Lemmy has multiplied it’s number of users (maybe more accurately accounts) in just few days. How much do you think is the percentage of bot accounts? Is Lemmy having problem with bot farming?

  • Dessalines@lemmy.ml
    link
    fedilink
    arrow-up
    41
    arrow-down
    1
    ·
    2 years ago

    Don’t pay attention in the slightest to total users, active users is what counts.

    • hare_ware@pawb.social
      link
      fedilink
      arrow-up
      20
      arrow-down
      2
      ·
      2 years ago

      Active users will probably drop off as the Reddit dust settles, but I’m liking it so far, not really that much of a jarring change once you get past the ActivityPub shananigans.

    • fu@libranet.de
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      @dessalines @1337tux but if they’re bots they’d still count as active users assuming they aren’t idle.

      In the end, neither really matters, assuming the bots aren’t causing you or your server trouble, like the thousands of posts taghing GNU SOCIAL users repeatedly a couple weeks ago. Could still be happening on instances with absantee admins. (like my original GNU SOCIAL account of @fu@2mb.social)

  • WhoRoger@lemmy.world
    link
    fedilink
    arrow-up
    14
    ·
    2 years ago

    One of my communities tripled in size in 2 days, with people making OC posts and no spam (so far). Other communities get a bit more lively too. Doesn’t seem like it’s just bots.

  • Very_Bad_Janet@kbin.social
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    2 years ago

    Have all of the Lemmy instances (and kbin ones, too) now added email requirements, captcha, and maybe the little paragraph asking why you should have an account that Beehaw does?

    Also, how do you identify bot accounts? Can you bulk ban accounts or.do they all have to be examined and dealt with individually?

    ETA: I wasn’t suggesting the paragraph. Just wondering what the instances are putting in to prevent bots. I actually tried to sign up for Beehaw, wrote my little paragraph, and then got the pinwheel of death, lol. I was never able to sign up, but lucked out with a kbin.social account. I have to add that it’s pretty disappointing to be downvoted for simply asking a question. Feels like what I left at Reddit.

    • funkyb@kbin.social
      link
      fedilink
      arrow-up
      10
      arrow-down
      3
      ·
      2 years ago

      good grief i hope not. Email & captcha are reasonable; a short form essay on why you should be graced with the ability to participate is super cringe.

      • JackFromWisconsin@midwest.social
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 years ago

        Sounds like it sorts out the right kind of people? I’m not aware of anyone actually asking you to write an essay, no one would do that. 2 short answer questions does not an essay make.

      • Salamander@mander.xyz
        link
        fedilink
        arrow-up
        4
        ·
        2 years ago

        It is too easy to fake e-mails. You can set up a catch-all e-mail domain and spam the registration like that. I am not a fan of giving my e-mail nor collecting other people’s e-mails.

        My current message contains the following:

        Please leave a short message (a sentence or two is enough) stating why you would like to join this instance and I will accept your application as soon as possible. The purpose of this form is to filter out spam bots, not to judge your motivation for joining.

        It is not about them writing an essay to be let in. It is a very effective strategy to weed out spam accounts being registered in masse. One step is to make sure that the user made a cohesive sentence that addressees the question, and the other step is to check whether there is a sudden spike of similar new applications. Even ignoring the actual text, it is useful to be able to monitor whether you getting rate-limited bursts of account creations, and having the ability to approve/deny allows you to respond with less effort than if they succeed at creating the accounts.

      • rm_dash_r_star@lemm.ee
        link
        fedilink
        arrow-up
        4
        ·
        2 years ago

        Yeah I was a bit weirded out by that, it’s like what, am I joining a cult? Anyway I actually signed up on a number of instances in search of one I like and only a couple were using an application. The rest were just captcha plus email.

        I think they should come up with a better mechanism than an application. I understand the need to verify a signer is actually a human being, but an application is pretty off-putting. Problem is there’s bots that can get around captcha and email authentication, AI keeps getting smarter.

        • ඞmir@lemmy.ml
          link
          fedilink
          arrow-up
          4
          ·
          2 years ago

          “ChatGPT, write me a paragraph about why I want to join an internet forum in first person”

          • rm_dash_r_star@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            2 years ago

            Yeah ChatGPT could fill out an application as well. In fact AI is getting to the point now where it would be hard to tell even by voice. Though it’s also a matter of effort on the part of the exploiter. They don’t have to make it zero occurrence, just enough to keep it at bay.

          • Salamander@mander.xyz
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            2 years ago

            It may be an AI, or it can also be a real human that is lying. The point of the application filter is to significantly slow down these approaches to bring their impact to a more manageable level. An automated AI bot will not be able to perform much better than a human troll with some free time because any anomalous registration patterns, including registration spikes and periodicity, are likely to be detected by the much more powerful processor that resides in the admin’s head.

            On the other hand, a catch-all domain e-mail, a VPN with a variable IP, and a captcha-defeating bot can be used to generate thousands of accounts in a very short amount of time. Without the application filter the instance is vulnerable to these high-throughput attacks, and the damage can be difficult to fix.

