See THIS POST

Notice- the 2,000 upvotes?

https://gist.github.com/XtremeOwnageDotCom/19422927a5225228c53517652847a76b

It’s mostly bot traffic.

Important Note

The OP of that post did admit, to purposely using bots for that demonstration.

I am not making this post, specifically for that post. Rather- we need to collectively organize, and find a method.

Defederation is a nuke from orbit approach, which WILL cause more harm then good, over the long run.

Having admins proactively monitor their content and communities helps- as does enabling new user approvals, captchas, email verification, etc. But, this does not solve the problem.

The REAL problem

But, the real problem- The fediverse is so open, there is NOTHING stopping dedicated bot owners and spammers from…

  1. Creating new instances for hosting bots, and then federating with other servers. (Everything can be fully automated to completely spin up a new instance, in UNDER 15 seconds)
  2. Hiring kids in africa and india to create accounts for 2 cents an hour. NEWS POST 1 POST TWO
  3. Lemmy is EXTREMELY trusting. For example, go look at the stats for my instance online… (lemmyonline.com) I can assure you, I don’t have 30k users and 1.2 million comments.
  4. There is no built-in “real-time” methods for admins via the UI to identify suspicious activity from their users, I am only able to fetch this data directly from the database. I don’t think it is even exposed through the rest api.

What can happen if we don’t identify a solution.

We know meta wants to infiltrate the fediverse. We know reddits wants the fediverse to fail.

If, a single user, with limited technical resources can manipulate that content, as was proven above-

What is going to happen when big-corpo wants to swing their fist around?

Edits

  1. Removed most of the images containing instances. Some of those issues have already been taken care of. As well, I don’t want to distract from the ACTUAL problem.
  2. Cleaned up post.
  • db0@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    1 year ago

    I noticellot of instances which were flooded with bots due to the open registration. I have most of them degenerated for this reason.

    • HTTP_404_NotFound@lemmyonline.comOP
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      edit-2
      1 year ago

      We need a better solution for this, rather then mass-bulk defederation.

      In my opinion- that is going to greatly slowdown the spread and influence of this platform. Also IMO- I think these bots are purposely TRYING to get instances to defederate from each other.

      Meta is pushing its “fediverse” thing. Reddit, is trying to squash the fediverse. Honestly, it makes perfect sense that we have bots trying to upvote the idea of getting instances to defederate each other.

      Once- everything is defederated- lots of communities will start to fall apart.

      • db0@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        I agree. This is why I started the Fediseer which makes it easy for any instance to be marked as safe through human review. If people cooperate on this, we can add all good instances, no matter how small, while spammers won’t be able to easily spin up new instances and just spam.

          • db0@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            First we need to populate it. Once we have a few good people who are guaranteeing for new instances regularly, we can extend it to most known good servers and create a “request for guarantee” pipeline. The instance admins can then leverage it by either using it as a straight whitelist, or more lightly by monitoring traffic coming from non-guaranteed instances more closely.

            The fediseer just provides a list of guaranteed servers. It’s open ended after that so I’m sure we can find a proper use for this that doesn’t disrupt federation too much.

              • db0@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                1
                ·
                1 year ago

                Actually, not a handful. Everyone can vouch for others, so long as someone else has vouched for them

                • HTTP_404_NotFound@lemmyonline.comOP
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  One recommendation- how do we prevent it from being potentially brigaded?

                  Someone vouches for a bad actor, bad actor vouches for more bad actors- then they can circle jerk their own reputation up.

                  Edit-

                  Also, what prevents actors in “downvoting” instances hosting content they just don’t like?

                  ie- yesterday, half of lemmy was wanting to defederate sh.itjust.works due to a community called “the_donald”, containing a single troll shit-posting. (The admins have since banned, and remove that problem)- but, still, everyone’s knee-jerk reaction was to just defederate. Nuke from orbit.

                  • db0@lemmy.dbzer0.com
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    1 year ago

                    Someone vouches for a bad actor, bad actor vouches for more bad actors- then they can circle jerk their own reputation up.

                    There’s a chain of trust. If a bad actors lets in all their friend, withdrawing the guarantee from that bad actors, withdraws it from all their friends.

                    Also, what prevents actors in “downvoting” instances hosting content they just don’t like?

                    There’s no “downvote”, but even if I add it, I would add filter so you can ignore “downvotes” from people you don’t agree with, or only see “downvotes” from instances you agree with.

              • csm10495@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                When it’s worded this way, replace ‘trusted individual’ with ‘reddit admin’.

                Isn’t it similar to putting a select group in charge? How is it different?

                • HTTP_404_NotFound@lemmyonline.comOP
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Well- because instance owners have full control over what they want to do with the data too.

                  It’s not forced. It’s just- a directory of instances, which were vetted by others.

          • db0@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            For contributing, it’s open source so if you have ideas for further automation I’m all ears.

      • Kichae@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        The solution is to choose servers with admins who are enabling bot protections.

        If admins are not using methods to dissuade bot signups, then they’re not keeping their site clean for their users. They’re being a bad admin.

        If they’re not protecting their site against bots, they’re also not protecting the network against hosts. That makes them bad denizens of the Fediverse, and the rest of us should take action to protect the network.

