Spam assault on Mastodon, Twitter/X rival, underscores ‘Fediverse’ vulnerabilities

The recent spam attack that affected Mastodon, Misskey, and other decentralized social web applications underscores the vulnerability of the Fediverse to abuse. Attackers targeted smaller Mastodon servers by exploiting open registrations to automate the creation of spam accounts. Mastodon founder Eugen Rochko confirmed the attack and advised server administrators to switch registration to approval mode and block disposal email providers to mitigate the issue.

While previous spam attacks primarily targeted larger servers like Mastodon.social, which Mastodon’s team could manage, this attack focused on smaller and abandoned servers with open registrations. This allowed spammers to quickly generate spam accounts. Reports suggest that the attack, which became fully automated when spammers scripted spam, stemmed from a dispute on Discord, where one side attempted to have the other’s server banned.

The targets of the spam attack extended beyond Mastodon to platforms like Misskey, a decentralized blogging platform using the ActivityPub protocol. Many targets were in Japan, possibly originating from a Japanese forum.

This incident exposes a weakness in the structure of the Fediverse. Mastodon, an open-source software, allows anyone to establish their own server instance, connecting with other federated social networking servers via the ActivityPub protocol. Smaller Mastodon servers, often run by hobbyists, were particularly vulnerable if administrators weren’t vigilant and had open registrations.

The user base of Mastodon experienced a decline from around 1.8 million monthly active users in October of last year to 1 million as of this month’s public launch of Bluesky, another decentralized social network based on a different protocol. Although Bluesky is not currently part of the same Fediverse as Mastodon, its entry into the space raises concerns about Meta’s potential dominance.

Bluesky’s launch, coupled with Meta’s (formerly Facebook) technical expertise, especially in areas like spam prevention, has the potential to overshadow other Mastodon servers. Many worry that Meta’s ultimate goal may involve becoming the default client chosen by users and leveraging its substantial resources to drive adoption of Meta’s app, essentially aiming to take over the Fediverse.

Despite this, the broader Fediverse, encompassing Mastodon and other applications, maintains around 2.9 million monthly active users. However, the dynamics within the decentralized social networking landscape are evolving rapidly, and the influence of major players like Meta could significantly shape its future trajectory.