We’ve defederated from :
lemmy.k6qw.com,lemmy.podycust.co.uk,waveform.social,bbs.darkwitch.net,cubing.social,lemmy.roombob.cat,lemmy.jtmn.dev,lemmy.juggler.jp,bolha.social,sffa.community,dot.surf,granitestate.social,veenk.help,lemmyunchained.net,wumbo.buzz,lemmy.sbs,lemmy.shwizard.chat,clatter.eu,mtgzone.com,oceanbreeze.earth,mindshare.space,lemmy.tedomum.net,voltage.vn,lemmy.fyi,demotheque.com,thediscussion.site,latte.isnot.coffee,news.deghg.org,lemmy.primboard.de,baomi.tv,marginalcuriosity.net,lemmy.cloudsecurityofficehours.com,lemmy.game-files.net,lemmy.fedi.bub.org,lemmy.blue,lemmy.easfrq.live,narod.city,lemmy.ninja,lemmy.reckless.dev,nlemmy.nl,lemmy.mb-server.com,rammy.site,fedit.io,diggit.xyz,slatepacks.com,theotter.social,lemmy.nexus,kleptonix.com,rabbitea.rs,zapad.nstr.no,feddi.no
based on the list of instances made by @sunaurus@lemm.ee here - Thank you again for that work, it’s highly appreciated.
This is a preventive measure against massive amounts of accounts being created for botting purposes. Most instances banned appear to be 1 user instances so we don’t think this will have a great effect on anyone’s usage of Beehaw. If you are an admin of one of those instances, feel free to contact us at support@beehaw.org
This is one of the many, but perhaps most pressing of reasons we need better moderation and admin tools. There is currently no way to stop spam from instances like this except defederation at this time.
Realistically there are far too many small instances which are set up by a single person who’s setting up an instance for their own learning, their own fun, or other reasons but who isn’t a fullstack developer, a seasoned sysadmin, good at sysops, a database engineer, a security expert, and all the roles an instance currently needs with how new this platform currently is. There will always be more instances like this as an attack vector for spam, trolling, and other malicious purposes.
If the goal is to allow people to set up their own instances and we are promoting and encouraging people to do this, we need tools for the larger instances to manage this or we’re going to end up with a community that is constantly in the process of fragmenting more and more and one where measures are taken by the largest instances to isolate themselves from smaller instances which are frequently used as attack vectors.
If you’re a developer, please please please focus your efforts on more granular administrative tools. We cannot whitelist or blacklist instances. There are no tools to evaluate how trustworthy a source is. If there’s a blacklist/whitelist, there’s no way for an instance or a user to apply to a community on another instance. There are plenty of individuals with great ideas on how this might be accomplished, and having access to many different tools and strategies will make this platform healthy.
here is a list, btw, of tools we’d like if possible:
- Role for approval of applications (to delegate)
- Site mods (to delegate from admins)
- Auto-report posts with certain keywords or domains (for easier time curating without reports)
- Statistics on growth (user, comments, posts, reports)
- User total
- MUA
- User retention
- Number of comments
- Number of posts
- Number of reports open
- Number of reports resolved
- Sort reports
- by resolved/open
- by local/remote
- Different ways to resolved a report
- Suspend account for a limited amount of time rather than just banning
- Send warning
- Account mod info
- Number of ‘strikes’ (global and local) and reports
- Moderation notes
- Change email
- Change password
- Change role
- Ability to pin messages in a post
- Admins should be able to purge
- Filter modlog to local
- Better federation tools (applications to communities, limiting)
- Applications to communities to allow safe spaces to exist (people should not be able to just “walk in” on a safe space - similarly to follow requests in Mastodon in a way)
- Limiting (Lock our communities down from certain instances but still allow people using our instance to talk to people from those instances)
federation tools are our highest priority, but any of these would be welcome additions
- abhibeckert ( @abhibeckert@beehaw.org ) English2•1 year ago
Adding to this - not a software solution but a platform one…
I think it would make sense to be able to outsource a lot of this stuff to a trusted third party. That’s how email generally works these days for example.
Beehaw would, of course, have it’s own moderation/policy/etc team, but wouldn’t it be better if you could also run a first pass check, possibly an automated one, that works across instances and flags accounts with known bad behavior (anything from illegal content to just being downvoted into obvlivion with every post they make on a reputable community).
- Storksforlegs ( @storksforlegs@beehaw.org ) English41•1 year ago
This is an enormous undertaking (all the moderating) and we all appreciate it.
What’s the best way for beehaw users to support you and the other mods?
If you’re capable, probably working on Lemmy’s codebase to improve the mod and federation tools.
