Post AVJYokGkmGLbHVSyMC by louis@emacs.ch
(DIR) More posts by louis@emacs.ch
(DIR) Post #AVJYokGkmGLbHVSyMC by louis@emacs.ch
2023-05-04T14:46:58Z
0 likes, 0 repeats
@anticomputer @cpbotha @carcosa @namilus @rudi @herve @efim @etenil @luishgh @bionicbabelfish @entilldaniel @ramin_hal9001 @RogerBW @dekkzz76 @chedi Thank you all for reporting that annoying spam coming from @Gargron 's Mastodon.social instance. Nothing good came out of this instance yet and it seems to be the only one that has regular problems with spam attacks. But, as you might know, it is now the "default" instance. So the question is, is it worth considering defederation from the Mastodon's "default" instance or is it already too *big to fail*?I really hope that @Gargron will soon implement strategies to prevent these wide spread spam attacks coming from his "default" instance. I can only encourage you to get in touch with Eugen and ask him to raise his attention to what is happening on his instances.
(DIR) Post #AVJZ4O9skjCxL5iBJg by louis@emacs.ch
2023-05-04T14:50:18Z
0 likes, 0 repeats
@anticomputer @cpbotha @carcosa @namilus @rudi @herve @efim @etenil @luishgh @bionicbabelfish @entilldaniel @ramin_hal9001 @RogerBW @dekkzz76 @chedi @Gargron That does not look like a moderated instance to me... I'll now block all mastodon.social accounts that look like these.
(DIR) Post #AVJZ8NIbtBx7pgh8iG by RogerBW@emacs.ch
2023-05-04T14:51:00Z
0 likes, 0 repeats
@louis @anticomputer @cpbotha @carcosa @namilus @rudi @herve @efim @etenil @luishgh @bionicbabelfish @entilldaniel @ramin_hal9001 @dekkzz76 @chedi @Gargron I think it's vitally important to hold firm about delinking for spam just as for any other unacceptable behaviour. If they fix it, we can listen again. No node can ever be allowed to be too big to ignore.
(DIR) Post #AVJZCdZ3MDyBR8Pzzk by potato_lisper@fosstodon.org
2023-05-04T14:51:50Z
0 likes, 0 repeats
@louis interesting that it happened right after they set is as an default in official app. Who could have predicted it 🤔
(DIR) Post #AVJa7a0PGHJWuCMgiW by sqrtminusone@emacs.ch
2023-05-04T15:02:05Z
0 likes, 0 repeats
@louis @Gargron @chedi @dekkzz76 @RogerBW @ramin_hal9001 @entilldaniel @bionicbabelfish @luishgh @etenil @efim @herve @rudi @namilus @carcosa @cpbotha @anticomputer Maybe there should have been a rule that prevents sign-ups on an instance that takes over 50% of users, or something like that. Like it's done with crypto mining pools.
(DIR) Post #AVJawSp9inxbOwMkhk by louis@emacs.ch
2023-05-04T15:10:44Z
0 likes, 0 repeats
@sqrtminusone @Gargron @chedi @dekkzz76 @RogerBW @ramin_hal9001 @entilldaniel @bionicbabelfish @luishgh @etenil @efim @herve @rudi @namilus @carcosa @cpbotha @aral @anticomputer One of the obvious choices would be to manually approve sign-ups from unknown email domains. That is not 100% fail-safe but would at least prevent _anyone_ from _anywhere_ to automatically create a massive number of accounts in no time. To be honest, a spam attack like this could happen to any instance with automatic sign-up approvals at any moment, incl. emacs.ch.There should be a public list of approved email domains where admins of credible instances can add new records. Users from other email domains can still sign-up but need to be approved manually which is easy for any instance admin to do.I envision a future where new instances which allow fully automatic sign-ups without any moderation with automatically be announced on #fediblock .
