Would it be possible to downrank / soft filter the instances that are more at risk? I’m not sure what that would look like exactly, but it would be nice to find a middle ground between accepting spam and defederating away
People need to understand there are consequences if they’re going to host an open server and are ultimately responsible for how it interacts in the network.
Keeping defederation minimal requires a high degree of trust with all instances, regardless of size.
If the instance has open reg, hosted spam for multiple days, has no activity from the admins for ever, and might be several versions behind, that’s entering “I simply don’t trust your ability to host” territory.
I run a small instance. I turn on registration applications, spot-check new accounts to make sure there isn’t spam, keep an alert active so I get notified when updates are available, and occasionally post from an admin account to indicate it’s an active instance. I even check reports at least once a day. This all takes very little effort to do. If you’re a small instance, the burden of proof is on you to show that it’s being maintained.
Some of the spam instances have had spam up for several days now. Sure, maybe one or two people may be on vacation and aren’t aware, but I doubt that’s the case for every host.
We’re fortunate the spam (at least what I’ve seen) didn’t blatantly display malicious content.
IMO by default everyone should put up a barrier to registration, be it manual approvals or email verification.
Both have their own set of flaws and can establish a sense of false security, but it’s the bare minimum to slow down spam registrations.
They already do
Not all of the ones involved in the spam attack….
Would it be possible to downrank / soft filter the instances that are more at risk? I’m not sure what that would look like exactly, but it would be nice to find a middle ground between accepting spam and defederating away
People need to understand there are consequences if they’re going to host an open server and are ultimately responsible for how it interacts in the network.
Keeping defederation minimal requires a high degree of trust with all instances, regardless of size.
If the instance has open reg, hosted spam for multiple days, has no activity from the admins for ever, and might be several versions behind, that’s entering “I simply don’t trust your ability to host” territory.
I run a small instance. I turn on registration applications, spot-check new accounts to make sure there isn’t spam, keep an alert active so I get notified when updates are available, and occasionally post from an admin account to indicate it’s an active instance. I even check reports at least once a day. This all takes very little effort to do. If you’re a small instance, the burden of proof is on you to show that it’s being maintained.
Some of the spam instances have had spam up for several days now. Sure, maybe one or two people may be on vacation and aren’t aware, but I doubt that’s the case for every host.
We’re fortunate the spam (at least what I’ve seen) didn’t blatantly display malicious content.