        And that means cutting ties with those who endanger it.

        • HTTP_404_NotFound@lemmyonline.comOP
          link
          fedilink
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          See the original post. (may have changes’ since you read it)

          I can spin up a fresh instance in UNDER 15 seconds, and be federated with your server in under a minute.

          There is literally nothing that can be done to stop this currently, unless servers completely wall themselves from the outside world, and follow a whitelisting approach. However, this ruins one of the massive benefits of the fediverse.

          • Kichae@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Yeah, setting up new instances is a different issue, of course. And there is definitely a lack tools to help with that as of yet. We need things like rate limiting on new federations, or on unusual traffic spikes, mod queues for posts that get caught up in them. Plus the ability to purge all posts and comments from users from defederated sites.

            Among other things.

          • dedale@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            I can think of a way to help with the problem, but I don’t know how hard it would be to implement.

            Create some sort of trust score, where instance owners rate other instances they federate with.
            Then the score gets shared in the network. Like some sort of federated whitelisting.
            You would have to be prudent a first, but not do the whole task yourself.

            You could even add an “adventurousness” slider, to widen or restrict the network based on this score.

          • o_o@programming.dev
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            1 year ago

            There are two worries here:

            1. Bots on established and valid instances (Should be handled by mods and instance admins, just like conventional non-federated forums. Perhaps more tooling is required for this— do you have any suggestions? However, I think it’s a little premature to say that federation is inherently more susceptible or that corrective action is desperately needed right now.).

            2. Bots on bot-created instances. (Could be handled by adding some conditions before federating with instances, such as a unique domain requirement. Not sure what we have in this space yet. This will limit the ability to bulk-create instances. After that, individual bot-run instances can be defederated with if they become annoyances.)

          • Saik0@lemmy.saik0.com
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            3
            ·
            1 year ago

            I can spin up a fresh instance in UNDER 15 seconds, and be federated with your server in under a minute.

            And I can blacklist your instance in less than 5 seconds. We have the answer. Administrators of instances have the power to do whatever disposition they want already.

            • HTTP_404_NotFound@lemmyonline.comOP
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              6
              ·
              1 year ago

              Quit being a twerp, and work with us.

              And I can blacklist your instance in less than 5 seconds.

              First, you have to IDENTIFY the bad-instances. Have a tool for that? Have a method to filter out good from bad?

              No. You don’t.

              • Saik0@lemmy.saik0.com
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                3
                ·
                edit-2
                1 year ago

                No. You don’t.

                Yes I do. Because I actually understand how servers work. If your just running Lemmy with no understanding of how the internet works… then you’re doing yourself a disservice.

                Edit: Oh I missed this the first time I read it…

                Quit being a twerp, and work with us.

                Yeah no. I have no interest to work with leeches that don’t understand how to run services. Let alone ones that jump straight to ad hominem.

                • HTTP_404_NotFound@lemmyonline.comOP
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  10
                  ·
                  edit-2
                  1 year ago

                  Then seriously, go fuck off back to your server, and don’t come fussing when you get overran by bots.

                  Wait- why are you even in this conversation? You have two users… and four posts.

                  Oh, and you even subscribe to lemmygrad.nl, and other extremist instances.

                  • Saik0@lemmy.saik0.com
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 year ago

                    go fuck off back to your server,

                    Lmao. You’re not even a user of lemmy.ml, the site you’re actually posting to. I’ll do whatever I want because that’s the point of the fediverse. Feel free to actually use the functions of lemmy and I dunno… block me… or if you’re an admin on your instance, defederate/block mine. It’s really simple if your feelings are hurt to find your own solution without resorting to name calling and hostility. You choose hostility, and that just shows how disgusting your behavior is.

                    It’s not my fault you don’t understand how firewalls, proxies, reverse proxies, web servers, http, or lemmy itself actually works. There’s SO many answers to these problems already out there but people like you act like it’s the end of the world.

                    and don’t come fussing when you get overran by bots.

                    It won’t happen. Because I actually understand how to run services like this.

      • towerful@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Is this finally an application for a Blockchain?
        Some sort of decentralised registry of instance reputation?

          • towerful@beehaw.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Which is awesome.
            I actually have no idea where Blockchain tech could exist.
            A reputation could be an excellent example. But if it can be manipulated or gamed, it kinda makes it pointless.
            At which point a centralised registry makes sense.
            As long as the central registrar can be trusted.
            But I don’t think Blockchain solves that point of trust.

            So, once again, turns out Blockchain tech is pretty useless.

            • HTTP_404_NotFound@lemmyonline.comOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              1 year ago

              The blockchain would just add the ability to verify somebody said, what it says they said.

              Ie- if I say, hey, towerful is a great person. A blockchain could be leverage to ensure that that was said by me.

              It does have a use- but, there is a big price to pay for using it, in terms of complexity, performance, and sized used.

              In this case, I would call it unnecessary overhead, unless we determine there is foul play occuring at the point of centralization.

              Edit- Although, it is still possible for users to sign messages, and still use a centralized location. That gives the best of both worlds, without the needless added complexity.