Maciej Lesiak :flag_pirate: on Nostr: npub1wf44g…r94wn npub1cx7gl…28tc2 I read an enlightening article by Krebs about ...
npub1wf44gvmu4g6x0gwwjgrnlw0f8dxmvx7h929k057wwv8hwa8clq6snr94wn (npub1wf4…94wn) npub1cx7gljur9tl4zss45ekcm0xuw20v4xxx0337695dq5xr468wpeasc28tc2 (npub1cx7…8tc2)
I read an enlightening article by Krebs about the recent spam flood on Mastodon.social, and honestly, it gave me chills seeing how they were handling it...
In November 2022, I set up my own mastodon instance at dadalo.pl and was quickly surprised by the lack of basic captcha protections. The account creation process is straightforward, with no apparent limits. Moderation was a nightmare, and illegal materials in the EU and most countries rapidly surfaced on my server. I quickly and painstakingly blocked these manually. This, along with several other reasons, led to the closure of public registrations three months later. After going through a series of insightful articles by npub1hudmds40lmwcyvjxm2f0ytvz4evnjawas3azuknwcajy8sz2mx4qup79j0 (npub1hud…79j0) on Mastodon and the issue of public API concerning bots and spam, I decided to block the public API for two months.
It's chilling to think that someone who manages the infrastructure of such a large application as Mastodon should be facing the same challenges I deal with in my company, where I run several stores with hundreds of thousands of products. With daily spam attacks, server drain from scanners, and bots, creating filters and managing these issues is practically a full-time job. If I were handling these problems as they are, I'd be out of business. And yes, spamers use proxy, did you heared about that? So manually blocking IPs in mastodon admin is kinda funny idea... Yes, i know it is mainly as most of the stuff DESINGED not to prevent spam but to block other people and servers from fediverse... spammers laugh at this tools.
The problem is worsened by the fact that mastodon.social can't shut down registrations because the registration button is rigidly embedded in the Android app.
I write this because Mastodon lacks BASIC tools. Worse still, Mastodon developers seemingly fail to grasp the impact of onboarding and content problems on newcomers' perception of the fediverse. We need robust moderation to prevent such issues from discouraging people from joining this young project. The decision to introduce captcha, despite it being a feeble security measure for years, is quite disappointing.
I hope someone at Mastodon GMBH gets down to business soon. Focusing on creating mugs and t-shirts for fans instead of addressing these pressing issues could spell doom for this network. The early signs of "defederalization" are already spewing out like a sewer overflow.
We need a change, and it needs to happen fast.
P.S.
I have been monitoring the public API of selected instances, particularly on mastodon.social, and it's evident that storage drainage by bots posting images is a significant problem. Bots make 22% of public posts. If mastodon.social is still struggling with cache, storage, and performance issues, perhaps they should start resolving their internal problems.
SNAPSHOT: https://gc.dadalo.pl/dashboard/snapshot/dz2JnBlflOYozXc5IJHIyHY3vji2mKvL?orgId=0&refresh=5m
I read an enlightening article by Krebs about the recent spam flood on Mastodon.social, and honestly, it gave me chills seeing how they were handling it...
In November 2022, I set up my own mastodon instance at dadalo.pl and was quickly surprised by the lack of basic captcha protections. The account creation process is straightforward, with no apparent limits. Moderation was a nightmare, and illegal materials in the EU and most countries rapidly surfaced on my server. I quickly and painstakingly blocked these manually. This, along with several other reasons, led to the closure of public registrations three months later. After going through a series of insightful articles by npub1hudmds40lmwcyvjxm2f0ytvz4evnjawas3azuknwcajy8sz2mx4qup79j0 (npub1hud…79j0) on Mastodon and the issue of public API concerning bots and spam, I decided to block the public API for two months.
It's chilling to think that someone who manages the infrastructure of such a large application as Mastodon should be facing the same challenges I deal with in my company, where I run several stores with hundreds of thousands of products. With daily spam attacks, server drain from scanners, and bots, creating filters and managing these issues is practically a full-time job. If I were handling these problems as they are, I'd be out of business. And yes, spamers use proxy, did you heared about that? So manually blocking IPs in mastodon admin is kinda funny idea... Yes, i know it is mainly as most of the stuff DESINGED not to prevent spam but to block other people and servers from fediverse... spammers laugh at this tools.
The problem is worsened by the fact that mastodon.social can't shut down registrations because the registration button is rigidly embedded in the Android app.
I write this because Mastodon lacks BASIC tools. Worse still, Mastodon developers seemingly fail to grasp the impact of onboarding and content problems on newcomers' perception of the fediverse. We need robust moderation to prevent such issues from discouraging people from joining this young project. The decision to introduce captcha, despite it being a feeble security measure for years, is quite disappointing.
I hope someone at Mastodon GMBH gets down to business soon. Focusing on creating mugs and t-shirts for fans instead of addressing these pressing issues could spell doom for this network. The early signs of "defederalization" are already spewing out like a sewer overflow.
We need a change, and it needs to happen fast.
P.S.
I have been monitoring the public API of selected instances, particularly on mastodon.social, and it's evident that storage drainage by bots posting images is a significant problem. Bots make 22% of public posts. If mastodon.social is still struggling with cache, storage, and performance issues, perhaps they should start resolving their internal problems.
SNAPSHOT: https://gc.dadalo.pl/dashboard/snapshot/dz2JnBlflOYozXc5IJHIyHY3vji2mKvL?orgId=0&refresh=5m