If not, donations would be appreciated
- magnetosphere ( @HappyMeatbag@beehaw.org ) English22•1 year ago
I know nothing about coding, so I went the donation route. It’s like when friends of mine had potluck dinners, but I couldn’t cook, so I just brought the beer lol
- JackbyDev ( @JackbyDev@programming.dev ) English10•1 year ago
What sort of tools are lacking? Like, if there was a change you could make what would it be?
We have a list here https://discuss.online/post/12787 and in this thread by alyaza.
- Retronautickz ( @retronautickz@beehaw.org ) English32•1 year ago
Thank you
A question: Is it possible on Lemmy intances to put the reason for defederation beside the server domain on the defederated intances list?
- Gaywallet (they/it) ( @Gaywallet@beehaw.org ) English33•1 year ago
nope but that’s a great idea for developers 😄
- TKilFree ( @TKilFree@beehaw.org ) English3•1 year ago
I’ve actually got some PRs out right now to add this: https://github.com/LemmyNet/lemmy/pull/3168 https://github.com/LemmyNet/lemmy-ui/pull/1367 They both need a bit of back & forth to get into a mergeable state though, so will probably be a little while!
- Nicktar ( @Nicktar@beehaw.org ) English2•1 year ago
Currently it isn’t and I don’t think, that this would be the best idea ever since it could be misused as some kind of index to find bad instances. The defederated-list is available to the public and thus the defederating instance could in fact be “advertizing” the instances they defederated from (“Look, we don’t want this stuff here, but these instances are for [right-wing|transphobes|bots|spammers|porn]”)…
Depending on where the instance is hosted or where the admin lives, it might even be illegal to in fact point people to places where they can find certain things.
- Retronautickz ( @retronautickz@beehaw.org ) English1•1 year ago
In my experience, it helps people new to the fediverse (specially if they want to start their own server) to know who to block/limit. People who actually want to be in those kind of massively defederated instance know how to join them and even have their own list of instances to join, without looking at the list from a small queer instance or even sites like JoinFediverse and the like.
- Nicktar ( @Nicktar@beehaw.org ) English3•1 year ago
There are a few different things I’d like to mention:
- I don’t think, that there is such a thing as a massively defederated instance exists right now. The most blocked instance is blocked by about 11% of the instances, followed by two instances at 6%
- Even if the die hard scene users would know their instances, not every random troll or spammer would.
- This doesn’t address the possible legal issues of publicly announcing where someone could find illegal content
- If “small queer instance” refers to beehaw… That’s the second largest instance there is as of today according to https://github.com/maltfield/awesome-lemmy-instances
And lastly: If you’re new to the fediverse you maybe shouldn’t run your own instance in first place. Helping reckless people pull reckless stunts is a bad reason to promote a feature.
- Retronautickz ( @retronautickz@beehaw.org ) English2•1 year ago
- Are you looking at all the instances on the fediverse, or only lemmy?
- Trolls and Spammers would have nothing to do in those kinds of servers.
- I mean, all other platforms have the option of mentioning the reason for defederation and there hasn’t been any legal problem with it nor with fediblock. As I already say, there are few the instances of these type that use the same software/fork than the rest. They have their own forks and this forks have federation cut from other ActivityPub/Zot/Diaspora*/OStatus based software.
- No, I’m talking about the fediverse in general, not only Lemmy, not only Beehaw. Most of the servers I’m in in other federated platforms are small to mid queer servers that have the list of defederated instances with reason for defederation.
- This list are also public and downloadable, so anyone can import them to their server.
- Nicktar ( @Nicktar@beehaw.org ) English1•1 year ago
Since this was a question about a lemmy feature, I’m talking lemmy here, arguing about fediverse, TCP/IP or electricity numbers/servers/plants doesn’t seem usefull in this context. Providing a link to a server that to your knowledge (you provided the reason) hosts illegal content can be seen as participating in this crime or at least advertizing. (Disclaimer: I’m no lawyer, I just remember whole BBS being seized for providing lists of (international) phone numbers to BBS that hosted warez and there’s stuff that’s worse than warez).
- Retronautickz ( @retronautickz@beehaw.org ) English2•1 year ago
My question was precisely about Lemmy because Lemmy is one of the few platforms that doesn’t have that option. It’s common almost everywhere else and hasn’t caused any problem.
- AfterAll ( @AfterAll@beehaw.org ) English27•1 year ago
Glad to hear it, beehaw owns.
- Nullroad ( @Nullroad@beehaw.org ) English25•1 year ago
Some risk will be necessary. At some level we do have to let small instances with minuscule communities exist and participate in the wider fediverse, otherwise this whole thing will just fiat centralize.
