That’s a 2000% increase in 2 weeks! Congratulations all! I’m so proud of what we are building together here!

  • Also a way to harvest personal data and passwords, and drive traffic to instances.

    New users tend to register with the busiest servers. So, start your own instance, flood it with fake users to get to the top of the rankings. Tweak Lemmy to store passwords instead of hashes. Allow open registration, sit back and wait for people to sign up with their emails and potentially-reused passwords.

    Ranking instances by number of users drives undesirable behaviours all-round.

    • Uh wow… That’s dark haha!

      But that goes with every service on the internet with accounts ;-) It would always be best to run your own if you can but I certainly can imagine not everyone can do that so trust is also a big factor

      Luckily there’s more than just total users that make up the stats for an instance so it’s a little easier to evalutate and chose I guess

      •  zero_iq   ( @zero_iq@lemm.ee ) 
        link
        fedilink
        English
        7
        edit-2
        1 year ago

        It’s not really the same, because most services online are centralised, so you’re only putting your trust into one organisation. With the fediverse, you might not even know who’s behind the instance (especially when you’re new), and it depends on trust and cooperation between multiple actors.

        You’re sharing trust across multiple servers, code developers, etc. and different aspects of your data and your experience are affected by many different actors, some of whom could be malicious, and whose security protocols, principles, and levels of trustworthiness and reliability are unknown and untested.

        In some ways that’s better, in some ways that’s worse. But it’s early days… Given the vast numbers of bot sign-ups and new servers added very recently, there are clearly bad faith actors at work, and we’re going to have to evolve to deal with them.

    • I guess this is a potential disadvantage to decentralization. With a centralized site, the owner would have a vested interest in the security of the site because culpability for stolen passwords or other nefarious things would fall back to them. Here, with a decentralized model, instance owners can manipulate the particular instance to not match others and do nefarious things. Up to now I had only heard of the benefits of decentralization and hadn’t thought of this. Food for thought perhaps. All it takes is a few or even one nefarious instance (if its bad enough) to spoil the general public’s thought on this model.

    • Right? We’ve known for well over a decade that user counts are meaningless and never reflect truth. But if it benefits your guy, oh, let’s celebrate!

      This is a generally BAD thing for Lemmy. Bots are going to kill it and we’re letting them nest.

      • Well, it usually gives you the upper limit of the number of users and the order of magnitude. If Twitter says they have 330 M monthly active users, that probably means that between 1% and 99% of those are actual users. It’s not a perfect statistic, but it gives you some context.

        • Say I’m an investor. And I want to invest in a business. And that business tells me “we have 330 million customers” and then come to find out, they only have 3.3 million customers … I’m gonna call that fraud and courts should too.

    • I am worried about it, and we need to deal with it ASAP, but at least for now it isn’t doing much other than messing with the signup numbers. Perhaps it could be used to inflate updoot numbers (but unlike Reddit that doesn’t even matter in terms of status), they might start auto-posting spam in the future but I’m not sure what the idea was for creating the hundreds of thousands of accounts with no comments or posts in the last couple days, mostly on servers with no more than 100 active users.