Email or username:

Password:

Forgot your password?
Michał "rysiek" Woźniak · 🇺🇦

Well well well if it isn't cryptocurrency spam coming from the biggest, open instance on the #Fediverse. 👀

I wonder if this is at all related to challenges with moderating an instance of *checks notes* 200k active accounts? Or with moderating new accounts on the only instance actively promoted in the official apps? :thinking_rotate:

Thankfully we can always defederate! What's that? It's the biggest instance so there are real concerns about a lot of people losing connections? Whodda thunk it!

Cryptocurrency shilling coming from a mastodon.social account with a lot (and I mean a lot) of numbers in the username.
202 comments
Rairii

@rysiek time for GFNet

Gargron-Free Network

Natasha Nox 🇺🇦🇵🇸

@Rairii @rysiek I just hope @ordnung gives people on chaos enough time to move to another / our own individual instance before the defederation. ._.

While I really hate what currently happens I'd personally prefer not to defederate. At least not now.

Marjorie H Turner

@rysiek - just got the same message .. and I was confused. 😑

Jes

@rysiek@mstdn.social the only true solution is deleting or defeding from mastosoc.
I don't know a single person on mastosoc that anyone would want to talk to. it's just twitter for losers

Michał "rysiek" Woźniak · 🇺🇦

The size of mastodon.social means that it is hard to moderate current accounts there.

The fact that it is promoted as *the* instance by the official apps, combined with the fact that in the public mind fedi is Mastodon, means it's difficult to effectively moderate new accounts.

And its size also means that bad actors are not compartmentalized into small, manageable groups on defederate-able instances.

This is bad.

Michał "rysiek" Woźniak · 🇺🇦

There was this blogpost I wrote about this huge instance issue, but maybe I should not toot (ha!) my own horn?

Ah screw it, seems on-topic and important:
rys.io/en/168.html

Michał "rysiek" Woźniak · 🇺🇦

The size of mastodon.social is breaking the moderation story of the #Fediverse.

Moderation on fedi relies on:

1. instance admins and moderators being able to manage bad actors on their own instance;

2. instance admins being able to silence or defederate from insufficiently moderated instances.

Mastodon.social's size and the speed new accounts are set up there means that 1. is very difficult. The size of m.s. and the clout of some of its users means 2. is a hard decision.

Cutie of Chaos :verified_demigirl:

@rysiek Seriously, who cares about clout? If people want to follow clout then they can join dot social and leave the outside fediverse. Defederate from dot social and let Website Boy have his own personal Twitter.

Michał "rysiek" Woźniak · 🇺🇦

@cutieofchaos clout in the sense of "a lot of people from other instances are following and engaging with them."

It's not about some power thing. It's about a social network being social.

Cutie of Chaos :verified_demigirl:

@rysiek This is the same reason people give over not defederating from Free Speech instances. It doesn't matter. People will move to another instance. Just because this is a form of social media doesn't mean you need to swallow all the trouble instances. Dot social has become a trouble instance. It needs to be cut off.

Mr Bitterness

@rysiek
I had them silenced for a while. Think I'll go back to that permanently at a minimum.

Fifi Lamoura

@rysiek This was also my concern, combined with new people signing up and then being on a less well moderated server so they have a bad initial experience before they even understand how the fediverse works or have many friends to help them.

*Edited to add that I understand why this was done but it's a strategy that inevitably would need extra support in terms of very vigilant and active moderators and also doing some sort of waypointing for people towards tools to get to know how to use the fediverse. If you're going to be setting yourself up to be the instance that onboards newbies then you kind of need to do the onboarding part.

@rysiek This was also my concern, combined with new people signing up and then being on a less well moderated server so they have a bad initial experience before they even understand how the fediverse works or have many friends to help them.

*Edited to add that I understand why this was done but it's a strategy that inevitably would need extra support in terms of very vigilant and active moderators and also doing some sort of waypointing for people towards tools to get to know how to use the fediverse....

Michał "rysiek" Woźniak · 🇺🇦

@faduda definitely time to start thinking about it and telling people on m.s it's time to move — or find themselves stranded at some point.

Blithe ✧

@rysiek @faduda

Everyone describes the fediverse as similar to email. What would happen if Yahoo refused to send emails through to Gmail because they are too big? Does everyone need ten emails?

Some people feel more comfortable on small instances where they feel seen. Some feel more comfortable on a large instance where they blend into a crowd. Let's focus on moderation as the issue and not make people feel guilty for choosing a large instance if it's where they feel most comfortable.

