Post 9k2N8QV6Dd3NGv0bdg by macgirvin@pleroma.fr
(DIR) More posts by macgirvin@pleroma.fr
(DIR) Post #9jz7C6ffhlP0Bno6DY by Gargron@mastodon.social
2019-06-18T22:14:22Z
0 likes, 1 repeats
Honestly, whoever has an idea for a spam detection measure for Mastodon, and by that I do mean an implementation, get in touch with me, I'll pay for it.I've been thinking about solutions for the past few days but the more I think about them the more they appear pointless.#mastodev
(DIR) Post #9jz7EItBFZ16f5Ao9g by dog@crazynoisybizarre.town
2019-06-18T22:15:26Z
1 likes, 1 repeats
@Gargron delete all accouny
(DIR) Post #9jz7maQIZ596tA0lIe by Gargron@mastodon.social
2019-06-18T22:19:47Z
0 likes, 0 repeats
Defining an account as suspicious when it has no local followers can be circumvented by just pre-following them, using account age can be circumvented with sleeper accounts, blacklisting URLs does nothing when the spam does not include URLs, checking for duplicate messages sent to different recipients can be circumvented by randomizing parts of the message...#mastodev
(DIR) Post #9jz7mamdE30i0QSb6u by angristan@mstdn.io
2019-06-18T22:21:29Z
1 likes, 0 repeats
@Gargron the best anti-spam for now is
(DIR) Post #9jz8299JjhwsvwUKJ6 by xeno@nomoresha.me
2019-06-18T22:24:28.032423Z
1 likes, 1 repeats
@angristan @Gargron the current problem child is someone who makes accounts on all sorts of instances, this is a uniquely federation problem
(DIR) Post #9jz86ANn5mTfuwAtw8 by brunoph@mastodon.technology
2019-06-18T22:25:03Z
0 likes, 0 repeats
@angristan @Gargron ineffective as spammers are spinning up their own instances
(DIR) Post #9jz8FyTUDmIRsfW2E4 by Gargron@mastodon.social
2019-06-18T22:25:16Z
0 likes, 0 repeats
E-mail deals with spam using Bayesian filters or machine learning. The more training data there is, the more accurate the results, a monolith like GMail benefits from this greatly. Mastodon's decentralization means everyone has separate training data, and starts from scratch, which means high inaccuracy. It also means someone spamming a username could potentially lead to any mention of that username be considered spam due to the low overall volume of data, unless you strip usernames#mastodev
(DIR) Post #9jz8FyepXbN2Rqp5uK by Gargron@mastodon.social
2019-06-18T22:25:55Z
0 likes, 0 repeats
However, if you strip usernames from the checked text, the spammer could write messages using usernames...#mastodev
(DIR) Post #9jz8FyokwhJIwdT1NY by dog@crazynoisybizarre.town
2019-06-18T22:26:56Z
0 likes, 0 repeats
@Gargron jyst mud e account ibn client sude
(DIR) Post #9jz8FyumaI8BFKHplw by helldude@radical.town
2019-06-18T22:15:11Z
0 likes, 1 repeats
@Gargron my idea for spam is that you simply, do not allow it
(DIR) Post #9jz8HrHputUsAPxsoK by angristan@mstdn.io
2019-06-18T22:27:08Z
0 likes, 0 repeats
@brunoph @Gargron that's not the spam I've been seeing.
(DIR) Post #9jz8JBhtTp3zmymqoK by angristan@mstdn.io
2019-06-18T22:27:25Z
0 likes, 0 repeats
@xeno @Gargron this is a little part of the spam issue.
(DIR) Post #9jz8Qs0oaZ1t1VIgO8 by Gargron@mastodon.social
2019-06-18T22:28:48Z
0 likes, 0 repeats
@angristan Yes, correct. However, it is not a defence against all the servers that are not using it!
