email verification might slow *spam down, but manual approvals seems like the best option from having the best results out of the two. You could be more able to tell if someone is a spammer or even a ban evader potentially before they are approved to join the server.
Manual approvals aren't scalable
Sometimes, that's a good thing. Not every instance wants hundreds of thousands of users.
I think the best solution are federating ip bans and maybe mass registration prevention.
The idea would be to note your ip in the account which then gets federated and if this ip registers a third account, it gets blocked. (Two might be a changing ip or a lost password)
IP bans are not very useful considering that almost nobody has a static IP these days.
CGNAT IP addresses change frequently and can be shared by over 100 users. I find it very annoying to have to connect to a VPN until my IP changes because someone else got the IP I'm using banned.
Browser fingerprinting would be a better way of detecting ban evaders.
browser fingerprinting is inherently bad for privacy and would require scripts that nobody wants to run
not to mention the GDPR issues with servers having that amount of data
I'm not a fan of fingerprinting either, although good luck avoiding it considering just how much of the web is behind Cloudflare.
the fediverse largely prides itself on no tracking, in fact in the past instances that used cloudflare have been harshly criticised.
This is against the fediverse's core values
I've had my server behind Cloudflare this entire time. Should I not be doing that? At a minimum I need something to hide my server's real IP.
They‘re useful for a very short amount of time and add frustration for the spammer but yes, the downsides are large as well.
If a person knows how to change their ip after being banned, they probably dont use a normal browser either, dont you think? Or have I missed something about browser fingerprinting? You can post to lemmy over an api, right?
most of my friends (and me myself) have far more than 3 accounts. Many instances I've been on have died, leading to me having to move and my old account on dead instances still being in databases. That said, even without that, I have far more than 3 active accounts
sure we dont have hundreds or thousands like spammers would but putting an arbetrary number on "amount of accounts an IP can have" is against what the fediverse is
I get that. Still, there are solutions to this (dead servers obviously wouldnt count for example) and having multiple accounts might just be your hobby but so could vote manipulation, negatively overwhelming a certain post and other egregious behavior be. Multiple accounts are like amassing wealth, its ultimately just means to do things that arent great for the community.
Account migration should be high priority imo though. Its pretty bad that we have no way of doing this in lemmy atm. Mastodon does have it but I‘m not sure how well it works atm.
what if one wants accounts on say, 3 mastodon servers (one personal, one public, one backup, this is entirely reasonable, but many have more reasons for making separate accounts) and then wants a separate Lemmy account or two, because they prefer the Lemmy interface for specifically that. Or maybe someone wants to separate their work and personal life in addition. Or! They're a minority and have specific reasons to separate their accounts. Or they're an artist and want a separate art account
and then other fediverse software comes along that interacts completely differently than content aggregation (Lemmy) or microblogging (mastodon etc). Neither federates properly yet and wont for a while, so guess what, another account
you see how this doesn't work?
it has nothing to do with amassing wealth or voting manipulation as this is a problem across fedi (and voting isnt even a thing outside of Lemmy etc) and more to do with accessibility
There are valid reasons to have several accounts to the fediverse, and it goes against the spirit of the fediverse to stop that.
I agree that there are reasons to have multiple accounts. There is a natural limit to what a person can reasonably (without using bots and such) fill with cotent though. We‘ll see how it plays out.
True. I was really talking about what's already available to most Mostodon admins. If somehow this could be added in to Mastodon that would be great. (never hosted an instance in my life.)
email verification might slow *spam down, but manual approvals seems like the best option from having the best results out of the two. You could be more able to tell if someone is a spammer or even a ban evader potentially before they are approved to join the server.
Manual approvals aren't scalable
Sometimes, that's a good thing. Not every instance wants hundreds of thousands of users.
CC BY-NC-SA 4.0
I think the best solution are federating ip bans and maybe mass registration prevention.
The idea would be to note your ip in the account which then gets federated and if this ip registers a third account, it gets blocked. (Two might be a changing ip or a lost password)
IP bans are not very useful considering that almost nobody has a static IP these days.
CGNAT IP addresses change frequently and can be shared by over 100 users. I find it very annoying to have to connect to a VPN until my IP changes because someone else got the IP I'm using banned.
Browser fingerprinting would be a better way of detecting ban evaders.
browser fingerprinting is inherently bad for privacy and would require scripts that nobody wants to run
not to mention the GDPR issues with servers having that amount of data
I'm not a fan of fingerprinting either, although good luck avoiding it considering just how much of the web is behind Cloudflare.
the fediverse largely prides itself on no tracking, in fact in the past instances that used cloudflare have been harshly criticised.
This is against the fediverse's core values
I've had my server behind Cloudflare this entire time. Should I not be doing that? At a minimum I need something to hide my server's real IP.
They‘re useful for a very short amount of time and add frustration for the spammer but yes, the downsides are large as well.
If a person knows how to change their ip after being banned, they probably dont use a normal browser either, dont you think? Or have I missed something about browser fingerprinting? You can post to lemmy over an api, right?
most of my friends (and me myself) have far more than 3 accounts. Many instances I've been on have died, leading to me having to move and my old account on dead instances still being in databases. That said, even without that, I have far more than 3 active accounts
sure we dont have hundreds or thousands like spammers would but putting an arbetrary number on "amount of accounts an IP can have" is against what the fediverse is
I get that. Still, there are solutions to this (dead servers obviously wouldnt count for example) and having multiple accounts might just be your hobby but so could vote manipulation, negatively overwhelming a certain post and other egregious behavior be. Multiple accounts are like amassing wealth, its ultimately just means to do things that arent great for the community.
Account migration should be high priority imo though. Its pretty bad that we have no way of doing this in lemmy atm. Mastodon does have it but I‘m not sure how well it works atm.
what if one wants accounts on say, 3 mastodon servers (one personal, one public, one backup, this is entirely reasonable, but many have more reasons for making separate accounts) and then wants a separate Lemmy account or two, because they prefer the Lemmy interface for specifically that. Or maybe someone wants to separate their work and personal life in addition. Or! They're a minority and have specific reasons to separate their accounts. Or they're an artist and want a separate art account
and then other fediverse software comes along that interacts completely differently than content aggregation (Lemmy) or microblogging (mastodon etc). Neither federates properly yet and wont for a while, so guess what, another account
you see how this doesn't work? it has nothing to do with amassing wealth or voting manipulation as this is a problem across fedi (and voting isnt even a thing outside of Lemmy etc) and more to do with accessibility There are valid reasons to have several accounts to the fediverse, and it goes against the spirit of the fediverse to stop that.
I agree that there are reasons to have multiple accounts. There is a natural limit to what a person can reasonably (without using bots and such) fill with cotent though. We‘ll see how it plays out.
True. I was really talking about what's already available to most Mostodon admins. If somehow this could be added in to Mastodon that would be great. (never hosted an instance in my life.)