(DIR) Post #AVJejL2njfMRKAkGga by carcosa@emacs.ch
2023-05-04T15:53:20Z
0 likes, 0 repeats
@louis I feel bad enough about self-hosted email domains like mine being treated as second-class without having this added. Plenty of my email spam comes from gmail accounts, so I don't think this is much protection.
(DIR) Post #AVJhZGfZRg7aitljt2 by bionicbabelfish@emacs.ch
2023-05-04T16:25:33Z
0 likes, 0 repeats
@louis thanks for the swift response & action!
(DIR) Post #AVJjG4UahAKvMYbivA by publicvoit@graz.social
2023-05-04T16:43:47Z
0 likes, 0 repeats
@louis @anticomputer @cpbotha @carcosa @namilus @rudi @herve @efim @etenil @luishgh @bionicbabelfish @entilldaniel @ramin_hal9001 @RogerBW @dekkzz76 @chedi @Gargron "Nothing good came out of this instance yet"You can't be serious. 😔Many thousands of people were introduced to Mastodon via that instance, serving as a starting point.
(DIR) Post #AVJjgoC9OejydUjPMm by louis@emacs.ch
2023-05-04T16:49:20Z
0 likes, 0 repeats
@carcosa I'm totally for self-hosted email, please don't get me wrong. But the email domain is one indicator that could help dealing with detection of massive account creation. It is easy to spin up an email server with a custom domain and have a catch-all address used to create an unlimited number of accounts on Mastodon instances. So the problem is not self-hosted email, but how Mastodon works.But there are also many other possibilities to deal with this, i.e. a good privacy-friendly Captcha or a throttle on account creation (i.e. if you get more then X signups per X minutes, automatically enable manual approvals).
(DIR) Post #AVJkfGlsHQJQdeGrOy by louis@emacs.ch
2023-05-04T17:00:15Z
0 likes, 0 repeats
@publicvoit I am serious and of course I am referring to Mastodon.social as the place it is today, not the place it was when it started Mastodon as such.Any credible general-themed instance is as good a starting point for any user and there are many. But mastodon.social now claims to be the "default" instance but does not have the resources in place to monitor massive account sign-ups - despite the big donations?It is the 4th wave of spam bot attacks since December '22 that I - as an admin of another instance who has to handle the incoming reports and spend *my* time for their shortcomings - coming from Mastodon.social (and not from any other instance) and they are getting bigger. There seems to be no sign from the devs to develop the tools to mitigate such attacks. Instead they amass more and more accounts on their "default" instance for reason XYZ.
(DIR) Post #AVJl8eNPavLSFOq3EG by publicvoit@graz.social
2023-05-04T17:05:33Z
0 likes, 0 repeats
@louis Spam is an issue, I totally agree. But then let's fight spam and not the one instance that helps many, many people who do not understand federation yet to start with Mastodon. There is a reason why so many people are on mastodon.social and I'm convinced that the reason is not that Eugen is playing a foul game here. All I see is how he promotes federation, boosts messages that help with that process and how he is trying to get Twitter-migrants to ease the switch as best as he can.
(DIR) Post #AVJmkjXYwbMpDkJH1M by louis@emacs.ch
2023-05-04T17:23:40Z
0 likes, 0 repeats
@publicvoit What I see is since Mastodon took off, there are clear tendencies to centralize the place by its founder. It is all public.In one of his recent interviews he claimed the diversity of instances as a "historical" thing. And he claims that there is no alternative to mastodon.social as the default. And now the mobile app was released with the assumption that people are not smart enough to choose from a variety of instances and instead are directed to mastodon.social.So you create a deeply decentralized place, with the help of thousands of others, and then, after it got successful *despite* being decentralized, you make a 180° turn and promote that centralization is the only thing people understand?And why you would think that it is a good thing to try compete with Twitter escapes my understanding. Do you want all that FUD that is running Twitter to be on Mastodon at all costs?More and more instance operators are dissatisfied with the way their ideas and contributions are handled (or dismissed). Just have a look at the GitHub issues for Mastodon. The direction is clear and there is no indication that it will not get worse in my personal opinion.