Gerard Cunningham ✒️

@blithe @rysiek It's not unknown for GMail to block mail from known spammer IP addresses, so I'm not sure what your point is.

Michał "rysiek" Woźniak · 🇺🇦

@blithe @faduda

> Let's focus on moderation as the issue and not make people feel guilty for choosing a large instance if it's where they feel most comfortable.

The problem is, as I have stated repeatedly in this thread, that the size of mastodon.social makes the moderation problem much, much more difficult to deal with.

And in the context of the spam attack that started this thread — third in 10 days, all coming from mastodon.social! — the size of mastodon.social *is* the moderation issue.

Blithe ✧

@rysiek @faduda

Understood. But think of it this way-- you have people like Neil Gaiman on m.s. with 250k followers. I imagine a good amount of those are not on his instance. You cut him off, and what happens? Do those followers go make an acc on m.s to keep following him, making it even bigger? Does Neil make an account on a smaller instance that very likely can't handle that type of influx?

detached spork

@rysiek @faduda limiting on a long term basis seems like a reasonable option at this point. It doesn’t break existing connections but protects other instances from spam.

Rairii

@rysiek 2. will get more and more likely with each wave of spambots i think

at least it's giving me new malicious sites to report every time lol

Haelwenn /элвэн/ :triskell:
@rysiek It also relies on having enough tools, like mastodon moderators/admins are helpless when spam waves aren't centralised on a single instance but instead use a bunch of different open-registration servers or a spam software directly targeting ActivityPub.
pacanukeha❎

@rysiek does Mastodon support blocking a single user at the instance level? like instance B blocks @user@instanceA?
likeminded instances/mods could build a shared Blocklist.
moderation at scale is always going to be a hard problem. cc @mmasnick

Michał "rysiek" Woźniak · 🇺🇦

@pacanukeha yes it does, but that's externalizing the moderation cost to literally all other instances. And also raising this cost substantially, because now every single other instance has to take action on a bad account, instead of just the originating instance.

@mmasnick

FediThing

@rysiek

It's got to be stopped, and it will only get worse the more it grows.

I've been keeping an eye on the meter at instances.social/mastodon.soci and it currently shows mastodon.social as 13.8% of all Fedi users.

I know it will be painful for people to defederate from 1 in 7 users, but it will be a lot less painful than 1 in 4, or 1 in 2, or wherever it is heading for on the current course.

Michał "rysiek" Woźniak · 🇺🇦

@FediThing I wonder if a coordinated one or two day temporary defederation from m.s by a lot of other instances, announced ahead, would provide enough of a shock to the system for this to start getting fixed?

FediThing

@rysiek

Yeah, might be worth considering!

I'm waiting for the next update of the official app to see if they fix the onboarding. If they leave it as it is, with m.s still promoted as the main way to sign up, that will say a lot about their intentions (IMO).

Mr Bitterness

@rysiek @FediThing I think a coordinated mass limiting (i.e. "silencing") for a one to two week period might be enough of a shot across the bow without inconveniencing too many users who are caught in the cross fire without being really aware of the issue.

Because of their size/default instance for the official app etc. I feel like limiting is the best near term step. Leaves defed as a final option if things continue to go south.

Mr Bitterness

@rysiek @FediThing because a portion of this is a political issue, the coordination should include educating/informing the general population about what is happening, what changes they'll experience as a result, what the goals are, when it will resolve (or escalate if not addressed.) Otherwise we may just drive a bunch of people back to Birdchan/Bluesky because they suddenly lost 1/3 to 1/2 of their followers/following.

FediThing

@mrbitterness @rysiek

Yes, definitely.

Mastodon gGmbH is setting up lots of unwitting users for a nasty shock, it's very irresponsible of Eugen to play "defederation chicken" like this.

FediThing

@mrbitterness @rysiek

Maybe we could take a model from real life industrial disputes, where strikes are brief to begin with and become more frequent if the management refuses to talk?

Mr Bitterness

@FediThing @rysiek yep. Exactly. While I think that all who are concerned about the current direction are totally in the right, I think it's important to consider how it plays for what is now a large part of the Mastodon user base who doesn't know/doesn't care, and at least make some attempts to bring them along. Reach/teach those that are reachable/teachable anyway. Some still won't care, but at least an attempt can be made.

Simon

@mrbitterness@exile.social @rysiek@mstdn.social @FediThing@tech.lgbt

As an individual is there anything that
I can do ?

i.e. can
I personally defederate from m.s. ?

