Stux from geddit.social think that the massive recent wave of ~100k new Lemmy accounts is likely mostly spammers. Captchas suck, but are they better than the alternative?
The upcoming v0.18 of Lemmy is set to remove Captchas, I’ve got a feeling this problem is about to get a WHOLE lot worse.
Now there’s an open issue to bring them back :)
Great! Have you also commented on it? Have others here who are reading this and also concerned about this issue commenting on it?
Right now I think the Devs need to see how much impact they’re creating here and with how little people are weighing in, I really don’t think they’re fully understanding the implications.
Just because an issue exists means NOTHING. It’s a ticket, a work item, something that could choose to be discarded.
Additionally, just because the issue exists makes no guarantee that we’ll retain Captcha functionality in v0.18.
It’s always been up to instance admins to decide for themselves between the tradeoff of creating manual signup friction in order to reduce spam, or remove it in order to quickly scale for more users. This might remove a tool for now, but I think more tools will be added as alternatives.
they’re also looking into alternate ways to prevent spam bots: https://github.com/LemmyNet/lemmy/issues/3204
I’m aware of this already, thought about preemptively blocking those instances, but will probably just wait and see.
captchas are ok, but probably just a minor deterrant. I think they should be an option though.
not sure what the best way to stop this though, in the long run.
SMS verification 😂
You joke, but I wouldn’t be opposed. Would make it hard to sign up for a non-local instance though.
But then, I’m also the guy who just spent 11 years on reddit with his real name. So clearly privacy has never been my deciding factor when choosing a social network.
That’s the best approach to leaving footprints on the internet. Especially on social media. Assume everything is public.
hahaha yes! that’ll fix everything!
Undoubtedly. 😂
Joke aside, longer term, we could have a privacy-tiered verification approach. For example SMS verification for automatic approval, or text application for manual review. Some users might be OK giving their phone numbers for this purpose, while others might prefer submitting an essay. 🤷
Looking at the snap below, I’m getting worried about the integrity of this and other instances if all of these accounts start posting. There are many more like these. I counted at least 30 of them. For example if all of them try to post a 1MB image to a community in this instance. 💀
If there’s no protection against the above scenario, preemptive defederation might be warranted. Maybe even with a public post on here that lists the defederated instances, where any owners of mistakenly swatted instances can appeal.
E: Someone’s already doing an implementation.
yeah, I think I might preemptively block them. a different admin has been trying to contact them to get them aware, and had a list of some that had deleted the accounts and implemented captchas or whatever.
