@adrianmorales @martijn @claras_universe @danam not a friend of that as I want to make it possible to jump right in, but a lil captcha to get rid of the completely garbage bots w/o ocr would be nice, waiting on mastodon to implement that, hopefully not only cloudflare/google captcha but selfhosted stuff. Forcing 2fa while a good idea, it's not possible to do so on mastodon, and also I don't like forcing people even in a good way.
Conversation
Notices
-
Embed this notice
SolSoCoG (solsocog@ieji.de)'s status on Wednesday, 02-Aug-2023 22:14:19 JST 
SolSoCoG
-
Embed this notice
Adrian Morales (adrianmorales@ieji.de)'s status on Wednesday, 02-Aug-2023 22:14:21 JST 
Adrian Morales
@martijn @SolSoCoG @claras_universe @danam Then have a manual reviewing process, much like PeerTube. I had to wait 2 days before I could join one of the instances.
-
Embed this notice
Sexybiggetje🐖 (martijn@ieji.de)'s status on Wednesday, 02-Aug-2023 22:14:22 JST 
Sexybiggetje🐖
@adrianmorales @SolSoCoG @claras_universe @danam I'm not sure what's possible on the software. But just using a single authentication step makes it easy for bots to register. They seem to be able to follow the activation link sent to email as well. So I'm sure they'll find a way around MFA as well in the future.
-
Embed this notice
Adrian Morales (adrianmorales@ieji.de)'s status on Wednesday, 02-Aug-2023 22:14:23 JST
Adrian Morales
@martijn @SolSoCoG @claras_universe @danam How without forcing people to prove they're human or have them provide a valid phone number?
-
Embed this notice
Sexybiggetje🐖 (martijn@ieji.de)'s status on Wednesday, 02-Aug-2023 22:14:25 JST
Sexybiggetje🐖
@SolSoCoG @claras_universe @adrianmorales @danam i see that all new signups that I suspect are also spam (but don't contain a bio yet) all have 'password only'. Can we force enable MFA? It most likely kills a lot of spam signups, and really it's 2023, people should get used to use MFA. What are your thoughts?
-
Embed this notice
All GNU social JP content and data are available under the