• 3 Posts
  • 19 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle



  • o_o@programming.devtoLemmy@lemmy.mlProtect. Moderate. Purge. Your. Sever.
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    1 year ago

    Agree! Defederation is a nuclear option. The more we do it, the more we reduce the value of “the fediverse”, and the more likely we are to kill this whole project.

    I think defederation should only be a consideration if an instance is consistently, frequently becoming a problem for your instance over a large period of time. It’s not a pre-emptive action.


  • If “botters” are willing to spend >$5 per bot on established instances, then I don’t believe this is a solveable problem. For the fediverse, or for ANY platform, Reddit included. I am perfectly human, and would be hard-pressed to decline a >$150/hour “job” to create accounts on someone’s behalf.

    Like any other online community, constant vigilant moderation is the only way to resolve this. I don’t see how Lemmy is in any worse position than Reddit so I don’t think we need to be all “doom and gloom” quite yet.

    As for botters creating their own instances…

    For example, newly created domains might be blacklisted by default.

    This is just a start. Federation allows for many techniques to solve this. Perhaps even a “Fediverse Universal Whitelist” with an application process. I’m excited for the possibilities, but again I don’t think it’s quite time to be overly concerned yet. These are solvable problems.


  • o_o@programming.devtoLemmy@lemmy.mlProof that bots are manipulating content
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    There are two worries here:

    1. Bots on established and valid instances (Should be handled by mods and instance admins, just like conventional non-federated forums. Perhaps more tooling is required for this— do you have any suggestions? However, I think it’s a little premature to say that federation is inherently more susceptible or that corrective action is desperately needed right now.).

    2. Bots on bot-created instances. (Could be handled by adding some conditions before federating with instances, such as a unique domain requirement. Not sure what we have in this space yet. This will limit the ability to bulk-create instances. After that, individual bot-run instances can be defederated with if they become annoyances.)


  • There is NOTHING stopping these bots from just creating new instances, and using those.

    I read somewhere that mastodon prevents this by requiring a real domain to federate with. This would make it costly for bots to spin up their own instances in bulk. This solution could be expanded to require domains of a certain “status” to allow federation. For example, newly created domains might be blacklisted by default.


  • o_o@programming.devtoLemmy@lemmy.mlProof that bots are manipulating content
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Honestly, I’m interested to see how the federation handles this problem. Thank you for all the attention you’re bringing to it.

    My fear is that we might overcorrect by becoming too defederation-happy, which is a fear it seems that you share. However I disagree with your assertion that the federation model is more risky than conventional Reddit-like models. Instance owners have just as many tools (more, in fact) as Reddit does to combat bots on their instance. Plus we have the nuke-from-orbit defederation option.

    Since it seems like most of these bots are coming from established instances (rather than spoofing their own), I agree with you that the right approach seems to be for instance mods to maintain stricter signups (captcha, email verification, application, or other original methods). My hope is that federation will naturally lead to a “survival of the fittest” where more bot-ridden instances will copy the methods of the less bot-ridden instances.

    I think an instance should only consider defederation if it’s already being plagued by bot interference from a particular instance. I don’t think defederation should be a pre-emptive action.





  • Yes, that’s a fair point. Just because you send a “I have deleted this message” signal out into the universe doesn’t mean that everyone will receive or obey it.

    I assumed that was understood.

    But that’s very different from instances intentionally and malevolently keeping data despite indicating to users that it was deleted, which is what I think folks’ privacy concerns are about.

    EDIT: What I mean is that the federation model is inherently non-private in a certain sense (but in the same sense that someone could take a screenshot of your Reddit comment and your deleting your comment won’t delete their copy). But Lemmy is not egregiously misusing data.










  • Agreed from a technical standpoint.

    But the implications are still interesting. One might (big might) trust Reddit as an organization not to use this data for evil, but with federation, there’s nothing stopping an instance from simply releasing all users’ voting history to be public.

    Of course, my instance didn’t even ask for an email to sign up, so my entire account is anonymous that way.

    I wonder if there are technical ways to federate votes anonymously?