Mastodon faces all the same challenges, and has been dealing with them for 7 years.

Unfortunately, lemmy comes with some bad default settings for when you set it up, which is the cause of the current bots inflating the user-count.

As for how to tell if an instance is trustworthy... That'd be time. I picked mine because it's local and has had years of uptime already. lemmy.world is new, but run by people who've maintained a mastodon instance before. Basically, do your research, and wish for the best. Eventually, some day, we'll have established no-brainer options like gmail and proton are for email.

Monetization, that's up to each instance admin. Mine is straight up donating the instance to the world, and not asking for donations due to its near-nothing running costs. My instance is quite small, but active. But really, a given instance could go with whatever funding model they want, provided its users are on board with it. Some have already told our admin to speak up the moment he'd like some funds.

Where malicious activity is concerned, the fediverse may have to eventually switch to using whitelists, instead of blacklists, for who they federate with. Aside from that, there are already some tools for automatically detecting instances that are not populated by real users.

On privacy, ActivityPub has none. For that, you should look to matrix. ActivityPub is for public-only interactions and has no guarantees of security. Your posts or comments are not DMs, and if you reveal personal information, you may as well have published it in a newspaper. There are no real take-backs in that kind of forum. You can have facebook or reddit delete your stuff under GDPR requirements, but your content was out there, and any saved copies are out of reach.

The same goes for deleting things on the fediverse. ActivityPub does have the featureset for it, but it can only reach server's that are still online and federated. That's little different from how other public social media works.

To address each of your points:

Maintainability and Scalability: This is a big concern, especially with users being drawn to large instances. In the beginning there will be pains, even the "flagship" lemmy.ml had issues maintaining this as this wasn't their primary concern until recently. It is up to each instance owner to maintain their instance, and if it grows to large for them to handle to direct users to another instance. If an instance owner decides to abandon their instance, this will currently result in that instance being lost. I do think some protocol of preserving content (with the mechanisms for users to control the content) is needed but will need to be worked on in future versions. This could be done by users getting a key for example, and making requests via another instance to transfer their public user data over and they can control their content again from the new instance. This is just a thought though, and I am unsure how well this would work in practice. This will most likely become a topic of discussion among developers working on lemmy, so I have faith a good solution will be reached.

Monetization: The usual for this kind of stuff, donations using whatever service they prefer. I think some ads are ok, as long as they don't siphon data and use advance techniques. Something such as as "sponsors" could work, it's an ad but it's not trying to steal your data. I think most instances would be abandoned if they implemented standard "google" ads.

Legal/Privacy - I am not a lawyer and this isn't legal advice. Each of these laws have pretty clear details of implementations, and iirc they also only cover corporations and institutions. Users running instances themselves do not apply, but overall GDPR and CCPA compliance would be required as users won't want the liability of running large instances. In my opinion, all that can be done is to have a delete request that propagates as any other content does. It's up to the instance operator to fulfill the request.

As with all things non-corporate, you determine if the instance you want to use is run by a reliable person by uh, vetting the person. This is absolutely impractical and absolutely not something you can ask an average person to do in order to post cat memes on the internet, so long-term the right call would probably be to move the "big instances" into a foundation/corporation model (think OSI or Apache or Gnome or....) to provide proper shared ownership of resources, continuity planning, and better handling and monitoring of donated funds as well as better opportunities for outside funding - it's actively easier to get funding or support for actual foundations/non-profits than some dude running a thing in his basement.

You then have a very public entity that's much simpler for any random person to decide if they're reasonable - the fact they exist AT ALL is a huge indicator of legitimacy because the work required to even get that far is not entirely trivial.

Monetization is.... problematic. It's probably going to HAVE to be donation-based because I don't think ads or data mining or segues to our sponsor are acceptable on federated platforms and won't result in you getting anything but tossed out.

I'd also say that there are fundraising options for larger instances that offer valuable communities: you can get a LOT of donations out of corporate America (this is US-centric, of course) if you're a registered non-profit they can donate a tax write-offable donation to, and something like a Lemmy instance is just a rounding error in donations, if you can get in the door.

I'm also not a lawyer, but have worked with lawyers on a GDPR compliant policy, and boy, is it an absolute mess. The larger instances are absolutely going to have to comply, and there absolutely has to be a way to export and delete your data, and federation is absolutely going to run into the data processor vs data controller dual-responsibility pile and it's absolutely going to be a mess.... maybe, at some point, or not. For the MOST part, it's a policy where as long as you're being reasonably compliant and nobody is complaining or suing you, it's not quite as horrifying as it is on paper.

The deletion stuff absolutely needs to be done sooner rather than later, and there needs to be a way to export all the data an instance has on a given user, but those two things will probably cover the worst risks any particular instance has.

So I agree 100% with this concern (and I think that in the long term a lot of this has the potential to be a bigger issue than is really being realized). At the time when reddit was imploding and people there were talking about getting together to build something better, I put together a pretty detailed proposal for software that I think can help to mitigate this issue. Basically, shift a lot of the load on an individual instance to be carried by simple proxies that can be run by the users of that instance. A bunch of people told me they were interested in this idea, and I was just now putting up an update after doing a bit of work on some actual code. If you're interested in helping or taking a look, here are:

• The original proposal and details
• Today's status update with some implementation details + link to the not-very-far-along code

And:

• Federation-friendly link to both of the above