this post was submitted on 27 Jul 2023
1035 points (98.8% liked)
Fediverse
28219 readers
386 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Well done. I for one appreciate the effort you're putting into making this a better place by keeping the bots out. Any thoughts on what can be done to keep bots from signing up to begin with or is the plan to continuously purge inactive accounts? I know from experience that a lot of these bad actors are going to pivot and redouble their efforts. This is unfortunately a cat and mouse game that will continually need to be addressed. But, again, thank you for your work on this!
Instances should enable verification to create accounts (email or captcha). I think everyone learned that pretty quickly last month. Other than that, it's up to users to diligently flag content and moderators to be responsive. Maybe there are good automod tools coming to Lemmy someday, but those are an arms race, too.
How does email handle it?
Are you referring to email verification on sign up? If so, it's unfortunately easily overcome by bad actors. Depending on how the platform handles it, one email can be used over and over again to verify accounts or there are many services out there that provide an endless amount of quick and easy emails. The automation of this has already been solved too. For the first scenario, limits on how many times an email is used for account verification is useful. For the second scenario, we really start the cat and mouse game. You can block sign up from accounts using spam email domains. There are lists out there that can help. If someone is really persistent, they may have a trove of legitimate email addresses they can use. Then you have to start considering where the sign ups are coming from, the IP, it's reputation, the behaviors, and hopefully it's fingerprints from the device. You could serve a captcha but most are trivial to bypass with code straight from GitHub or captcha passing services. Overall, this is not an easy problem to solve. I know a lot of conversation on Lemmy is being had regarding this topic. It's going to take all of us together to help solve the problem.
Email is federated very similarly to ActivityPub. How does Email handle filtering for bad instances?
I know they have sophisticated systems built up over decades that now seems to work quite well, but I don't really know the details.
I do believe if I stand up my own email server right now that I can still send email to people without being blocked, but I'm not positive.