I'm kinda curious tbh.

Tim Chambers

@FediThing @rysiek

Defederation should be a nuclear option only for virtually unmoderated servers in my book. Blocking larger servers doesn’t do any good, doesn’t encourage users to migrate or set up own servers, and seems self-defeating. Better would be help mid to smaller servers do better distributed outreach and onboarding and teach users on big servers the value and ease of moving to smaller servers. And I say this as an admin of a small/medium server.

FediThing

@tchambers @rysiek

I've been trying to teach people about smaller servers for a long time, on things like @feditips and @FediGarden

It's tough though, because by the time they are on m.s the damage has been done. It's much harder to get people to move to a smaller server, than to steer them to the smaller server in the first place. If they start out on somewhere other than m.s, the job is much easier.

The problem we have is Eugen now has total control over most people's onboarding. If he says m.s is the server people should sign up on, most people will believe him and never look any further into it.

I don't think it does any good to allow this centralisation to continue. It doesn't encourage users to migrate, quite the opposite, it gives the impression that mastodon.social is the place to be. There could be runaway feedback.

If m.s gets bigger and bigger, and if Eugen shows no signs of changing course, I'm not sure there is any other way to affect the situation other than defederation.

@tchambers @rysiek

I've been trying to teach people about smaller servers for a long time, on things like @feditips and @FediGarden

It's tough though, because by the time they are on m.s the damage has been done. It's much harder to get people to move to a smaller server, than to steer them to the smaller server in the first place. If they start out on somewhere other than m.s, the job is much easier.

noodlejetski :verified_gay:

@tchambers
@FediThing @rysiek
> Blocking larger servers doesn’t do any good, doesn’t encourage users to migrate or set up own servers, and seems self-defeating.

yeah, that's my concern. let's say that everyone does defederate m.s and people do spread across smaller servers, but after some time one of those grows in size and gets hit by a similar wave of spammers. do we repeat the same thing over and over, further fracturing the Fediverse? at some point most people will grow tired of it.

benni

@rysiek you can always limit mastodon.social without to much loss. some instances already do.

Matt Palmer

@rysiek @campuscodi it seems unsurprising that a system whose abuse prevention is closely modelled on email turns out to have many of the same flaws as email.

Eric Dannewitz

@rysiek

Yeah, it's like they don't even bother to check accounts.....cause that is probably too hard and confusing for people.

So they make themselves the default onboarding but don't even want to check accounts out........

And the rest of us get spam posts now.

Thanks mastodon.social......dickheads.

Knitter girl

@rysiek I got it as well and I blocked them and reported them

Mafeesh :verified:

@rysiek

It's causing all sorts of issues already

Codesmith

@rysiek WTF is a "meme token created by the latest neural network?" Like, I know this is crypto spam but I swear it's increasingly making less sense. Though I'm a little surprised they didn't fit a few more buzzwords in there.

Varx

@codesmith @rysiek those are rookie numbers. It needs at least 5 more buzzwords or it will never take off.

Codesmith

@varx @rysiek There wasn't even anything about going to the moon.

Steve

@rysiek already reported and blocked the same account!

Wouter Tebbens

@rysiek I received the same airdrop message from another mastodon.social account, also with lots of numbers: mastodon.social/@ansannigar197

Screenshot of crypto spam by https://mastodon.social/@ansannigar19794350
Ang Black

@rysiek
thats how you know were legit out here

Dr. Robert M Flight

@rysiek if you look at their status page, they seem to be aware and are taking action. It does take time to respond to something like this wherever someone strikes from.

status.mastodon.social/

Michał "rysiek" Woźniak · 🇺🇦

@rmflight this is the third time in a few weeks this "hit them", and saying it "hit them" makes it seem like it was unexpected and surprising.

It was not. It was completely predictable, based on the size of m.s and the fact that it is being actively promoted as the "default" Mastodon instance.

Check the very link you sent. May 4th, May 12th, and today.

Michał "rysiek" Woźniak · 🇺🇦

@rmflight the bottom line is: mastodon.social is too big for it's own sake, and too big not to be a risk for the rest of fedi.

Other instances already started silencing it or outright defederating from it, because of the amount of work these spam waves bring to every other instance admin out there.

This is a good moment to find a new, smaller instance, and move. The more instances defederate from m.s the harder a move will become.

Privatised Sentient Water

@rysiek Perhaps someone could create a bot that replies to all crypto scams with links to Coffeezilla videos?

