First post approval (anti spam measure)

[poVoq]

Is your proposal related to a problem?

New accounts are often created for the sole purpose of posting spam.

Describe the solution you'd like

A common way to fight spam on traditional forums like phpbb is to hide all posts by new users until one post is approved by a moderator. This typically works very well but needs to be clearly visible to the new user, otherwise they get confused and post several times the same message or abandon the platform.

Describe alternatives you've considered

Approve accounts, as for example done in Hubzilla. But that likely requires the site-admin doing it, not a normal moderator. In general requiring site-admin intervention is to be avoided as that takes a lot of time away from those people.

Additional context

Might be slightly more tricky to implement in Lemmy as the moderator role is something anyone can get by creating a community.

[dessalines]

I'm pretty against this for a few reasons.

• Its a barrier to entry, that discourages news users. They sign up, want to make a post, and find they have to wait an hour or two to be able to do so.
• This requires more, not less, work for admins. Whereas before they only had to clean up 1 / 10 new users that were scammers, now they have to manually approve 10 new users.
• If its only posts we're limiting, then why not comments? Spammers could easily spam comments or communities instead.

The better solution is not to punish both new users, and admins with additional workloads and waiting times, but to better captchas / anti-spam measures for new accounts, have strong moderation tools to be able to clean up the garbage easily ( this one is already in place, and cleaning up this garbage is extremely easy ), and ways to notify the admins of garbage ( the reporting system will eventually do this) .

I'd def appreciate any help with bettering the captcha system, or the eventual reporting system, but I really don't want to add either barriers to entry, or reputation-based privileges.

[poVoq]

My experience from phpBB forums shows that no amount of captchas etc. will deter spammers. They mostly seem to be actual human beings in some 3rd world country sweatshop these days.

And cleaning up hundreds of spam posts/comments is much more work then approving ten.

But I agree that it is a barrier to entry.

[Nutomic]

@dessalines I disagree with your arguments. You seem to prioritize the experience of new users, but because we dont have advertising, we dont get any benefit from having more users (except bragging rights). I think that we should prioritize existing users which are the ones making Lemmy what it is, and are getting more and more bothered by spam. Besides, new users might also be discouraged if they see spam on the frontpage. This would be an optional feature which instance admins can enable or disable as needed. Better captchas are not going to help, its pretty cheap to get humans to solve them. About the waiting time for new users, we could send an email once they are approved.

It is going to be more work for admins, but not much. At this point its still pretty easy for one person to read all posts and comments on lemmy.ml, even more for a team of five. Plus we could also allow community mods to approve new users (but then we need a stricter system for commuity creation, so spammers cant approve their own accounts).

The approval system should definitely apply to posts and comments.

[Seb3thehacker]

This is an idea from tildes.net an alternative to reddit, "Trusting someone is a gradual process that comes from seeing how they behave over time. This can be reflected in the site's mechanics—for example, if a user consistently reports posts correctly for breaking the rules, eventually it should be safe to just trust that user's reports without preemptive review. Other users that aren't as consistent can be given less weight—perhaps it takes three reports from lower-trust users to trigger an action, but only one report from a very high-trust user.

This approach can be applied to other, individual mechanics as well. For example, a user could gain (or lose) access to particular abilities depending on whether they use them responsibly. If done carefully, this could even apply to voting—just as you'd value the recommendation of a trusted friend more than one from a random stranger, we should be able to give more weight to the votes of users that consistently vote for high-quality posts."
Full article at https://docs.tildes.net/future-plans

I really think this could work. It could either be a trusted person takes bad posts down or it goes to a vote with other trusted people. Possibly a mix of both.
Thanks everyone, keep up the great work.

[pixlguru]

how about classic anti-spam measures like email validation.
another hurdle would be the implementation of a form-field honeypot, as most spam-posts stupidly fill in all form fields (i.e. seen as they almost all have nsfw contents activated)

[dessalines]

Emails aren't a requirement, so that's out.

But form field honeypots would be possible.

[Nutomic]

We could make emails required, at least as a config option. But I dont think it would be a big hurdle for spammers, in my experience they can easily do email verification.

[Seb3thehacker]

Yeah, there are plenty of temp email sites.

[poVoq]

So apparently an even stronger lock-down was added requiring all registrations to be approved now.

Are there still plans to add some lighter anti-spam measures that don't solely rest on the shoulders of instance admins?

Temporary invite links / codes would be also nice.

[dessalines]

I don't have time to do this, but someone else can.

Its also very low priority for me, because registration applications effectively stopped all spammers, and a first-post-approval is basically a less effective first barrier to entry than an application.

[Nutomic]

Closing in favor of #2601.