Lemmy has multiplied it’s number of users (maybe more accurately accounts) in just few days. How much do you think is the percentage of bot accounts? Is Lemmy having problem with bot farming?
Don’t pay attention in the slightest to total users, active users is what counts.
Active users will probably drop off as the Reddit dust settles, but I’m liking it so far, not really that much of a jarring change once you get past the ActivityPub shananigans.
Once 3rd party apps don’t work on July 1st, that will be the real test
It’ll drop a little, but to a significantly higher level than it was before.
Yeah, something similar happened to VRChat a year ago, Neos and ChilloutVR had crazy spikes in signups in the first few days of the controversy but eventually ended up with around 2x-5x online users afterwards.
@JackFromWisconsin @hare_ware yep we had the same after other events like #eternalseptember & #twittermigaration and will be the same with #redditMigration
@dessalines @1337tux but if they’re bots they’d still count as active users assuming they aren’t idle.
In the end, neither really matters, assuming the bots aren’t causing you or your server trouble, like the thousands of posts taghing GNU SOCIAL users repeatedly a couple weeks ago. Could still be happening on instances with absantee admins. (like my original GNU SOCIAL account of @fu@2mb.social)
One of my communities tripled in size in 2 days, with people making OC posts and no spam (so far). Other communities get a bit more lively too. Doesn’t seem like it’s just bots.
I think the growth in the last couple of days has been mostly bots.
l can see a sharp decline in real sign ups on my instance after the initial big wave before and during the 3 day Reddit blackout.
Maybe there will be another wave early next month but currently it has nearly completely dried up.
I think this cements worries that some people who are trying to run these servers don’t actually understand the severity of the bot-problem online and aren’t doing enough to protect themselves, not even the basics. It makes you wonder what kind of other basic cybersecurity protections they haven’t set up on their servers, or if their servers are even hardened at all.
I wonder how much (if any) of this is driven by reddit to create more ambiguity to people’s feelings about the fediverse? It’s totally possible it’s all “organic” bot growth, but if they’re willing to go to the lengths they have against their own users, I also wouldn’t put it past them to be trying to destroy the credibility of any “competitors” in the space.
Why do you think it’s bits? I haven’t noticed any bot activity.
They are currently dormant, but those thousands of new accounts on some instances clearly show every sign of being auto-generated.
The admins and mods are keeping them at bay, but it could easily get out of control. At this point it’s transparent which it normally is when mods and admins are holding the line, but the soldiers are at the gates.
I saw some very big instances on fedidb yesterday. I looked at a few… Completely empty instances, no communities, no posts, but 24k users.
I’m pretty sure those are all bot/spam accounts. So the numbers right now are very inflated imho.
It certainly didn’t take long to spot servers like that on fedidb! I wonder what is causing people to make those? Load testing? Spam farm? Social experiment to see if people will sign up to an empty instance? Trying to setup an automated simulated social network like people joked reddit was where everyone is a bot except for you?
I think the most realistic answer is that they’re test instances either by a tech company that believes they have a path to monetize a fediverse project or by some kind of spam farm, but the lack of any posts is still positively weird
Hah! The idea of an simulated social network sounds weirdly interesting. An idea that just pops into my head would be a (mystery) game based on a lemmy instance, where bots progress the story line and people can participate by finding clues in communities of the instance and triggering the next phase of the story by commenting in the right spots. 🤔
How much do you think is the percentage of bot accounts?
…yes.
Is Lemmy having problem with bot farming?
Will have one at some point. For not it seems most of them are created, but don’t post anything (yet).
Think what will happen when they start to post and comment. They will probably just get defederated.
Edit: Now that I looked the stats, there’s huge spike in posts and comments.
you can’t just defederate individuals accounts, these bots have their home on places like shit and world
The moderator can block them?
individualy delete thousands? sure, it could be done, but that’s a lot of work and sure to create some false positives.
Yup. But you can always go beehaw and defederate them anyway - as they did with both of your examples.
I think, and hope, that that might be the result of the (debatable) set up of some leddit bots? But it does not explain comments. I think we probably need to provide something similar to threat intelligence, where we propose a curated list of instances which are bots and expose it through an API, so that admins can defederate them automatically without doing extra work. It would be a nice project for the weekend!
