I’ve had a look at signups for multiple lemmy instances and they all seem relatively painless to sign up for - perhaps a bit too painless. While some require approval by a human, I’m not seeing much in the line of email veritifcation (heck, it’s optional) or captchas. Is there any particular reason behind this? Or is this up to admins to enforce? While I do appreciate this has privacy benefits, I am concerned it makes lemmy as a whole prone to botting, and with that the ability for bad actors to influence user opinions at whim. Would be interested to hear the dev’s thoughts on this.
I’m afraid of that too as an admin, and I’ve already seen that some people have experienced problems with bots spamming crypto ads in some communities. Ultimately the bulk of the responsibility rests on the shoulders of instance admins. Turning on email and captcha verification is a possibility, there are requests limits that can be set, you can utilize services such as cloudflare etc.
Reddit also had problems like that, especially not long ago with random ad bots following people out of the blue; they couldn’t fully get rid of that and I think that on lemmy bots are also going to become a problem, however there are options to limit their impact.
Lemmy is compatible with bots which can cause some serious headaches, however there are tools that can combat these.
Every instance of Lemmy has a reputation that is associated with it. If it becomes clear that a particular instance is being used as a bot hub and the moderators are unresponsive then other instances will quickly start to black list it for being too spammy. More so if word starts to get out about it. Point is that the admins of an instance will make a good job of ensuring their users aren’t bots (or at least being misused as a bot) or face their whole instance being blocked across the board.
Even if the bots have their own instance then other instances will resort to enforcing whitelists for connections. Over time we may also see the development of additional mod tools too.
I guess it is every instances own responsibility to prevent spam. If an instance can’t, other instances can defederate from it.