this post was submitted on 22 Jun 2023
147 points (96.8% liked)

Fediverse

17708 readers
1 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

Lemmy has multiplied it's number of users (maybe more accurately accounts) in just few days. How much do you think is the percentage of bot accounts? Is Lemmy having problem with bot farming?

top 50 comments
sorted by: hot top controversial new old
[–] dessalines@lemmy.ml 38 points 1 year ago (2 children)

Don't pay attention in the slightest to total users, active users is what counts.

[–] hare_ware@pawb.social 18 points 1 year ago (2 children)

Active users will probably drop off as the Reddit dust settles, but I'm liking it so far, not really that much of a jarring change once you get past the ActivityPub shananigans.

[–] nostalgicgamerz@lemmy.world 15 points 1 year ago

Once 3rd party apps don’t work on July 1st, that will be the real test

[–] JackFromWisconsin@midwest.social 6 points 1 year ago (1 children)

It'll drop a little, but to a significantly higher level than it was before.

[–] hare_ware@pawb.social 2 points 1 year ago

Yeah, something similar happened to VRChat a year ago, Neos and ChilloutVR had crazy spikes in signups in the first few days of the controversy but eventually ended up with around 2x-5x online users afterwards.

[–] fu@libranet.de 2 points 1 year ago

@dessalines @1337tux but if they're bots they'd still count as active users assuming they aren't idle.

In the end, neither really matters, assuming the bots aren't causing you or your server trouble, like the thousands of posts taghing GNU SOCIAL users repeatedly a couple weeks ago. Could still be happening on instances with absantee admins. (like my original GNU SOCIAL account of @fu@2mb.social)

[–] WhoRoger@lemmy.world 14 points 1 year ago

One of my communities tripled in size in 2 days, with people making OC posts and no spam (so far). Other communities get a bit more lively too. Doesn't seem like it's just bots.

[–] Very_Bad_Janet@kbin.social 12 points 1 year ago* (last edited 1 year ago) (1 children)

Have all of the Lemmy instances (and kbin ones, too) now added email requirements, captcha, and maybe the little paragraph asking why you should have an account that Beehaw does?

Also, how do you identify bot accounts? Can you bulk ban accounts or.do they all have to be examined and dealt with individually?

ETA: I wasn't suggesting the paragraph. Just wondering what the instances are putting in to prevent bots. I actually tried to sign up for Beehaw, wrote my little paragraph, and then got the pinwheel of death, lol. I was never able to sign up, but lucked out with a kbin.social account. I have to add that it's pretty disappointing to be downvoted for simply asking a question. Feels like what I left at Reddit.

[–] funkyb@kbin.social 6 points 1 year ago (4 children)

good grief i hope not. Email & captcha are reasonable; a short form essay on why you should be graced with the ability to participate is super cringe.

[–] Kichae@kbin.social 5 points 1 year ago

Join request forms do a good job at doing what they're designed to do.

[–] rm_dash_r_star@lemm.ee 4 points 1 year ago (1 children)

Yeah I was a bit weirded out by that, it's like what, am I joining a cult? Anyway I actually signed up on a number of instances in search of one I like and only a couple were using an application. The rest were just captcha plus email.

I think they should come up with a better mechanism than an application. I understand the need to verify a signer is actually a human being, but an application is pretty off-putting. Problem is there's bots that can get around captcha and email authentication, AI keeps getting smarter.

[–] Amir@lemmy.ml 4 points 1 year ago (2 children)

"ChatGPT, write me a paragraph about why I want to join an internet forum in first person"

[–] rm_dash_r_star@lemm.ee 2 points 1 year ago

Yeah ChatGPT could fill out an application as well. In fact AI is getting to the point now where it would be hard to tell even by voice. Though it's also a matter of effort on the part of the exploiter. They don't have to make it zero occurrence, just enough to keep it at bay.

load more comments (1 replies)

Sounds like it sorts out the right kind of people? I'm not aware of anyone actually asking you to write an essay, no one would do that. 2 short answer questions does not an essay make.

[–] Sal@mander.xyz 4 points 1 year ago

It is too easy to fake e-mails. You can set up a catch-all e-mail domain and spam the registration like that. I am not a fan of giving my e-mail nor collecting other people's e-mails.

