this post was submitted on 22 Jun 2023
369 points (97.7% liked)

Fediverse

17795 readers
33 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

Lemmy has multiplied it's number of users (maybe more accurately accounts) in just few days. How much do you think is the percentage of bot accounts? Is Lemmy having problem with bot farming?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 1 year ago* (last edited 1 year ago) (1 children)

Have all of the Lemmy instances (and kbin ones, too) now added email requirements, captcha, and maybe the little paragraph asking why you should have an account that Beehaw does?

Also, how do you identify bot accounts? Can you bulk ban accounts or.do they all have to be examined and dealt with individually?

ETA: I wasn't suggesting the paragraph. Just wondering what the instances are putting in to prevent bots. I actually tried to sign up for Beehaw, wrote my little paragraph, and then got the pinwheel of death, lol. I was never able to sign up, but lucked out with a kbin.social account. I have to add that it's pretty disappointing to be downvoted for simply asking a question. Feels like what I left at Reddit.

[–] [email protected] 7 points 1 year ago (5 children)

good grief i hope not. Email & captcha are reasonable; a short form essay on why you should be graced with the ability to participate is super cringe.

[–] [email protected] 8 points 1 year ago (1 children)

Join request forms do a good job at doing what they're designed to do.

[–] Anemervi 1 points 1 year ago

Bots could just use ChatGPT to write a better application than most humans would? Also who is going to want to read thousands of requests? So a very narrow use case.

Recaptcha and maybe mCaptcha on top would be a better general deterrent.

[–] [email protected] 7 points 1 year ago (1 children)

Yeah I was a bit weirded out by that, it's like what, am I joining a cult? Anyway I actually signed up on a number of instances in search of one I like and only a couple were using an application. The rest were just captcha plus email.

I think they should come up with a better mechanism than an application. I understand the need to verify a signer is actually a human being, but an application is pretty off-putting. Problem is there's bots that can get around captcha and email authentication, AI keeps getting smarter.

[–] [email protected] 6 points 1 year ago (2 children)

"ChatGPT, write me a paragraph about why I want to join an internet forum in first person"

[–] [email protected] 2 points 1 year ago

Yeah ChatGPT could fill out an application as well. In fact AI is getting to the point now where it would be hard to tell even by voice. Though it's also a matter of effort on the part of the exploiter. They don't have to make it zero occurrence, just enough to keep it at bay.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

It may be an AI, or it can also be a real human that is lying. The point of the application filter is to significantly slow down these approaches to bring their impact to a more manageable level. An automated AI bot will not be able to perform much better than a human troll with some free time because any anomalous registration patterns, including registration spikes and periodicity, are likely to be detected by the much more powerful processor that resides in the admin's head.

On the other hand, a catch-all domain e-mail, a VPN with a variable IP, and a captcha-defeating bot can be used to generate thousands of accounts in a very short amount of time. Without the application filter the instance is vulnerable to these high-throughput attacks, and the damage can be difficult to fix.

[–] [email protected] 5 points 1 year ago

It is too easy to fake e-mails. You can set up a catch-all e-mail domain and spam the registration like that. I am not a fan of giving my e-mail nor collecting other people's e-mails.

My current message contains the following:

Please leave a short message (a sentence or two is enough) stating why you would like to join this instance and I will accept your application as soon as possible. The purpose of this form is to filter out spam bots, not to judge your motivation for joining.

It is not about them writing an essay to be let in. It is a very effective strategy to weed out spam accounts being registered in masse. One step is to make sure that the user made a cohesive sentence that addressees the question, and the other step is to check whether there is a sudden spike of similar new applications. Even ignoring the actual text, it is useful to be able to monitor whether you getting rate-limited bursts of account creations, and having the ability to approve/deny allows you to respond with less effort than if they succeed at creating the accounts.

[–] [email protected] 5 points 1 year ago

Sounds like it sorts out the right kind of people? I'm not aware of anyone actually asking you to write an essay, no one would do that. 2 short answer questions does not an essay make.

[–] [email protected] 1 points 1 year ago

@funkyb @Very_Bad_Janet @1337tux those who aren't willing to do so aren't likely to be good fedizens willing to practice netiquette.