Learning that today's massive Mastodon spam attack was carried out by conspiracy-addled Japanese middle-schoolers whose previous spam run was shut down when admins got in touch with their parents who confiscated their devices is definitely straight of the Shitty Timeline Little Brother.
=> More informations about this toot | More toots from pluralistic
@pluralistic wow
=> More informations about this toot | More toots from SRDas@mastodon.online
@pluralistic that is too ridiculous, no. that's a parks & rec plot.
=> More informations about this toot | More toots from jcriecke@urbanists.social
@pluralistic wait, conspiracy addled? V curious what the conspiracy is
=> More informations about this toot | More toots from thedandeliongrove@translunar.academy
@pluralistic I do think that fedi handled this one pretty well.
Doesn't seem like there was a lot of disruption.
Some fedizens (myself included) had to deal with a bunch of spam, but reporting worked, moderators did a fantastic job, and by and large most people don't seem to have even noticed?
=> More informations about this toot | More toots from rysiek@mstdn.social
@rysiek @pluralistic Didn't see any spam here. Thanks @stux!
=> More informations about this toot | More toots from benfrog@mstdn.social
@benfrog @rysiek @pluralistic There's been sooooo much :amaze:
Suspended hundreds of accs today
=> More informations about this toot | More toots from stux@mstdn.social
@stux @rysiek @pluralistic You''ve been doing a heck of a job. As a user I've seen zero disruption!
=> More informations about this toot | More toots from benfrog@mstdn.social
@stux @benfrog @rysiek @pluralistic Awesome job then, as I haven't seen a bit!
=> More informations about this toot | More toots from Tedgarrison3@mstdn.social
@stux @benfrog @rysiek @pluralistic
=> More informations about this toot | More toots from amiserabilist@beige.party
@rysiek
I saw no spam, didn't even know it happened, so GOOD JOB, #FediMods #FediModeration
@pluralistic @Szescstopni
=> More informations about this toot | More toots from dancingtreefrog@mastodon.social
@dancingtreefrog @rysiek @pluralistic Neither did I. I wonderif a centralized system would handle it any better.
=> More informations about this toot | More toots from Szescstopni@circumstances.run
@Szescstopni
I don't know. FediVerse has a lot of ways to manage connections and a lot of admins to handle them. Centralized (like the late Twitter/X) don't have nearly as many admins now, I suspect. Plus I think it profits from the spammers, so has no motivation to stop them...
@rysiek @pluralistic
=> More informations about this toot | More toots from dancingtreefrog@mastodon.social
@rysiek @pluralistic this is the first I'm hearing of it lol
=> More informations about this toot | More toots from AuntyRed@aus.social
@rysiek @pluralistic I'm only hearing about this now. My instance is small. I imported a huge block list of bad or questionable actors to avoid future headaches. So that one might have already been preemptively blocked.
=> More informations about this toot | More toots from tonytins@tonybark.com
@rysiek Speaking as a server admin, I can say the moderation load has been highly disruptive. π I'm grateful most users don't have to notice, but for those who got hit it was intense - both for end users, and for moderators who had to clean up.
=> More informations about this toot | More toots from misty@digipres.club
@misty I imagine. I submitted a couple dozen spam reports myself. It's somewhat intense for me, I cannot imagine what moderation teams are dealing with.
=> More informations about this toot | More toots from rysiek@mstdn.social
@rysiek @misty still, I feel like these spam waves would be almost trivial to contain with even the simplest of filters.
=> More informations about this toot | More toots from oblomov@sociale.network
@oblomov True for a while, but not for long. Once you have simple filters the spammers find a way to get around them. And so it goes.
In this case my tech admin has a small script that dealt with it all.
So, yeah, it's whack-a-mole.
CC: @rysiek @misty
=> More informations about this toot | More toots from ColinTheMathmo@mathstodon.xyz
@ColinTheMathmo of course, spam filters only raise the bar and can be circumvented, but at the moment that bar is basically underground, so even just a little bit would help ;-)
I'm honestly thinking about a small script myself as a user, but I don't know if it's possible to automate the reporting.
@rysiek @misty
=> More informations about this toot | More toots from oblomov@sociale.network
@oblomov @rysiek Unfortunately, the builtin moderation tools donβt support anything like that.
=> More informations about this toot | More toots from misty@digipres.club
@rysiek
All I saw was a couple of toots wondering what's going on. @trumpet whatever you did it worked wonders, so thank you for your work!
=> More informations about this toot | More toots from osma@mas.to
@rysiek @pluralistic well I'm still noticing ;-)
=> More informations about this toot | More toots from oblomov@sociale.network
@pluralistic@mamot.fr a detail maybe, but is it really an attack if creating an account is open to anyone without any reviewing process?
