Recently I've started running my own lemmy instance, as part of my decoupling from Reddit, due to them speed-running enshittification. The instance has been growing nicely and holding up very well indeed. but there's dark clouds forming on the horizon, as more of more of the early adopters and peopl...
This is my current attempt at preparing to counter the spam waves that will be appearing as the fediverse becomes more and more popular.
It involves the creation of whitelists based on a chain of trust between instances with easy ways to add and remove into it with few overheads.
Let me know what you think and if you're interested, please do register your instance at https://overctrl.dbzer0.com.
You're right about the spam, volunteer moderators are helpless against it if they decide to spawn thousands of instances and accounts to attack. A whitelist instead of blacklist style of federation might be necessary now. I just hope it doesn't create too small of a bubble or certain large instances start to monopolize, like the way e-mail went.
I'm not an instance admin nor am I a mod. I just started using Lemmy a couple of days ago. First, respect to you for taking the time to come up with solutions.
I think your solution is at the limit of what you can do to keep bad actors from creating instances and start spamming. We need to accept it will not solve all the spam. Just like there's is still spam in the comment section on YouTube but alot less compared to a year or so ago.
But, maybe having a more granular trust system of instances could be a solution to prevent smaller instances from being locked out. For example a new instance would be allowed to be whitelisted sooner than they would be allowed to endorse or guarantee other instances? Or doesn't that work in the case of Lemmy?
Having trouble signing up over at the overctrl instance using the required username format. My domain contains a - and the username field seems to specifically reject that character.
I'm still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.
Like the nightmare scenario for email where the big providers just decide one day to drop any mail that does not come from another large corp or from someone who paid money for some id certification. Even now running your own mailserver is a major pain and requires a lot of attention, receiving mail is fine, but sending... oh my.
So the hashcash solution proposed elsewhere still seems better to me. If I wanted to host my own instance I still could federate without begging the "council" for admission. The thought of burning energy just to prevent spam is repulsive but walling ourselves in and creating a gated community sounds even worse...
I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.
I've built the whole thing to avoid exactly that! Any instance admin vouch for small instances.
I saw that. But I'm having flashbacks from email WOT and it did not converge to the interconnected mesh we had hoped it to be.
Sooner or later larger nodes will exists who will not simply trust a key signed by a mere "tier3" instance. If a selfhoster wants to federate with their tiny 1-user instance, how do we differentiate between bot instance and genuine user instance?