The best part of the fediverse is that anyone can run their own server. The downside of this is that anyone can easily create hordes of fake accounts, as I will now demonstrate.
Fighting fake accounts is hard and most implementations do not currently have an effective way of filtering out fake accounts. I’m sure that the developers will step in if this becomes a bigger problem. Until then, remember that votes are just a number.
Fake/bot accounts have always existed. How many times has a “YouTuber” ran a “giveaway” in their comments section?
Yes but you presumably had to go through a captcha to make each one, whereas here someone can spin up an instance and ‘create’ 1 million accounts immediately.
This gives me an idea;
Don’t store incoming data from remote instances into the “Main DB” immediately. Store them into SUBORDINATE DATABASES!
The logic of how you arrange these subordinate databases should be simple; depending on which instance you’re communicating with you could select a subordinate database like so;
- First; we need to have a “Main Delay” database. This database is used by all the instances we Both Federate With, and Mark as one we Trust! and we merge all records here into the main database on a specified timeframe to give ourselves a little time to roll back the clock if something betrays that trusted status.
- Secondly we need to have unique little databases for each little instance that we Federate with, but do not yet mark with trust! These little DBs are merged into “Main Delay”, then Main on a different time-delay schedule. This gives us even more time to roll back large-scale attacks, spam or flooding via ActivityPub as well as time to just smack the “Defederate” button as soon as they start to misbehave and, optionally, jettison the garbage data that caused the need for Defederation as well.
Federated actions are never truly private, including votes. While it’s inevitable that some people will abuse the vote viewing function to harass people who downvoted them, public votes are useful to identify bot swarms manipulating discussions.
This. It’s only a matter of time until we can automatically detected vote manipulation. Furthermore, there’s a possibility that in future versions we can decrease the weight of votes coming from certain instances that might be suspicious.
And it’s only a matter of time until that detection can be evaded. The knife cuts both ways. Automation and the availability of internet resources makes this back and forth inevitable and unending. The devs, instance admins and users that coalesce to make the “Lemmy” have to be dedicated to that. Everyone else will just kind of fade away as edge cases or slow death.
This is something that will be hard to solve. You can’t really effectively discern between a large instance with a lot of users, and instance with lot of fake users that’s making them look like real users. Any kind of protection I can think of, for example based on the activity of the users, can be simply faked by the bot server.
The only solution I see is to just publish the vote% or vote counts per instance, since that’s what the local server knows, and let us personally ban instances we don’t recognize or care about, so their votes won’t count in our feed.
[This comment has been deleted by an automated system]
I wonder if it’s possible …and not overly undesirable… to have your instance essentially put an import tax on other instances’ votes. On the one hand, it’s a dangerous direction for a free and equal internet; but on the other, it’s a way of allowing access to dubious communities/instances, without giving them the power to overwhelm your users’ feeds. Essentially, the user gets the content of the fediverse, primarily curated by the community of their own instance.
when you say import tax do you mean actual monetary payment? Or a computing power tax? I don’t think I understand
I was reading it as lowering the value of an upvote from instances that are known to harbor click farming accounts. I could be wrong though.
That defeats the purpose of decentralization and creates a dangerous precedent. The entire point of Lemmy is that every instance is equally valid and legitimate. If certain instances are elevated above others, we’re on our way to do what Gmail and Microsoft did to email.
Oh, I’m not saying I agree, I definitely think it sets a dangerous precedent
So, I didn’t mean instances treated unequally in the grand, set-in-protocol scheme of the fediverse - as if some centralised authority/agreement that this instance counts for more than that. Just as defederation doesn’t make meta’s instance authoritatively illigitimate.
But an instance can choose, within that instance, to defederate with another; likewise an instance within itself could deprioritise some or all others’ instances’ votes.
Still agree dangerous precedent …but still wonder if some sort of instance-controlled moderation of external content is eventually necessary in the future. Or, I suppose, there could be separate services (much like ad-block lists) that users individually could enable to auto-moderate/adjust their own feeds.
