@hugot that's great start!
Keep us updated!
@firstname.lastname@example.org @af this is essentially the flow we implement right now that is not hindering spammers: create account semi-manually passing capture and activation-email, then using http API to flood with spam issue comments.
@af registration requires a captcha already, attacks are executed via api
- Less support for disposable one-time email addresses, as a good use case is still to be reported. (Only one request via anon DM without explanation why).
- Desire for proper per-repo and user rate limits for issue and comment submission,/also implementation of reputation score (users who submitted productive content in the past are less affected by limits). Unfortunately this is a long-term project contributors still has to show up for.
Status report and wrap-up up of poll discussion and decision since yesterday:
- Spam attacks continue, fine-grained blocks are circumvented quickly using another anonymous email provider for registration. All attacks come via tor switching IPs every few requests.
- Many expressed sympathy to keep access via tor network open as there are valid use cases (repressive countries etc).
@hugot Seems this would involve significant changes within gitea. Long-term a built-in trust-scoring system will surely be great, the gitea core developers will surely like this as well?
Via @eff : The German Constitutional Court Will Revisit the Question of Mass Surveillance
@hugot This particular spammer was posting the content of random-not-so-random birdsite posts.
@utf8equalsX The traffic is coming through Tor exit nodes, we do not operate a hidden service
@utf8equalsX There are surely perfectly legitimate use cases, especially for users living in disadvantages countries. Still we need to find a mode of operation that ensures that single troublemakers cannot disrupt functionality required by other contributors.
@trevormeier Sounds great. Tell us more.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!