JohnW

@rysiek It's a shame that in Eugen's attempt to grow Mastodon, he's creating the very vulnerabilities that siloed social media has.

That and subjecting the rest of us to those risks. This is hedging into the role of dictator. "I am going to change your online experience but I won't bother asking you first. Because I own this instance and don't really care about the collateral effects..."

Dmitri Ravinoff

@rysiek
This a a problem once blocking individual spammers (by users) becomes a nuisance for users, right? Is it? I block maybe one spammer a month or so. Other people really suffer from lack of moderation on the big instance?

Michał "rysiek" Woźniak · 🇺🇦

@toxomat check the replies to this thread and see how many people got that spam.

This thread is proof this is already a nuisance to users.

Dave Rahardja (he/him)

@rysiek Counterpoint: Choosing instances is one of the main pain points that cause migrating users to abandon Mastodon, and it’s one of the hostile parts of migrating to Mastodon.

People *should* be encouraged to join a big instance by default so they can get onboarded quickly. They can always move their account to another instance once they get familiar with the system.

Moderation is an issue that mastodon dot social needs to grapple with. Luckily, they are a business and can raise funds/donations/volunteers for moderation.

@rysiek Counterpoint: Choosing instances is one of the main pain points that cause migrating users to abandon Mastodon, and it’s one of the hostile parts of migrating to Mastodon.

People *should* be encouraged to join a big instance by default so they can get onboarded quickly. They can always move their account to another instance once they get familiar with the system.

Michał "rysiek" Woźniak · 🇺🇦

@drahardja

> People *should* be encouraged to join a big instance by default so they can get onboarded quickly.

Yes, but they are encouraged to join *the* big instance. We can have a better onboarding process without creating a single point of failure in the network.

Mastodon Migration

@rysiek It's certainly true that large instances like mastodon.social can't really practically be defederated, so it falls on the shoulders of these instance admins to do a cracking job of moderation. It is also true that bad actors will try to exploit "too big to defederate" by launching attacks. So, we are going to get some bad stuff coming through before it can be squashed. If it is not squashed quickly, then we need to make noise, but it seems this was handled swiftly.

1/
#moderation

@rysiek It's certainly true that large instances like mastodon.social can't really practically be defederated, so it falls on the shoulders of these instance admins to do a cracking job of moderation. It is also true that bad actors will try to exploit "too big to defederate" by launching attacks. So, we are going to get some bad stuff coming through before it can be squashed. If it is not squashed quickly, then we need to make noise, but it seems this was handled swiftly.

Mastodon Migration

@rysiek Playing devil's advocate, and potentially addressing another community issue, what if the coordinated attack is against a mid-sized instance and the instance is overwhelmed and not able to respond quickly? The instance then gets listed on some block list and is defederated. Is this an equitable solution? Now the users of the mid-size instance are all disenfranchised. Does this provide attackers with another way to disrupt the smooth operations of the Fediverse?

2/
#moderation

@rysiek Playing devil's advocate, and potentially addressing another community issue, what if the coordinated attack is against a mid-sized instance and the instance is overwhelmed and not able to respond quickly? The instance then gets listed on some block list and is defederated. Is this an equitable solution? Now the users of the mid-size instance are all disenfranchised. Does this provide attackers with another way to disrupt the smooth operations of the Fediverse?

Mastodon Migration

@rysiek We need to recognize that as we grow there will be bad actors out there probing our weaknesses and trying to break our systems of moderation. Like all complex systems, we have vulnerabilities at all levels and the means of addressing these are with vigilance and active counter measures. Technology alone can help, but it is not enough.

3/
#moderation

Mastodon Migration

@rysiek What we need is cooperation and a rich arsenal of response to attacks. Certainly mastodon.social as the Gothem here has a key role to play, but just saying the problems are because it is a big city, and the solution is to have no big cities, is too simplistic and ignores that you need effective measures for enforcement of community standards throughout the social fabric.

4/
#moderation

Mastodon Migration

@rysiek The thing about Mastodon that gives us a fighting chance at this is that we generally are civic minded and care about our communities big and small. When an invader shows up bend on wrecking havoc, we pull together and deal with them. It is fine to then assess what happened, what went wrong, and how to do better in the future. But casting aspersions and attributing bad faith motives to one another is not the right path. Dividing the community is how the attacker wins.

5/
#moderation

@rysiek The thing about Mastodon that gives us a fighting chance at this is that we generally are civic minded and care about our communities big and small. When an invader shows up bend on wrecking havoc, we pull together and deal with them. It is fine to then assess what happened, what went wrong, and how to do better in the future. But casting aspersions and attributing bad faith motives to one another is not the right path. Dividing the community is how the attacker wins.

