Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
deleted by creator
The blog post dives into how it’s hard for spammers to automate adding themselves onto the whitelist because its a chain of trust. You have to have an existing instance owner to vouch for you, which they can revoke at any time. A spammer couldn’t do things like run a “clean” instance, and then whitelist off that, because presumably someone would try to contact the owner of the presumed “clean” instance to get them to remove the spam. When they don’t respond, or only partially address the issue, it’s possible to pull rank and contact the person further up the chain of trust.
In short, it’s real people talking to each other about spam issues, but in a way that scales so that an owner of one instance doesn’t need to personally trust and know every other instance owner. It should allow for small single user instances to get set up about as easily as any other instance. Everyone has to know and talk to someone along the chain.
The real downside of the system is that people are human, and cliques are going to form that may defederate swathes of the fediverse from each other. I kinda think that’s going to happen anyways though.
A chain of trust is the best proposal I’ve seen for addressing the scaling issues associated with the fediverse. I’m not associated with that guy at all, just saying I like his idea.
– edit
On second thought, getting your instance added to the chain of trust is literally no more difficult than signing up for an instance with a questionnaire. It’s basically that but at the instance level instead of the user level.
Regarding your edit, it can’t be that easy since spammers could just generate thousands of AI-written responses to questionnaires
Right, an instance owner has to endorse another on an ongoing basis though. So for example, if an instance owner named Bob initially trusts a spammer based on a questionnaire, and then that guy immediately generates 100 bot accounts to start spamming with, then Bob can revoke the trust and the spammers instances get defederated.
You also need to own a domain to run a Lemmy instance. The cheapest of which are only a few dollars a year, which isn’t much but it does put at least some floor on peoples ability to generate instances that’ll just get banned.
Could it be a subdomain, though? What if a spammer started a “Lemmy instance as a service” on “legit.ml”, and started creating instances on “lemmy.u<number>.legit.ml”? What if some of the instances were actually legitimate, while thousands of others weren’t? What if… oh well, the rabbit hole goes deep on this one.
You can use subdomains, which pretty much means infinite instances on a single domain.
That’s just a software / moderation issue though right? If as an instance owner you see a request from someone at “notaspammer.lemonparty.net” but six other subdomains have already been banned from “lemonparty.net” then you’d probably be pretty unlikely to approve any application.