this post was submitted on 24 Jun 2023
170 points (96.2% liked)

Lemmy

12576 readers
1 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

See THIS POST

Notice- the 2,000 upvotes?

https://gist.github.com/XtremeOwnageDotCom/19422927a5225228c53517652847a76b

It's mostly bot traffic.

Important Note

The OP of that post did admit, to purposely using bots for that demonstration.

I am not making this post, specifically for that post. Rather- we need to collectively organize, and find a method.

Defederation is a nuke from orbit approach, which WILL cause more harm then good, over the long run.

Having admins proactively monitor their content and communities helps- as does enabling new user approvals, captchas, email verification, etc. But, this does not solve the problem.

The REAL problem

But, the real problem- The fediverse is so open, there is NOTHING stopping dedicated bot owners and spammers from...

  1. Creating new instances for hosting bots, and then federating with other servers. (Everything can be fully automated to completely spin up a new instance, in UNDER 15 seconds)
  2. Hiring kids in africa and india to create accounts for 2 cents an hour. NEWS POST 1 POST TWO
  3. Lemmy is EXTREMELY trusting. For example, go look at the stats for my instance online.... (lemmyonline.com) I can assure you, I don't have 30k users and 1.2 million comments.
  4. There is no built-in "real-time" methods for admins via the UI to identify suspicious activity from their users, I am only able to fetch this data directly from the database. I don't think it is even exposed through the rest api.

What can happen if we don't identify a solution.

We know meta wants to infiltrate the fediverse. We know reddits wants the fediverse to fail.

If, a single user, with limited technical resources can manipulate that content, as was proven above-

What is going to happen when big-corpo wants to swing their fist around?

Edits

  1. Removed most of the images containing instances. Some of those issues have already been taken care of. As well, I don't want to distract from the ACTUAL problem.
  2. Cleaned up post.
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

The solution is to choose servers with admins who are enabling bot protections.

If admins are not using methods to dissuade bot signups, then they're not keeping their site clean for their users. They're being a bad admin.

If they're not protecting their site against bots, they're also not protecting the network against hosts. That makes them bad denizens of the Fediverse, and the rest of us should take action to protect the network.

And that means cutting ties with those who endanger it.

[–] [email protected] 2 points 1 year ago (4 children)

See the original post. (may have changes' since you read it)

I can spin up a fresh instance in UNDER 15 seconds, and be federated with your server in under a minute.

There is literally nothing that can be done to stop this currently, unless servers completely wall themselves from the outside world, and follow a whitelisting approach. However, this ruins one of the massive benefits of the fediverse.

[–] [email protected] 3 points 1 year ago

Yeah, setting up new instances is a different issue, of course. And there is definitely a lack tools to help with that as of yet. We need things like rate limiting on new federations, or on unusual traffic spikes, mod queues for posts that get caught up in them. Plus the ability to purge all posts and comments from users from defederated sites.

Among other things.

[–] [email protected] 2 points 1 year ago (1 children)

I can think of a way to help with the problem, but I don't know how hard it would be to implement.

Create some sort of trust score, where instance owners rate other instances they federate with.
Then the score gets shared in the network. Like some sort of federated whitelisting.
You would have to be prudent a first, but not do the whole task yourself.

You could even add an "adventurousness" slider, to widen or restrict the network based on this score.

[–] [email protected] 2 points 1 year ago

@[email protected] is more or less building something exactly like this.

his comment HERE https://lemmyonline.com/comment/58296

[–] o_o 1 points 1 year ago* (last edited 1 year ago)

There are two worries here:

Bots on established and valid instances (Should be handled by mods and instance admins, just like conventional non-federated forums. Perhaps more tooling is required for this— do you have any suggestions? However, I think it’s a little premature to say that federation is inherently more susceptible or that corrective action is desperately needed right now.).

Bots on bot-created instances. (Could be handled by adding some conditions before federating with instances, such as a unique domain requirement. Not sure what we have in this space yet. This will limit the ability to bulk-create instances. After that, individual bot-run instances can be defederated with if they become annoyances.)

[–] [email protected] -1 points 1 year ago (1 children)

I can spin up a fresh instance in UNDER 15 seconds, and be federated with your server in under a minute.

And I can blacklist your instance in less than 5 seconds. We have the answer. Administrators of instances have the power to do whatever disposition they want already.

[–] [email protected] -2 points 1 year ago (1 children)

Quit being a twerp, and work with us.

And I can blacklist your instance in less than 5 seconds.

First, you have to IDENTIFY the bad-instances. Have a tool for that? Have a method to filter out good from bad?

No. You don't.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

No. You don’t.

Yes I do. Because I actually understand how servers work. If your just running Lemmy with no understanding of how the internet works... then you're doing yourself a disservice.

Edit: Oh I missed this the first time I read it...

Quit being a twerp, and work with us.

Yeah no. I have no interest to work with leeches that don't understand how to run services. Let alone ones that jump straight to ad hominem.