My current message contains the following:

Please leave a short message (a sentence or two is enough) stating why you would like to join this instance and I will accept your application as soon as possible. The purpose of this form is to filter out spam bots, not to judge your motivation for joining.

It is not about them writing an essay to be let in. It is a very effective strategy to weed out spam accounts being registered in masse. One step is to make sure that the user made a cohesive sentence that addressees the question, and the other step is to check whether there is a sudden spike of similar new applications. Even ignoring the actual text, it is useful to be able to monitor whether you getting rate-limited bursts of account creations, and having the ability to approve/deny allows you to respond with less effort than if they succeed at creating the accounts.

[–] Aninjanameddaryll@outpost.zeuslink.net 11 points 1 year ago (4 children)

There's obviously bots, but some folks do multiple accounts as default (I do for sure), and others just want to have a bit of padding against instance failure. Others don't realise you don't need to have an account on an instance to access it lol.

load more comments (4 replies)
[–] DerWilliWonka@kbin.social 7 points 1 year ago (5 children)

I wonder how people come up with the bot superstition? Just a feeling or is there any valid indication of massive influx of bot accounts?

[–] greensky@sh.itjust.works 3 points 1 year ago

I think it's a combination of things. There are real users who have migrated to Lemmy because of reddit's horrible treatment of its users and there are also bots being created but that's normal on the internet.

[–] fu@libranet.de 2 points 1 year ago

@DerWilliWonka @1337tux yeah, I'm guessing a lot, I didn't save the post, but I saw earlier this week some instances that were spun up brand new and in less than an hour had >5,000 users.

One of many reasons to recommend against allowing open sign-up on your instance. A lot htat have been around for longer, like lemmy.ca, require you to request an account, and answer some questions (like why do you want your accoutn on this particularl instance) and a real person clicks the check-mark button.

Some new users will be annoyed by such, but the truth is if they are annoyed by that, they probably aren't going to be good fedizens open to following good netiquette anyway.

[–] Overzeetop@kbin.social 1 points 1 year ago (1 children)

I asked the same question. The answer is that there are a bunch of instances (probably 15-20) which have thousands or tens of thousands of new accounts (<1 week old) but have barely dozens of posts. Here's a sheet made by @sunaurus showing the effect. A bunch of the explosion is in open signup (no email, no captcha, no verification) and there is zero interaction on the instance. Could we be seeing half a million lurkers on instances with <200 comments combined between them in the last couple of days? I suppose it's possible, but it seems unlikely.

load more comments (1 replies)
[–] TheAngryBad@kbin.social 1 points 1 year ago (1 children)

Experience, mainly.

I used to run a phpbb forum, on average the bot signups outnumbered the real people 10 or 20 times. And that was with some fairly robust anti spam measures in place - something I think this platform is too new to have properly sorted out yet.

I may be wrong, I don't know how the back end here works, but any place where people can post publicly will be infested with bot signups very quickly. The only real variable is how good the anti spam measures are.

[–] DerWilliWonka@kbin.social 3 points 1 year ago* (last edited 1 year ago) (2 children)

What is something someone can gain by swarming an instance or forums like yours with bots? I cant wrap my head around it. Also if someone has an instance and swarms it with bot accounts, it may seem like you got a popular instance but where is the revenue if there are noone who is able to click an ad? Do they do it just for the lols?

[–] GizmoLion@kbin.social 4 points 1 year ago (11 children)

Spin up 50 bots.
Sign them all up for lemmy.
Let accounts interact/age.
Sell accounts to companies who want to advertise as one of the cool kids.

Happened on reddit nonstop.

[–] adamthinks@kbin.social 1 points 1 year ago

Except that Lemmy doesn't show overall karma, so there's no use in doing any of that here.

load more comments (10 replies)
[–] fu@libranet.de 2 points 1 year ago

@DerWilliWonka @1337tux @TheAngryBad there are cetainly some who do it for the lulz, and there are some who probably do it as a way to encourage others to make security changes to the platform. Personally, I think it would be more useful to file issues via git, but what do I know, I'm just an old-timer who quit college after failing security class, and thereby losing my scholarship.

load more comments (1 replies)
[–] poVoq@slrpnk.net 7 points 1 year ago (2 children)

I think the growth in the last couple of days has been mostly bots.

l can see a sharp decline in real sign ups on my instance after the initial big wave before and during the 3 day Reddit blackout.

