You're right that captchas can be bypassed, but I disagree that they're useless.

Do you lock your house? Are you aware that most locks can be picked and windows can be smashed?

captchas can be defeated, but that doesn't mean they're useless - they increase the level of friction required to automate malicious activity. Maybe not a lot, but along with other measures, it may make it tricky enough to circumvent that it discourages a good percentage of bot spammers. It's the "Swiss cheese" model of security.

Registration applications stop bots, but it also stops legitimate users. I almost didn't get onto the fediverse because of registration applications. I filled out applications at lemmy.ml and beehaw.org, and then forgot about it. Two days later, I got reminded of the fediverse, and luckily I found this instance that didn't require some sort of application to join.

But even then, however, what's to stop an army of bots from just ChatGPTing their way through the application process?

I went to a website to generate a random username, picked the first option of polarbear_gender, and then just stuck that and the application questions for lemmy.ml into ChatGPT to get the following:

I want to join Lemmy.ml because I'm really into having meaningful discussions and connecting with others who have similar interests. Lemmy.ml seems like a great platform that fosters a diverse exchange of ideas in a respectful way, which I like.

When it comes to the communities I'd love to be a part of, I'm all about ones that focus on environmental conservation, wildlife preservation, and sustainability. Those topics really resonate with me, and I'm eager to jump into discussions and learn from fellow passionate folks.

As for my username, I chose it because I've got respect for polar bears and how they live with the environmental challenges they face. And throwing in "gender" is just my way of showing support for inclusivity and gender equality. Building a more just and fair society is important to me.

I don't know the full criteria that people are approved or declined for, but would these answers pass the sniff test?

I'm just worried that placing too much trust in the application process contributes to a false sense of security. A community that is supposedly "protected" from bots can be silently infiltrated by them and cause more damage than in communities where you can either reasonably assume bots are everywhere, or there are more reliable filtering measures in place than a simple statement of purpose.

Wait what's the difference between the suggested auto block and you historically blocking instances without applications? Is there other criteria you use to determine the block?

Not saying I know the answer, just curious.

chatgpt.

HackerNews does something similar where new users don't have the ability to down vote until they have earned enough upvotes from other users.

We could extend that, and literally not allow upvotes to properly register if the user is too new. The vote would still show on the comment/post, but the ranking of the comment/post will only be influenced by seasoned users. That way, users could scroll down a thread, see a very highly upvoted comment bang in the middle, and think for themselves "huh, probably bots".

Very hierarchical solution, heavily reliant on the mods not playing favourites or having their own agenda.

I disagree. I think the solution is moderation.

But- that is basically agreeing with the context of what I said.

So I’m against applications.

I don't like them either, but, the problem is, I don't have ANY other tools at my disposal for interacting with and viewing the other users.

What we need is better moderation tools.

Just a way to audit user activity and comments would be a big start. I honestly cannot find a method for doing this via the UI. Having to resort to querying the database just to dig up details.