this post was submitted on 19 Jun 2023
22 points (73.9% liked)

The Agora

1602 readers
1 users here now

In the spirit of the Ancient Greek Agora, we invite you to join our vibrant community - a contemporary meeting place for the exchange of ideas, inspired by the practices of old. Just as the Agora served as the heart of public life in Ancient Athens, our platform is designed to be the epicenter of meaningful discussion and thought-provoking dialogue.

Here, you are encouraged to speak your mind, share your insights, and engage in stimulating discussions. This is your opportunity to shape and influence our collective journey, just like the free citizens of Athens who gathered at the Agora to make significant decisions that impacted their society.

You're not alone in your quest for knowledge and understanding. In this community, you'll find support from like-minded individuals who, like you, are eager to explore new perspectives, challenge their preconceptions, and grow intellectually.

Remember, every voice matters and your contribution can make a difference. We believe that through open dialogue, mutual respect, and a shared commitment to discovery, we can foster a community that embodies the democratic spirit of the Agora in our modern world.

Community guidelines
New posts should begin with one of the following:

Only moderators may create a [Vote] post.

Voting History & Results

founded 1 year ago
MODERATORS
 

Registrations should require a valid email address and temporary/disposable (e.g. temp-mail.org ) email services should be rejected.

Note this should not be implemented as a whitelist; "obscure" email services such as Protonmail, Tutanota and personal email servers should be allowed.

Pros:

  • Cuts down on the number of trolls attempting to register, reducing load on mods and admins.
  • Improves our standing with other instances.
  • Ensures users have the ability to reset their password.

Cons:

  • Has privacy concerns - people may not want to associate their email address with everything.
  • Users may not (and perhaps should not have to) trust the admins of this instance with their email.
  • May not be supported well by Lemmy, and/or require a blacklist that needs updating.

Aye and nay in the comments, please.

all 39 comments
sorted by: hot top controversial new old
[–] Hagarashi8 16 points 1 year ago (1 children)

Nay, if we do blacklist we'll end up with not solving the problem for additional resources - trolls will find temporary email nobody banned in minute or two. Trolls will troll, and if we will just waste resources on pretending we solved the problem, there would be less resources to actually ban trolls.

[–] falkerie71 5 points 1 year ago (1 children)

I don't think that's the correct way of thinking either. People still break laws irl, does that mean laws in general are useless? Of course trolls will find obscure temp email services, but by banning the main ones, even just from the first page of a Google search result, would deter a significant amount of bad actors. Makes modding this instance just a bit easier.

Plus, I don't think implementing a blacklist is even that hard on the coding side. Though I have no idea how Lemmy works so YMMV.

[–] Hagarashi8 3 points 1 year ago (1 children)

I don't know either, but maintaining and expanding a list of domens of temporary emails would 100% be pain in ass. Also, there's legit mail services that allows aliases, hell even gmail users have infinte amount of aliases, so it feels kinda like wasting time on nothing.

[–] falkerie71 1 points 1 year ago

Oh you're right, I hadn't thought of aliases. I personally still think a blacklist could still be implemented even if just as a basic filter, but I get your point.

[–] this 9 points 1 year ago* (last edited 1 year ago)

Nay - trolls will always find a way to circumvent all but the most locked down instances. Additionally being able to register without an email allows users who live in authoritarian countries where our kind of content would be illegal to participate more safely. The real solution is to defederate with the most abusive instances and moderate our community as needed.

[–] nyahlathotep 8 points 1 year ago (1 children)

Nay, TheDude recently added captcha for account creation and I think we should wait and see if that's sufficient before voting to further restrict things

[–] Cracks_InTheWalls 3 points 1 year ago

I am on board with this.

[–] aspseka 7 points 1 year ago* (last edited 1 year ago) (1 children)

What problem do you want to solve by disallowing anonymizers/disposables but allowing other email providers where users can create and delete aliases at will?

Edit after discussion about captchas: Nay

[–] Cracks_InTheWalls 3 points 1 year ago (2 children)

So I guess it comes down to ease. With anonymizers/disposables, you instantly have an email address once you open the page. With other email providers, you typically need to go through a registration process, often with a captcha. Time to spin up is slower.

Doesn't defeat everybody or make it impossible to make multiple troll account, but ends up costing a bit more effort. The less convenient it is to do, the fewer people will bother.

Though someone else's comment here re: there being something of an arms race finding non-blocked temp mail providers is valid. How much effort is required to keep up?

[–] aspseka 6 points 1 year ago (1 children)

So.. What you really want is a captcha on the registration page of this instance? Fine by me.

[–] Cracks_InTheWalls 1 points 1 year ago* (last edited 1 year ago) (1 children)

So we already have that. What I mean is an additional layer by requiring email addresses that have a more cumbersome registration process (not all that cumbersome for a legit user, cumbersome for someone trying to flood an instance).

Anyone can make a couple hotmail (for example) accounts, but it's a bigger pain in the ass than going to a temp mail site and getting a ton of inboxes going. Effort v. Incentive is the idea here - if you're a troll just trying to disrupt for the sake of disruption, if it takes you 5-10 minutes per account creation attempt from start to finish, you're probably going to focus your efforts on something faster to spin up. A latched door prevents opportunists and all that.

Does it stop everyone/the most dedicated trolls? No. But it narrows the funnel.

Edit to acknowledge after reading more of this thread and thinking about it more, I've voted Nay - let's see if the instance CAPTCHA is a sufficient barrier for this purpose first.

