Honestly, whoever has an idea for a spam detection measure for Mastodon, and by that I do mean an implementation, get in touch with me, I'll pay for it.

I've been thinking about solutions for the past few days but the more I think about them the more they appear pointless.


Defining an account as suspicious when it has no local followers can be circumvented by just pre-following them, using account age can be circumvented with sleeper accounts, blacklisting URLs does nothing when the spam does not include URLs, checking for duplicate messages sent to different recipients can be circumvented by randomizing parts of the message...


@angristan Yes, correct. However, it is not a defence against all the servers that are not using it!

@Gargron @angristan so essentially what you're stuck with is the problem of how to deal with *remote* spam?

well, that means whitelists or ocaps.

there is no other solution for push-based networks. email spam is just a thing we put up with. sms / phone spam is another thing that we can't really do anything about.

the only real way to *prevent* spam is to prevent unaudited and unapproved communications from being delivered to you... unfortunately. everything else is a half-measure.

@trwnh @Gargron @angristan Well, the current wave of spam that I've seen was attached to existing interactions.
Unfortunately, the Fediverse has no controls on that level - sure, I can block that account, or I can report them (and hope the remote instance cares or isn't actively hostile) - but everyone else will still get to see it when they're looking at the affected thread on their instance. So spamming currently is super effective, at least until the originating account gets deleted.

@galaxis silencing an account locally should remove its replies from public view as well. but yes, this is why whitelisting or ocaps are the only effective counter -- they prevent the spam from occurring at all.


@trwnh As I single-user instance, I have pretty good control over what appears on my instance and in its public web views. But that isn't the norm, and I still have no control over how the threads I've started look on remote instances.

@galaxis replies only federate out to that person's followers' instances (usually 0), and if you reply, then your followers' instances will fetch it (so don't reply).

aside from those two things, nothing should make it appear on other instances.

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!