of the blog post, the project is open source, people can run their own overseer API and create less strict or more strict whitelists, instances can also be registered to multiple chains.
Don't mistake my enthousiasm for self run open social media platforms for trying to promote a single tool as the be and end all solution. Under the swiss cheese security model/idea, this could be another tool in the toolbox to curb the annoyance to a point where spam or bots become less effective.
So defeating the point of Lemmy? Nah, that's a terrible "solution" that will only serve to empower big servers imposing on smaller or even personal one's.
t҉̠̙ǵ̣̞̄ͪ͜x̸̱͚̳ͫ͐̑̈ͯͣ̚n̒͌҉͉̦̜̝ͅThe (simplified) way it works is it reads data from the public observer’s API and check if ((total users > (totalPosts + totalComments) > susScore) as a “suspicious” community.
“susScore” is configurable if you want to run your own instance of it.
Ulu-Mulu-no-dieWho controls the Overseer Control?
AB7ORH7DIs it possible to require an authentication app or something to make an account? Require a specific score on a flash game like snake? Or is that stupid? I don't know, I'm not a dev ¯_(ツ)_/¯
Norah (pup/it/she)You dropped this \
Here’s how you type it in markdown:
¯\\\_(ツ)\_/¯
dblsaikoAs someone with his own email domain, screw you for even thinking about suggesting domain filters.
Slayer 🦊I second this
Blacklist domain filters are fine, it's whitelist domain filters that get small personal domains.
And blacklist domain filters are pretty useless when you can create unlimited emails with [email protected]
IllecorsThank you for voicing this out! Was literally my first reaction as well
Everyone is talking about how these things won't work. And they're right, they won't work 100% of the time.
However, they work 80-90% of the time and help keep the numbers under control. Most importantly, they're available now. This keeps Lemmy from being a known easy target. It gives us some time to come up with a better solution.
This will take some time to sort out. Take care of the low hanging fruit first.
We need a distributed decentralized curated whitelist that new servers will apply for and hopefully get a quick week max response after some kind of anti spam audit. Also then periodic checks of existing servers
I’m against email domain whitelists and captchas (at the very least Google’s captchas).
Why against captchas? Why Google's in particular?
@[email protected] have a literary "arch" in their name. Do you really have to ask why a fan of arch linux is against anything that google has even touched?
Google have touched Linux, they should move to BSD...
I've never heard of arch linux.
Yeah. What email domains should even be whitelisted? Certainly not gmail, you can create infinite alt gmail addresses. Unless you also ban the extended emails. Which is a legitimate feature to use. Maybe allow one extended email address per one base email address? This is getting a bit difficult to implement for your average Joe hosting a Lemmy instance. You can get a trial Outlook for Business or something account to get a bunch of emails on Microsoft's business email domain, onmicrosoft.com.
Then what about privacy focused email providers or personal domains? Why should users of those be punished just because a bunch of bots?
llamaLooking at you oceanbreeze.earth, your instance is worth defending from bots
AndromedusGalacticusI learned about this community from your post. That's so unfortunate.
for larger instances, this makes sense. For us smaller instances, just add a custom application requirement that isn’t about reddit. though i’ll be adding captcha too if they keep at it (every hour, 2 bots apply).
I’ve seen bots trying to create accounts, it’s the same boring message about needing a new home because “random reason about reddit”. I’ll borrow a quote from Mr Samuel Jackson: “I don’t remember asking you a god damn thing about reddit”… and application is denied.
I mentioned Reddit in an application. I feel like that would come up in legitimate applications at the moment. Is it easy to tell the bots from actual applicants?
I somehow missed your first bit about asking for it specifically to not be about reddit. That makes sense.
In my case, yes. I asked for a reason written in code (working or not). Since I intend to be a DevOps focused instance, there’s no excuse. Most humans would read the application and I don’t feel bad for denying based on this requirement.
Also helps that after 8 of those bots apps, the message is very similar. If there was a human in that mix, they can dm me and ask for reconsideration.
ඞmirI asked exactly that to get on here… I saw about it on Reddit and said I want to try an alternative to Reddit. This will get more real humans than bots blocked.
Lemmy is just getting started and way too many people are talking about defederation for any reason possible. What is even the point of a federated platform if everyone's trying to defederate? If you don't like federation so much, go use Facebook or something.
This. Defed is not the magic weapon that will solve all your problems. Captcha and email filters should be on by default though.
Just to add to that, imagine people would start defeding email. Like WTF is that even? Defed should not even be an option.
Certainly it should. If you connect with a server that breaks all your core rules you shouldn't force mods to deal with that constant stream of garbage. Just cut off the source.
Use Facebook then. Or Reddit.
Lol, no. Defederatioon is a tool. Sometimes it is the right call to use it. Go use Gab or something if you want a voat like hellhole filled with neo-nazis and Q-tard conspiracy nonsense. I don't want to be part of a community that allows that shit though.
Again, go use Facebook or Reddit. They will suit your needs and wishes.
Again, go use Gab or Daily Stormer. They protect the "freeze peach" (aka right wing hate speech) you are so concerned about.
I'm not concerned about free speech. But please, leave Lemmy alone without your snowflake crap.
Lol, snowflake. You just confirmed it, dude. Go read the rules. If you don't like them, you can leave.
What rules? The only one here disliking rules of federation is YOU. Go back to Reddit, they will welcome you with open hands.
It's right on the front page, dude.
A Lemmy site for various topics, for everyone to use. Be polite and follow the rules (https://mastodon.world/about).
If you follow that link you'll see all sorts of rules. Defederation is built into the system for a reason. If you want a hate space go to Gab.
If you want defederation - go to Reddit.