Is lemmy vulnerable to botting?

schzztl@lemmy.nz to Lemmy@lemmy.ml – 4 points –

I've had a look at signups for multiple lemmy instances and they all seem relatively painless to sign up for - perhaps a bit too painless. While some require approval by a human, I'm not seeing much in the line of email veritifcation (heck, it's optional) or captchas. Is there any particular reason behind this? Or is this up to admins to enforce? While I do appreciate this has privacy benefits, I am concerned it makes lemmy as a whole prone to botting, and with that the ability for bad actors to influence user opinions at whim. Would be interested to hear the dev's thoughts on this.

1

It's up to instance owners to set capchas, or botting preventions, but it's also a possibility for an instance owner to set its instance to spam other instances it links within the fediverse.