Maybe there will be another wave early next month but currently it has nearly completely dried up.

[–] adamthinks@kbin.social 3 points 1 year ago (1 children)

Why do you think it's bits? I haven't noticed any bot activity.

[–] poVoq@slrpnk.net 4 points 1 year ago (1 children)

They are currently dormant, but those thousands of new accounts on some instances clearly show every sign of being auto-generated.

[–] rm_dash_r_star@lemm.ee 2 points 1 year ago

The admins and mods are keeping them at bay, but it could easily get out of control. At this point it's transparent which it normally is when mods and admins are holding the line, but the soldiers are at the gates.

[–] dingus@lemmy.ml 3 points 1 year ago* (last edited 1 year ago)

I think this cements worries that some people who are trying to run these servers don't actually understand the severity of the bot-problem online and aren't doing enough to protect themselves, not even the basics. It makes you wonder what kind of other basic cybersecurity protections they haven't set up on their servers, or if their servers are even hardened at all.

I wonder how much (if any) of this is driven by reddit to create more ambiguity to people's feelings about the fediverse? It's totally possible it's all "organic" bot growth, but if they're willing to go to the lengths they have against their own users, I also wouldn't put it past them to be trying to destroy the credibility of any "competitors" in the space.

[–] squirrel@discuss.tchncs.de 6 points 1 year ago (5 children)

Yes, there's a bot problem. fedidb.org now shows the following message:

A spambot influx has been observed on Lemmy instances, inflating total user counts.

We recommend using Active Users as a better metric to gauge growth.

[–] genoxidedev1@kbin.social 3 points 1 year ago (2 children)

Do you know how active users are defined because I don't usually make my own posts but I upvote and comment every now and then?

[–] Kichae@kbin.social 3 points 1 year ago

Something like fedi observer can probably only gauge posts and comments, so active users will severely undercount people actually using the platform. But we should expect posting users to grow proportionally with less visible but active users.

[–] Kichae@kbin.social 2 points 1 year ago

Something like fedi observer can probably only gauge posts and comments, so active users will severely undercount people actually using the platform. But we should expect posting users to grow proportionally with less visible by active users.

load more comments (4 replies)
[–] JASN_DE@feddit.de 6 points 1 year ago (1 children)

How much do you think is the percentage of bot accounts?

...yes.

Is Lemmy having problem with bot farming?

Will have one at some point. For not it seems most of them are created, but don't post anything (yet).

[–] 1337tux@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

Think what will happen when they start to post and comment. They will probably just get defederated.

Edit: Now that I looked the stats, there's huge spike in posts and comments.

[–] Jumuta@sh.itjust.works 3 points 1 year ago (2 children)

you can't just defederate individuals accounts, these bots have their home on places like shit and world

[–] kionite231@lemmy.ca 3 points 1 year ago (1 children)

The moderator can block them?

[–] Jumuta@sh.itjust.works 3 points 1 year ago

individualy delete thousands? sure, it could be done, but that's a lot of work and sure to create some false positives.

[–] JohnEdwa@kbin.social 1 points 1 year ago

Yup. But you can always go beehaw and defederate them anyway - as they did with both of your examples.

[–] greeen_tomato@feddit.de 6 points 1 year ago (2 children)

I saw some very big instances on fedidb yesterday. I looked at a few.... Completely empty instances, no communities, no posts, but 24k users.

I'm pretty sure those are all bot/spam accounts. So the numbers right now are very inflated imho.

load more comments (2 replies)
[–] acefour@lemmy.thesmokinglounge.club 4 points 1 year ago (1 children)

Yeah, Lemmy bot net. I looked at one server and it was ridiculous the number of users vs active. My guess is the servers that had open signups got hammered with bot signups

[–] JohnDClay@sh.itjust.works 2 points 1 year ago

It's also possible people are making accounts to see what it is but not doing anything yet, but I agree there are probably lots of bots

[–] TrippyTortuga@lemmy.ml 2 points 1 year ago

How did you get this measurement?

[–] philluminati@lemmy.ml 1 points 1 year ago

This is amazing!!

load more comments
view more: next ›