Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.

    • @prlang
      link
      English
      12
      edit-2
      1 year ago

      The blog post dives into how it’s hard for spammers to automate adding themselves onto the whitelist because its a chain of trust. You have to have an existing instance owner to vouch for you, which they can revoke at any time. A spammer couldn’t do things like run a “clean” instance, and then whitelist off that, because presumably someone would try to contact the owner of the presumed “clean” instance to get them to remove the spam. When they don’t respond, or only partially address the issue, it’s possible to pull rank and contact the person further up the chain of trust.

      In short, it’s real people talking to each other about spam issues, but in a way that scales so that an owner of one instance doesn’t need to personally trust and know every other instance owner. It should allow for small single user instances to get set up about as easily as any other instance. Everyone has to know and talk to someone along the chain.

      The real downside of the system is that people are human, and cliques are going to form that may defederate swathes of the fediverse from each other. I kinda think that’s going to happen anyways though.

      A chain of trust is the best proposal I’ve seen for addressing the scaling issues associated with the fediverse. I’m not associated with that guy at all, just saying I like his idea.

      – edit

      On second thought, getting your instance added to the chain of trust is literally no more difficult than signing up for an instance with a questionnaire. It’s basically that but at the instance level instead of the user level.

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        Regarding your edit, it can’t be that easy since spammers could just generate thousands of AI-written responses to questionnaires

        • @prlang
          link
          English
          4
          edit-2
          1 year ago

          Right, an instance owner has to endorse another on an ongoing basis though. So for example, if an instance owner named Bob initially trusts a spammer based on a questionnaire, and then that guy immediately generates 100 bot accounts to start spamming with, then Bob can revoke the trust and the spammers instances get defederated.

          You also need to own a domain to run a Lemmy instance. The cheapest of which are only a few dollars a year, which isn’t much but it does put at least some floor on peoples ability to generate instances that’ll just get banned.

          • @[email protected]
            link
            fedilink
            English
            21 year ago

            Could it be a subdomain, though? What if a spammer started a “Lemmy instance as a service” on “legit.ml”, and started creating instances on “lemmy.u<number>.legit.ml”? What if some of the instances were actually legitimate, while thousands of others weren’t? What if… oh well, the rabbit hole goes deep on this one.

          • Illecors
            link
            fedilink
            English
            21 year ago

            You can use subdomains, which pretty much means infinite instances on a single domain.

            • @prlang
              link
              English
              11 year ago

              That’s just a software / moderation issue though right? If as an instance owner you see a request from someone at “notaspammer.lemonparty.net” but six other subdomains have already been banned from “lemonparty.net” then you’d probably be pretty unlikely to approve any application.