(DIR) Post #9jz8mnWLy4kdSrVYiu by angristan@mstdn.io
2019-06-18T22:32:45Z
0 likes, 0 repeats
@Gargron and most of all it's not automated :(
(DIR) Post #9jz8xV9GcGozfXoUvQ by levi@cawfee.club
2019-06-18T22:34:50.055157Z
0 likes, 0 repeats
@xeno @angristan @Gargron Its fun being unbanable I like making people work to block me
(DIR) Post #9jz8zgrE3NCOYyQ0ga by xeno@nomoresha.me
2019-06-18T22:35:13.295658Z
1 likes, 1 repeats
@levi @Gargron @angristan i wasnt talking about you, shithead
(DIR) Post #9jz93qGd0hDuuBHQSe by brunoph@mastodon.technology
2019-06-18T22:28:03Z
0 likes, 0 repeats
@Gargron Just thinking out loud here, but have you considered looking into existing research papers on the subject? A quick search for “spam detection research paper” brings up many relevant results.
(DIR) Post #9jz93qXdzQpnkxF0z2 by angristan@mstdn.io
2019-06-18T22:35:48Z
0 likes, 0 repeats
@brunoph @Gargron they probably all use some kind of machine learning though, don't they?
(DIR) Post #9jz96YIuFmru3tdcKu by xeno@nomoresha.me
2019-06-18T22:36:27.416807Z
0 likes, 0 repeats
@angristan @Gargron well its not just him, but thats how spam works on fedi in general, auditing registrations on mastosoc wont stop itunless youre suggesting everyone introduces that to which id say eh why not
(DIR) Post #9jz99UYoczjfJwTtOy by levi@freespeechextremist.com
2019-06-18T22:37:00.203360Z
1 likes, 0 repeats
@xeno @levi @Gargron @angristan :backfromgab: you live in my head rent free :backfromgab:
(DIR) Post #9jz9A7wwBFChU34Cum by ben@mastodon.lubar.me
2019-06-18T22:22:46Z
0 likes, 0 repeats
@Gargron MRF
(DIR) Post #9jz9A8A3OThC8jCgMK by Gargron@mastodon.social
2019-06-18T22:28:08Z
0 likes, 0 repeats
@ben Even @lain agrees MRFs are not a sufficient tool against the kind of spam we've been seeing recently.
(DIR) Post #9jz9A8H8y7MoUiWLPU by ben@mastodon.lubar.me
2019-06-18T22:29:14Z
0 likes, 0 repeats
@Gargron @lain are we talking about the spam for that one specific site that has identical copy-pasted messages from multiple accounts?because if MRF can't handle that I'm not sure what MRF can actually handle
(DIR) Post #9jz9A8W24lHDEtUEcK by Gargron@mastodon.social
2019-06-18T22:36:35Z
1 likes, 0 repeats
@ben @lain The spammer has first changed URLs, then used shorteners, then simply gave up on linking to anything--they are just textual messages now.
(DIR) Post #9jz9CTPJN93ac2SPlw by saga@bsd.moe
2019-06-18T22:37:31.631662Z
1 likes, 0 repeats
@xeno @angristan @Gargron mandatory "why do you want to join" fields are gonna scare newfriends away, especially the ones with social anxiety
(DIR) Post #9jz9Ft6sGcH9CFSgT2 by angristan@mstdn.io
2019-06-18T22:38:00Z
1 likes, 0 repeats
@saga @Gargron @xeno yes :(
(DIR) Post #9jzA0tFTZKbVElthRI by riking@orb.an6.us
2019-06-18T22:40:33.536817Z
0 likes, 0 repeats
@Gargron @lain @ben stuff like “if the account has received a fave / like from anyone anywhere, allow posting links” provides a waist-high fence and forces the spammer to jump to the last item on that list
(DIR) Post #9jzA0tOh13ybhMD3o0 by ben@mastodon.lubar.me
2019-06-18T22:41:12Z
0 likes, 0 repeats
@riking @Gargron @lain you can't upvote a post that's in the moderation queue
(DIR) Post #9jzA0takIFcMIjqgam by riking@orb.an6.us
2019-06-18T22:42:02.323911Z
0 likes, 0 repeats
@ben @lain @Gargron in the scope of mastodon, does “the moderation queue” exist?
