this post was submitted on 23 Jun 2023
2180 points (96.7% liked)

Lemmy

12538 readers
3 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Please. Captcha by default. Email domain filters. Auto-block federation from servers that don't respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not "thousands of dollars" spent.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

The blog post dives into how it's hard for spammers to automate adding themselves onto the whitelist because its a chain of trust. You have to have an existing instance owner to vouch for you, which they can revoke at any time. A spammer couldn't do things like run a "clean" instance, and then whitelist off that, because presumably someone would try to contact the owner of the presumed "clean" instance to get them to remove the spam. When they don't respond, or only partially address the issue, it's possible to pull rank and contact the person further up the chain of trust.

In short, it's real people talking to each other about spam issues, but in a way that scales so that an owner of one instance doesn't need to personally trust and know every other instance owner. It should allow for small single user instances to get set up about as easily as any other instance. Everyone has to know and talk to someone along the chain.

The real downside of the system is that people are human, and cliques are going to form that may defederate swathes of the fediverse from each other. I kinda think that's going to happen anyways though.

A chain of trust is the best proposal I've seen for addressing the scaling issues associated with the fediverse. I'm not associated with that guy at all, just saying I like his idea.

-- edit

On second thought, getting your instance added to the chain of trust is literally no more difficult than signing up for an instance with a questionnaire. It's basically that but at the instance level instead of the user level.

[–] [email protected] 4 points 1 year ago (1 children)

Regarding your edit, it can't be that easy since spammers could just generate thousands of AI-written responses to questionnaires

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Right, an instance owner has to endorse another on an ongoing basis though. So for example, if an instance owner named Bob initially trusts a spammer based on a questionnaire, and then that guy immediately generates 100 bot accounts to start spamming with, then Bob can revoke the trust and the spammers instances get defederated.

You also need to own a domain to run a Lemmy instance. The cheapest of which are only a few dollars a year, which isn't much but it does put at least some floor on peoples ability to generate instances that'll just get banned.

[–] [email protected] 2 points 1 year ago

Could it be a subdomain, though? What if a spammer started a "Lemmy instance as a service" on "legit.ml", and started creating instances on "lemmy.u.legit.ml"? What if some of the instances were actually legitimate, while thousands of others weren't? What if... oh well, the rabbit hole goes deep on this one.