• CanadaPlus@lemmy.sdf.org
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    Well, there’s also IP address. If you’re savvy you might be able to get around that as well, but it’s deliberately difficult to do sustainably for exactly that reason.

    • Dave@lemmy.nz
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      To my knowledge, there is no coordinated sharing of IP addresses between instances. Different instances are run by different people, so it’s very unlikely the IP address will matter.

      A new username on a new instance is likely enough that no one will ever know, so long as your posts or comments don’t give you away.

      • CanadaPlus@lemmy.sdf.org
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        4 months ago

        Well, if you’re not a dick you theoretically shouldn’t get banned the first time.

        If you are a dick, I imagine you’ll run out of instances pretty quickly, using that strategy. You could keep it up for a while, though. I do worry about the reckoning with spammers that will eventually have to happen on here.

        • Dave@lemmy.nz
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          There are already spammers all over Lemmy. There’s a coordinated effort to remove spam, it just doesn’t include IP addresses (which aren’t that helpful because they change and with CG-NAT entire neighbourhoods can share them, and with VPNs people not near each other can - plus if you have a dynamic IP then restarting your router can give you a new one).

          • CanadaPlus@lemmy.sdf.org
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            4 months ago

            Ah, so you do know how it all works.

            During the Reddit exodus, at least, there were a lot of instances that required very little for you to make a new user. I’ve put down the lack of mass abuse (that I’ve seen) to the small level of traffic, but that won’t last. The standard thing is to require an email address, and for email providers to require either another email address or something like a phone number with a meatspace papertrail. That way, they can bother an abuse department which can bother other abuse departments.

            Of course, there’s still ways around it, as you probably know, but they’re not free, and so a Nash equilibrium is achieved where stuff is usable.

            • Dave@lemmy.nz
              link
              fedilink
              arrow-up
              1
              ·
              4 months ago

              You can buy valid gmail address by the thousands. Email validation is one part of a multilayered approach. It cuts some out, but you need more layers. Captchas work, they cut some proportion out, but not all.

              Probably the most effective is registration applications, but this is a huge barrier to entry. If we want Lemmy to grow, we are going to have to change the current state (most instances require an application to join), or change peoples expectations. You can sign up for a reddit account just like that, and start using it without waiting for approval. Why would people choose Lemmy? On our instance we had a drop in registrations to about 1/10 of what we had with open registrations.

              Unfortunately I don’t know the answer. It probably involves taking on strategies like reddit if we are going to scale that big (auto-mod, karma, etc). Unfortunately we will have even more trouble, because in the users host instance doesn’t ban them then an admin on every other instance has to ban them for that instance. So we probably need to be able to follow ban lists to auto-ban users that have been banned on other trusted instances or something like that. As we grow, I’m sure we will have more pain before it gets better, but I’m hopeful that we will solve issues as they arise.

              • CanadaPlus@lemmy.sdf.org
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                4 months ago

                You can buy valid gmail address by the thousands

                Yep, although the economics of that depend on what you’re doing. I’m trying not to mention too many details, because internet hooliganism is one of the few things I think I could make worse just by publicly and accessibly explaining, haha.

                Probably the most effective is registration applications, but this is a huge barrier to entry.

                I know of people with similar mechanisms who had problems with very sincere-sounding bad actors before ChatGPT. Best of luck with it, though. It’s how I got into my instance.

                Unfortunately I don’t know the answer. It probably involves taking on strategies like reddit if we are going to scale that big (auto-mod, karma, etc).

                Hey, unrelated, but do you know if they ever got the database code cleaned up? One of these days that’s actually going to start to bite; my instance already had to do a hardware upgrade once.

                I should try and figure out how a list of bad IPs would best fit into ActivityPub. It sounds like it would be easy enough to add.

                As we grow, I’m sure we will have more pain before it gets better, but I’m hopeful that we will solve issues as they arise.

                It’s been done, we can do it again!

                • Dave@lemmy.nz
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  4 months ago

                  I know of people with similar mechanisms who had problems with very sincere-sounding bad actors before ChatGPT.

                  There are many ChatGPT answers, but I think this more affects instances like Beehaw who ask for an essay and have to pick the AI out from the others. My instance has a short and specific question and works to weed out a lot of this, though I’m confident some spammers still get through (and are sitting on accounts waiting for them to age up a bit).

                  Hey, unrelated, but do you know if they ever got the database code cleaned up? One of these days that’s actually going to start to bite; my instance already had to do a hardware upgrade once.

                  I’m not familiar with that specific code, but it probably depends on the last time you looked at it. In the early reddit migration days a lot of optimisation changes were made in a hurry, but there were issues that arose as instances scaled. These were patched up by various releases but on my instance the average CPU usage of the 0.19 versions is 30% or more up on the 0.18s.

                  Being in NZ we were also hit hard by the issue of federation being concurrent. To this day we are running an extra VM in Finland to batch up activities and send them in bulk to be replayed on the Lemmy server. I’m pretty sure I saw a pull request for that recently though so it might be fixed in the next version (but we’ll have to wait until Lemmy.world updates if I understand it correctly).

                  I should try and figure out how a list of bad IPs would best fit into ActivityPub. It sounds like it would be easy enough to add.

                  Perhaps such a thing exists for Mastodon and could be applied to Lemmy?

                  • CanadaPlus@lemmy.sdf.org
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    edit-2
                    4 months ago

                    Being in NZ we were also hit hard by the issue of federation being concurrent. To this day we are running an extra VM in Finland to batch up activities and send them in bulk to be replayed on the Lemmy server. I’m pretty sure I saw a pull request for that recently though so it might be fixed in the next version (but we’ll have to wait until Lemmy.world updates if I understand it correctly).

                    Fascinating, I didn’t realise the latency down there was that bad. How hard was it to get the process working across two distant servers like that?

                    Perhaps such a thing exists for Mastodon and could be applied to Lemmy?

                    Hmm, doesn’t look like it. The relevant source doesn’t mention anything, and a GitHub question from 2022 doesn’t mention a devoted feature, although there’s some publicly posted lists shared.