Possible Spam risk with Ello's unified reposts
So, having earlier uncovered quite the spam network on Ello, the question occurs to me as what amplification attacks they might try.
Ello spamming has been pretty nonproductive for the most part -- if you don't have followers, nobody's going to see your content, other than organic online hits. And the bulk of the spam accounts I'd found are followed by nobody but other spam accounts.
One thought on that: make new profiles non-public by default and/or until they've got at least some minimum quorum of trusted followers. That minimizes the possible advantages of links, even with
rel="nofollow" anchor directives (which Ello uses). (More on nofollow links).
For a lot of spammers, a key is amplification attacks: find a way to post content in such a way that it turns up elsewhere. That's why you see apparently idiotic practices such as referrer spam: spambots crwaling webpages and feeding links to Webserver logs via fake referrer URLs in the hopes that the logs themselves might be published (or derivative summary statistics).
For Ello, the new unified repost feature might be one such angle. Spammer reposts and comments, with the result that everyone that's on the initial share will then get those comments.
For the white-hats, the good news is that Ello's most popular posts tend to come from staff, which is to say, those best positioned to take down the spammers.
But it might be something to watch out for.