Have all of the Lemmy instances (and kbin ones, too) now added email requirements, captcha, and maybe the little paragraph asking why you should have an account that Beehaw does?
Also, how do you identify bot accounts? Can you bulk ban accounts or.do they all have to be examined and dealt with individually?
ETA: I wasn’t suggesting the paragraph. Just wondering what the instances are putting in to prevent bots. I actually tried to sign up for Beehaw, wrote my little paragraph, and then got the pinwheel of death, lol. I was never able to sign up, but lucked out with a kbin.social account. I have to add that it’s pretty disappointing to be downvoted for simply asking a question. Feels like what I left at Reddit.
good grief i hope not. Email & captcha are reasonable; a short form essay on why you should be graced with the ability to participate is super cringe.
Join request forms do a good job at doing what they’re designed to do.
It is too easy to fake e-mails. You can set up a catch-all e-mail domain and spam the registration like that. I am not a fan of giving my e-mail nor collecting other people’s e-mails.
My current message contains the following:
Please leave a short message (a sentence or two is enough) stating why you would like to join this instance and I will accept your application as soon as possible. The purpose of this form is to filter out spam bots, not to judge your motivation for joining.
It is not about them writing an essay to be let in. It is a very effective strategy to weed out spam accounts being registered in masse. One step is to make sure that the user made a cohesive sentence that addressees the question, and the other step is to check whether there is a sudden spike of similar new applications. Even ignoring the actual text, it is useful to be able to monitor whether you getting rate-limited bursts of account creations, and having the ability to approve/deny allows you to respond with less effort than if they succeed at creating the accounts.
Yeah I was a bit weirded out by that, it’s like what, am I joining a cult? Anyway I actually signed up on a number of instances in search of one I like and only a couple were using an application. The rest were just captcha plus email.
I think they should come up with a better mechanism than an application. I understand the need to verify a signer is actually a human being, but an application is pretty off-putting. Problem is there’s bots that can get around captcha and email authentication, AI keeps getting smarter.
“ChatGPT, write me a paragraph about why I want to join an internet forum in first person”
Yeah ChatGPT could fill out an application as well. In fact AI is getting to the point now where it would be hard to tell even by voice. Though it’s also a matter of effort on the part of the exploiter. They don’t have to make it zero occurrence, just enough to keep it at bay.
It may be an AI, or it can also be a real human that is lying. The point of the application filter is to significantly slow down these approaches to bring their impact to a more manageable level. An automated AI bot will not be able to perform much better than a human troll with some free time because any anomalous registration patterns, including registration spikes and periodicity, are likely to be detected by the much more powerful processor that resides in the admin’s head.
On the other hand, a catch-all domain e-mail, a VPN with a variable IP, and a captcha-defeating bot can be used to generate thousands of accounts in a very short amount of time. Without the application filter the instance is vulnerable to these high-throughput attacks, and the damage can be difficult to fix.
Sounds like it sorts out the right kind of people? I’m not aware of anyone actually asking you to write an essay, no one would do that. 2 short answer questions does not an essay make.
@funkyb @Very_Bad_Janet @1337tux those who aren’t willing to do so aren’t likely to be good fedizens willing to practice netiquette.
If understand how Fediverse software works, I think you can just set up a server, install the software, then boom, you’re federated with any instances that don’t explicitly defederate you. That being the case, anyone can set up an instance, put however many accounts they want on it, then federate. The only safeguard is defederation by each instance individually. If I’m not wrong about that, it’s definitely a security issue that needs to be addressed Fediverse wide.
There’s obviously bots, but some folks do multiple accounts as default (I do for sure), and others just want to have a bit of padding against instance failure. Others don’t realise you don’t need to have an account on an instance to access it lol.
Others don’t realise you don’t need to have an account on an instance to access it lol.
this, i think, is going to be the biggest hurdle for getting people to join the fediverse. we need seamless ways to view and subscribe to magazines on other instances than our own. either that or we need one to get big enough that it simply eats the smaller instances.