(DIR) Post #9jzA0tpzNZoL40yrLs by ben@mastodon.lubar.me
2019-06-18T22:42:25Z
0 likes, 0 repeats
@riking @Gargron @lain no, and it didn't exist in NodeBB before we implemented this policy either.
(DIR) Post #9jzA0u0GlM2BZtn4NM by riking@orb.an6.us
2019-06-18T22:43:11.012221Z
0 likes, 0 repeats
@ben :) please make sure to separate out “this is new feature development” from “this is straightforward application of existing or almost-existing code”
(DIR) Post #9jzA0uHHk5e4Qfketk by ben@mastodon.lubar.me
2019-06-18T22:43:40Z
0 likes, 0 repeats
@riking spam filtering isn't a feature of Mastodon at all at this pointthe solution is NOT an automated system
(DIR) Post #9jzA0uQrAVIkuMEIoi by clarjon1@connected.cat6.network
2019-06-18T22:46:36.838598Z
0 likes, 0 repeats
@ben @riking What about a service similar to akismet for WP comments. Admins sign up for an API key and conf their instance to process posts
(DIR) Post #9jzOTUJQl6mJegHHn6 by rune@mastodon.nzoss.nz
2019-06-18T22:23:53Z
0 likes, 0 repeats
@Gargron Have you looked into federating block lists? Possibly making instance wide blocks more transparent and allowing others to subscribe to them?It's not an instant fix, but I don'teven think this problem is NP complete. There are too many variables and opinions.I could easily see a few instances maintaining these lists and everyone else just following them.
(DIR) Post #9jzOTUZjmTp2TFuJCy by Gargron@mastodon.social
2019-06-18T22:30:20Z
0 likes, 0 repeats
@rune Spam comes from innocent servers where the spammer signs up. This has little to do with domain blocks.
(DIR) Post #9jzOTUpKqUIbFdClWK by rune@mastodon.nzoss.nz
2019-06-18T22:33:52Z
0 likes, 0 repeats
@Gargron Can instance wide bans only target entire domains?
(DIR) Post #9jzOTV1k6MDvs70frM by Gargron@mastodon.social
2019-06-18T22:39:44Z
1 likes, 3 repeats
@rune Trust me, you don't want a globally shared account blocklist. Nobody bothers to oversee those when copying/subscribing. Your name put on there by an enemy? That might actually ruin most of the network for you.
(DIR) Post #9k05X8kLB8CdxNqvOS by lychee@mstdn.io
2019-06-19T09:31:01Z
0 likes, 0 repeats
@angristan mstdn.io — only accepting new members if they can upload a video of themselves doing a backflip and then holding up a sign saying "mstdn.io 4 lyf"
(DIR) Post #9k17Riy9z40vd3p0ro by macgirvin@pleroma.fr
2019-06-19T20:20:45.563573Z
0 likes, 1 repeats
@Gargron Keep your money. We went that route with email and the best we ever came up with was heuristics (learning algorithms), but the spammers soon found ways around even that. The only way to stop spam is to not allow it in the first place. You achieve this by closing off any communications path that isn't controlled by whitelist or moderation. There is no other way. Maybe you can find one but I've been fighting these guys for 25 years now(*) including my work in this space for large commercial providers(**) and that's the conclusion I arrived at.* Google "green card spam".** Google "America Online". We blocked spammers. We applied learning algorithms using ~100 billion samples of known spam to seed the algorithms. We tracked them down and took them to court. We took their ISPs to court. And still they came.
