Notices by Kevin Beaumont (gossithedog@cyberplace.social), page 4

@patterfloof @aral no, it doesn’t do that and won’t. Half the Fediverse isn’t Mastodon, server blocking is not the way forward.

Okay, this made me laugh.

The long story short with the Mastodon spam woes this weekend is it’s a deliberate attack exploiting Fediverse and Mastodon issues.

They’re using Tor exit nodes and everything is automated. I think they can just keep running it, as there is no barrier to stop them.

To keep it in perspective, though, I don’t think it’s a big deal at present. People should just ignore it.

There is a bunch of technical issues it highlights, which is that Fediverse is very open to abuse at present. There’s no spam filtering at all. It’s like email from 1996. It’s wide open to abuse.

IMHO Mastodon admins should enable CAPTCHA for registration - it’s supported out of the box - if they run open sign ups.

Ideally Mastodon would add easy install third party plugins (a la Wordpress etc) so people could develop optional plugins for anti-spam and anti-malware.

Now, it does become a bigger problem if the current spammers publish their source code and more join in.

There’s absolutely no effective controls to stop it - here is the Wild West still - so the elephant is the room is anybody can flip the table at present.

The good news is much of the anti spam and anti phish technologies over the years (Real time Block Lists etc) can be reworked for here. The bad news is that’s a long way off realistically.

Another knock on impact from the spam run - the pictures of spam in the posts are chewing up disk space if file system without deduping is used, and there’s extra Sidekiq load (it’s the biggest Saturday ever on cyberplace.social).

Also a bunch of instances have gone to failing in federation admin page, presumably because smaller instance admins got annoyed and switched them off.

Mastodon has been in deep decline for months (eg active user numbers have halved), but now the metrics are turning around due to one Japanese Discord spammer 🤣

For context on the spam problem, hundreds of Mastodon servers are chucking out thousands of spam messages.

One example instance: https://opensimsocial.com/public/local

It’s all one dude on Discord who has realised they can script spam. Thankfully they haven’t published source code. (And yes, they’re really just trolling a Discord server, lolol).

An update on the Fediverse spam issue:

- It’s not just Mastodon.

- Most of the targets receiving the spam use Misskey, and are in Japan.

- Most Mastodon users aren’t being targeted, so aren’t seeing it.

- It is a dispute between two people over a social issue, after asking them about it.

- It is fully automated.

- The spam continues to be sent and probably won’t stop any time soon, these guys need to star in a BL drama and make up.

If anybody wants another hilarious online dispute issue, back in 2016 two teens had a dispute over Minecraft, so one DDoS’d the Minecraft server’s DNS server - that broke Dyn, which took down internet access across the US East Coast as they were such a key supplier.

I had to do a radio show on NPR about that one and the presenter kept asking me if it was Putin — and I was like, no, it’s teenagers. Advanced Persistent Teenagers. The show went on for an hour of me just saying ‘yo the net sucks’.

If anybody wants an update on the Fediverse spam issue - the groups did a ceasefire 5 hours ago (3PM JST).

Also, yes, it was a beef over access to a Discord.

Mastodon change coming where new servers have open registration disabled by default: https://github.com/mastodon/mastodon/pull/29280

Mastodon team have been all over behind the scenes btw.

Good news everybody, the Fediverse spammer is back! @ivory client filtering it all out for me.

Mastodon change incoming in next release, if no mod logs into a server for a week open registrations will close. Will probably take a few weeks but should solve the current spam issue largely. https://github.com/mastodon/mastodon/pull/29318

There’s no Mastodon metrics for how many views a post or account have for obvious reasons, but when people say there’s no reach on Mastodon.. here’s my stats from Ivory, on a slow day here.

I tend to get more boosts here than I did retweets on Twitter, and that was pulling about ~10m views a month there on average. I also had 4 times more followers there.

Queer.af mastodon instance has been shut down by the Taliban (not a joke, they seized the domain name).

https://akko.erincandescent.net/notice/AenoDMPN0SdVXSq9ZY

The toothbrush thing has gone viral despite it being total bollocks.

Now NoName have picked up the fake toothbrush story as propaganda for their members.

Good job, Fortigate.

Fortigate haven’t replied to my PR question about it. Given this is several times the size of the world’s biggest botnet, you’d think they’d have any evidence.. at all.