[–] Faendol 2 points 1 year ago

I really feel like it's just too easy to whip an email together with Gmail for this to have much impact. I like the goal here but I think we would need to find a different solution.

[–] tcely 1 points 1 year ago

The effort is placed on the wrong people when trying to maintain a blacklist of emails.

  1. Maintaining a blacklist is lots of effort for the admins.

  2. The normal users we want to join are inconvenienced.

  3. The spammers are using automated tools, so they don't have any burden and get in anyway.

[–] Cracks_InTheWalls 7 points 1 year ago

Given that the admins have instituted a CAPTCHA for registration, I'm willing to wait on email requirements until such a time as this proves insufficient, at which point this should be revisited.

Nay

[–] MrScottyTay 6 points 1 year ago* (last edited 1 year ago)

Nay, For reasons others of the same vote have said. Especially the allowing of people to use this where they may legally unable to use a non temp email.

No need to punish upstanding users because of bad actors or the potential of thereof.

[–] WheeGeetheCat 6 points 1 year ago* (last edited 1 year ago)

Nay After reading other comments here, I went nay because it seems we have recently added a captcha. I am one of the people who was attracted to this server because it didn't require an email signup. Im not a troll, I'm just privacy minded.

Privacy minded people are good to have on a server because we will actively protect our privacy and report to other users of the platform when it becomes invasive. People who 'dont care' and willing throw their email in anywhere aren't always superior contributors to privacy-minded folks who are careful where they interact on the internet.

edit: I am coming back to possibly change my vote to 'yes' or to at least ask about other options after reading this post about bots defeating the captcha / new versions of lemmy possibly not supporting it https://sh.itjust.works/post/277350

I also want to say in general that I would not be adverse to TheDude having a strong voice / opinion in the implementation of technical details like this where they may understand more or have more experience than the average user of a social network.

[–] sneakyninjapants 6 points 1 year ago (1 children)

Nay

I'd rather Lemmy reimplement a captcha system or something more effective. Like others have said, it's just too easy to circumvent a blacklist, not to mention using email aliases. Hopefully the API gets locked down so there won't be any way to create an new account through it, but until those things happen the only ways to safeguard the signup process are manually reviewing user signups, which is unrealistic at scale, or whitelisting email domains, which is also problematic to put it mildly.

[–] InfiniteStruggle 1 points 1 year ago

+1 for captcha. Are there any open source captcha providers?

[–] Tim 5 points 1 year ago

Aye, especially if voting here influences the future of the instance. Maybe voting should be only allowed if the user is verified?

[–] Dirk_Darkly 4 points 1 year ago

I have to disagree on this. Not requiring an email was a big reason I actually signed up and am active on here. Plenty of people do not want their email tied to their online activities and it simply adds another layer where they can be tracked. Email, in the end, is about as useless and cumbersome as requiring a phone number for everything. Bad actors will circumvent and only people who wish to contribute in good faith will be impeded.

We currently have captcha enabled on this server which is sufficient for bots and low-effort trolls. I believe time will bring more robust moderation tools and guidelines to deal with the pains of expansion. Right now, our efforts are better served towards accessibility of new users.

[–] Potato 4 points 1 year ago* (last edited 1 year ago)

Nay

Anonymity, as a general rule, is something we should work to get back. Email is just one small hurtle to overcome in a registration process, sure, for both good and bad actors. It's not a way of screening bad actors (human or bot alike).

A captcha, combined with an application with a list of manually reviewed questions if needed, would be best if bots and bastards become a problem. I wonder if there would be a good way of delegating the review process to volunteers.

Perhaps provisional approval, followed by posting in a welcome/introduction thread? Anyone failing to post or who gets their post downvoted is purged?

[–] skai 4 points 1 year ago

Nay

Too hard to differentiate between temporary/disposable and permanent addresses, too easy to circumvent, password reset is a non-factor (affects only individuals, not collective).

Disclosure: I do not have my email associated with my account.

[–] jarek91 4 points 1 year ago

Nay. Too many of our members are here with one of the driving reasons being that we do not have an email requirement. The privacy concerns alone in the Cons list is enough to warrant extreme caution.

[–] Whooping_Seal 4 points 1 year ago

I'd vote Aye as long as email-aliasing services are allowed. People should be allowed to use Simple Login, Anonaddy, Firefox Relay etc. If these fall under "temp emails" then I vote nay

[–] Catpocalypse 3 points 1 year ago

Request for additional information:

How would this impact those of us who did not provide an email address on signup, or is this simply a change going forward?

[–] csm10495 3 points 1 year ago

Nay. Trolls will troll. I'd rather add a captcha to make it harder for bot level trolling.

[–] Ruben 3 points 1 year ago
[–] xylene 3 points 1 year ago

Nay

My feelings are privacy and chill vibes related.

[–] Seraph089 3 points 1 year ago

Nay

It could be reevaluated if we see problems, but I don't see it making a big difference. It's easy enough to create a throwaway account with any email provider that would be functionally identical to a "temporary one".

[–] gmatkins 3 points 1 year ago

Yay, better for the long-term health of the instance.

[–] tcely 1 points 1 year ago (1 children)

Nay. I'd much rather use an invite system than try to blacklist emails.

[–] CowsLookLikeMaps 1 points 1 year ago
[–] can 1 points 1 year ago* (last edited 1 year ago)

Nay

If bots become a significant problem I don't mind if we implement it but we're just not there yet.

[–] Tempiz 0 points 1 year ago
[–] falkerie71 0 points 1 year ago
[–] darkwing_duck 0 points 1 year ago