I’ve had a look at signups for multiple lemmy instances and they all seem relatively painless to sign up for - perhaps a bit too painless. While some require approval by a human, I’m not seeing much in the line of email veritifcation (heck, it’s optional) or captchas. Is there any particular reason behind this? Or is this up to admins to enforce? While I do appreciate this has privacy benefits, I am concerned it makes lemmy as a whole prone to botting, and with that the ability for bad actors to influence user opinions at whim. Would be interested to hear the dev’s thoughts on this.
Lemmy is compatible with bots which can cause some serious headaches, however there are tools that can combat these.
Every instance of Lemmy has a reputation that is associated with it. If it becomes clear that a particular instance is being used as a bot hub and the moderators are unresponsive then other instances will quickly start to black list it for being too spammy. More so if word starts to get out about it. Point is that the admins of an instance will make a good job of ensuring their users aren’t bots (or at least being misused as a bot) or face their whole instance being blocked across the board.
Even if the bots have their own instance then other instances will resort to enforcing whitelists for connections. Over time we may also see the development of additional mod tools too.