Is Lemmy or the fediverse doing anything about the recent surge in users, that could possibly be bots?
Been watching over the recent surge in fediverse users for about a week now. Last week, it was climbing what i would call naturally, organically. Now for the last couple days, its been like 350k in the last 2 days.
Love to see the growth of users, but these have to be bot created accounts. I dont want this to be bot infested community. I see the value in bots when used correctly, but lets be real - general population and bots could ruin this community.
Is there anything planned? Is there work from some third party to throw off the "stableness" of Lemmy / fediverse?
No. They can be used in influence campaigns. They can upvote the posts and comments the controllers want you to see and downvote those they don’t.
Spam’s obvious and can be dealt with. Bots altering what shows up in your feed is impossible to combat as an end user.
In some ways, this shows Lemmy is winning. It means Lemmy’s important enough to start trying to influence. It also means we’re about to go through some interesting times.
Since you get voted for your score it is not long before you won't get your total shown in third party interfaces. The feeling of power to dominate social presence is still there.
I think some of it comes down to admins who left their (small) instances open (no captcha, no application, no email validation) not knowing how bad an idea that currently is given the maturity level of Lemmy and the (very recent) influx of bots. I am reaching out to the admins of the fastest growing servers according to FediDB if it looks suspicious (based on growth rate, participation rate of their users, and if the content posted by users). In many of these cases we are talking thousands of new accounts in the past few days on instances that have single-digit active daily/weekly users.
So far the responses I have gotten have been appreciative and the admins are taking action, but not everyone has responded. Also the tooling to find and delete such accounts is pretty lacking as far as I can tell.
I'm not sure. At a user level perhaps some sort of tracking of logins, posting frequency that sort of stuff. If a user signed up and immediately starts making hundreds of posts, something is probably up and an admin should be made aware somehow. If a dormant account wakes up and starts posting a lot, maybe an admin should take a casual look. Also, as much as people seem to hate it, track some IP addresses, at least temporarily. If 100+ accounts all sign up from one IP in the space of an hour, they are probably less than legitimate.
Assuming the problem is posts and comments by bots there could be something that looks for known spam copypasta, previously moderated/admin'd content, or keywords could be enough on a small instance. Going further perhaps something that reads the posts from users of your instance, has them classified based on previous admin actions (and probably some manual work to flag things as "known good"), and trains some sort of classifier (bayes/markov/ml/whatever). Such tools already exist and are in wide use for email spam filtering and the like. They aren't perfect, but would make an ok first line of defense that can raise things to the attention of the admin.
I am sure you could go further down the automation side, but I would imagine all of these are "human in the loop" sort of things. Once a user/post/whatever gets flagged it generates some sort of report for an admin to take a look at. I don't know how much of this stuff like automoderator or mod bots did on reddit, but a decent amount of it would probably be transferable however it was done.
Perhaps some/all of this doesn't get put into Lemmy itself but can interact through admin APIs and/or the database. I would start at just basic things in Lemmy itself as at the moment there is hardly any admin interface to Lemmy at all. If I just want a list of the users on my instance I have to query the database. Make deleting/purging users easier (I have heard from some admins having bot trouble that it was easier to vs than delete them). Properly split out the modlog per community, show all the details of the action, and show whether something was a mod or admin action.
I have a crosspost bot, I'm mainly testing it and it's purpose is to use reddit as link agregator to help small communities get some content going.
It only posts external links, never OC nor a link to reddit.
Also in my case the bot will get one post no older than 5 hours every hour, to prevent flooding with posts.
The Lemmy World owner was talking with the Lemmy devs about adding captchas to the signup process so something like that probably isn't far away. Right now the plan is probably to temporarily defederate with instances that have too many spambots but it's up to instance owners to decide exactly what to do next.
I wouldn't say its a mass Exodus from Reddit but.... That's where I'm from. The blackout was last week and my social media addiction left me looking for something to fill that void.