Admins, we're about to have a really bad SPAM problem when Lemmy removes captcha support in v.0.18 - You ALL have a responsibility to communicate back to lemmy devs to try to stop it. - tucson.social
tucson.social
Look, we can debate the proper and private way to do Captchas all day, but if we remove the existing implementation we will be plunged into a world of hurt. I run tucson.social - a tiny instance with barely any users and I find myself really ticked off at other Admin’s abdication of duty when it comes to engaging with the developers. For all the Fediverse discussion on this, where are the github issue comments? Where is our attempt to convince the devs in this. No, seriously WHERE ARE THEY? Oh, you think that just because an “Issue” exists to bring back Captchas is the best you can do? NO it is not the best we can do, we need to be applying some pressure to the developers here and that requires EVERYONE to do their part. The Devs can’t make Lemmy an awesome place for us if us admins refuse to meaningfully engage with the project and provide feedback on crucial things like this. So are you an admin? If so, we need more comments here: https://github.com/LemmyNet/lemmy/issues/3200 [https://github.com/LemmyNet/lemmy/issues/3200] We need to make it VERY clear that Captcha is required before v0.18’s release. Not after when we’ll all be scrambling… EDIT: To be clear I’m talking to all instance admins, not just Beehaw’s.

Big Drama Llamas…

User @[email protected] posted a call to pressure the devs to return CAPTCHA support before v.0.18 arrives on the community [email protected].

Mixed response from users and beehaw admins.

Lemmy issue #2922 is where it was removed 2 weeks ago due to its effectiveness being limited, Lemmy issue #3200 is the issue where it is suggested to have it return. Repo maintainers are somewhat perceptive to reverting it but would be more willing to accept a full implementation of graphical CAPTCHA over the previous version.

Alternative links: https://lemmy.ca/post/793011, https://beehaw.org/post/667199. (Note that if you view from a defed instance with Beehaw you will only see a handful of comments).

Discussion welcome here.

  • RentlarOPEnglish
    611 months ago

    I’m keeping my own opinions of it to this comment… The spam wave is troublesome and Captcha will slow down a little bit. While making noise about it is good, making it everyone’s responsibility to peer pressure the developers into doing it seems like crossing the line to me.

    Imho it would be better if people either held off on migration until it’s implemented or have a fork of it that contains captcha features where there aren’t existing protections (such as manual vetting).

    I get that these things make the project better and viable but the repo maintainers aren’t magicians and we should overall curb open-source entitlement to a reasonable level.

    • @[email protected]English
      211 months ago

      I have an instance that I created just for testing the software. It’s not being used. In fact, since it’s for testing only, it’s not even federated (federation turned off) because I don’t want to inflict my testing on anyone else. Also, the URL is not published anywhere. Since it’s just for testing, I had it with open registrations. A couple of days ago I woke up to find twenty new accounts. Somehow spammers got to it (again, no federation, URL unpublished anywhere). My theory is that since it was lemmy.<domain> that they were trying that kind of subdomain randomly. Anyway, manually removing 20 accounts from Lemmy is a pain. Moderation tools in Lemmy are severely lacking yet. I mean, it’s alpha software, we know it’s still a work in progress, so some issues like this are to be expected. But my point is that they shouldn’t be removing the very few tools to prevent spammers that instance admins have.

      • RentlarOPEnglish
        111 months ago

        I agree with that. Things change quickly too, what was not a problem at all 2 weeks ago (when the CAPTCHA removal PR was put in) is a big problem now as the Lemmy Threadiverse is more than 10x its previous size.

        I wouldn’t put it past people probing every domain for lemmy using a dictionary attack and TLDs. (lemmyhub.site, lemmyclub.xyz, lemmystation.pictures, etc.)