Feature that makes it possible to shadow ban "users" #3202
Comments
ctsrc
changed the title
|
If there is no shadow ban feature, Is there some SQL query I can use that allows me to quickly do a normal ban of all of the users with id >= n? All users with id >= 6 on my instance were created by the spam bots today and I want to prevent them from doing any harm to other instances. In the meantime I am shutting down my instance so that the spambots cannot negatively impact other instances. |
This comment was marked as abuse.
This comment was marked as abuse.
In the case of the spam bot accounts on my instance they are so blatantly obvious that a shadow ban would be in order. But at the same time I see your point in general. Any real person who might end up shadow banned in other cases would have a very bad time indeed. |
|
But short of shadow ban I think the following would be useful:
This is probably even better than any kind of shadow ban, as the main concern in terms of moderation moving forward should primarily be to avoid cross-instance spam. Any local spam can be dealt with by the admins of that instance. Cross-instance spam is the worst for Lemmy in coming time IMO. |
|
One of the reasons I left reddit was because my account was erroneously shadowbanned as soon as I joined (for privacy, I constantly create new throwaway accounts). I didn't do anything bad, but they (most likely their machine learning algorithms) banned me. I submitted an appeal every few days, but I never heard back from Reddit. In the name of "preventing bots" Reddit has become a place (like Amazon, Ebay, Discord, Twitter, and most banks) that makes it impossible for users who need to use privacy tools (eg Tor Browser) to participate anonymously. The idea of adding shadowbans has Lemmy creeping into the groove of other big corporate websites that dismiss the needs of marginalized, at-risk users. Rather than shadowbanning, why not just openly ban and fix the issue where it really exists: the signup process. I think it makes more sense to invest in implementing something like hashcash for new users than to implement shadowbanning |
This comment was marked as abuse.
This comment was marked as abuse.
Idk if I agree with that completely. Giving more info to the spammers about how we spot them helps the spammers avoid bans and lets them continue to crap up everything, which in turn will in the worst case kill the whole network.
Having proof-of-work limits on signups might help a bit. But mainly for the bigger instances. For a small instance where only a few legit users sign up every now and then, a steady stream of bot signups rate-limited by PoW will still be detrimental even when they are only able to create a new account every few minutes or so. For reference the influx of spam bots to my own instance was at a rate of about 2-3 users per minute, but over a duration of very many many hours and that's how they are able to create a lot of bot accounts without generating much traffic at any given time. Persistence. Given the distributed nature of Lemmy it is also easy to see how even though the spam bots are only signing up at a low rate per minute per instance it still becomes very many accounts if they are targeting a whole bunch of Lemmy instances concurrently. |
I vote for security through cryptography, not security through obscurity. |
|
Although I personally believe that shadowbans are just fine (there's nothing about them that specifically targets marginalized users), I don't think they will actually solve anything with the signups because Lemmy is inherently transparent. If a bot wants to check if it's shadowbanned, it can simply federate with the instance, try to post to it and check whether or not it actually shows up. The shadowban effectively just becomes a regular ban. |
|
This feature does not make sense to me, for the reasons others have posted. An outright ban is probably better. |
|
Shadow banning causes too many problems for real humans who are affected by them. They are not necessary to fight bots. |
Requirements
Is your proposal related to a problem?
I just got hit by a wave of bot accounts.
I immediately noticed this because I had ~5 users on my instance and then suddenly today I have >669 users.
I changed registration mode to require application to fend off the bots somewhat.
Describe the solution you'd like.
Now I would like to shadow ban all of these bots, so that they do not spam other instances.
In other words, I would like that to the "users" (bots) it seems like they are active and that their messages are accepted but in fact all messages to external instances from these users will be silently dropped.
Is this currently possible?
Describe alternatives you've considered.
There is very little documentation about how to handle user management in the Lemmy docs currently. Not sure if any means are possible for dealing with these bots short of shutting down the instance until I can figure out how to prevent bots from having their actions forwarded to other instances.
Additional context
No response
The text was updated successfully, but these errors were encountered: