Email or username:

Password:

Forgot your password?
Top-level
Emelia 👸🏻

@rysiek @pearlbear do you have an idea beyond closed registrations for detecting & handling spam? Because these attacks are constantly evolving, and a lot of people are working hard to fight back the attacks & fix federations to propagate suspensions quicker too — defederating can't be the answer because then the attacks will just move to other instances.

53 comments
Michał "rysiek" Woźniak · 🇺🇦

@thisismissem let's start with closed registrations on the biggest instance out there, which happened to be the source of three major spam attacks over the last 10 days.

I'd like to see a fedi where the biggest instance is no larger than 5% of the active accounts; m.s currently is at ~13%. That's simply dangerous.

Defederation is not the solution, but it is sometimes necessary with badly moderated instances.

@pearlbear

ocdtrekkie

@rysiek @thisismissem @pearlbear It's not dangerous: While there are a lot of accounts in number, there are very few in influence. Most community members are elsewhere. Raw numbers is far from a useful measure, especially when a lot of them are bots.

ocdtrekkie

@rysiek @thisismissem @pearlbear We are so far from having a monoculture problem it isn't even funny. There's two healthy forks of Mastodon, and multiple entirely different breeds of software such as Misskey, Pleroma, and their related forks. And literally dozens of clients.

People taking alarmist positions about mastodon.social are being hostile for the sake of hostility.

Michał "rysiek" Woźniak · 🇺🇦

@ocdtrekkie if you want to say that I am "being hostile for the sake of hostility", just go on and say it, don't hide behind "people taking alarmist positions".

You are entitled to see what I say this way. I am allowed to draw analogies with a very similar network that had a very similar active accounts distribution, and then got almost killed by the flagship instance removing itself from the equation.

We don't have to agree, and at this point I don't think we will.

@thisismissem @pearlbear

ocdtrekkie

@rysiek @thisismissem @pearlbear If mastodon.social went away (very unlikely), pretty much the entirety of the community would be wholly unaffected.

I referred to a group of people because it is not unique to you, but I am mostly tired of it. Again, it's not even remotely close to being a real problem.

Michał "rysiek" Woźniak · 🇺🇦

@ocdtrekkie

> If mastodon.social went away (very unlikely), pretty much the entirety of the community would be wholly unaffected.

And again, I lived through an event like that, and it absolutely affected people all around.

We will not agree. You flat-out refuse to accept my personal experience with a similar situation.

@thisismissem @pearlbear

Emelia 👸🏻

@rysiek @ocdtrekkie @pearlbear I'm almost certain that m.s ain't going anywhere anytime soon, and there's definitely no plans to drop activitypub (because that'd be very silly)

But still, even if m.s disappeared overnight, that still leaves >85% of the fediverse intact, which certainly shouldn't be a death knell.

Michał "rysiek" Woźniak · 🇺🇦

@thisismissem I was so certain identi.ca was not going anywhere that I quit :birdsite: cold turkey about 7mo before identi.ca got pump-io'd.

> But still, even if m.s disappeared overnight, that still leaves >85% of the fediverse intact

How many of these 85% of accounts have important contacts on m.s? Identipocalypse also left ~90% of the network intact, and yet most people who remember this remember it as a calamity for the network.

@ocdtrekkie @pearlbear

Max Pearl

@rysiek @thisismissem @ocdtrekkie

My concern is primarily new(er)users who sign on to m.s just because it's the default, or just because it was easiest (I started at m.s.) As it gets bigger and more difficult to handle, these users are the ones who are going to get caught in the middle, and may end up leaving the #fediverse because of it.

Michał "rysiek" Woźniak · 🇺🇦

@pearlbear that is also my concern. It has the potential to harm everyone around.

@thisismissem @ocdtrekkie

ocdtrekkie replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @pearlbear @thisismissem They have to start somewhere. I think the goal should be to get as many active folks who start at m.s to move off as possible. But I suspect you'd find most of the large numbers you are worried about aren't really committed to being on the fediverse to begin with.

