Deal with brigading
Brigading is an issue I deal with quite frequently, and one I'll need to figure out a solution for on Pleroma.
It's not an issue of bots (captcha deals with that), but rather of online groups (on Discord, for example) coordinating an attack where dozens of real people join the site and post offensive images and messages.
Mastodon has a pretty good feature for dealing with this, which is "approval only" registration mode. It can be configured in the admin at any time:
And on the frontend it adds an additional "Why do you want to join?" input box for entering message text:
Admins receive an email notifying them that a new user is in the queue:
And admins can review pending users to approve them:
When someone is a bad actor it's usually pretty obvious:
Even when it's not obvious, it still slows the attackers down because they have to wait. It discourages them from trying to continue, and it's easier to pick them off once they're in and start spamming the timelines.
Benefits of the "by approval" setting:
- It slows attackers down.
- Legitimate users still get approved eventually, so they get a reminder to come back. This helps retention.
- We're able to sleep at night in case of an attack by easily switching registrations into "approval" mode.
I'm open to other ways of dealing with brigading too. This is just a way that I know of that works pretty well.