I’ve had a look at signups for multiple lemmy instances and they all seem relatively painless to sign up for - perhaps a bit too painless. While some require approval by a human, I’m not seeing much in the line of email veritifcation (heck, it’s optional) or captchas. Is there any particular reason behind this? Or is this up to admins to enforce? While I do appreciate this has privacy benefits, I am concerned it makes lemmy as a whole prone to botting, and with that the ability for bad actors to influence user opinions at whim. Would be interested to hear the dev’s thoughts on this.
I’m afraid of that too as an admin, and I’ve already seen that some people have experienced problems with bots spamming crypto ads in some communities. Ultimately the bulk of the responsibility rests on the shoulders of instance admins. Turning on email and captcha verification is a possibility, there are requests limits that can be set, you can utilize services such as cloudflare etc.
Reddit also had problems like that, especially not long ago with random ad bots following people out of the blue; they couldn’t fully get rid of that and I think that on lemmy bots are also going to become a problem, however there are options to limit their impact.