The cautionary tale is email. In a way, Email is the most successful decentralized protocol. Anyone can technically throw up a client and start communicating with any other email server. The problem of course, is that if you do this in practice, your email will almost never get through to the majority of people. Why? Most of the large providers of email have formed what amounts to a whitelist of trust, and either outright reject participants they don’t recognize, or subject those outside participants to incredibly high standards that they themselves to not have to abide by.
So, email has practically become a centralized affair controlled by a few big stakeholders. A lot of small email providers have gotten out of the game in the last decade because they’re tired of dealing with it. It’s a mess.
I’m not against greater tools, but I’d inject that health is not solely measured by the lack of spam. A spam-free fediverse that’s just one instance and its three closest friends is not healthy. Whatever solutions are developed should leave open the door for small instances to still participate and have a honest chance at survival.
- WellThisIsNew ( @WellThisIsNew@fjdk.uk ) English7•1 year ago
Thank you for eloquently putting something that I have been struggling to put into words. I really hope that the big instances don’t all end up moving to a whitelist federation model, the ability to have my own instance, with the ability to interact with any community in the fediverse, is what brought me here.
That said, a lot work needs to go into making this platform more resilient against spam bots. The biggest problem I see is that the default instance settings aren’t resistant at all. It seems to me that it shouldn’t even be possible to deploy a lemmy instance with no email verification, no captcha, and open sign-ups, but here we are.
Perhaps some sort of sanity check in lemmy that disables federation in that case might be a good idea. If someone is competent enough to implement their own spam protection beyond those, they’re probably competent enough to fork lemmy and disable said sanity check
- gifflen ( @gifflen@beehaw.org ) English5•1 year ago
The email comparison is pretty apt. I think one of the things they eventually had to deal with was reputation of different entities. Right now it’s essentially a boolean situation for the various server admins to identify things that could cause trouble and take preventative steps of blocking or not blocking them.
We would need to answer so e questions around how to quantify what good behavior looks like in lemmy that aren’t trivial to game/bypass.
- AndrasKrigare ( @AndrasKrigare@beehaw.org ) English24•1 year ago
Do you believe this will be a workable model going forward, or are you considering changing to an Allowlist for federation and have instances specifically request to federate?
- alyaza [they/she] ( @alyaza@beehaw.org ) English21•1 year ago
we don’t think we need to switch to an allowlist–we actually haven’t been hit by this spam problem much if at all to this point–but we’d also really like it if we had better mod tools so we can just flat rule out needing to switch to one ever
- blazix ( @blazix@kbin.social ) 5•1 year ago
I can also see there being blocklists similar to uBlock Origin or other browser extensions. Except, it will be done at the instance level by admins.
An allowlist would be nice if non-Allowlisted instances could still be discoverable by people using Beehaw IMO.
- TheCalzoneMan ( @TheCalzoneMan@beehaw.org ) English5•1 year ago
And then users from inside Beehaw could request federation maybe?
I mean, anyone could send us an email and we’d do a quick review. Adding then removing someone from the allowlist is easier if they cause trouble.
- cecirdr ( @cecirdr@beehaw.org ) English22•1 year ago
Thank y’all for being so proactive. I’ve been dismayed at the spike in Lemmy users over the past few days. The number of instances popping up with many thousands of accounts is suspicious.
Thank you again for working so hard to keep this space “clean”.
- Kwakigra ( @Kwakigra@beehaw.org ) English22•1 year ago
This is what I would hope for. Botnests are going to pop up inevitably and measures need to be taken.
- lemillionsocks ( @lemillionsocks@beehaw.org ) English17•1 year ago
Individual instances can do everything in their power to keep their corner of things bot free, but the nature of federation means bots will just create their own instances and strike from there. It’s going to be a long game of wackamole but hopefully they can keep the swarm at bay
edit- not sure how this got orphaned and it’s own comment on the thread, but that one is receiving more attention so I’ll leave that up and get rid of this
- nlm ( @nlm@beehaw.org ) English18•1 year ago
Appreciate it guys! I’ve been reading about the guys wave of bots signing up, nice to hear you’re taking steps against it.
- Pete Hahnloser ( @Powderhorn@beehaw.org ) English16•1 year ago
I really expected better from k6qw.com.
- Rentlar ( @Rentlar@beehaw.org ) English14•1 year ago
Good call… as our wonderful userbase across Lemmy gets bigger, so do our threats, unfortunately. Hopefully we can better combat spam and botting soon because it’s hurting big and small Lemmy servers.
- magnetosphere ( @HappyMeatbag@beehaw.org ) English13•1 year ago
I’d almost begin to think about the possibility of maybe respecting someone’s honesty if they named their instance something straightforward like lemmy.bothaven.fu
- ffmike ( @ffmike@beehaw.org ) English13•1 year ago
Thanks as always to the apparently-tireless admins.