Max Pearl replied to ocdtrekkie

@ocdtrekkie @rysiek @thisismissem

What does that even mean "committed to being on the fediverse to begin with"? For most people, you don't get committed to being on the fediverse until you have experience with it. And your experience with it will determine your level of commitment. Most people don't join the fediverse knowing, or being committed to the philosophy of it.

ocdtrekkie replied to Max

@pearlbear @rysiek @thisismissem I think there's a huge amount of people just checking out briefly who churn through the m.s number. I browse our local a lot and it's almost entirely garbage. If you're afraid of the blast radius of m.s going away, stop over here and spend some time on our local timeline.

Michał "rysiek" Woźniak · 🇺🇦 replied to ocdtrekkie

@ocdtrekkie if the churn is so high, maybe that's another reason not to put new people by default on an instance that, as you say yourself, has "garbage" local timeline? 🤔

@pearlbear @thisismissem

ocdtrekkie replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @pearlbear @thisismissem For a large instance or Twitter analogue, the local timeline just isn't a good way to browse. Imagine a feed of every post on Twitter. I think folks benefit from eventually moving somewhere with a tighter community though, yes.

ocdtrekkie replied to ocdtrekkie

@rysiek @pearlbear @thisismissem But it would give you a very different idea of the server than you might have looking solely at the stats.

Michał "rysiek" Woźniak · 🇺🇦 replied to ocdtrekkie

@ocdtrekkie you are making a very good argument for not making m.s the default instance for new people. It's a different argument to the one I've been making, but it's still a good one.

@pearlbear @thisismissem

Michał "rysiek" Woźniak · 🇺🇦 replied to ocdtrekkie

@ocdtrekkie find me a way to prove this, and I will calm down.

In the meantime, I will work with the data that is available, thanks.

@pearlbear @thisismissem

Rairii

@pearlbear @rysiek @thisismissem @ocdtrekkie i very much agree with this, as someone who started at m.s in 2017

Lucinda Catchlove

@pearlbear Yes and I also worry that trolls will target Black and queer people specifically. The crypto spam is just annoying, like all spam, but after the very specific targeting of high profile activist Black women who moved to Mastodon from Twtr (leaving their new address on Twtr) after the November exodus, I worry that will be repeated. @rysiek @thisismissem @ocdtrekkie

Michał "rysiek" Woźniak · 🇺🇦 replied to Lucinda

@Lucinda basically, Mastodon-the-company is making promises all around, to others on fedi and to new people joining fedi being funneled onto m.s, that m.s will always be moderated amazingly well.

And I don't think they will be able to keep these promises. Which, due to the "Mastodon-is-fedi" thing, will reflect very poorly on all of fedi.

@pearlbear @thisismissem @ocdtrekkie

ocdtrekkie replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @Lucinda @pearlbear @thisismissem There will definitely be other servers that are there, but I think a key part of moderation is having a team with wide coverage, not just "issues will get fixed when admin wakes up next".

Michał "rysiek" Woźniak · 🇺🇦 replied to ocdtrekkie

@ocdtrekkie or having a small enough community that a single mod/admin can handle it when they wake up.

@Lucinda @pearlbear @thisismissem

ocdtrekkie replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @Lucinda @pearlbear @thisismissem It's less about the volume but the response time. Though I am excited about the possibility of something like IFTAS helping smaller servers moderate above their scale.

Alex@rtnVFRmedia Suffolk UK replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @Lucinda @pearlbear @thisismissem @ocdtrekkie trolls are *constantly* targeting folk on here; but they more often use their own smaller instances, behind the scenes instance admins are constantly defederating those. To be fair many medium-size/larger instance admins /do/ stomp on troll accounts quite quickly as they don't want to risk being defederated

Alex@rtnVFRmedia Suffolk UK replied to Alex@rtnVFRmedia Suffolk UK

@rysiek @Lucinda @pearlbear @thisismissem @ocdtrekkie there's however a problem due to the international nature of Fedi, timezones and potential language barriers, I remember a few years back trolls from Western countries targeting Japanese run instances to take advantage of the 8 hour time differences. The solution to this is to recruit a very multicultural range of mods who know multiple languages and are active in different time zones (which some instances do now have)

ocdtrekkie

@rysiek @thisismissem @pearlbear What major contacts on m.s? The most notable account besides the admin just migrated off it.

