Mastodon (and the Fediverse) have grown, now spam and bots are going to become a more common and challenging threat to instances
Mastodon (and the Fediverse) have grown, now spam and bots are going to become a more common and challenging threat to instances
You don’t need an exploit to send spam however. Anyone can currently write a client which posts spam messages to an ActivityPub instance. It is a weakness of any open federated service. The alternative would be a closed system where moderators would first have to approve any instance federation, but that’d be a very different and insular Fediverse…
I think ultimately we’ll end up with very Email-like mitigations. Blacklists (spamhaus), message content heuristics, sender verification, etc.
Almost every social media site (FB, Reddit, YT, Twitter) and online newspaper comment section has a good share of spam and harassment anyway, it’s up to “an algorithm”, moderator, or verification system to remove as much as feasible.
I’m more thinking of servers unexpectedly down or purged, people hijacking or spoofing others’ profiles, etc. which the way the Fediverse network is setup should make it a little more resilient overall.