The best part of the fediverse is that anyone can run their own server. The downside of this is that anyone can easily create hordes of fake accounts, as I will now demonstrate.
Fighting fake accounts is hard and most implementations do not currently have an effective way of filtering out fake accounts. I’m sure that the developers will step in if this becomes a bigger problem. Until then, remember that votes are just a number.
This blog post is fantastic! It’s packed with valuable insights and actionable advice. Thanks for sharing such an informative and well-written article. buy Linkedin Connections
I would imagine this is the same with bans I imagine there will be a future reputation watchdog set of servers which might be used over this whole everyone follows the same modlog. The concept of trust everyone out of the gate seems a little naive
I think the point is that the Fediverse is severely limited by this vulnerability. It’s not supposed to solve that specific problem, but that problem might need to be addressed if we want the Fediverse to be able to do what we want it to do (put the power back in the hands of the users)
I’m not a security expert by any means, though I would imagine this type of attack can more be more easily made harder to execute if all accounts have to go through one server first. Lemmy seems to be as strong as the weakest link in this regard, but a centralized model is just a single link. I imagine that any effective strategy that works for Lemmy is much easier on a centralized platforms, even though the reverse statement isn’t true.
That said, I’m optimistic that this gets figured out. Centralized platforms have had decades to solve this problem and we’re just getting started.
Votes were just a number on reddit too… There was no magic behind them, and as Spez showed us multiple times: even reddit modified counts to make some posts tell something different.
And remember: reddit used to have a horde of bots just to become popular.
How would that work? How will new instances/servers ever get a chance to grow if the fediverse only allowed those who are already whitelisted? Sorry for my limited knowledge about fediverse but it sounds like that goes directly against the base principle of a federated space?
It goes against the base principle, but, at the same time, is something quite possible to happen if things get out of control. Decentralization is complex, and brings several challenges for everyone to face.
Chatgpt is for chatting, you’re talking about regular ol machine learning. I imagine you could use one of OpenAIs other ai models that support data insights rather than simple text generation
I think people often forget federation is not a new thing, it’s a first design for internet communication services. Email, which is predating the Internet, is also federated network and most popular widely adopted of them all modes of Internet communication. It also had spam issues and there where many solutions for that case.
The one I liked the most was hashcash, since it requires not trust. It’s the first proof-of-work system and it was an inspiration to blockchains.
I don’t know what the answer is, but I hope it is something more environmentally friendly than burning cash on electricity. I wonder if there could be some way to prove time spent but not CPU.
Now days email spam filter especially proprietary from Google or Verizon yahoo really make indie mail server harder to maintain and always got labeled as spam even with DKIM, dmarc, right spf, and clean reputable public IP
Well, you see Kif, my strategy is so simple an idiot could have devised it: reputation is adjusted by “votes” so that other users can up or downvote another.
I’m assuming this is a joke based on the Futurama references you used, but just to be clear for everyone: this won’t work because it simply moves the problem one step further. How do you prevent bots from upvoting other bots to build a reputation?
As mentioned: It’s not the silver bullet solution but something that raises the bar for abuse. The reputational score is build up over time on the specific server based on the up- and downvotes you received.
So, yes, this can be abused itself as well - but it requires a lot more effort.
Honestly, thank you for demonstrating a clear limitation of how things currently work. Lemmy (and Kbin) probably should look into internal rate limiting on posts to avoid this.
I’m a bit naive on the subject, but perhaps there’s a way to detect “over x amount of votes from over x amount of users from this instance”? and basically invalidate them?
How do you differentiate between a small instance where 10 votes would already be suspicious vs a large instance such as lemmy.world, where 10 would be normal?
I don’t think instances publish how many users they have and it’s not reliable anyway, since you can easily fudge those numbers.
10 votes within a minute of each other is probably normal. 10 votes all at once, or microseconds of each other, is statistically less likely to happen.
I won’t pretend to be an expert on the subject, but it seems like it’s mathematically possible to set some kind of threshold? If a set percent of users from an instance are all interacting microseconds from each other on one post locally, that ought to trigger a flag.
Not all instances advertise their user counts accurately, but they’re nevertheless reflected through a NodeInfo endpoint.
This is really important to call out. Also though the bots have gotten so good it would be hard to tell the difference. To be honest though I’m pretty sure reddit was teeming withing them and it didn’t really bother me. lol
This could become a problem on posts only relevant on one server, like community voting or updates on server issues. Such content would become very hidden.
This would be rather to detect and alert admin of a bad actors (instances) and then admin can kick it off from federation same for other tupe of offences.
In case anyone’s wondering this is what we instance admins can see in the database. In this case it’s an obvious example, but this can be used to detect patterns of vote manipulation.
I appreciate it, good for demonstration and just tickles my funny bone for some reason. I will be delighted if this user gets to 100,000 upvotes—one for every possible iteration of shill#####.
Add comment