Gregory's Server@rysiek @pearlbear do you have an idea beyond closed registrations for detecting & handling spam? Because these attacks are constantly evolving, and a lot of people are working hard to fight back the attacks & fix federations to propagate suspensions quicker too — defederating can't be the answer because then the attacks will just move to other instances.
|
53 comments
 @rysiek @thisismissem @pearlbear It's not dangerous: While there are a lot of accounts in number, there are very few in influence. Most community members are elsewhere. Raw numbers is far from a useful measure, especially when a lot of them are bots.  @ocdtrekkie I disagree as I have seen it before: @rysiek @thisismissem @pearlbear We are so far from having a monoculture problem it isn't even funny. There's two healthy forks of Mastodon, and multiple entirely different breeds of software such as Misskey, Pleroma, and their related forks. And literally dozens of clients. People taking alarmist positions about mastodon.social are being hostile for the sake of hostility. @ocdtrekkie if you want to say that I am "being hostile for the sake of hostility", just go on and say it, don't hide behind "people taking alarmist positions". You are entitled to see what I say this way. I am allowed to draw analogies with a very similar network that had a very similar active accounts distribution, and then got almost killed by the flagship instance removing itself from the equation. We don't have to agree, and at this point I don't think we will. @rysiek @thisismissem @pearlbear If mastodon.social went away (very unlikely), pretty much the entirety of the community would be wholly unaffected. I referred to a group of people because it is not unique to you, but I am mostly tired of it. Again, it's not even remotely close to being a real problem. > If mastodon.social went away (very unlikely), pretty much the entirety of the community would be wholly unaffected. And again, I lived through an event like that, and it absolutely affected people all around. We will not agree. You flat-out refuse to accept my personal experience with a similar situation.  @rysiek @ocdtrekkie @pearlbear I'm almost certain that m.s ain't going anywhere anytime soon, and there's definitely no plans to drop activitypub (because that'd be very silly) But still, even if m.s disappeared overnight, that still leaves >85% of the fediverse intact, which certainly shouldn't be a death knell. @thisismissem I was so certain identi.ca was not going anywhere that I quit :birdsite: cold turkey about 7mo before identi.ca got pump-io'd. > But still, even if m.s disappeared overnight, that still leaves >85% of the fediverse intact How many of these 85% of accounts have important contacts on m.s? Identipocalypse also left ~90% of the network intact, and yet most people who remember this remember it as a calamity for the network. @rysiek @thisismissem @ocdtrekkie My concern is primarily new(er)users who sign on to m.s just because it's the default, or just because it was easiest (I started at m.s.) As it gets bigger and more difficult to handle, these users are the ones who are going to get caught in the middle, and may end up leaving the #fediverse because of it. @pearlbear that is also my concern. It has the potential to harm everyone around. @rysiek @pearlbear @thisismissem They have to start somewhere. I think the goal should be to get as many active folks who start at m.s to move off as possible. But I suspect you'd find most of the large numbers you are worried about aren't really committed to being on the fediverse to begin with. @ocdtrekkie @rysiek @thisismissem What does that even mean "committed to being on the fediverse to begin with"? For most people, you don't get committed to being on the fediverse until you have experience with it. And your experience with it will determine your level of commitment. Most people don't join the fediverse knowing, or being committed to the philosophy of it. @pearlbear @rysiek @thisismissem I think there's a huge amount of people just checking out briefly who churn through the m.s number. I browse our local a lot and it's almost entirely garbage. If you're afraid of the blast radius of m.s going away, stop over here and spend some time on our local timeline. @ocdtrekkie if the churn is so high, maybe that's another reason not to put new people by default on an instance that, as you say yourself, has "garbage" local timeline? 🤔 @rysiek @pearlbear @thisismissem For a large instance or Twitter analogue, the local timeline just isn't a good way to browse. Imagine a feed of every post on Twitter. I think folks benefit from eventually moving somewhere with a tighter community though, yes. @rysiek @pearlbear @thisismissem But it would give you a very different idea of the server than you might have looking solely at the stats. @ocdtrekkie you are making a very good argument for not making m.s the default instance for new people. It's a different argument to the one I've been making, but it's still a good one. @ocdtrekkie find me a way to prove this, and I will calm down. In the meantime, I will work with the data that is available, thanks.  @pearlbear @rysiek @thisismissem @ocdtrekkie i very much agree with this, as someone who started at m.s in 2017 @pearlbear Yes and I also worry that trolls will target Black and queer people specifically. The crypto spam is just annoying, like all spam, but after the very specific targeting of high profile activist Black women who moved to Mastodon from Twtr (leaving their new address on Twtr) after the November exodus, I worry that will be repeated. @rysiek @thisismissem @ocdtrekkie @Lucinda basically, Mastodon-the-company is making promises all around, to others on fedi and to new people joining fedi being funneled onto m.s, that m.s will always be moderated amazingly well. And I don't think they will be able to keep these promises. Which, due to the "Mastodon-is-fedi" thing, will reflect very poorly on all of fedi. @rysiek @Lucinda @pearlbear @thisismissem There will definitely be other servers that are there, but I think a key part of moderation is having a team with wide coverage, not just "issues will get fixed when admin wakes up next". @ocdtrekkie or having a small enough community that a single mod/admin can handle it when they wake up. @rysiek @Lucinda @pearlbear @thisismissem It's less about the volume but the response time. Though I am excited about the possibility of something like IFTAS helping smaller servers moderate above their scale.  @rysiek @Lucinda @pearlbear @thisismissem @ocdtrekkie trolls are *constantly* targeting folk on here; but they more often use their own smaller instances, behind the scenes instance admins are constantly defederating those. To be fair many medium-size/larger instance admins /do/ stomp on troll accounts quite quickly as they don't want to risk being defederated @rysiek @Lucinda @pearlbear @thisismissem @ocdtrekkie there's however a problem due to the international nature of Fedi, timezones and potential language barriers, I remember a few years back trolls from Western countries targeting Japanese run instances to take advantage of the 8 hour time differences. The solution to this is to recruit a very multicultural range of mods who know multiple languages and are active in different time zones (which some instances do now have)  @rysiek @thisismissem @pearlbear What major contacts on m.s? The most notable account besides the admin just migrated off it. @ocdtrekkie dunno maybe this guy for example: I'm sure you can find more if you choose to look. @rysiek @ocdtrekkie @pearlbear he's not exactly that active: 4d, 12d, etc.. but also, would you want an account like that on a smaller instance? @thisismissem the question was about major contacts. That's one of them. Are you guys trying to make me iterate through all ~220k+ active accounts on m.s to show that there are reasons to worry? Because that does not strike me as a sueful way to talk about this. @rysiek @thisismissem @pearlbear I am sure there would be *some* impact, but I just don't think there would be much. A few folks would migrate somewhere else ahead of time, and carry their followers with them automatically. A lot of bot accounts would get deleted. Not too much else. @ocdtrekkie cool, thank you for sharing your appraisal of the situation. I acknowledge that you disagree with my appraisal of the situation. And that you will not agree with my conclusions. 🤷♀️ @rysiek @ocdtrekkie @pearlbear I think that's saying a lot more about the community that existed on identi.ca than anything else. I'm fairly sure majority of my following is on my instance, i.e., local, not that I've done an analysis or anything. I think we under estimate how federated the network really is. The current user counts from Mastodon *include* accounts that have been migrated, which means, for instance, that I count as an m.s user when I'm actually on Hachyderm.io @thisismissem are you talking about monthly active accounts? Because that's what I've been talking about all this time. And the current MAU count on m.s is ~220k. So *again* I would like to see numbers on how many accounts get migrated daily compared to new signups. That said, I agree fedi is much, much more resilient than "OStatus-verse" ever was. My point is: I intend to keep it that way.  @ocdtrekkie @rysiek @thisismissem @pearlbear
i just got banned by another instance because i always preach the fact that every user should have their own instance lmfao who cares! users thinking their admins really protect them, is absolutely comical. @rysiek @pearlbear you're saying it's badly moderated, but the team responds to spam attacks rapidly. Like: https://status.mastodon.social/clhnoix2093310j1mzyyinu5bo Sure, m.s being the biggest instance isn't fantastic, but I suspect the stats are actually misleading here as it's including migrated accounts (i.e., accounts that are no longer on m.s): https://github.com/mastodon/mastodon/blob/main/app/presenters/instance_presenter.rb#L54 @thisismissem I hope you're right on both counts. I would like to see specific stats of how many people migrate away from m.s daily, compared to how many daily new accounts get created though.  They did manual approvals a few waves back, but only for a few days and apparently without taking any further precautions, and without any public apology or announced plans. @louis @rysiek @pearlbear as mentioned, closing signups wouldn't prevent these spam waves, but it would add friction to people new to the fediverse. @thisismissem then make a few smaller open instances the default to alleviate that friction. Instead of funneling every new person onto m.s. Also, here's a former Googler who makes a pretty good argument that maybe we need a bit more friction in general: @louis @rysiek @pearlbear the spam would just move to the next instance that's well connected, or they'd change the attacks to use multiple instances all at once; keeping the spammers targeting m.s is a good thing for the entire fediverse as we build out better tools to fight spam across the entire fediverse. @thisismissem @rysiek @pearlbear If what you describe would be true they would have already done that. I think you are engaging in conjecture. There are currently 12,137 known active Mastodon servers and mastodon.social is the only one with regular spam issues. For us in fact it is the only one since we started operating and now it is a daily issue. Your narrative is sugarcoating at beat. @thisismissem @rysiek @pearlbear Btw. re: friction. I still receive Spam reports to this minute thanks to the frictionless approach of mastodon.social. @louis @rysiek @pearlbear that'd be because suspended accounts aren't immediately federated to announce that status to recently interacted with instances: that's changing soon, Claire did up a PR for this that'll hopefully be merged & shipped soon, which will mean as soon as m.s suspends, all other instances recently contacted by that account will receive the suspension notice too. @louis @rysiek @pearlbear there's a fix coming soon for this, it's already merged on main, just needs to be deployed to m.s @thisismissem @rysiek @pearlbear
if every user had their own instance (and paid for it) this wouldn't be an issue. |
@thisismissem let's start with closed registrations on the biggest instance out there, which happened to be the source of three major spam attacks over the last 10 days.
I'd like to see a fedi where the biggest instance is no larger than 5% of the active accounts; m.s currently is at ~13%. That's simply dangerous.
Defederation is not the solution, but it is sometimes necessary with badly moderated instances.
@pearlbear