this post was submitted on 22 Jun 2023
171 points (88.3% liked)

Lemmy

2172 readers
2 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Here you can see 2 day old post warning about the danger of not using email/captcha verification: https://lemmy.ml/post/1345031

And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days: https://lemmy.fediverse.observer/dailystats

Another tracking site with the same explosion in users: https://the-federation.info/platform/73

What do you think? Is it some sort of a bug or do people run bot farms?

Edit2: It's been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.

Edit3: It's now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots.

Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 123 points 1 year ago (3 children)

I ONLY SEE OTHER HUMANS WHO EAT FOOD WITH THEIR MOUTH HOLES

[–] [email protected] 82 points 1 year ago (4 children)
{ "type": "comment response", "message", "I too, am certainly a human, and not a robot"}
[–] [email protected] 25 points 1 year ago (1 children)
[–] [email protected] 8 points 1 year ago (2 children)

01 received. Returning 0b1000101

load more comments (2 replies)
[–] Flim 10 points 1 year ago (1 children)

I think it should be “message”: instead of “message”, (colon instead of comma)

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 35 points 1 year ago

As a ~~large language model~~ human I agree

load more comments (1 replies)
[–] [email protected] 44 points 1 year ago (1 children)

Every new account isn't a bot, though. We don't have real numbers to work with yet.

[–] [email protected] 32 points 1 year ago* (last edited 1 year ago) (6 children)

When reddit migration begun we saw a huge bump in users and it was steadly stabilising and less users were joing, then this huge bump happened. You can go browse lemmy instances and see how many instances are ghost instances with 0 posts and comments that have tens of thousands of users.

[–] [email protected] 24 points 1 year ago (1 children)

Do also note- instances with little activity aren't that unusual though-

My instance for example- I don't really have any communities here, other then a few local to my server. As such, its activity... is pretty low. Everything happens elsewhere.

[–] [email protected] 11 points 1 year ago (1 children)

Does your instance have tens of thousands accounts?

load more comments (1 replies)
[–] [email protected] 12 points 1 year ago (1 children)

There a new influx in the user migration as well, as some subreddits started pinning lemmy and kbin.social instances on their subs. Also if you go on protest subreddits (such as ModCoord and Save3rdPartyApps) almost every post has a thread/comment redirecting people to the fediverse.

load more comments (1 replies)
load more comments (4 replies)
[–] [email protected] 38 points 1 year ago (4 children)

Everyone on Lemmy is a bot except me

[–] Badass_panda 33 points 1 year ago* (last edited 1 year ago) (4 children)

Where are you getting that 90% figure? I'm seeing stratospherically higher activity than I was a week ago, I'm willing to buy half to 2/3 of those accounts being a combination of alt accounts, duplicate accounts (e.g., people moving off beehaw) and bot accounts, but 90% bots sounds implausible.

Nobody is making 1.6 million bots to target 100,000 users.

load more comments (4 replies)
[–] [email protected] 28 points 1 year ago (7 children)

Test: if it says "hey guys, remember how great Reddit was, we should totally go back!?" - then it's a bot:-P.

load more comments (7 replies)
[–] [email protected] 27 points 1 year ago (2 children)

That's worrying. Though at least it seems they're mostly confined to a few particular instances. Defederating is a great tool that will definitely mitigate the worst of it, but at the same time this is uncharted water - there's no real way of knowing what exactly will happen in a large scale attack.

Just creating accounts isn't an attack, but it's going to suck when there actually is one. I wonder if they'll try to be subtle and use AI or recycled content, or if they'll just use the accounts for spam or DDoS?

[–] [email protected] 35 points 1 year ago (3 children)

Probably they are getting ready for some vote manipulation and astroturfing for the long run.
You know, in case Lemmy and the Fediverse really get mainstream enough to move the public opinion in some way.

Having a thousand accounts that can upvote a seemingly innocent post made by an active and "real" account is always useful.

[–] [email protected] 13 points 1 year ago (1 children)

Yeah good point. I think these particular bot instances are being way too obvious to do any major damage - not when it's as simple as it is to defederate them - but what'll happen when it's not 100k bots on one instance, but 1000 instances with 100 bots apiece?

Let's hope Lemmy gets the tools needed to deal with this. I wonder how Mastodon does it? They've been around a while, I'm sure they've had similar issues.

load more comments (1 replies)
load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 25 points 1 year ago (3 children)

This is incorrect human. Please go about your regular day and don't forget to visit www.maybeascam.ml !

