Big Drama Llamas…
User @[email protected] posted a call to pressure the devs to return CAPTCHA support before v.0.18 arrives on the community [email protected].
Mixed response from users and beehaw admins.
Lemmy issue #2922 is where it was removed 2 weeks ago due to its effectiveness being limited, Lemmy issue #3200 is the issue where it is suggested to have it return. Repo maintainers are somewhat perceptive to reverting it but would be more willing to accept a full implementation of graphical CAPTCHA over the previous version.
Alternative links: https://lemmy.ca/post/793011, https://beehaw.org/post/667199. (Note that if you view from a defed instance with Beehaw you will only see a handful of comments).
Discussion welcome here.
I’m keeping my own opinions of it to this comment… The spam wave is troublesome and Captcha will slow down a little bit. While making noise about it is good, making it everyone’s responsibility to peer pressure the developers into doing it seems like crossing the line to me.
Imho it would be better if people either held off on migration until it’s implemented or have a fork of it that contains captcha features where there aren’t existing protections (such as manual vetting).
I get that these things make the project better and viable but the repo maintainers aren’t magicians and we should overall curb open-source entitlement to a reasonable level.
I have an instance that I created just for testing the software. It’s not being used. In fact, since it’s for testing only, it’s not even federated (federation turned off) because I don’t want to inflict my testing on anyone else. Also, the URL is not published anywhere. Since it’s just for testing, I had it with open registrations. A couple of days ago I woke up to find twenty new accounts. Somehow spammers got to it (again, no federation, URL unpublished anywhere). My theory is that since it was lemmy.<domain> that they were trying that kind of subdomain randomly. Anyway, manually removing 20 accounts from Lemmy is a pain. Moderation tools in Lemmy are severely lacking yet. I mean, it’s alpha software, we know it’s still a work in progress, so some issues like this are to be expected. But my point is that they shouldn’t be removing the very few tools to prevent spammers that instance admins have.
I agree with that. Things change quickly too, what was not a problem at all 2 weeks ago (when the CAPTCHA removal PR was put in) is a big problem now as the Lemmy Threadiverse is more than 10x its previous size.
I wouldn’t put it past people probing every domain for lemmy using a dictionary attack and TLDs. (lemmyhub.site, lemmyclub.xyz, lemmystation.pictures, etc.)