Emelia 👸🏻 replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @ocdtrekkie @pearlbear he's not exactly that active: 4d, 12d, etc.. but also, would you want an account like that on a smaller instance?

Michał "rysiek" Woźniak · 🇺🇦 replied to Emelia

@thisismissem the question was about major contacts. That's one of them.

Are you guys trying to make me iterate through all ~220k+ active accounts on m.s to show that there are reasons to worry? Because that does not strike me as a sueful way to talk about this.

@ocdtrekkie @pearlbear

ocdtrekkie replied to Michał "rysiek" Woźniak · 🇺🇦

@rysiek @thisismissem @pearlbear I am sure there would be *some* impact, but I just don't think there would be much. A few folks would migrate somewhere else ahead of time, and carry their followers with them automatically. A lot of bot accounts would get deleted. Not too much else.

Michał "rysiek" Woźniak · 🇺🇦 replied to ocdtrekkie

@ocdtrekkie cool, thank you for sharing your appraisal of the situation. I acknowledge that you disagree with my appraisal of the situation. And that you will not agree with my conclusions. 🤷‍♀️

@thisismissem @pearlbear

Emelia 👸🏻

@rysiek @ocdtrekkie @pearlbear I think that's saying a lot more about the community that existed on identi.ca than anything else.

I'm fairly sure majority of my following is on my instance, i.e., local, not that I've done an analysis or anything.

I think we under estimate how federated the network really is. The current user counts from Mastodon *include* accounts that have been migrated, which means, for instance, that I count as an m.s user when I'm actually on Hachyderm.io

Michał "rysiek" Woźniak · 🇺🇦

@thisismissem are you talking about monthly active accounts? Because that's what I've been talking about all this time. And the current MAU count on m.s is ~220k.

So *again* I would like to see numbers on how many accounts get migrated daily compared to new signups.

That said, I agree fedi is much, much more resilient than "OStatus-verse" ever was. My point is: I intend to keep it that way.

@ocdtrekkie @pearlbear

Pinky Floyd
@ocdtrekkie @rysiek @thisismissem @pearlbear

i just got banned by another instance because i always preach the fact that every user should have their own instance lmfao

who cares! users thinking their admins really protect them, is absolutely comical.
Emelia 👸🏻

@rysiek @pearlbear you're saying it's badly moderated, but the team responds to spam attacks rapidly. Like: status.mastodon.social/clhnoix

Sure, m.s being the biggest instance isn't fantastic, but I suspect the stats are actually misleading here as it's including migrated accounts (i.e., accounts that are no longer on m.s): github.com/mastodon/mastodon/b

Michał "rysiek" Woźniak · 🇺🇦

@thisismissem I hope you're right on both counts. I would like to see specific stats of how many people migrate away from m.s daily, compared to how many daily new accounts get created though.

@pearlbear

DELETED

@rysiek @thisismissem @pearlbear I wonder why Mastodon gGmbH doesn't even consider closing sign-ups on mastodon.social or even doing manual approvals even for a few days until this gets all sorted out and at least some automated solutions are in place.

What do they have to loose? Is there money involved?

This would show a sincere effort on their side and everybody would be supportive.

But I get it, doing so would be an admission that there is an issue with the size of mastodon.social, attracting all the spam bots like a UV insect killer lamp.

@rysiek @thisismissem @pearlbear I wonder why Mastodon gGmbH doesn't even consider closing sign-ups on mastodon.social or even doing manual approvals even for a few days until this gets all sorted out and at least some automated solutions are in place.

What do they have to loose? Is there money involved?