(DIR) Post #9k17RjAvDcDqGdnCl6 by onan@dobbs.town
2019-06-19T21:27:16Z
0 likes, 0 repeats
@macgirvin @Gargron Secure Scuttlebutt and Bitmessage lend themselves to whitelist-first communication, and are appealing for that reason.The best spam filter I've found is going back to written communication send through the postal system. The time it takes to write a letter and the few cents it takes to send it are tall barriers for most people.:jrbd: 📫
(DIR) Post #9k17rPCk5jcJrIt8ca by Gargron@mastodon.social
2019-06-19T21:31:54Z
0 likes, 0 repeats
@onan @macgirvin That appeal is also its weakness: It's unfitting for reaching larger audiences and makes it more difficult to join
(DIR) Post #9k18Khmg5lOhsdfTl2 by onan@dobbs.town
2019-06-19T21:37:12Z
0 likes, 0 repeats
@Gargron @macgirvin We agree - different tools for different jobs. Some suited for smaller and closed groups, some suited for larger and open groups.For instance, the Church of the SubGenius has dobbs.town at Mastodon with its degrees of openness, but there's also "ScrubGenius" at another location on another platform that is entirely closed to non-members.:jrbd:
(DIR) Post #9k1sp0Rxqw1YLnMlAO by Wolf480pl@niu.moe
2019-06-20T06:18:07Z
0 likes, 0 repeats
@Gargron how about: detecting accounts which @-mention multiple different people who have never mentioned them and who don't reply or fav afterwards? you could also factor in whether they reply to a post which wouldn't normally show up in an inbox, eg. when they reply to a reply to a person whom they don't follow
(DIR) Post #9k2AQjp1p1u70LjQvY by trwnh@mastodon.social
2019-06-19T06:26:45Z
0 likes, 0 repeats
@Gargron @angristan so essentially what you're stuck with is the problem of how to deal with *remote* spam?well, that means whitelists or ocaps.there is no other solution for push-based networks. email spam is just a thing we put up with. sms / phone spam is another thing that we can't really do anything about.the only real way to *prevent* spam is to prevent unaudited and unapproved communications from being delivered to you... unfortunately. everything else is a half-measure.
(DIR) Post #9k2AQk3uvfoVkWhK8O by galaxis@mastodon.infra.de
2019-06-20T09:29:06Z
0 likes, 0 repeats
@trwnh @Gargron @angristan Well, the current wave of spam that I've seen was attached to existing interactions.Unfortunately, the Fediverse has no controls on that level - sure, I can block that account, or I can report them (and hope the remote instance cares or isn't actively hostile) - but everyone else will still get to see it when they're looking at the affected thread on their instance. So spamming currently is super effective, at least until the originating account gets deleted.
(DIR) Post #9k2N8QV6Dd3NGv0bdg by macgirvin@pleroma.fr
2019-06-19T23:39:51.724007Z
0 likes, 0 repeats
@Gargron @onan World domination isn't my goal. Been there, done that. I would rather use a spam resistant small network (and I do) than a huge network full of crap and abuse any day of the week. In fact that is precisely why I have a minimal (and "burnable") fediverse presence these days and keep it completely isolated from my real social network.
(DIR) Post #9k2N8QiDQrXrvb955E by macgirvin@pleroma.fr
2019-06-20T08:26:33.998453Z
0 likes, 1 repeats
@Gargron @onan The real advantage of Zot networks is that you can have promiscuous permissions just like Mastodon - if you want. But if you get tired of spam and nazis and dickpics and whatnot you can change the permissions to something more suitable for your needs. You can moderate or prohibit or even allow comments and wall posts from some people or everybody or nobody. It's all up to you. "One size fits all" never worked for shoes and it certainly doesn't work for social network permissions.
(DIR) Post #9k2OV3pklAFZaQ1gnY by dredmorbius@mastodon.cloud
2019-06-20T12:13:05Z
0 likes, 0 repeats
@Gargron Pretty much this. "Spam" is highly contextual, and it's ultimately a matter of *effects of behaviour*, which is difficult to pre-vet.Not impossible, but hard.Volume is a strong signal, as is keyword similarity and source. Graph analysis helps a lot here.
(DIR) Post #9k2OawRFAUWOO6Mllo by dredmorbius@mastodon.cloud
2019-06-20T12:14:08Z
0 likes, 0 repeats
@Gargron Any longer write-up on the current problem and what you're looking at?
