Hm. I wonder if I can get any fediverse admins onboard to disable all images on their instance on the World Sight Day in October, so that only alt text shows up.
I would love to see a feature where two fedi instances could establish a "trust" relationship, which would automatically enable a few things:
direct relay: public posts are forwarded between the instances, as if they were on a relay together.
common emoji list: trusted instances can use each other's custom emoji.
auto-forward reports: any incoming reports are distributed to all trusted instances.
shared mod notes: moderation notes such as strikes and warnings are visible by mods of trusted instances.
report mod actions: when a moderator suspends or silences an account, a report is automatically sent to all trusted instances.
domain reputation: federation management could show a warning when some percentage of trusted instances have blocked one that you haven't reviewed.
user reputation: remote user management could show an indicator when a remote user has been suspended from one of your trusted instances.
All of these would be individual toggles, and they would only be enabled after mutual consent on both sides of the connection. I think this could pair very well with the "local bubble" feature of Pleroma / Akkoma / Sharkey to create safe, trusted pockets of federation. It would also reduce the time necessary to detect and respond to emerging threats.
If a spambot-infested instance cleans up and the admin makes a statement, I remove it from the blocklist. I've done this after reading the following admin statements:
If a spambot-infested instance looks like it's all cleaned up, but the admin doesn't make a statement, I demote it from "Reject" to "Federated timeline removal". Without visibly active administration, I don't know if the instance could be a source of spam in the future; this measure at least proactively takes care of hashtag spam. See the "Federated timeline removal" section of our "About" page for these.
If an instance doesn't remove the spam accounts, even if they appear inactive, it remains suspended. The unmoderated instance remains a vector of spam (among other things) even if the spammers aren't using it at the moment.
As always, defederations on Akkoma don't sever connections; this affords us some flexibility.
Hallo alle Fedi-Admins die Probleme mit Spam haben!
Ich habe heute den gesamten Tag an einer Spam-Liste gearbeitet und 65 Instanzen herausgefunden welche mit dem Spam nicht aufgehört haben! Ich habe die Instanzen in einer Liste zusammengestellt welche diese stummschaltet, nicht deföderiert:
Ist diese Liste importiert ist ein Großteil des Spams vorbei. Das ganze ist für euch leicht, geht mit einem klick! Zudem wird keinerlei Instanz für immer geblockt, keinerlei Follower etc. zerstört oder deföderiert, sondern nur stummgeschaltet. Das ist sehr leicht umkehrbar.
Ihr könnet diese Liste einfach importieren, indem ihr auf https://yourinstance.tld/admin/export_domain_blocks/new geht und yourinstance.tld durch die Domain derer Instanz ersetzt, von der ihr der Administrator seid!
Alternativ könnt ihr auch auf Einstellungen => Moderation => Föderation => Importieren drücken, um diese Liste zu importieren.
Beachtet, dass zwar alle Instanzen mit einem Klick importiert werden können, dass aber diese Instanzen einzeln entfernt werden müssen, wenn der Spam vorbei ist.
Beachtet auch, dass es nur Sinn ergibt, diese Liste zu importieren und die Spam-Instanzen stumm zu schalten, wenn ihr euren Spam lokal und nachhaltig blockiert habt, wie hier beschrieben.
Hello all Fedi Admins who have problems with spam!
I have been working on a spam list all day today and found 65 instances that have not stopped spamming! I have compiled the instances into a list which mutes them, and does not defederate from them:
Once this list is imported, most of the spam is gone. The whole thing is easy for you, with just one click! In addition, no instance is blocked forever, no followers etc. are destroyed or defollowed, only muted. This is very easy to reverse.
You can simply import this list by going to https://yourinstance.tld/admin/export_domain_blocks/new and replacing yourinstance.tld with the domain of the instance you are the administrator of!
Alternatively, you can also click on Settings => Moderation => Federation => Import to import this list.
Note that although all instances can be imported with one click, these instances must be removed individually when the spam is over.
Also note that it only makes sense to import this list and mute the spam instances if you have blocked your spam locally and permanently, as described here.
I'm (not) sorry if this sounds like gatekeeping, but if you aren't technical enough and/or don't have the time to administrate an instance properly, please do not host a fediverse server. At the very least, don't allow open registrations or keep it single-user.
I've seen users losing their entire social graph due to instances randomly shutting down or losing their data, which is unfair to those users and paints a negative light of fediverse. And now, we're seeing the entire fediverse bogged down with spam because of instances that fail to mitigate bots, affecting the experience of everyone else.
In a related light, it's concerning how a small group of actors (at least based on our internal intelligence) can degrade the experience of the fediverse this effectively. It signals that we have a have a long ways to go in terms of the technologies, strategies, and tools we use to mitigate bad actors in the fediverse. What we currently have isn't enough for a resilient fediverse.
someone on a Japanese hacker forum decided it was a good idea to spam the entire Fediverse because they wanted to cancel a minor that DDoSed a Discord bot which apparently made them lost millions (what?)
A Discord bot. I can't make this shit up man.
The real culprit seems to be someone who goes by mumei in the ctkpaarr.org forums, whose first post was literally a threat to ap12, that if they don't delete their "Kuroneko Server" Discord bot, they will spam every blog, forum and SNS and cancel him.
This shit is ridiculous.
The ap12 account from mastodon-japan was actually fake, and this dude impersonated a minor to get all of the Fediverse (us) to bully him.
Today's attack proved that the Fediverse is unfortunate pretty vulnerable even to just a skid (or maybe OP who warned the skid).
The cause of the attack includes:
insufficient moderation on some servers allowing mass account creation.
no good methods to filter out even just a keyword for an entire instance.
Even though most of us survived the first wave, we have to prepare for the second and future ones:
Servers should enable the equivalent feature in their software that enables moderators to check if an account is ok first before letting them post anything.
Mastodon, Misskey and major software should implement a regex filter that ignores posts from any instances.
#FediAdmins - block the email domain chitthi.in, we just got a huge wave of spam signups from them on tooot.im (now mitigated).
I also recommend temporarily blocking sign-ups from the IP range 185.220.101.0/24 as most bots seem to fall in it (it has some legit users though, which is why you should only block sign-ups).
Dear Admins of Fediverse
As #Firefish / #Calckey still doesnt have "unsub" button like Mastodon: https://git.joinfirefish.org/firefish/firefish/-/issues/9727 e.g. - im talking about defederation.
What would be the best way to remove instance?
after i moved my account i should remove relays, then remove all tracking from existing account (to and from), wait few days to make everyone knows that "there is no connection" and then remove?
Source: X will begin charging new users $1 a year to access key features including the ability to tweet, reply, quote, repost, like, bookmark, and create lists (Kylie Robison/Fortune)