And (sorry for waffling!) I suppose it depends a lot on how much you browse specific communities and how much you scroll “all” or whatever. Back in the before-days, I’m used to subbing to very few communities, and generally lazily browsing r/all
Out of interest, within a community (that’s what a sublemmy is called, right?) is there any facility to prioritise votes of people subscribed to that community over those not subscribed? Was that the thing with brigading before (sorry, didn’t realise this before!) that mods can moderate and ban posts/posters but not votes/voters?
I agree it would be a dangerous precedent.
Thing is, though, every instance is not equally valid and legitimate: that’s the reason for defederating from Threads.
Not sure what you mean by what Gmail and Microsoft did to email? Do you mean that they assume many unknown email origins are spam? Though Gmail’s obviously attracted a lot of users, and I myself have moved off it now to paying for my email provider elsewhere, I was under the impression it’s been quite good for email and for pushing secure email, and being good at anti-spam.
I mean that Microsoft and Gmail took over the email protocol and right now if you stand up your own email server with a new domain/IP you basically have zero chance to get your mail delivered anywhere. They’ve positioned themselves as “higher” authority because of the sheer number of users they control and can now control the entire email system.
Same thing could happen with instances if we elevate lemme.world or any other instance to be “more legitimate” so their user votes count higher.
Uh no. Just implement DKIM if your messages are not being sent correctly. Spam is killing email, making admins implement more protocols such as DKIM but that isn’t “google and Microsoft killing email”
Yeah, that’s the idea
Edit: but I was thinking the result to be specific to your instance, rather than a fediverse-wide vote-rank standardisation.
So, e.g. to a viewer signed into lemmy.ml votes from within lemmy.ml would count more; but to the member of ispamlemmywithhate.crap, votes from ispamlemmywithhate.crap would count more
Creating a foreign exchange for upvotes? 1 upvote from lemmy.world account = 25 upvotes from acconamatta.basementlemmy?
Maybe adjust by the number of upvotes coming from that instance (negatively) and by the number of upvotes users of your instance give over their (positively). If one instance spams upvotes, these upvotes loose value. If posts on that instance are popular with your users, the upvotes coming from that instance are more likely to have been made by real users. Maybe we can find a better metric to estimate the number of real, active users on another instance.
Sounds interesting, imilar to the way googles page rank works.
You can do it on your own instance, but the way Lemmy works means you’ll need to do some changes to both native code and SQL queries to make it work reliably. Every instance has complete control over how they display other instances’ data.
You can buy 700 votes anonymously on reddit for really cheap
I don’t see that it’s a big deal, really. It’s the same as it ever was.
Over a houndred dollars for 700 upvotes O_o
I wouldn’t exactly call that cheap 🤑
On the other hand, ten or twenty quick downvotes on an early answer could swing things I guess …
For the companies who want a huge advantage over others, $100 is nothing in an advertising budget.
I have a small business and I do $1000 a week in advertising.
I don’t know anything about advertising but what are you doing that costs $1000 a week? I am legitimately curious.
Advertising is incredibly expensive. I pay upwards to $1/click for one of my services targetting a specific group.
If you hate ads, use something like Ad Nauseum instead of UBlock origin. You’ll cost companies hundreds of dollars a day.
I do use As Nauseum, I love it!
Can you give an example of such ads?
I might start clicking on them out of sheer spite 😄Honestly, most of them :). If you’re reasonably wealthy (make above average wage), every ad you click will cost advertisers at least 25-50¢. The value of your clicks will go down a little depending on a few things, but anything on a website that serves its own ads instead of going through a 3rd party network (think Reddit ads) will stay in the 25-50¢ range, if not more
@OsrsNeedsF2P BRB I’m going to open a Facebook account with a strong liking for expensive watches, real estate and crypto 😄
You have no idea about business expenses do you. I work in the events industry, corporations hold single evening events for their higher up employees for 10s of thousands in only technical expenses, before the venue asks for rent, or the catering etc. A single month of any basic service on the enterprise level starts from 5 grand.