You had me right up until that last bit - As it is I’d argue there’s too much centralization. For one thing, people underestimate the technical considerations of hosting a reddit sized social media service. Once you reach a certain point, just moving to a bigger server isn’t sufficient. Also there’s the money issue of a single instance hosting all of lemmy.
But even more so than all that, the decentralization is the whole point of the fediverse.if all of lemmy was on one instance, we’d pretty much just be right where we were with Reddit, at the mercy of whoever owns that instance. When things are properly decentralized, if an instance owner goes on a power trip, it’s users can simply migrate away, and there would be plenty of other instances of equal size with lots of content. If one instance ate all the others, you’d have to rebuild from scratch if you moved
we need one to get big enough that it eats the smaller instances
but that would defeat the point, would it not?
You had me right up until that last bit - As it is I’d argue there’s too much centralization. For one thing, people underestimate the technical considerations of hosting a reddit sized social media service. Once you reach a certain point, just moving to a bigger server isn’t sufficient. Also there’s the money issue of a single instance hosting all of lemmy.
But even more so than all that, the decentralization is the whole point of the fediverse.if all of lemmy was on one instance, we’d pretty much just be right where we were with Reddit, at the mercy of whoever owns that instance. When things are properly decentralized, if an instance owner goes on a power trip, it’s users can simply migrate away, and there would be plenty of other instances of equal size with lots of content. If one instance ate all the others, you’d have to rebuild from scratch if you moved
Yes, there’s a bot problem. fedidb.org now shows the following message:
A spambot influx has been observed on Lemmy instances, inflating total user counts.
We recommend using Active Users as a better metric to gauge growth.
Do you know how active users are defined because I don’t usually make my own posts but I upvote and comment every now and then?
Something like fedi observer can probably only gauge posts and comments, so active users will severely undercount people actually using the platform. But we should expect posting users to grow proportionally with less visible but active users.
Head’s up, it looks like your comment was posted 3 times
deleted by creator
deleted by creator
Ok so how is the active user growth?
Extremely low compared to the total growth: Per https://lemmy.fediverse.observer/dailystats Lemmy grew from 150,000 to 1,150,000 total users in the last four days, but for the active users, the growth was 30,000 to 39,000. If you extrapolate that, there are maybe 200,000 real Lemmy users now.
Compared to account growth that’s low but a 33% growth in four days is hard to call “low”
That’s why I said “compared to”. The percentages were +666% and +30%. 30% growth in four days is enormous, but not at all when compared to 666%.
I’ve seen at least a few posts bringing attention to a huge amount of new instances that have conspicuous user count to user activity numbers. There’s definitely something to be cautious of I think.
I wonder how people come up with the bot superstition? Just a feeling or is there any valid indication of massive influx of bot accounts?
I think it’s a combination of things. There are real users who have migrated to Lemmy because of reddit’s horrible treatment of its users and there are also bots being created but that’s normal on the internet.
@DerWilliWonka @1337tux yeah, I’m guessing a lot, I didn’t save the post, but I saw earlier this week some instances that were spun up brand new and in less than an hour had >5,000 users.
One of many reasons to recommend against allowing open sign-up on your instance. A lot htat have been around for longer, like lemmy.ca, require you to request an account, and answer some questions (like why do you want your accoutn on this particularl instance) and a real person clicks the check-mark button.
Some new users will be annoyed by such, but the truth is if they are annoyed by that, they probably aren’t going to be good fedizens open to following good netiquette anyway.
I asked the same question. The answer is that there are a bunch of instances (probably 15-20) which have thousands or tens of thousands of new accounts (<1 week old) but have barely dozens of posts. Here’s a sheet made by @sunaurus showing the effect. A bunch of the explosion is in open signup (no email, no captcha, no verification) and there is zero interaction on the instance. Could we be seeing half a million lurkers on instances with <200 comments combined between them in the last couple of days? I suppose it’s possible, but it seems unlikely.
Thank you for the clarification. Do you have by any chance data at hand about the development of active users? Or may you direct me to a community of where I get these kinde of data?
Experience, mainly.
I used to run a phpbb forum, on average the bot signups outnumbered the real people 10 or 20 times. And that was with some fairly robust anti spam measures in place - something I think this platform is too new to have properly sorted out yet.
I may be wrong, I don’t know how the back end here works, but any place where people can post publicly will be infested with bot signups very quickly. The only real variable is how good the anti spam measures are.
What is something someone can gain by swarming an instance or forums like yours with bots? I cant wrap my head around it. Also if someone has an instance and swarms it with bot accounts, it may seem like you got a popular instance but where is the revenue if there are noone who is able to click an ad? Do they do it just for the lols?
Spin up 50 bots.
Sign them all up for lemmy.
Let accounts interact/age.
Sell accounts to companies who want to advertise as one of the cool kids.Happened on reddit nonstop.
Any conversation, be it political or commercial. All it takes is something sounding confident, a grain of truth and lots of upvotes to convince people.
That’s why I like seeing downvoted as a red flag people can pay attention to
Pretty much why Reddit removed downvotes I think… brands got tired of users raining downvotes on them for shilling lol.
Except that Lemmy doesn’t show overall karma, so there’s no use in doing any of that here.
Just the same, having a post history and upvote history lends credibility to the “opinion” of the brand.
@GizmoLion @1337tux @TheAngryBad @DerWilliWonka I am on board with this
@realcaseyrollins @GizmoLion @1337tux @DerWilliWonka @TheAngryBad meaning you want to sell fedi accounts to capitalists?
@fu @GizmoLion @1337tux @DerWilliWonka @TheAngryBad I’m not on board with the selling part tbh, but I like the bot idea, it worked for #Reddit like the guy said
I feel like you’re reading a completely different conversation…
I have some tiny bit of doubts left but at least it does sound like one possible reason for people swarming servers with bots
@DerWilliWonka @1337tux @TheAngryBad there are cetainly some who do it for the lulz, and there are some who probably do it as a way to encourage others to make security changes to the platform. Personally, I think it would be more useful to file issues via git, but what do I know, I’m just an old-timer who quit college after failing security class, and thereby losing my scholarship.
In my particular case (as was the case with most forums in the day), it was really just about spamming boards with links to whatever shitty ED pills or crypto scam they were trying to sell.
They were never really sophisticated, but never really had to be either. A spammer could spend a few minutes writing a script for a bot to crawl the web looking for phpbb signup pages, then try to create an account on any it could find and immediately post the links. They could post hundreds of links on dozens of different forums with just a few minutes work - and then do it all again tomorrow with a bunch of new signups.
I can always appreciate a good /r/TheoryOfReddit post on bots. But yeah. Despite the regularity that bots are blamed for everything, rarely is there any proof other than an expressed feeling by a live user.
You see a bunch of instance pop up with zero reputation and a large number of brand new users, basically none of which have any posting history m, you can be pretty sure what those accounts are.
Yeah, Lemmy bot net. I looked at one server and it was ridiculous the number of users vs active. My guess is the servers that had open signups got hammered with bot signups
It’s also possible people are making accounts to see what it is but not doing anything yet, but I agree there are probably lots of bots
I had about 20 bot accounts on mine before turning on more ‘security’, but it looks like that some instances had 10/20/30 thousand bot accounts in 24h
This is amazing!!
So it went from a few thousand users to a million within the timespan of less than a month. That’s insane
How much do you think is the percentage of bot accounts?
Probably half of them are bots.
Is Lemmy having problem with bot farming?
Yes, and it’s quite serious.
The bright side IMO is lemmy is being recognized as a valid alternative to reddit, if it wasn’t, bots would have no reason to try and be here.
Why do you think they are bots? I haven’t seen any signs of that…
It’s not “me” thinking, there are several posts bringing this problem to the attention of admins, basically they took advantage of servers with open registration to “spam create” thousands of accounts, you don’t see signs because they’re “dormant” for now (that’s what bots do when a spam campaign is not currently active), you can recognize it by confronting number of users with user activity, for example, if you see a server with 6k users and only 5-6 posts, it means it’s a bot farm waiting for a spam campaign to start.
It is hard to say. Lemmy is doing well though.