Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.

  • prlang@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 year ago

    The blog post dives into how it’s hard for spammers to automate adding themselves onto the whitelist because its a chain of trust. You have to have an existing instance owner to vouch for you, which they can revoke at any time. A spammer couldn’t do things like run a “clean” instance, and then whitelist off that, because presumably someone would try to contact the owner of the presumed “clean” instance to get them to remove the spam. When they don’t respond, or only partially address the issue, it’s possible to pull rank and contact the person further up the chain of trust.

    In short, it’s real people talking to each other about spam issues, but in a way that scales so that an owner of one instance doesn’t need to personally trust and know every other instance owner. It should allow for small single user instances to get set up about as easily as any other instance. Everyone has to know and talk to someone along the chain.

    The real downside of the system is that people are human, and cliques are going to form that may defederate swathes of the fediverse from each other. I kinda think that’s going to happen anyways though.

    A chain of trust is the best proposal I’ve seen for addressing the scaling issues associated with the fediverse. I’m not associated with that guy at all, just saying I like his idea.

    – edit

    On second thought, getting your instance added to the chain of trust is literally no more difficult than signing up for an instance with a questionnaire. It’s basically that but at the instance level instead of the user level.

    • star_boar@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Regarding your edit, it can’t be that easy since spammers could just generate thousands of AI-written responses to questionnaires

      • prlang@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Right, an instance owner has to endorse another on an ongoing basis though. So for example, if an instance owner named Bob initially trusts a spammer based on a questionnaire, and then that guy immediately generates 100 bot accounts to start spamming with, then Bob can revoke the trust and the spammers instances get defederated.

        You also need to own a domain to run a Lemmy instance. The cheapest of which are only a few dollars a year, which isn’t much but it does put at least some floor on peoples ability to generate instances that’ll just get banned.

        • jarfil@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Could it be a subdomain, though? What if a spammer started a “Lemmy instance as a service” on “legit.ml”, and started creating instances on “lemmy.u<number>.legit.ml”? What if some of the instances were actually legitimate, while thousands of others weren’t? What if… oh well, the rabbit hole goes deep on this one.