Bad guys have noticed that there’s a resource here that could become valuable later: the ability to inject spam into Lemmy. Maybe not very valuable yet, but after a few more weeks/months of growth, expect it.
So they’re acquiring the accounts needed to do that.
These may be commercial spammers. If they’re not posting any spam yet, that may be because nobody’s paying them to do so yet. Commercial spammers don’t spam for free.
They may be “black hats” (for-profit computer criminals) acquiring accounts to hold with the expectation of selling them or leasing them out. Their intended customers could include commercial spammers in the future; or (e.g.) terrorist or fascist groups. ISIS supporters and Trumpist-Putinists have both spammed other forums and social media sites, for example; and Republican operatives have used phone and SMS spam for voter suppression.
Or they may be collecting accounts to use for denial-of-service or flooding attacks, to shut down Lemmy activity they don’t like. A number of political entities, including nation-states, have used similar activity to suppress or make unusable forums that they don’t like; e.g. flooding a forum with gore pictures to make it unpleasant to use or moderate.
But since they’re mostly being added to small servers where the signup security is bad, couldn’t the main servers just defederate those small bot-filled instances to reduce spam?
I assume to then post from those instances.
Yes but why? What do they gain?
Bad guys have noticed that there’s a resource here that could become valuable later: the ability to inject spam into Lemmy. Maybe not very valuable yet, but after a few more weeks/months of growth, expect it.
So they’re acquiring the accounts needed to do that.
These may be commercial spammers. If they’re not posting any spam yet, that may be because nobody’s paying them to do so yet. Commercial spammers don’t spam for free.
They may be “black hats” (for-profit computer criminals) acquiring accounts to hold with the expectation of selling them or leasing them out. Their intended customers could include commercial spammers in the future; or (e.g.) terrorist or fascist groups. ISIS supporters and Trumpist-Putinists have both spammed other forums and social media sites, for example; and Republican operatives have used phone and SMS spam for voter suppression.
Or they may be collecting accounts to use for denial-of-service or flooding attacks, to shut down Lemmy activity they don’t like. A number of political entities, including nation-states, have used similar activity to suppress or make unusable forums that they don’t like; e.g. flooding a forum with gore pictures to make it unpleasant to use or moderate.
I assume we’re talking about spam bots, not bots whose entire purpose is to reupload content from elsewhere into here (i.e. reddit reposter bot).
Most likely, spam. Spam and scam has been quite a problem on Mastodon, so I wouldn’t be surprised if bad actors want to bring them here.
I was wondering too, and that makes sense. Can’t wait for c/nigerianprince.
https://infosec.pub/comment/303237
But since they’re mostly being added to small servers where the signup security is bad, couldn’t the main servers just defederate those small bot-filled instances to reduce spam?
I imagine this will happen, and the bots will move to larger instances where they can hide among the crowd.