Michael Downey 🇺🇳

@louis

They did manual approvals a few waves back, but only for a few days and apparently without taking any further precautions, and without any public apology or announced plans.

@rysiek @thisismissem @pearlbear

Emelia 👸🏻

@louis @rysiek @pearlbear as mentioned, closing signups wouldn't prevent these spam waves, but it would add friction to people new to the fediverse.

Michał "rysiek" Woźniak · 🇺🇦

@thisismissem then make a few smaller open instances the default to alleviate that friction. Instead of funneling every new person onto m.s.

Also, here's a former Googler who makes a pretty good argument that maybe we need a bit more friction in general:
vice.com/en/article/3k9q33/the

@louis @pearlbear

DELETED

@thisismissem @rysiek @pearlbear Don't you see the friction mastodon.social are causing to the whole Fediverse by the inaction of Mastodon gGmbH? It has much bigger implications than a few users who need to wait for a manual approval for a few hours. Mastodon.social is pissing off a huge number of Fediverse users and admins right now and the number gets bigger with every wave.

"Causing friction" sounds like a corporate representative-speak from Facebook or Twitter.

Also, I don't believe that closing sign-ups won't prevent these spam waves for most of these accounts were created recently.

@thisismissem @rysiek @pearlbear Don't you see the friction mastodon.social are causing to the whole Fediverse by the inaction of Mastodon gGmbH? It has much bigger implications than a few users who need to wait for a manual approval for a few hours. Mastodon.social is pissing off a huge number of Fediverse users and admins right now and the number gets bigger with every wave.

Emelia 👸🏻

@louis @rysiek @pearlbear the spam would just move to the next instance that's well connected, or they'd change the attacks to use multiple instances all at once; keeping the spammers targeting m.s is a good thing for the entire fediverse as we build out better tools to fight spam across the entire fediverse.

DELETED

@thisismissem @rysiek @pearlbear If what you describe would be true they would have already done that. I think you are engaging in conjecture.

There are currently 12,137 known active Mastodon servers and mastodon.social is the only one with regular spam issues. For us in fact it is the only one since we started operating and now it is a daily issue.

Your narrative is sugarcoating at beat.

Emelia 👸🏻

@louis if m.s is such a problem for your userbase, which has a relative niche interest area compared to the general public, I'm wondering why you've opted to *not* defederate it?

DELETED

@thisismissem @rysiek @pearlbear Btw. re: friction. I still receive Spam reports to this minute thanks to the frictionless approach of mastodon.social.

Emelia 👸🏻

@louis @rysiek @pearlbear that'd be because suspended accounts aren't immediately federated to announce that status to recently interacted with instances: that's changing soon, Claire did up a PR for this that'll hopefully be merged & shipped soon, which will mean as soon as m.s suspends, all other instances recently contacted by that account will receive the suspension notice too.

Emelia 👸🏻

@louis @rysiek @pearlbear there's a fix coming soon for this, it's already merged on main, just needs to be deployed to m.s

Strypey

@thisismissem
> closing signups wouldn't prevent these spam waves

Manually approving new accounts would mitigate the spam coming from m.s, the first I've ever seen in almost a decade in the 'verse.

> it would add friction to people new to the fediverse

This is a feature, not a bug. As well as limiting access to spammers and other pests, it also pushes us towards slow, organic growth from the edges. Preferable to rapid, tumor-like growth of a few giant servers.

@louis @rysiek @pearlbear

@thisismissem
> closing signups wouldn't prevent these spam waves

Manually approving new accounts would mitigate the spam coming from m.s, the first I've ever seen in almost a decade in the 'verse.

> it would add friction to people new to the fediverse

This is a feature, not a bug. As well as limiting access to spammers and other pests, it also pushes us towards slow, organic growth from the edges. Preferable to rapid, tumor-like growth of a few giant servers.

Pinky Floyd
@thisismissem @rysiek @pearlbear

if every user had their own instance (and paid for it) this wouldn't be an issue.
Go Up