Spam/abuse hardening #1941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

snarfed opened this issue May 21, 2025 · 0 comments

Owner

snarfed commented May 21, 2025 •

edited

Loading

As we start to think about building out new protocols (https://github.com/snarfed/bridgy-fed/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22new%20protocol%22 ), we should think more about hardening. We have a few of these features already, but we should probably consider more? #773 would help a ton here, but barring that, here are some thoughts.

Right now, depending on network, we already:

require name
require profile picture
require account age older than 1w
per domain/instance, can limit bridging all users to only user profiles, not posts or other interactions, until at least one person follows them across the bridge

We could also consider

Rate limit tasks by user #1788
rate limit IPs, at least for protocols where we see the user/client's IP (which I suspect we don't have many of)
block duplicate content; don't allow the same post text from the same user, or instance, or protocol, more than once per day/week/month
more ideas from https://nostrify.dev/policy/ and https://docs.soapbox.pub/ditto/policies (thanks @alexgleason!)

cc @anujahooja @kissane @benwerd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment