Status report and wrap-up up of poll discussion and decision since yesterday:

- Spam attacks continue, fine-grained blocks are circumvented quickly using another anonymous email provider for registration. All attacks come via tor switching IPs every few requests.
- Many expressed sympathy to keep access via tor network open as there are valid use cases (repressive countries etc).

(1/2)

Follow

- Less support for disposable one-time email addresses, as a good use case is still to be reported. (Only one request via anon DM without explanation why).
- Desire for proper per-repo and user rate limits for issue and comment submission,/also implementation of reputation score (users who submitted productive content in the past are less affected by limits). Unfortunately this is a long-term project contributors still has to show up for.
(2/3)

- Short-term, we had no suggestion for a quick implementation aside from disallowing disposable emails and tor access.

(3/3)

Show thread

@codeberg You could do what Mastodon does when times are tough and switch to a mode in which registrations are no longer automated and require a mod to approve. You could then (theoretically) grep and delete buttloads of garbage requests because most spammers put garbage in the request fields, and it's usually all the SAME garbage so they make it so much easier.

@af registration requires a captcha already, attacks are executed via api

Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!