novakeith
commented
1 year ago It is determined by an admin on the instance level. Most instances are just requiring applications to fight off spam bots. It is not "forced on every server".
Closed AidenY69 closed 1 year ago
novakeith
commented
1 year ago It is determined by an admin on the instance level. Most instances are just requiring applications to fight off spam bots. It is not "forced on every server".
dessalines
commented
1 year ago To stop bots. This is an issue tracker for the lemmy software, not for instance policies.
AidenY69
commented
1 year ago To stop bots. This is an issue tracker for the lemmy software, not for instance policies.
My ticket is for the technical nature of Lemmy, not for policies. Wouldn't the solution be to just use captchas instead of this method? what would prevent someone from making a bot and then using GPT to just answer that field? Sure captcha solving services exist, but far less easy to implement then GPT, and cost more than GPT for botters to implment.
novakeith
commented
1 year ago I don't see where in the settings (as an admin) I can disable that?
Settings > Registration Mode. You can set it to open registration if you'd like.
dessalines
commented
1 year ago We've removed captchas also, based on direct experience of how badly they performed against bots. Signups have stopped them 100%. Despite what you hear about bots being able to solve every problem, they aren't able to parse a series of context-based questions and make any sense.
Most forums use registration applications, and we learned the hard way through experience that they really are the best way to stop spam and bots.
AidenY69
commented
1 year ago interesting. what captcha service did you use before? was it something like cloudflare's or google's or was it something custom made or open source?
dessalines
commented
1 year ago An open source one in rust.
AidenY69
commented
1 year ago An open source one in rust.
I think integrating Cloudflare captcha would align with Lemmy's values, and provide more security: https://www.cloudflare.com/products/turnstile/
"Stronger privacy: Turnstile always preserves the privacy of web visitors on your site - without sacrificing effectiveness. Unlike other CAPTCHA options, we never harvest data for ad retargeting."
dessalines
commented
1 year ago Absolutely not. Cloudflare is a giant MITM that intercepts all your communication with any site that uses it, including post forms, etc, in plain text. Cloudflare has every password that you've ever sent to a site that uses it.
"To join this server, you need to fill out this application, and wait to be accepted."
Why is this forced on every server? Should the admin of each instance of Lemmy not be able to decide if they want users to signup automatically or require approval? Why is this required on a global level?