People are down voting you for responding to someone saying they don’t know and would like to know more with “you have no idea do you?”. Like yeah, they said so themselves.
People are downvoting because 1) the tone is unnecessary and 2) it doesn’t answer the question. Sure, huge businesses spend a lot of money. Over 95 percent of businesses have fewer than 100 employees though and depending on size and sector 1000 a week could be nothing or orders of magnitude larger than a small business’s advertising budget.
You have no idea about business expenses do you.
Figure out punctuation first.
super relevant, not everyone speaks english as a first language.
Then those people should not try to insult others for their lack of knowledge about business while displaying a lack of proficiency in English.
You’re right, as I said, I don’t know. That was why I asked.
I run a digital currency investment group.
I can make 10-15k per day, so it’s not a lot in the grand scheme of things
deleted by creator
huge advantage over others, $100 is nothing in an advertising budget.
the only problem here is that 700 reddit upvotes is not “huge advantage over others”. i honestly fail to see how someone could pay $100 for that. i’d consider $10 too much.
or do you spend your $1000 budget on 7000 reddit upvotes? :D
700 extra upvotes in the first couple hours on a medium sized hobby sub is an enormous amount and will give you great exposure to potentially tens of thousands of potential customers who won’t just ignore it like some banner ad (since they’ll think it’s real content).
If you’re an indie dev marketing game, it’s cheap as shit. Shoving your post into the faces of thousands would very easily get you more than that in sales.
Cause the problem, sell the solution. What a degenerate.
To me, the draw of Lemmy is that it’s not the same as it ever was here. I don’t know the internet before ads, this place is great!
Two solutions that I see:
- Mods and/or admins need to be notified when a post has a lot of upvotes from accounts on the same instance.
- Generalize whitelists and requests to federate from new instances.
No need to make all federation under a whitelist. It’s enough to ignore votes from suspicious instances or reduce their weight.
Depends if the rate of creation of the suspicious instances is higher than the mods can manage.
New instances would have a lower voting weight by default.
This blog post is fantastic! It’s packed with valuable insights and actionable advice. Thanks for sharing such an informative and well-written article. buy Linkedin Connections
Wouldn’t a detection system be way better? I can see a machine learning model handling this rather well. Correlate the main accounts to their upvoters across all their posts and create a flag if it returns positive. It would be more of a mod tool, really.
I have already ran into a very obvious Russian troll factory account and it really drags down the quality of the place. Freedom of speech shouldn’t extend to war criminals and I’d rather leave any clusterfuck that allows it, whether they do it through will or incompetence.
I‘m not a fan of up- and downvotes, also but not only for the aforementioned reasons. Classic forums ran fine without any of it.
Classic forums still exist.
Voting does allow the cream to rise to the top, which is why reddit was much better than a forum.
Honestly, I think part of the problem is that companies don’t have an incentive to fight bots or spam: higher numbers of users and engagement make them look better to investors and advertisers.
I don’t think it’s that difficult of a problem to solve. It should be quite possible to detect patterns between real users and bots.
We will see how the fediverse handles it.
deleted by creator
I keep thinking about this. The only reason for votes that a forum cant do, is filtering massive content quantities through an equally massive userbase to get pages of great and revolving posts. In a forum you can just filter with comments/hour and give free promotion to new posts.
I like upvotes, otherwise I’d have stayed on forums. It’s also one of the only ethical algorithmic sorting methods as long as you can whitelist your members.
I ironically up vote this also. Agreed to no upvote and downvot.
Lets cut the sorting to chronological order. With options to arrange to new or old only.
deleted by creator
I’ve always wondered if it would help to have to reply in order to give an up/downvote but I assume it would likely just result in more spam. Still, I hope people are thinking of new ways to try things
Ironically, I agree and upvoted this.
