It is widely reported that lemmy has been the target of a massive bot sign-up wave where possibly more than a million fake accounts have been created on the federated alternative to reddit.
As of now the consensus seems to be [more below] that these bots are dormant, possibly having been put in place to wreak havoc at a later date.
A strength of the fediverse, of which lemmy is a part, is its spread out nature, over at least forty thousand servers (lemmy: one thousand), but this is also a weakness meaning that co-ordination of action against a bot-wave like this is a more complex task.
A further complication is the recent widespread availability of A.I. or LLM functionality where plausibly human content can be created in vast quantities by those who possess relatively cheap computer systems and the desire. Should the recent wave of fraudulent accounts be fed content from an ‘AI farm’ it could easily lead to lemmy being ridiculed as a notoriously unreliable platform.
As such it is imperative that across the lemmyverse a concerted effort is made to purge fraudulent accounts.
[from above] There is a possibility that such a fake AI posting undertaking has already been started; after all slipping vaguely relevant content into lemmy threads would be very difficult to spot in small quantities.
Is lemmy doing enough to protect itself from the bots?
I think the power of fedi will be that even if these accounts do something in the future (I suspect they’re just future astroturf accounts which will be used once aged), it’s not like trying to persuade a behemoth corporation to take action.
It’ll be a few thousand obvious accounts on most instances, and any sensible admin will be easily able to prune. The ratio of account to admin is that much smaller, meaning going in with a fine-tooth comb isn’t impossible.
And any sites that don’t take reasonable actions, will likely get de-federated.
It’s a nice two-step solution. A local action, and a backup global block.