  • Aninjanameddaryll@outpost.zeuslink.net
    link
    fedilink
    arrow-up
    11
    ·
    2 years ago

    There’s obviously bots, but some folks do multiple accounts as default (I do for sure), and others just want to have a bit of padding against instance failure. Others don’t realise you don’t need to have an account on an instance to access it lol.

    • june@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Others don’t realise you don’t need to have an account on an instance to access it lol.

      this, i think, is going to be the biggest hurdle for getting people to join the fediverse. we need seamless ways to view and subscribe to magazines on other instances than our own. either that or we need one to get big enough that it simply eats the smaller instances.

      • bitsplease@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        You had me right up until that last bit - As it is I’d argue there’s too much centralization. For one thing, people underestimate the technical considerations of hosting a reddit sized social media service. Once you reach a certain point, just moving to a bigger server isn’t sufficient. Also there’s the money issue of a single instance hosting all of lemmy.

        But even more so than all that, the decentralization is the whole point of the fediverse.if all of lemmy was on one instance, we’d pretty much just be right where we were with Reddit, at the mercy of whoever owns that instance. When things are properly decentralized, if an instance owner goes on a power trip, it’s users can simply migrate away, and there would be plenty of other instances of equal size with lots of content. If one instance ate all the others, you’d have to rebuild from scratch if you moved

      • Silviecat44@vlemmy.net
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        we need one to get big enough that it eats the smaller instances

        but that would defeat the point, would it not?

      • bitsplease@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        2 years ago

        You had me right up until that last bit - As it is I’d argue there’s too much centralization. For one thing, people underestimate the technical considerations of hosting a reddit sized social media service. Once you reach a certain point, just moving to a bigger server isn’t sufficient. Also there’s the money issue of a single instance hosting all of lemmy.

        But even more so than all that, the decentralization is the whole point of the fediverse.if all of lemmy was on one instance, we’d pretty much just be right where we were with Reddit, at the mercy of whoever owns that instance. When things are properly decentralized, if an instance owner goes on a power trip, it’s users can simply migrate away, and there would be plenty of other instances of equal size with lots of content. If one instance ate all the others, you’d have to rebuild from scratch if you moved

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    8
    ·
    2 years ago

    I think the growth in the last couple of days has been mostly bots.

    l can see a sharp decline in real sign ups on my instance after the initial big wave before and during the 3 day Reddit blackout.

    Maybe there will be another wave early next month but currently it has nearly completely dried up.

      • poVoq@slrpnk.net
        link
        fedilink
        arrow-up
        4
        ·
        2 years ago

        They are currently dormant, but those thousands of new accounts on some instances clearly show every sign of being auto-generated.

        • rm_dash_r_star@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          2 years ago

          The admins and mods are keeping them at bay, but it could easily get out of control. At this point it’s transparent which it normally is when mods and admins are holding the line, but the soldiers are at the gates.

    • Hot Saucerman@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      2 years ago

      I think this cements worries that some people who are trying to run these servers don’t actually understand the severity of the bot-problem online and aren’t doing enough to protect themselves, not even the basics. It makes you wonder what kind of other basic cybersecurity protections they haven’t set up on their servers, or if their servers are even hardened at all.

      I wonder how much (if any) of this is driven by reddit to create more ambiguity to people’s feelings about the fediverse? It’s totally possible it’s all “organic” bot growth, but if they’re willing to go to the lengths they have against their own users, I also wouldn’t put it past them to be trying to destroy the credibility of any “competitors” in the space.

  • greeen_tomato@feddit.de
    link
    fedilink
    arrow-up
    8
    ·
    2 years ago

    I saw some very big instances on fedidb yesterday. I looked at a few… Completely empty instances, no communities, no posts, but 24k users.

    I’m pretty sure those are all bot/spam accounts. So the numbers right now are very inflated imho.

    • Trainguyrom@reddthat.com
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      It certainly didn’t take long to spot servers like that on fedidb! I wonder what is causing people to make those? Load testing? Spam farm? Social experiment to see if people will sign up to an empty instance? Trying to setup an automated simulated social network like people joked reddit was where everyone is a bot except for you?

      I think the most realistic answer is that they’re test instances either by a tech company that believes they have a path to monetize a fediverse project or by some kind of spam farm, but the lack of any posts is still positively weird

      • greeen_tomato@feddit.de
        link
        fedilink
        arrow-up
        4
        ·
        2 years ago

        Hah! The idea of an simulated social network sounds weirdly interesting. An idea that just pops into my head would be a (mystery) game based on a lemmy instance, where bots progress the story line and people can participate by finding clues in communities of the instance and triggering the next phase of the story by commenting in the right spots. 🤔

  • squirrel@discuss.tchncs.de
    link
    fedilink
    arrow-up
    6
    ·
    2 years ago

    Yes, there’s a bot problem. fedidb.org now shows the following message:

    A spambot influx has been observed on Lemmy instances, inflating total user counts.