(DIR) Post #9k2OhsrKsEtJJXsg8e by dredmorbius@mastodon.cloud
2019-06-20T12:15:24Z
0 likes, 0 repeats
@Gargron Also: inverting the question and considering what's #notSpam may be useful.
(DIR) Post #9k2P9v9rv6PAYJv1Jw by Mainebot@octodon.social
2019-06-18T22:15:50Z
0 likes, 0 repeats
@gargron How does email, by and large, deal with it?
(DIR) Post #9k2P9vOP341zHOicyW by dredmorbius@mastodon.cloud
2019-06-20T12:20:27Z
0 likes, 0 repeats
@Mainebot Massive and in-depth response.IP reputation (Senderbase, Ironport, Spamhaus, RBLs), residential DUL bluck, SPF, Bayesian filters, large-scale realtime trend tracking, malware filtering, keyword matching (spamassassin), whitelists, milters, rate-limiting, trusted senders, realtime spam-reporting. @Gargron
(DIR) Post #9k2POh4uYEi7ECdzlY by dredmorbius@mastodon.cloud
2019-06-20T12:23:08Z
0 likes, 0 repeats
@Mainebot Also DKIM. I knew I was forgetting one.Both DKIM and SPF address identity spoofingby way of increasing email header robustness.https://securityintelligence.com/understanding-the-spf-and-dkim-spam-filtering-mechanisms/ @Gargron
(DIR) Post #9k2PgTGidKwdbwdzAO by dredmorbius@mastodon.cloud
2019-06-20T12:26:20Z
0 likes, 0 repeats
@Mainebot Wikipedia's email anti-spam measures article is comprehensive, though many methods scale poorly or are fairly ineffective.https://en.wikipedia.org/wiki/Anti-spam_techniques @Gargron
(DIR) Post #9k2R1n5gENf57hD7BI by uncletrunks@shootjackdorseyinto.space
2019-06-18T22:23:14.415067Z
0 likes, 0 repeats
@Gargron there's a pleroma MRF module that drops any messages containing urls from any accounts the server is unfamiliar with which has worked pretty well for them. a real MRF in mastodon seems like the way forward.
(DIR) Post #9k2R1nO77qPI2rppui by Gargron@mastodon.social
2019-06-18T22:27:29Z
0 likes, 0 repeats
@uncletrunks Our spammer has stopped using URLs in messages. It's just text now
(DIR) Post #9k2R1nbEL4tmhXyJMG by dredmorbius@mastodon.cloud
2019-06-20T12:41:23Z
0 likes, 0 repeats
@Gargron Is "our spammer" the alt-right wingnut, by chance?@uncletrunks
(DIR) Post #9k2REF2W8vqBHRfUQq by dredmorbius@mastodon.cloud
2019-06-20T12:43:39Z
0 likes, 0 repeats
@Gargron This was specifically the wilw problem on Twitter.Corollary: blocklists of any sort need an appeals process. @rune
(DIR) Post #9k2RaZfM8RFxcgU37I by dredmorbius@mastodon.cloud
2019-06-20T12:47:41Z
0 likes, 0 repeats
@Gargron Dupe checks can be based on tuple matches, which mitigates the randomisation defence, though storing longer patterns (3, 4+ words) is very expensive.There's also reboost attacks -- distinguishing legit from nefarious becomes interesting.
(DIR) Post #9k2RfOoDvd0hOlvqwy by dredmorbius@mastodon.cloud
2019-06-20T12:48:34Z
0 likes, 0 repeats
@Gargron Also: collectively, these measures all increase spammer costs.
(DIR) Post #9k2S3MWY4lpLGH5ii0 by dredmorbius@mastodon.cloud
2019-06-20T12:52:54Z
0 likes, 0 repeats
@brunoph Spam-friendly instances are actually easy and cheap to detect and block.A small number of spammers on larger, and poorly-administered, instances is far worse.The collateral damage of instance-level countermeasures is high. And policing a large number of NEW user signups (and monitoring for sleepers and reputation harvesting) is expensive. @angristan @Gargron