The long story short with the Mastodon spam woes this weekend is it’s a deliberate attack exploiting Fediverse and Mastodon issues.
They’re using Tor exit nodes and everything is automated. I think they can just keep running it, as there is no barrier to stop them.
To keep it in perspective, though, I don’t think it’s a big deal at present. People should just ignore it.
There is a bunch of technical issues it highlights, which is that Fediverse is very open to abuse at present. There’s no spam filtering at all. It’s like email from 1996. It’s wide open to abuse.
IMHO Mastodon admins should enable CAPTCHA for registration - it’s supported out of the box - if they run open sign ups.
Ideally Mastodon would add easy install third party plugins (a la Wordpress etc) so people could develop optional plugins for anti-spam and anti-malware.
@robert
Message signing and server identification is already there, that's what the high severity update was about this week - a way to bypass that and impersonate senders for posts.
The spam wave is (in part) about onboarding friction being low to encourage adoption, but being so low that it is easily scriptable by spammers, together with not having good enough tooling to limit the impact reasobably.
@GossiTheDog
@robert @GossiTheDog nah the fediverse doesn’t need any of that since it already is equipped with it
the spam is like spam from gmail or hotmail, correctly signed and all
Kevin Beaumont
Robert A. Hill
Irve
maswan
Charlotte 
/Cinny 