Emelia 👸🏻

@rysiek @pearlbear do you have an idea beyond closed registrations for detecting & handling spam? Because these attacks are constantly evolving, and a lot of people are working hard to fight back the attacks & fix federations to propagate suspensions quicker too — defederating can't be the answer because then the attacks will just move to other instances.

Michał "rysiek" Woźniak · 🇺🇦

@thisismissem let's start with closed registrations on the biggest instance out there, which happened to be the source of three major spam attacks over the last 10 days.

I'd like to see a fedi where the biggest instance is no larger than 5% of the active accounts; m.s currently is at ~13%. That's simply dangerous.

Defederation is not the solution, but it is sometimes necessary with badly moderated instances.

@pearlbear

Galactic Stone 🇺🇦

@rysiek I've been here since 2018 and I personally see a lot less spam now than I did in the beginning. I see zero spam now due to a lot of blocking and filtering. I can't remember the last time I saw crypto spam. And, FWIW, I never see hate speech or illegality here. I haven't had to report a post in years. That's just my two cents, actual worth will vary.

FurbyOnSteroids

@rysiek
Instantly defederating from an instance because of a spam attack isn't a solution either. Give people time to react. If they fail to react within a reasonable time or the attack is too big, then yea. Defederate. But defederation should be one of the last resorts. Nobody wants to create instances if they constantly have to be scared to be defederated whenever someone whines about them not reacting in 500ms if a bad message appears.

Steve's Place

@rysiek Automated blocks, like every other method of thwarting spam, leave a window where spam gets through. The "time is limited" part might signal to an algorithm that something is up. Human eyes would see it but 24/7 eyes on every post is unlikely & probably unwanted.

An algo that flagged it, and a section for Potential Spam would leave it up to the user, and provide a way for attention to be drawn to it. Might get more reports and thus get into automated blocks for all servers sooner.

Danny Boling ☮️

@rysiek

I'm shocked! I mean, who coulda seen this coming? :eyeroll:

Shingo Mouse

@rysiek Right now, with all the talk going on in this thread, it is making me afraid I may soon be forced to switch Mastodon Instances over some #cryptospam that was going on, and I have been on mastodon.social for around a year. Even though I could move the list of who I'm following along with my small mute and block lists over to another instance, I currently have over $1,400+ posts that aren't able to move.

kinyutaka

@rysiek

"It's a new meme token"

How do people say that with a straight face?

Konomi Kitten

@rysiek to add to this thread I'm currently on mastodon.online and very much considering moving.

I've tried to contact the staff of this instance multiple times over the last year (using the email address) and never got a single reply.

The two main instances are to be avoided at this point because I don't believe they're being managed properly moderation wise.

Hella

@rysiek

Last year a bunch of people (including me) were followed by spam accounts from a very small server.
Ugly detail: These were Ukrainian servers, the admins at that time had no power and internet connection. The spammer misused that situation ...

Reducing (not preventing!) that sort of problem only could be done by a multi headed 24/7 mod team or by switching off instant sign up (which was the solution of the Ukrainian admins, IIRC, after they had internet access again).

You can't completely prevent spam in an open environment.

@rysiek

Last year a bunch of people (including me) were followed by spam accounts from a very small server.
Ugly detail: These were Ukrainian servers, the admins at that time had no power and internet connection. The spammer misused that situation ...

Reducing (not preventing!) that sort of problem only could be done by a multi headed 24/7 mod team or by switching off instant sign up (which was the solution of the Ukrainian admins, IIRC, after they had internet access again).

DELETED

@rysiek
Mastodon getting bigger makes Spam inevitable. The team is handling it well, especially if you consider how understaffed they are.
I don't wanna go into the was-it-right discussion for the default instance, but always complaining about a reasonable decision at the end kills the platform.

Toni Aittoniemi

@rysiek ”Too big to block”, brilliant coining of a phrase! 🫶😅

Frikisada

@rysiek the text on the screenshot gave me an aneurysm

Thaiis Thei 𓁟

@rysiek Coping with a bit of spam is preferable to facilating the overthrow of society. Have some perspective.

Tony Hoyle

@rysiek
Surely the spam won't propogate.. unless someone you follow is boosting it you'll never see it except on the federated feed, and that's just a firehose so you can expect that.
@quixoticgeek

Go Up