I wonder if an instance could only allow votes by users who are part of instances that require email verification or some other verification method. I would imagine that would heavily help reduce vote manipulation on that particular instance.
You can manipulate the registration indicator. The only reliable way to check would be to try to register an account with every server and see if it works, but you’ll need someone solving CAPTCHAs all day to make that work.
This alone wouldn’t help because I can just set up an instance that requires email verification (or any other kind) and automate it still since I can make infinite emails with my own domain.
deleted by creator
What is the definition of a “fake account”?
Are you an academic or just dense?
Let’s go academic with it, and skip straight past “impossible to answer” directly to heuristic / attribute analysis.
What are the attributes / behaviors / tells of a fake account?
Are you an academic or just dense?
I thought beehaw is all about inclusivity and safe space and friendly shit
Who says I’m not being inclusive. If I want to provide a helpful answer to the question, I must know what perspective they’re asking from.
In this context it would be an account with the sole purpose of boosting the visible popularity of a post or comment.
But that’s kinda the point of all posts. You post because you want people to see something and you want your post to be popular so it can be seen by the largest amount of people.
Your right. You just asked what a “fake account” was though. I think it’s generally accepted that if you create “alt” accounts for the sole purpose of vote manipulation, you’re being a dick.
Why am I being a dick, I was genuinely curious. What do you mean “vote manipulation”? Like making a post with one account and creating another one to upvote the post?
I didn’t mean YOU are being a dick. If SOMEONE creates “alt” accounts for the sole purpose of vote manipulation, they’re being a dick. I was using the royal “you,” a weird english language thing. You, yourself, are not a dick. We’ll you might be, but I don’t think so.
Sorry, I misunderstood. I definitely agree accounts created for the sole purpose of upvoting stuff/bot farms are bad. I just don’t know if there’s an effective way to fight it as they’re getting pretty elaborate these days and it’s hard to distinguish them from real accounts.
Pretty soon we’ll be at the point where no one will trust anything on the Internet.
Assuming a users upvote history or karma ever meant anything, this demonstrates perfectly it’s useless on Lemmy.
Honestly, thank you for demonstrating a clear limitation of how things currently work. Lemmy (and Kbin) probably should look into internal rate limiting on posts to avoid this.
I’m a bit naive on the subject, but perhaps there’s a way to detect “over x amount of votes from over x amount of users from this instance”? and basically invalidate them?
How do you differentiate between a small instance where 10 votes would already be suspicious vs a large instance such as lemmy.world, where 10 would be normal?
I don’t think instances publish how many users they have and it’s not reliable anyway, since you can easily fudge those numbers.
10 votes within a minute of each other is probably normal. 10 votes all at once, or microseconds of each other, is statistically less likely to happen.
I won’t pretend to be an expert on the subject, but it seems like it’s mathematically possible to set some kind of threshold? If a set percent of users from an instance are all interacting microseconds from each other on one post locally, that ought to trigger a flag.
Not all instances advertise their user counts accurately, but they’re nevertheless reflected through a NodeInfo endpoint.
Surely the bot server can just set up a random delay between upvotes to circumvent that sort of detection
expired
How would you prevent someone using wildcard domains from spamming servers the same way they can spam clients? The Fediverse has no way to distinguish between subdomains and normal domains. Anyone running an instance through classic DDNS would be affected by this.
The approach could work, but it would invalidate some major assumptions in the Fediverse itself. The algorithm would also need to make sure a few single user instances don’t get to sway entire servers.
Interesting idea.
Small instances are cheap, so we need a way to prevent 100 bot instances running on the same server from gaming this too
expired
deleted by creator
This would be rather to detect and alert admin of a bad actors (instances) and then admin can kick it off from federation same for other tupe of offences.
This could become a problem on posts only relevant on one server
Obviously, on the server the posts are from, you display the full vote count. There, the admins know the accounts, can vet them, etc.
