#Tag
Made a Signal group for people who self-host Fediverse servers. Send me a private message here (so I know who you are) if you would like to join.
Made a Signal group for people who self-host Fediverse servers. Send me a private message here (so I know who you are) if you would like to join.
PSA: tips to protect yourself from scams on Signal.
Every major comms platform has to contend w phishing, impersonation, & scams. Sadly.
Signal is major, and as we've grown we've heard about more of these attacks--scammy people pretending to be something or someone to trick and abuse others. 1/
I am admin of about 20 public #SignalGroup.s , here is how we do it:
- we use the "nickname" and "note" feature to mark people as spam, write down bad behavior etc.
- we have public links, all require admin permission to join
- we have a separate "Introduction Room" group where we add everyone requesting to join. They need to follow steps in the group description, have a profile pic and name that imply they are "kinda human" and introduce themselves in a human way. This works surprisingly well and we have no spammers since then
- we also collect the IDs of malicious users following these steps (https://github.com/Whatnoww/ACI-Blocklist), which is currently very tedious but the only persistent identifier afaik. That ID is then used by SignalAssistant which warns about malicious users requesting to join a group
- we keep track of behavior indicating that users are human in the user notes
- to protect against higher effort scrapers (that employ humans or sophisticated bots that bypass our checks, and then are inactive and just scan all messages), we make a post, tagging all users and requiring some form of response (which serves as a captcha in its own, like "green non-edible emoji")
- alternatively, deleting a group, making a new one and telling everyone to migrate is an effective way to remove inactive ones or bots. But as following links is likely well implemented in bots, this would require manual re-checking
The amount of tech-illiteracy varies a lot (or we get users new to Signal) which means we need to make excuses quite often.
Also, Signal has a lot of features helping here, but also lacks some UX polish:
- seeing and sharing user IDs with people to have a blocklist that actually does something
- and/or sharing user notes and nicknames with other people
- pinning messages (no need to tag all users or write sensitive stuff in the group description readable for others)
- a setting to allow users to only see admins in a group and nobody else (privacy of everyone else in the "Introduction Room")
- separate Admin and Moderator rights. This is huge, as maintenance requires lots of admins, but the current system makes takeovers easy
A space for Bonfire maintainers and contributors to communicate
