Should there be somekind of restriction to sending dms? While these spambots sending stuff isnt overwhelming at the moment, they still shouldnt be able to do it so easily. In the future its only going to get worse.
Then there is also other instances, accounts from them can also send stuff so it makes this even more complicated.
Sorry that this is so awful to read, i would add more space between paragraphs but it doesnt let me.
- min account age?
this would force spammers to make tons of accounts into “storage” and slow down their efforts.
- some custom verification before sending?
not captcha or anything like that, it would have to me custom made so they would need to also build custom workaround. Maybe this wouldn’t be so useful since it would be just temporary measure and a lot of work and also annoyance to users.
- add some trivial task to the dm sending
Some really easy little minigame. If you want to send just one message then it wouldnt be too much of a problem but if you want to send multiple, you have to do it every time. Or make it a timer where you have to do something within x seconds. That should make paraller tasks quite awful. Problem with this might be that if its processed only local, then it could be bypassed unless its something really cleverly made.
- manual accepting for being able to send direct messages?
This would be a lot of work for admins, though i dont know how big part of userbase even sends direct messages. Messages from other instances would create even more work.
On this email service called disroot you have to write an answer to a question like “tell us about your favourite food” which they seem to manually check when accepting new account.
AI likely makes this really annoying to verify since you have to judge is the text written by human or not. This might be good system with some creativity though, but still not good for processing large amounts of users.
- manual accepting, but leave it to users themselves?
When you send message to someone, they have to accept receiving messages from that user first, before even seeing the message. This would at least hinder the bots if they can get something out of user just loading the image.
It doesnt even have to be a singular solution. Maybe different things could be combined like if account is younger than x then different things are applied to it. It just cant be too annoying to users no matter what.
Does anyone else have ideas how to deal with this?
Really good points. I believe lemmy devs are working on some tools that will help (not sure if it was already in 19.10. version where banning a user deletes the sent messages as well). I’ve got a few points I’d like to address:
Age restriction: I’ve bumped several times into “Nicoles” that have been sleeper accounts for quite some time unfortunately.
To register on sopuli you already need to write a small text that then needs to be evaluated by the admins; this is sometimes harder than I thought as some texts read like an AI had written it or is so generic that it could be copy-paste made for registering to multiple instances, but if such texts would be rejected, it would make registration experience for new users annoying and they might just give up with lemmy. Thankfully we haven’t had too many sopuli spam accounts yet.
Unfortunately a lot of the spam comes from new instances that have open registrations without any checks. There are some tools for instance admins to use like fediseer IIRC, but it’s a tough one.
I agree with you: at some point this is going to be a major problem and it feels like someone is just testing the grounds with nicole or maybe even trying to showcase the issues of fediverse with shitty and mean methods (since I don’t think the spammer is really getting any money out of this, right now the average lemming is tech savvy it seems).
Edit: lemmy devs, not lemmy admins