- patchymoose ( @patchymoose@beehaw.org ) English13•1 year ago
I have an account with Rammy that I had created specifically because I wanted to be able to interact with both Beehaw and Lemmy.World. It is so hard to find an instance that lets me interact with both, because Beehaw keeps defederating things. Does anyone have any advice on an instance I can join which federates with both Beehaw and Lemmy.world, and isn’t going to get on Beehaw’s defederating list in a week?
Rammy.site has 1.53K users even though it has 34 posts. It is currently being botted. Sorry.
- patchymoose ( @patchymoose@beehaw.org ) English21•1 year ago
I guess I’m just frustrated because people have constantly told me to join a small instance and not overload the big ones. But then when you join a small instance, it gets botted exactly because it’s small and the admins don’t have the resources. So now I am back to square one! I don’t have loyalty to any particular instance, I just want to see everything from everybody, and it feels like it shouldn’t be this difficult. Sorry for venting.
- alanine96 ( @alanine96@beehaw.org ) English16•1 year ago
In this case the best idea is probably to make an account on beehaw and a separate account on other servers, and just keep the two separate. Beehaw by policy doesn’t plan on federating with all servers at all times, particularly very large ones, so you may have to shift to thinking of it as another site you’re on that happens to interface with your other Lemmy instances, vs. part of your main Lemmy experience. It’s explicitly trying to be separate, so seeing everything at once is inherently difficult.
I’ve done this as well, and am enjoying separating these parts of my experience and breaking away from the idea of seeing everything at all at once. It gives some intentionality to my internet experience that I felt I was lacking on Reddit and Twitter.
- patchymoose ( @patchymoose@beehaw.org ) English10•1 year ago
That’s good advice, thank you! That’s what I guess I’ll do for now until the kinks get worked out of the Fediverse.
- Manticore ( @Manticore@beehaw.org ) English7•1 year ago
Beehaw’s intention and policy is why I like beehaw. Its mission is to be a community with high rates of constructive contribution, and that’s exactly what I’m looking for - not merely a high-traffic relay station.
I do have an account on another instance with looser federations for tracking migrated or niche communities, but it is beehaw that I load when I want to read what people have to say.
- alongwaysgone ( @alongwaysgone@beehaw.org ) English4•1 year ago
That’s what I’ve come to the conclusion of. I assume I’ll have an account here on beehaw, and another on Lemmy.world, at the very least that stay active.
- lixus98 ( @lixus98@kbin.social ) 2•1 year ago
Have you tried kbin?
- crisisingot ( @crisisingot@beehaw.org ) English6•1 year ago
probably the main lemmy.ml would be safe. I feel you though, I had the same problem when I lost access to communities on lemmy.world too
- Retronautickz ( @retronautickz@beehaw.org ) English5•1 year ago
Here you have a list of Lemmy instances, check the defederation list of both Beehaw and Lemmy World to see which is better from you.
Have you thought on joining a Kbin server instead? They’re all open to new registrations and you can see and interact with Beehaw and Lemmy World content from there as none of them are defederated.
- crisisingot ( @crisisingot@beehaw.org ) English4•1 year ago
Also, your admin might be able to reach out to beehaw.org if they are not hosting spam.
- BobQuasit ( @BobQuasit@beehaw.org ) English4•1 year ago
Kbin?
- Manticore ( @Manticore@beehaw.org ) English4•1 year ago
I’d suggest making several accounts. The beehaw communities are large enough that I don’t need to leave beehaw to still see a lot of interesting things, and I have another lemmy account on a different instance for seeing most everything else.
It really doesn’t cost anything to have multiple Lemmy accounts, any more than it does to manage multiple email addresses. To a degree, it’s even helpful for diversifying the content you see even further - beehaw is curated for quality and contribution; most instances are not.
My beehaw account is where I have my most interesting discussions. My ‘out in the wilds’ account will mostly be for browsing the wealth of content that is not curated, for better or for worse.
- RichByy ( @RichByy@beehaw.org ) English2•1 year ago
iusearchlinux.fyi seems to be a good idea! Also the name is great. :D
- halvdan ( @halvdan@beehaw.org ) English1•1 year ago
I’m not sure sopuli.xyz accepts new applications at the moment, but I can see and interact with most instances when logged in there, including beehaw and Lemmy.world. No affiliation, so do your own research first. They have a similar application process as beehaw so it should be relatively safe from bots and defederation. No NSFW/extremist content I’ve seen at least. It is quite small, though.
- qjkxbmwvz ( @qjkxbmwvz@lemmy.sdf.org ) English1•1 year ago
I signed up with SDF Chatter, which was recommended by Awesome Lemmy Instances, which in turn was recommended by Join Lemmy. No complaints so far.