Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
deleted by creator
This right here.
Op, if you’re not ready to moderate, don’t spin up your own server or do your own private instance. If you’re going to moderate, do it properly and don’t spew bad ideas while hiding behind a dumb “alert” throwaway.
To be honest, I’m surprised that that username was allowed (or not reserved). It seems like it would introduce a risk where people could pose as Lemmy developers or something along those lines.
Lemmy is very “open” right now; some might say by design, other might say flawed. OP is maybe coming from a good place and actually wants to help, but instead of doing it tactfully, OP is becoming the exact thing they’re advocating against — a spammer posting garbage.
Meh, at least it’s driving engagement. There’s going to be friction for the time being as people are all mixed together into these communities. I’m sure plenty of casuals were engaged by this post, as it has over 1k upvotes.
But yeah I didn’t even notice his username is alert. I’m still on high alert for Reddit shills trying to destabilize this platform, though. Just say the word and I’ll come over and verbally defenestrate any shill that might appear.
I dont have a dog in this fight, because Im not a developer. Im just a plain old user here to watch the drama. I tend to agree though. It feels like OP deliberately chose a username to make a manipulative post under the guise of being an “official” account or something. If not for the goofy assed meme he attached to his post, it comes across like a server announcement or something.
I’m not really enthusiastic about email filters either, from a privacy standpoint. Plenty of companies that go harvest email addresses to link identities to activity. And even if the instance admin isn’t doing that, it’s one more thing that someone could break into a server and swipe.
If the CAPTCHA can’t handle it, then it ain’t doing its job.
Yes, captcha is the default minimum that should be implemented.
Also reasonable is to log account creation with IP and timestamp, which allows retroactively remove offenders if patterns occur, or [more easily] determining if 500 account signed up within 5 minutes from a single IP.
While kind of a pain, but fairly efficient: require a phone number with text verification to enable an account.
Yes I know there’s ways around each of these, but it makes it much harder to spin up many accounts through rudimentary means.
I believe you can literally just add a . To the end of your own gmail and it will go to yours. Ie [email protected] will go to [email protected].
Actually, hello.1@gmail will go to hello1@gmail.
The one you are thinking I believe is hello+1@gmail will go to hello@gmail
Correct, Gmail essentially doesn’t “see” dots hello@gmail is the same as h.e.l.l.o@gmail
hello+anything@gmail will also be delivered to hello@gmail. This is great for signing up for mailing lists or subscriptions then creating a filter afterwards to do with it what you please.
This particular quirk can be easily accounted for tbqh.
There’s one exception to that. If you originally created the email address with a dot in it, as in, signed up for gmail as “[email protected],” it’s treated as a literal character in the username portion and is required.
It’s still not required in this case…
Then that has changed at some point. Used to be that if you registered it with a dot in the name, you had to always use that dot.
maybe in the past, but i did that a few years ago and switch between the dot and not
Yeah, it had to have changed at some point then. It used to be required that you use the dot if you registered it with the dot.
Ahh, yea that’s right. Regardless, just all the more reason that it’s kind of silly to do what OP is talking about. Sure, you could filter out the + signs as well but overall it’s a pretty pointless implementation.
No, you’ve (maybe) limited your singular solitary instance’s growth: your instance is not “Lemmy” and admins should do whatever they find works for them, is something they can easily enforce, and resolves the problem.
If you want to geoip limit signups to Skokie, Illinois? Great! If it works for you and keeps your instance from being The Problem, then it’s a valid solution.
(I don’t disagree that email domain blocks are not a singular solution to any abuse problem, but I also think that whatever works for the individual admin is perfectly reasonable, and email blocks CAN be worthwhile.)
deleted by creator
I can’t imagine being so obsessed with race politics as to think that purely technical terms like “white list” and “black list”, which have never had any connection to race relations whatsoever, are somehow non-inclusive.
I can’t either. “Allow” and “block” has always made more sense to me, though, so I wouldn’t mind the change.
deleted by creator
You’re totally right, but they’re being ridiculous IMHO. (I read most of it for curiosity)