ActivityPub spam, onboarding
#ActivityPub #spam seems to be spreading nowadays. It isn't new, I moved away from my previous instance because it didn't have active mod volunteers.
#Snikket's idea of invites (#XMPP, not AP) seems like a good way to both control spam and onboard users. Mods can rate-limit account creation by judiciously creating invites. Users can generate 1 invite each, but can expect to also get banned if their invitee is a spammer. User-invited users would have a real account to bootstrap their connections.
ActivityPub spam, onboarding
@tetrislife Custom challenges might be a viable option for fighting spam.
There could be an option to create image puzzles with your own images at times when spammers are actively attacking a site. Or ask various questions (bots know the location of Paris though).
ActivityPub spam, onboarding
@olives I have not seen too many approaches being available. There is open-house #ActivityPub, clique-y #Zot / #Nomad or this invite system which seems to be in between.
Scale isn't something a federated system should care about. That and vulnerable groups are a non-tech problem, they are not nails for the tech hammer.
It is fine for somebody giving out an invite to be liable in that sense, it will make sure invites are used judiciously.
ActivityPub spam, onboarding
@tetrislife In my view, online spam has a couple of elements:
Bots and farms of humans paid to solve captchas. Often, it's purely a bot. Bot masters usually expend more resources on large sites than they are willing to expand on smaller sites.
There is also the accessibility problem where as you put up barriers like this, the number of people who will go along with it will go down dramatically. That isn't a matter of tech but of psychology.
ActivityPub spam, onboarding
This kind of thing is why I really wish ActivityPub had focused on users, not instances, and included Web of Trust sort of functionality in its core.
ActivityPub spam, onboarding
@volkris interesting view. Web of trust-ness seems to be there in #SecureScuttlebutt (it "gossips" content from friends and friend-of-friend, friends are cryptographically verified by design).
Per your view, #Zot / #Nomad would work well on the user-in-control front (although whether their #Hubzilla / #Streams UX implementations work for users is questionable).
Yep. UI/UX is always the stumbling block for this kind of thing.
It's a crime that we don't have a norm of encrypted email messages, but the UI was never developed to make that happen.
Solutions we've had in academia for decades are just never mainstreamed because the UI never implements them.
It's a longstanding tragedy in tech.
ActivityPub spam, onboarding
@tetrislife Bad in practice. It's a sure way to sink a system, or turn it into something only practically available to a very small group of people. Vulnerable people might be particularly impacted, and it's not clear it's that effective against bad actors.
On more mainstream social media, I've even seen situations where a spammer hijacks someone else's account, and uses that to blast out floods of spam.
This also goes down a road I'm not really happy with where someone can be punished for something which someone else has done.
I honestly think any approach which tries to be "perfect" is probably far worse than the problem it is trying to solve.