Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts.
We know this is a major step to take, but we believe that it’s the right one for both us and our community right now.
We’re working on a better long-term technical solution to these bots, but that will take time to create, test, and verify that it doesn’t cause any problems with federation and how our users use our site, and we’d rather make sure we get it right than have a site that’s broken.
We’re making this change on 28 Aug 2023, and don’t have a specific timeline for how long registrations will require an application, but we will post an update once our new anti-abuse measures are in place and working.
Take care, LW Team
Thanks for the work you’re doing!
Good call. Thank you for doing what you need to do to support the site and protect the users as necessary. And as always, the honesty and transparency is appreciated.
Bummer, but I hope you can find a solution soon! What a PITA for you all.
Hope it helps with the recent abuse.
IMO registration applications should have been in use right from the start. Less annoyances for admins and moderators.
No, applications are a very degrading process for both users and admins.
I agree it’s annoying and hopefully will one day soon not be necessary, but “degrading” is something I don’t think ever occurred to me. Is there some aspect to having to get manually approved that is degrading that I’m not aware of?
I never use services which require an application. First of all, that’s a bad user experience. Second, it’s enough to write some bullshit during job applications.
The application is a question asking if you read the statement (which is the same as the post above).
The rest of the application is the same application you had to fill out when you created the account even when it was open sign ups. The only real difference is it’s not automatically accepted but manually accepted.
degrading?
Not really, you have to manually approve all.
Indeed. This is a lot more work.
I wouldn’t put the manual review of thousands of application into the “less annoyances” box.
Oh shut up
Whew, I’m glad I got in before this or my fellow homo sapiens might not have noticed I was also a fellow homo sapiens like them and definitely not a robot.
OK BUT WHY ARE YOU SCREAMING
I had a nightmare about electric sheep. Don’t we all?
You’re clearly a Mollusc
How dare you! I am no mere mollusc, I am a proud Todarodes pacificus and definitely not a robot squid.
Is image posting temporarily turned off for lemmy.world users too?
Since last night, I’ve been unable to post (tested in memes@lemmy.world, memes@lemmy.ml, and lemmyshitpost@lemmy.world). Switched to an alt account on a different instance and had no issue.
(getting JSON error: unexpected character at line 1 column 1)
I’m also having this issue.
Does this mean Beehaw will refederate?
Considering this is a temporary measure, I imagine not. Lemmy.world has been under constant attacks as the #1 Lemmy instance and it’s not going to stop just because bots can’t get in automatically anymore.
It’s a good question. Hopefully the Beehaw admin team will reach out to the Lemmy.World admin team to have a discussion about exactly what the LW admins are trying to achieve and under what conditions they will be ready to reopen submissions. Though even if they do have that conversation there’s no guarantee that that will match up with what the Beehaw admins are looking for in order to refederate. It was made clear from the Beehaw admins at the time though that they didn’t have any issues with LW in general, only that toxic disruptive people were using the open sign-up of LW to create accounts to go cause trouble over at Beehaw (outside of the general LW userbase) and that they hoped to refederate once better tools were in place to address those disruptive users. Could be that lines up pretty well with LW’s goal to wait until they have better tools to address malicious bot accounts before they reopen signups.
deleted by creator
Two brazilian sounds like a lot.
Sounds like a plan! It’s a 100% beneficial thing, it should clean it up a bit.
Good. If this is what it takes to overcome the issue then it’s fine. Sucks for the real users but they also have alternatives.
Registrations are not closed. Normal users will still be able to join.
Good hope the child porn posting stops with that.
I’m so glad I somehow have completely avoided that so far. I’ve heard about, sure but that’s it
Not long after joining Lemmy, I was on the less fortunate side of things and ran into a troll post. I haven’t seen any of that horrid stuff on Lemmy since then, I assume the admins and mods have been dealing with it first hand… ☹️ hope they are OK, it isn’t good for anyone mentally.
Same, and I’m on all the time.
I have not seen any of that and I sort by All.
With nsfw on? I do as well, but I usually have nsfw off
Are you serious? Holy shit. I haven’t seen any at all. But just the thought that someone is posting it. I hate people sometimes.
Oh Christ, really? That’s just sickening. I often sort by new, sounds like I’ve been very lucky to miss it entirely…
Yeah i had the unpleasant encounter several times by now…
I’m guessing they’re not even flagging that shit as NSFW? I’ve been using liftoff and have the NSFW stuff hidden. I haven’t run into of it yet but that’s fucked up, hopefully it gets under control with this.
Maybe mods of each section can turn on manual approvals of submissions?
Manually approving submissions would be even more work. And shits being posted everywhere.
And no, the ones i had a unpleasant encounter with weren’t flaired nsfw.
Isn’t there a tool (possible free) by Google I think that detects abusive material like this?
To combat this until there is something in place to automate blocking it. Manually approval might just be the only way to deal with it for now. Places can add more moderators.
Wasn’t the argument for having open sign-ups that some Lemmy apps redirect straight to Lemmy.world for registration?
Yes but when people start creating accounts to post CSAM it doesn’t leave us much choice.
Seems like a pretty important detail. Why wasn’t it mentioned it in the post body?
Because they’re not trying to make a big deal about how easily CSAM spread throughout federated instances making all hosts possibly legally liable. Instances in the US are probably ok, due to various laws like safe harbor for platform providers but with instances all over the world, they all have their own laws to contend with and many never expected this
It’s really not that hard to connect the dots… Unless you’re trying to impose a question for the sake of
It’s about transparency for me. The admins claim to care about it and users praise them for it, but to me it seems like they’re doing the bare minimum informing us about changes we are about to notice. Reminds me of corporations writing statements trying to sweep things under the carpet. You and I might realise what it’s all about, but many users without the context won’t.
That’s not what I want Lemmy to be. I want to feel included as a part of the community. I’m doing what I think I can to help it all go in the right direction
Understand the issue with transparency. It’s just a very sensitive topic all around. And it sucks it is happening. I am not realizing as well a very important threat that exists in unmoderated federation.
Doing “the bare minimum”? We have quite a big team trying to keep the impact for our users to a minimum. We don’t claim to care. We DO care. And we try to be as transparant as possible.
We monitor the new posts, we react very quickly to reports, we make sure that even with the sign up requirements everyone can still get on board quickly and we are looking for a solution for the csam problem.
If this is not what you want Lemmy to be, there are plenty of options.
I’m only talking about transparency here, didn’t mean to undermine other moderation efforts and sorry if I phrased it ambiguously. But regarding informing users, yes, I think Lemmy.world admins do the minimum
Better to semi restrict sign ups so the experience is improved for everyone. When those security issues have been fixed we can open up again. Seems fair
Thank you!