=> More informations about this toot | More toots from setto@s.basspistol.org
@setto @pluralistic just because the devs think it's not their problem to solve doesn't mean it's a problem and not how it's supposed to be used
=> More informations about this toot | More toots from Crazypedia@pagan.plus
@setto @pluralistic is it still malice for someone to destroy my garden if I donβt put up a fence?
=> More informations about this toot | More toots from calcifer@hackers.town
@calcifer @setto @pluralistic if they had malice yes.
=> More informations about this toot | More toots from kusuriya@hackers.town
@kusuriya @setto @pluralistic genau. So if someone conducts a spam attack, itβs still an attack if the intent was to spam everyone (instead of, say, an accident). It has nothing to do with what controls were in place.
=> More informations about this toot | More toots from calcifer@hackers.town
@calcifer @setto @pluralistic thats always been my view. an attack is an attack if its intent was meant to be an attack.
=> More informations about this toot | More toots from kusuriya@hackers.town
@kusuriya@hackers.town @calcifer@hackers.town @pluralistic@mamot.fr
Fair points. I guess what i'm trying to convey is that i think enormous freebeer-for-all instances are a danger. Because at that scale, moderation becomes a full time large-team job and can only be applied post mortem.
=> More informations about this toot | More toots from setto@s.basspistol.org
@setto @pluralistic @calcifer To some degree moderation can only be reactionary. We probably as a group of communities need to take pages from the books of operations engineers or cybersecurity groups. It would probably look something like you will always have an incident response team that is acting against threats we know, A larger team acting against threats we know exist but we don't know who they are yet, and a team that is looking for threats that we haven't even thought about.
Once we manage what we know, what we know we don't know, and what we don't know we don't know only then can we build proactive defense to help lighten the burden of reactionary defense.
But I'm rambling
=> More informations about this toot | More toots from kusuriya@hackers.town
@kusuriya@hackers.town
I think you make sense. And i agree in many ways. Especially in terms of conflict resolution. But preventing spam attacks on fedi i actually pretty easy: put in place a vetting protocole for new registrants.
To quote myself from another part of this thread, it's a tough one. On one hand it is nice that the network is accessible to the masses and remains an affordable alternative. On the other hand, i find myself wishing the appeal of the network would be more centered around cooperation and mutual aid in running services, and less around being a quick fix for the corporate social media catastrophe.
@pluralistic@mamot.fr @calcifer@hackers.town
=> More informations about this toot | More toots from setto@s.basspistol.org
@setto @pluralistic @calcifer Yes and that sort of falls into the known unknowns bucket. We could probably do the same thing that old style community forums did. You have a probationary period, that probationary period stops you from posting to other instances until your local community gets to know you. Maybe if you have 0 posts or interactions within the probationary period your account gets auto-binned, and maybe the promotion process is non automated.
There is a lot that could be done in the space if we stop thinking about the fedi being the replacement to social media and think of it more as groups of communities coming together.
=> More informations about this toot | More toots from kusuriya@hackers.town
@kusuriya@hackers.town
β:metathis:β
thanks for giving me the benefit of the doubt and bouncing ideas with me. I realize my initial response to OP wasn't conveying my idea very well, but i received some pretty visceral reactions, which your eloquence is slowly making me forget β:cyber_heart_sparkle_purple:β
@pluralistic@mamot.fr @calcifer@hackers.town
=> More informations about this toot | More toots from setto@s.basspistol.org
@setto @pluralistic @calcifer Thank you. I always fear people forget that on the other end of the screen is a person, and I always try to remember that because it clues me into things like maybe this isn't their first language. Maybe they don't have words for what they are trying to communicate yet. Maybe they just have a really vague idea and are hoping someone with another part of their vague idea will bring crayons over and help color it in.
Using that has always kept me centered and helped me find new ideas.
Its also a great way to find sneaky nazi shit heels and ban their recruiting instances.
=> More informations about this toot | More toots from kusuriya@hackers.town
@setto @pluralistic Great. The "well, technically... π§" folks have arrived π
=> More informations about this toot | More toots from jack@social.jacklinke.com
@jack @setto @pluralistic
Great. The Great. people have arrived π
Setto has a good point though, .social's practice of not using registration approval is an open door for this stuff.
The sewage runs downstream and 80-90% of report handling for other servers is spam from name+numbers accounts at .social
It's a pain in the face and we all have to suffer from their decision.
=> More informations about this toot | More toots from davey_cakes@mastodon.ie
@davey_cakes@mastodon.ie
thanks! if only it was confined to .social It's a tough nut: on one hand it is nice that the network is accessible to the masses and remains an affordable alternative. On the other hand, i wish the appeal of the network would be more centered around cooperation and mutual aid in running services, and less around being a quick fix for the corporate social media catastrophe.
