Been watching over the recent surge in fediverse users for about a week now. Last week, it was climbing what i would call naturally, organically. Now for the last couple days, its been like 350k in the last 2 days.
Love to see the growth of users, but these have to be bot created accounts. I dont want this to be bot infested community. I see the value in bots when used correctly, but lets be real - general population and bots could ruin this community.
Is there anything planned? Is there work from some third party to throw off the “stableness” of Lemmy / fediverse?
I think some of it comes down to admins who left their (small) instances open (no captcha, no application, no email validation) not knowing how bad an idea that currently is given the maturity level of Lemmy and the (very recent) influx of bots. I am reaching out to the admins of the fastest growing servers according to FediDB if it looks suspicious (based on growth rate, participation rate of their users, and if the content posted by users). In many of these cases we are talking thousands of new accounts in the past few days on instances that have single-digit active daily/weekly users.
So far the responses I have gotten have been appreciative and the admins are taking action, but not everyone has responded. Also the tooling to find and delete such accounts is pretty lacking as far as I can tell.
Not all heroes wear capes. Awesome job!
Much appreciated!
What kind of tooling do you envision to find bot users?
I’m not sure. At a user level perhaps some sort of tracking of logins, posting frequency that sort of stuff. If a user signed up and immediately starts making hundreds of posts, something is probably up and an admin should be made aware somehow. If a dormant account wakes up and starts posting a lot, maybe an admin should take a casual look. Also, as much as people seem to hate it, track some IP addresses, at least temporarily. If 100+ accounts all sign up from one IP in the space of an hour, they are probably less than legitimate.
Assuming the problem is posts and comments by bots there could be something that looks for known spam copypasta, previously moderated/admin’d content, or keywords could be enough on a small instance. Going further perhaps something that reads the posts from users of your instance, has them classified based on previous admin actions (and probably some manual work to flag things as “known good”), and trains some sort of classifier (bayes/markov/ml/whatever). Such tools already exist and are in wide use for email spam filtering and the like. They aren’t perfect, but would make an ok first line of defense that can raise things to the attention of the admin.
I am sure you could go further down the automation side, but I would imagine all of these are “human in the loop” sort of things. Once a user/post/whatever gets flagged it generates some sort of report for an admin to take a look at. I don’t know how much of this stuff like automoderator or mod bots did on reddit, but a decent amount of it would probably be transferable however it was done.
Perhaps some/all of this doesn’t get put into Lemmy itself but can interact through admin APIs and/or the database. I would start at just basic things in Lemmy itself as at the moment there is hardly any admin interface to Lemmy at all. If I just want a list of the users on my instance I have to query the database. Make deleting/purging users easier (I have heard from some admins having bot trouble that it was easier to vs than delete them). Properly split out the modlog per community, show all the details of the action, and show whether something was a mod or admin action.
there’s no karma to farm. there’s no algorithm to game. the best they can do is spam.
And spamming can be a serious problem for forums such as Lemmy communities
No. They can be used in influence campaigns. They can upvote the posts and comments the controllers want you to see and downvote those they don’t.
Spam’s obvious and can be dealt with. Bots altering what shows up in your feed is impossible to combat as an end user.
In some ways, this shows Lemmy is winning. It means Lemmy’s important enough to start trying to influence. It also means we’re about to go through some interesting times.
There has been a big surge in bot accounts
Basically many of the newer instances allowed sign ups with no bot protection
This is why we can’t have nice things and need to deal with CAPTCHA and email verification etc…
The only bots I’ve seen are posting news, TIL, etc. No annoying bits so far.
I have a crosspost bot, I’m mainly testing it and it’s purpose is to use reddit as link agregator to help small communities get some content going.
It only posts external links, never OC nor a link to reddit.Also in my case the bot will get one post no older than 5 hours every hour, to prevent flooding with posts.
Eventually we will see thr shirts ones…
What are the bot accounts being used for? I haven’t noticed any posts made by bots (unless you guys are all ChatGPT and I’m the only human here)
As an AI language model, I’m not able to confirm whether or not I’m a bot.
I am not a language model of a modern major general.
Sometimes I wonder if the people I’m talking to are even real humans. Their responses can be so totally out of left field.
Ravioli ravioli give me the formu-oli
I doubt there’s any actual bots engaging with content on a significant level. People are just paranoid. Beep Boop.
Have you considered the possibility that everyone on the internet is fucking crazy
Haha, maybe. Depersonalization does seem to do weird things to people.
People seem to be aware, and taking steps to deal with it: e.g. https://kbin.social/m/technology@beehaw.org/t/65767/Introducing-The-Lemmy-Overseer.
Exactly what I was going to link! I went down a rabbit hole last night. Found a random instance on the Overseer map that was only a few days old but had 6000 signups overnight.
Another outside user had also noticed, and had left a post calling attention to the flood of bots. At first the instance owner said they thought a glitch was messing with the numbers. Then they did some digging, and realized 6000 bots account signups had come through all at once. The high volume of unverified emails was proof enough, as they came through all at the same time, and were never actually verified. After that, they realized you could enable captcha for signups and turned it on.
Did you miss the news about Reddit pissing off all their users, many of whom are now looking for alternatives?
Eh, the Internet is full of bots, particularly bots that just register and then do nothing. I wouldn’t worry about it.
I wonder what will happen to the users that already registered without email (Like me). Maybe I should add an email to my profile, just to be sure.
Talk to the instance admins. If you don’t like their response, open up your own instance and do whatever you want, ban all bots, write your own things completely freely, disable all up- and downvotes, whatever