this post was submitted on 11 Nov 2023
16 points (69.0% liked)

Ask Lemmy

27036 readers
986 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try [email protected]


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
16
submitted 1 year ago* (last edited 1 year ago) by Inept to c/asklemmy
 

I came here for the same reasons as most of you and chiefly among them was to escape the corporate embrace of common social media platforms.

But how much trust can we place into Lemmy, Mastodon, and/or other various integrated Fediverse platform instances?

I'm all for open-source and transparency which the devs seem to provide, although providing source code and routinely audited source code are entirely different concepts.

Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.

So I ask simply: How much faith do you have? (Please provide supporting documentation links supporting your answer because I'm genuinely interested.)

EDIT: I literally removed a semi-colon character ':'

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 1 year ago (2 children)

Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.

That's ultimately just the Internet being the Internet.

On the fediverse, any instance shouldn't blindly trust any other instance for that exact reason. That's part of the game. Instances share the data over ActivityPub, and it's up to you to process and make use of that data. That includes spam filtering and whatnot. Some instances have CSAM detection for example.

Every instance that's subscribed to a user or community gets the full set of data: every vote, from every user, from every instance involved. We have the data, we can analyze it. And that's what really matters.

It doesn't matter if there's rogue instances trying to manipulate votes. Everyone have the data to detect and filter out the noise. Maybe one day it'll be like E-Mail where the majority of the traffic is spam. But just like E-Mail, we'll make filters and make it work. If all else fails, there's always the allowlist method: only see content from sources you trust not be spammy. You can even run AI models on it to filter the data if you want. You have the data, you can do whatever you want with it to make it useful for you.

I have faith in the protocol and its openness, not the software that runs it.

[–] Inept 1 points 1 year ago (1 children)

Thank you for your response. May I ask (since you seem very knowledgeable): Could a singular instance manipulate their backend votes on a single post and have it replicate in order to garner more/less interest?

Example:

UPDATE Posts
SET Updoots = 1000000    -- or SET Updoots = 0
WHERE PostId = 1;

I'll admit that I have not properly studied the ActivityPub implementation as described by activitypub.rocks, but we're all continuously learning.

[–] [email protected] 3 points 1 year ago

Kind of but not really? You'd have to federate out every vote individually. There's no upvotes totals anywhere, there's a vote table that contains who voted up/down on what, and it's counted as needed. So if you want to send out 1000 votes, you need 1000 valid users and also send 1000 different activities to at least one instance.

You can make it display 100000 votes on your own instance if you want, but it's not going to alter the rating on other instances because they run their own tally.

If you really want this to work long term, you need a credible looking instance with credible looking users that are ideally actually subscribed to the target community, and credible activity patterns too. Otherwise, the community can detect what you're doing and defederate you and purge all the activities from your instance, and also revert all those votes as a side effect.

Remember, all votes are individual activities, and all votes are replicated individually to every instance. On Kbin, you can even see all the votes right from the UI, they don't even hide it! You can count them yourself if you want. So anyone with the dataset can analyze it and sound the alarm. And each instance can potentially have its own algorithm for that, so instead of having just one target to game, like Reddit and a subreddit, you have hundreds of instances to fool. There's so many signals I could use to fight spam: instance age, instance user growth, the frequency and timing of the votes, are the users seemingly active 24/7, what other communities those users post into, what are they voting for, do they all vote in agreement with each other, and on and on.

So, you technically can manipulate votes but it takes a lot of effort and care to make it as hard as possible to detect in practice. We play the same cat and mouse game as Reddit, but distributed and with many more eyes on it.