    We recommend using Active Users as a better metric to gauge growth.

    • genoxidedev1@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      Do you know how active users are defined because I don’t usually make my own posts but I upvote and comment every now and then?

      • Kichae@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        2 years ago

        Something like fedi observer can probably only gauge posts and comments, so active users will severely undercount people actually using the platform. But we should expect posting users to grow proportionally with less visible but active users.

      • YMS@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        Extremely low compared to the total growth: Per https://lemmy.fediverse.observer/dailystats Lemmy grew from 150,000 to 1,150,000 total users in the last four days, but for the active users, the growth was 30,000 to 39,000. If you extrapolate that, there are maybe 200,000 real Lemmy users now.

          • YMS@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            2 years ago

            That’s why I said “compared to”. The percentages were +666% and +30%. 30% growth in four days is enormous, but not at all when compared to 666%.

  • DerWilliWonka@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    2 years ago

    I wonder how people come up with the bot superstition? Just a feeling or is there any valid indication of massive influx of bot accounts?

    • greensky@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      I think it’s a combination of things. There are real users who have migrated to Lemmy because of reddit’s horrible treatment of its users and there are also bots being created but that’s normal on the internet.

    • fu@libranet.de
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      @DerWilliWonka @1337tux yeah, I’m guessing a lot, I didn’t save the post, but I saw earlier this week some instances that were spun up brand new and in less than an hour had >5,000 users.

      One of many reasons to recommend against allowing open sign-up on your instance. A lot htat have been around for longer, like lemmy.ca, require you to request an account, and answer some questions (like why do you want your accoutn on this particularl instance) and a real person clicks the check-mark button.

      Some new users will be annoyed by such, but the truth is if they are annoyed by that, they probably aren’t going to be good fedizens open to following good netiquette anyway.

    • TheAngryBad@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      Experience, mainly.

      I used to run a phpbb forum, on average the bot signups outnumbered the real people 10 or 20 times. And that was with some fairly robust anti spam measures in place - something I think this platform is too new to have properly sorted out yet.

      I may be wrong, I don’t know how the back end here works, but any place where people can post publicly will be infested with bot signups very quickly. The only real variable is how good the anti spam measures are.

    • Overzeetop@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      I asked the same question. The answer is that there are a bunch of instances (probably 15-20) which have thousands or tens of thousands of new accounts (<1 week old) but have barely dozens of posts. Here’s a sheet made by @sunaurus showing the effect. A bunch of the explosion is in open signup (no email, no captcha, no verification) and there is zero interaction on the instance. Could we be seeing half a million lurkers on instances with <200 comments combined between them in the last couple of days? I suppose it’s possible, but it seems unlikely.

      • DerWilliWonka@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        Thank you for the clarification. Do you have by any chance data at hand about the development of active users? Or may you direct me to a community of where I get these kinde of data?

  • AceFour@lemmy.thesmokinglounge.club
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    2 years ago

    Yeah, Lemmy bot net. I looked at one server and it was ridiculous the number of users vs active. My guess is the servers that had open signups got hammered with bot signups

    • JohnDClay@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      It’s also possible people are making accounts to see what it is but not doing anything yet, but I agree there are probably lots of bots

  • JASN_DE@feddit.de
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    How much do you think is the percentage of bot accounts?

    …yes.

    Is Lemmy having problem with bot farming?

    Will have one at some point. For not it seems most of them are created, but don’t post anything (yet).

    • 1337tux@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      2 years ago

      Think what will happen when they start to post and comment. They will probably just get defederated.

      Edit: Now that I looked the stats, there’s huge spike in posts and comments.

  • zekiz@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    So it went from a few thousand users to a million within the timespan of less than a month. That’s insane

  • Ulu-Mulu-no-die@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    How much do you think is the percentage of bot accounts?

    Probably half of them are bots.

    Is Lemmy having problem with bot farming?

    Yes, and it’s quite serious.

    The bright side IMO is lemmy is being recognized as a valid alternative to reddit, if it wasn’t, bots would have no reason to try and be here.

      • Ulu-Mulu-no-die@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        It’s not “me” thinking, there are several posts bringing this problem to the attention of admins, basically they took advantage of servers with open registration to “spam create” thousands of accounts, you don’t see signs because they’re “dormant” for now (that’s what bots do when a spam campaign is not currently active), you can recognize it by confronting number of users with user activity, for example, if you see a server with 6k users and only 5-6 posts, it means it’s a bot farm waiting for a spam campaign to start.

  • endlessvoid@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    2 years ago

    I’m on kbin, wanted to create an account on lemmy.world but apparently iCloud doesn’t let confirmation email coming through so… kbin it is

    • vluhd@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      I’ll probably stick to kbin as well. I tried to create an account on beehaw, wrote a nice little paragraph about why I wanted to join and with no explanation my request was denied.