[–] [email protected] 14 points 1 year ago

Thanks, will check it out. :)

load more comments (2 replies)
[–] eric5949 24 points 1 year ago (2 children)

Are they doing anything to solve this? Because if not this platform will die

[–] [email protected] 17 points 1 year ago (1 children)

More robust instances will have to defederate instances with high concentration of bots and monitor their own new users. Maybe also implement email verification or captchas

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (4 children)

Instances already have an ability to turn on both captchas and email verification.

[–] ewe 9 points 1 year ago (1 children)

There are almost 1000 lemmy instances already. Getting individuals to fix their signup settings so that they mandate CAPTCHA likely will have to be driven from the lemmy product update level and an agreed upon defederation list for non-conformant instances.

And bot farms would be able to spin up new instances themselves, so being able to do a blacklist based federation model (federate with all by default except x, y, and z) isn't going to be viable. There's going to have to be a whitelist (federate only with a, b, and c) and maintaining that as new instances get added will be problematic without an overarching way of pushing updates of known "good" instances automatically.

load more comments (1 replies)
load more comments (3 replies)
load more comments (1 replies)
[–] [email protected] 20 points 1 year ago* (last edited 1 year ago) (6 children)

001100

010010

011110

100001

101101

110011

load more comments (6 replies)
[–] [email protected] 20 points 1 year ago (2 children)

1.2 mil bot accounts? Can they each send me $1?

[–] [email protected] 7 points 1 year ago

How about 1.6m (from 1.7m total) bot accounts?

load more comments (1 replies)
[–] [email protected] 18 points 1 year ago (2 children)

I work in tech, this wouldn’t surprise me.

Where there are eyeballs there is spam. People even put spam in the Google Analytics referral field and that’s only ever going to get seen by the site owner.

It really says nothing about the health of the ecosystem, if it’s moderated and not filling the frontpage it’s only an issue for the server admins.

I’ve fought spammers and one alone could create these numbers in a day.

load more comments (2 replies)
[–] [email protected] 17 points 1 year ago (3 children)

Drivel. We are normal meat units filled with flesh. Now if you will excuse me, I am off to absorb nourishment from organic matter.

load more comments (3 replies)
[–] [email protected] 15 points 1 year ago (6 children)
[–] xbhaktapur 8 points 1 year ago

That is something a bot would say.

Hmmmm

load more comments (5 replies)
[–] [email protected] 14 points 1 year ago

I've yet to see any of them start posting. On my instance none of them could pass email validation because the emails were fake. I imagine this is true for many instances with a ton of bot sign-ups.

I think just reporting sign-ups as "users" is misleading. The user count on lemmy should reflect only approved/activated accounts, imo.

[–] razorbladethorax 13 points 1 year ago

Damn. Am I bot?

[–] [email protected] 12 points 1 year ago (1 children)

Devs will have some hard weeks (probably months) facing the new challenges that come with the exodus. Not even mentioning all the work needed to counteract eventual (probable) malevolent subterfuges such as these bot swarms.
I'll make sure to buy them some coffee. Jugs of.

load more comments (1 replies)
[–] ronalicious 11 points 1 year ago (1 children)

i, for one, welcome our robot overlords.

load more comments (1 replies)
[–] [email protected] 11 points 1 year ago

Yay! (Not a bot)

[–] [email protected] 8 points 1 year ago

I'm not a bot I swear

[–] [email protected] 8 points 1 year ago

Ah, you see, I've already learned the perfect way to disable all the bots with a single phrase...

THIS STATEMENT IS FALSE!

[–] Dick_Justice 7 points 1 year ago* (last edited 1 year ago) (1 children)

I heard somewhere that the devs full on removed Captcha from the next release. I hope theres an alternative plan in mind, as I would hate so much to see Lemmy get overrun. It makes me think of the last time I checked USENET; it was almost entirely made up of low-effort cutty paste ads with bad grammar and links to malicious websites. The devs and admins have worked too hard for this system to see tgat happen here and I think all of us want to see it really thrive.

[–] [email protected] 10 points 1 year ago (1 children)

They already brought it back in that future release.

load more comments (1 replies)
[–] dan1101 7 points 1 year ago (1 children)

I'm not a bot at least. Or am I? I can look down and see hands and arms, definitely not a bot.

Unless I am a bot that was programmed to think it's human.

Hmm. I've got a lot of thinking to do.

load more comments (1 replies)
load more comments
view more: next ›