this post was submitted on 24 Jun 2023
208 points (95.2% liked)

Lemmy

2172 readers
6 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

See THIS POST

Notice- the 2,000 upvotes?

https://gist.github.com/XtremeOwnageDotCom/19422927a5225228c53517652847a76b

It's mostly bot traffic.

Important Note

The OP of that post did admit, to purposely using bots for that demonstration.

I am not making this post, specifically for that post. Rather- we need to collectively organize, and find a method.

Defederation is a nuke from orbit approach, which WILL cause more harm then good, over the long run.

Having admins proactively monitor their content and communities helps- as does enabling new user approvals, captchas, email verification, etc. But, this does not solve the problem.

The REAL problem

But, the real problem- The fediverse is so open, there is NOTHING stopping dedicated bot owners and spammers from...

  1. Creating new instances for hosting bots, and then federating with other servers. (Everything can be fully automated to completely spin up a new instance, in UNDER 15 seconds)
  2. Hiring kids in africa and india to create accounts for 2 cents an hour. NEWS POST 1 POST TWO
  3. Lemmy is EXTREMELY trusting. For example, go look at the stats for my instance online.... (lemmyonline.com) I can assure you, I don't have 30k users and 1.2 million comments.
  4. There is no built-in "real-time" methods for admins via the UI to identify suspicious activity from their users, I am only able to fetch this data directly from the database. I don't think it is even exposed through the rest api.

What can happen if we don't identify a solution.

We know meta wants to infiltrate the fediverse. We know reddits wants the fediverse to fail.

If, a single user, with limited technical resources can manipulate that content, as was proven above-

What is going to happen when big-corpo wants to swing their fist around?

Edits

  1. Removed most of the images containing instances. Some of those issues have already been taken care of. As well, I don't want to distract from the ACTUAL problem.
  2. Cleaned up post.
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 37 points 1 year ago* (last edited 1 year ago) (3 children)

I dont have much to add other than I am an experienced admin and was dismayed at how vulnerable Lemmy is. Having an option to have open registrations with no checks is not great. No serious platform would allow that.

I dont know of a bulletproof way to weed put the bad actors, but a voting system that Lemmy can leverage, with a minimum reputation in order to stay federated might work. This would require some changes that I'm not sure the devs can or would make. Without any protection in place, people will get frustrated and abandon Lemmy. I would.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

When I made a post saying that 90% (now ~95%) of accounts on lemmy are bots the amount of people saying that there's no proof and/or saying to me that there's a lot of people joining from reddit right now was astonishing.

Edit: one person said me that noone would make 1.6mln bots when there are only 150k-200k users on the platform, like WTF.

[–] [email protected] 9 points 1 year ago (1 children)

Another thing is people are likely pre-creating bot accounts and then sitting in them in case additional protections are created...

The problem is, these accounts look to us just like any new user, lurking around getting a feel for the place - there's no way to distinguish them until they start this bots acting in some fashion

[–] T156 1 points 1 year ago

They could also be parking them for later use, using the account age to make it seem "trustworthy".

[–] [email protected] 2 points 1 year ago

that's a problem with democracy itself as a concept