this post was submitted on 23 Jun 2023
29 points (91.4% liked)
Asklemmy
43761 readers
1368 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I assume to then post from those instances.
Yes but why? What do they gain?
Bad guys have noticed that there's a resource here that could become valuable later: the ability to inject spam into Lemmy. Maybe not very valuable yet, but after a few more weeks/months of growth, expect it.
So they're acquiring the accounts needed to do that.
These may be commercial spammers. If they're not posting any spam yet, that may be because nobody's paying them to do so yet. Commercial spammers don't spam for free.
They may be "black hats" (for-profit computer criminals) acquiring accounts to hold with the expectation of selling them or leasing them out. Their intended customers could include commercial spammers in the future; or (e.g.) terrorist or fascist groups. ISIS supporters and Trumpist-Putinists have both spammed other forums and social media sites, for example; and Republican operatives have used phone and SMS spam for voter suppression.
Or they may be collecting accounts to use for denial-of-service or flooding attacks, to shut down Lemmy activity they don't like. A number of political entities, including nation-states, have used similar activity to suppress or make unusable forums that they don't like; e.g. flooding a forum with gore pictures to make it unpleasant to use or moderate.
I assume we're talking about spam bots, not bots whose entire purpose is to reupload content from elsewhere into here (i.e. reddit reposter bot).
Most likely, spam. Spam and scam has been quite a problem on Mastodon, so I wouldn't be surprised if bad actors want to bring them here.
https://infosec.pub/comment/303237
But since they’re mostly being added to small servers where the signup security is bad, couldn’t the main servers just defederate those small bot-filled instances to reduce spam?
I imagine this will happen, and the bots will move to larger instances where they can hide among the crowd.