@jack@social.jacklinke.com @pluralistic@mamot.fr
=> More informations about this toot | More toots from setto@s.basspistol.org
@pluralistic hold on I have to check my bingo card for this one
=> More informations about this toot | More toots from Crazypedia@pagan.plus
@pluralistic well shit. Now I feel kinda bad for posting https://www.youtube.com/watch?v=u_4adkAymrg in response a few times.
But also, that explains why I could almost read it without much effort (kids use fewer kanji, which are like letters, words, or phonemes β parts of words with meaning when combined? Idk, Iβm not a linguist, just a long covid addled dweeboid with insomnia)
=> More informations about this toot | More toots from MxVerda@lgbtqia.space
@pluralistic wow I had no idea there was even an attack. Somehow, your explanation leaves me with more questions than if I knew nothing at all
=> More informations about this toot | More toots from prestontumber@mastodon.social
@pluralistic Icing on the cake: these attacks are carried through Discord scripting. Because Discord is so self-absorbed they don't even check if their scripts are bothering the world at large.
=> More informations about this toot | More toots from aran@localization.cafe
@aran
What.
I don't know anything about that. I can run scripts on Discord, and they will happily do HTTP requests to other servers?
=> More informations about this toot | More toots from flberger@nerdculture.de
@flberger https://techcrunch.com/2024/02/21/discord-took-no-action-against-server-that-coordinated-costly-mastodon-spam-attacks/
=> More informations about this toot | More toots from aran@localization.cafe
@aran @flberger no discord is not hosting scripts. The article sound like they used discord bots to interface with their server.
Or maybe they abused a badly designed Discord bot but that would be the bot owners fault
=> More informations about this toot | More toots from shadowwwind@fosstodon.org
@shadowwwind @flberger
The article states clearly how they didn't need any external server and the attack was launched directly from Discord.
Techcrunch seems a fairly reliable source too, but I'm not technical enough to argue either way. I hate Discord regardless π
=> More informations about this toot | More toots from aran@localization.cafe
@aran @flberger I have used the discord api, it does host scripts for you.
It probably means, that somebody, set up a server, connected to the discord bot and people that don't know how to code use it to start spam waves.
=> More informations about this toot | More toots from shadowwwind@fosstodon.org
@shadowwwind @flberger
Admittedly, understanding the passage in full is made complicated by the terminology overlap between script and bot and (most importantly) between a "server" as a stand-alone computer on the network and "server" as in an instance of Discord itself.
Still, the title "Discord took no action against server that coordinated costly Mastodon spam attacks" should leave no ambiguity about the main issue at play π
=> More informations about this toot | More toots from aran@localization.cafe
@aran @flberger some discord bots allow you to create customer commands and use http requests, they might abuse something like that. But that is not possible for Discord to control
=> More informations about this toot | More toots from shadowwwind@fosstodon.org
@shadowwwind @flberger
Ok. It still sounds like a failure of moderation to me. Especially after they have been told about it.
=> More informations about this toot | More toots from aran@localization.cafe
@aran @flberger considering there are servers where discord users try to bait minors into sending nudes, I understand it's not their top priority
=> More informations about this toot | More toots from shadowwwind@fosstodon.org
@shadowwwind @flberger
That's an interesting form of Whataboutism you got there π
"You think that's bad for Discord standards? YOU GOT NO IDEA"
=> More informations about this toot | More toots from aran@localization.cafe
@pluralistic Shittle Brother?
=> More informations about this toot | More toots from matthewfarrer@mastodon.social
@pluralistic
I'm not saying that it isn't happening but I find it incredible that Beamship apparently is to small to bother with. We have less than 50 user. Very manageable and personal with such a small system.
Of course, I'm the only one that gets reported π
=> More informations about this toot | More toots from bob@beamship.mpaq.org
@pluralistic π
=> More informations about this toot | More toots from faraiwe@beige.party
@pluralistic They will not get off scott-free. They have brought embarrassment and shame to their families, and now have a significant misdeed on their permanent school records which, in highly competitive high school admission (and even more competitive university admission) may well tank their future lives.
Japan is a judgemental accountability culture.
=> More informations about this toot | More toots from pattykimura@beige.party
@pluralistic@mamot.fr Conspiracy? iirc they're a massive cyberbullying gang that doxxes people?
=> More informations about this toot | More toots from Orca@nya.one
@pluralistic why are we talking about this past tense? My last spam message was 43 minutes ago, still rolling in regularly
=> More informations about this toot | More toots from jdyer@mastodon.gamedev.place
@pluralistic Aha. That explains all the kanji I'm seeing in the most popular tags for the day.
=> More informations about this toot | More toots from tchauhan@mastodon.mit.edu
@pluralistic I didn't notice anything, but the story blows my mind.
=> More informations about this toot | More toots from deborahyz@sfba.social
@pluralistic Kind of disappointed now that I missed out on the fun.
=> More informations about this toot | More toots from zappy@techhub.social This content has been proxied by September (3851b).Proxy Information
text/gemini