Look, we can debate the proper and private way to do Captchas all day, but if we remove the existing implementation we will be plunged into a world of hurt.

I run tucson.social - a tiny instance with barely any users and I find myself really ticked off at other Admin’s abdication of duty when it comes to engaging with the developers.

For all the Fediverse discussion on this, where are the github issue comments? Where is our attempt to convince the devs in this.

No, seriously WHERE ARE THEY?

Oh, you think that just because an “Issue” exists to bring back Captchas is the best you can do?

NO it is not the best we can do, we need to be applying some pressure to the developers here and that requires EVERYONE to do their part.

The Devs can’t make Lemmy an awesome place for us if us admins refuse to meaningfully engage with the project and provide feedback on crucial things like this.

So are you an admin? If so, we need more comments here: https://github.com/LemmyNet/lemmy/issues/3200

We need to make it VERY clear that Captcha is required before v0.18’s release. Not after when we’ll all be scrambling…

EDIT: To be clear I’m talking to all instance admins, not just Beehaw’s.

UPDATE: Our voices were heard! https://github.com/LemmyNet/lemmy/issues/3200#issuecomment-1600505757

The important part was that this was a decision to re-implement the old (if imperfect) solution in time for the upcoming release. mCaptcha and better techs are indeed the better solution, but at least we won’t make ourselves more vulnerable at this critical juncture.

  • Hyperz@beehaw.org
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 years ago

    This might work against very generic bots, but it won’t work against specialized bots. Those wouldn’t even need to parse the DOM, just recreate the HTTP requests.

    • Steve@compuverse.uk
      link
      fedilink
      English
      arrow-up
      9
      ·
      2 years ago

      Which is why you’d need something else for popular sites worth targeting directly. But there are more options than standard capta’s. Replacing them isn’t necessarily a bad idea.

      • Hyperz@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 years ago

        This is what I’m worried about. As the fediverse grows and gains popularity it will undoubtedly become worth targeting. It’s not hard to imagine it becoming a lucrative target for things like astroturfing, vote brigading etc bots. For centralized sites it’s not hard to come up with some solutions to at least minimize the problem. But when everyone can just spin up a Lemmy, Kbin, etc instance it becomes a much, much harder problem to tackle because instances can also be ran by bot farms themselves, where they have complete control over the backend and frontend as well. That’s a pretty scary scenario which I’m not sure can be “fixed”. Maybe something can be done on the ActivityPub side, I don’t know.

        • Steve@compuverse.uk
          link
          fedilink
          English
          arrow-up
          6
          ·
          2 years ago

          That’s where simple defederation happens. It’s mostly why behaww cut off lemmy.world.

          • Hyperz@beehaw.org
            link
            fedilink
            English
            arrow-up
            4
            ·
            2 years ago

            What if you have 100s or 1000s of such instances? At some point you defeat the entire purpose of the federation.

            • kool_newt@beehaw.org
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              2 years ago

              I foresee islands of instances not federated with each other, like cities without a road connecting them. There could be an island of instances that will be full of bots and illegal shit with open sign ups, and there will be other islands with stricter requirements, effectively no bots run by people who want good social media.