this post was submitted on 27 Jul 2023
432 points (98.9% liked)

sh.itjust.works Main Community

7584 readers
3 users here now

Home of the sh.itjust.works instance.

Matrix

founded 2 years ago
MODERATORS
 

This is an update to my previous post about suspicious inactive accounts on a handful of instances: (https://sh.itjust.works/post/998307).

I ended up messaging the admins at the 16 instances show in the attached image. I pointed out their wild user numbers, and referenced the lemmy.ninja post detailing how that instance scrubbed suspicious accounts from their user database.

6 admins responded. They had all noticed the odd accounts and either thought the numbers were wrong, or weren't sure how to purge the suspicious accounts without nuking their databases. In the end they managed to delete a combined total of about 338k dormant accounts from their instances. (One of the instances seems to have gone down since then.)

I never received a reply from the other 10 instance admins, though 8 of those 10 instances appear to be down (as of 27 July 2023). 2 instances are still up and unchanged.

Between the actively removed accounts and the downed instances, this represents a loss of 930,004 inactive Lemmy accounts!

You can see the drop in the graphs on The Federation. The total number of Lemmy accounts has been cut in half over the past 3 weeks, from a peak of 2.18M to today's 1.09M. The change is mostly from these 16 instances.

I have to admit, I did not expect such a large change when I started this! Hopefully this bodes well for Lemmy's future as a place where actual humans interact, rather than a cesspool of automated comments and upvote/downvote brigading.

That's all I have for now. Keep your stick on the ice; we're all in this together.

top 36 comments
sorted by: hot top controversial new old
[–] [email protected] 47 points 1 year ago (1 children)

This dude is personally going on a robot extermination rampage. Thanks yo!

[–] [email protected] 13 points 1 year ago

My man saw Terminator

[–] [email protected] 40 points 1 year ago

Keep it up! You guys don't get enough credit. Thanks for the update.

[–] [email protected] 18 points 1 year ago

That's awesome. Keep up the good work!

[–] [email protected] 18 points 1 year ago (1 children)
[–] [email protected] 11 points 1 year ago

Dang, good on you for following through and messaging the admins, and good on the admins who took action.

[–] [email protected] 17 points 1 year ago (2 children)

Wow lol that's a huge number of bots. Two questions come into mind though:

  1. What about bot accounts that are not inactive but instead are spamming for example?
  2. What about real people that just lurk?
[–] [email protected] 17 points 1 year ago (2 children)

Per my original post from three weeks ago, I'm using a coarse method to identify (and try to draw the admins' attention to) a particular pool of accounts that were created in a specific week on a handful of instances. Actively spamming bot accounts, and bot accounts on other instances, won't be caught with my method. I'm not being thorough, just looking for low-hanging fruit.

It is possible that some legitimate users' lurking accounts got swept up and deleted, but I think that's very unlikely. If an instance suddenly goes from 3 users to 60,000 users in a week, then the growth abruptly stops and none of those new users show activity, that's suspicious. If there are real people in that wave of accounts then at least a few of them should be posting or commenting, and more people should continue opening accounts over time.

[–] [email protected] 3 points 1 year ago

Do you have any idea what these accounts are doing?

[–] [email protected] 3 points 1 year ago (1 children)

If those accounts aren't doing anything detectable (spamming, etc), what's the problem with their existence?

[–] [email protected] 11 points 1 year ago

There's no problem with them at the moment. The concern is that they may be bot accounts that will be activated at some point in the future for malicious use: spamming, spewing politically charged garbage, mass upvoting/downvoting of certain content, etc.

[–] [email protected] 4 points 1 year ago

Oh damn, I normally lurk w this account because I have some issues with some posts and comments not showing when they're from different instances (yes I've set my language to undetermined too). I have my main on feddit.de but I only see a fraction of the comments when I look at the same post on that account. Mainly the comments from the users of other instances than feddit.de are hidden. Doesn't seem to be a federation issue (I think?) because I can find the communities and they should be federated. Maybe it's a Jerboa issue idk.

[–] TheTaj 13 points 1 year ago (1 children)

Does this mean if I spend 6 months as a lemmy lurker you will nuke my account?

[–] [email protected] 23 points 1 year ago (2 children)

If you created your account on these specific instances during a particular week in June 2023, and the instance admin decides your account looks suspicious, then you might get nuked. Otherwise, no worries. I'm not campaigning to remove all lurkers, or even trying to be thorough about removing possible bot accounts. I'm going after low-hanging fruit: a particular pool of suspicious-looking accounts on a handful of instances.

[–] [email protected] 3 points 1 year ago (1 children)

Don't listen to him, he's just going around blasting anything that breathes too slow 😂

[–] [email protected] 1 points 1 year ago

"Pew, pew, pew!" lol

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Sorry, meant to reply to the top level comment.

[–] [email protected] 12 points 1 year ago

My man is the bot wrangler. Wrangler of bots. One who gets bots wrangled.

[–] miked 10 points 1 year ago (2 children)

Keep your stick on the ice

You sound Canadian.

[–] [email protected] 11 points 1 year ago (3 children)

American, but it's a line from a Canadian TV show that leaked across the border.

[–] Hextic 12 points 1 year ago (2 children)

And remember: if the women don't find you handsome, they should at least find you handy.

[–] [email protected] 3 points 1 year ago

You forgot to add the chainsaw noises in the background

[–] [email protected] 3 points 1 year ago

My buddy got to meet them once with some crazy shit he made out of duct tape. I cannot for the life of me remember what it was though

[–] [email protected] 6 points 1 year ago

Red Green forevah!!!

[–] [email protected] 6 points 1 year ago

I've simultaneously watched too much and not enough Red Green. I grew up near the Canadian border and had neighbors like Red Green.

[–] [email protected] 5 points 1 year ago

The best nationality on the north west hemisphere fr

[–] [email protected] 9 points 1 year ago (2 children)

Fantastic work.

Do you think the bot numbers for Reddit will be as bad or worse? Or is there better protection over there?

[–] PriorProject 21 points 1 year ago* (last edited 1 year ago)

No major social media site publishes estimates on bot activity, so unless someone is citing a research paper with a reasonable bot-id technique, they're speculating. That said, there are a few useful things we can say with only modest speculation:

  1. No commercial social media site has as trivial a sign up process as these instances. They had no email verification, no captcha, and no validation or gating process of any kind. Scripts created this users with a single API call, hitting it as fast as the server would respond. So on the account validation front, reddit does better than these instances of keeping bots out.
  2. Every commercial social media site has a security team that attempts to monitor bots and has the capability to remove them. Some of these admins were aware of the signups, and others didn't know how to respond. So on the monitoring and response front, reddit is more sophisticated at detecting and responding to bots.
  3. These instances I believe had zero or one active users vs 100k+ bot accounts. It's hard to say what the bot rates are on commercial social media sites, but I think we can confidently bound it to something lower than 100k to 1 in favor of bots.
  4. The aggregate number of bots represented about half the total lemmyverse. I'm sure someone will disagree with me, but I would be pretty surprised if half the signups at commercial sites are malicious. But that's more plausible than 100k to 1.
  5. But one the other hand, the activity of these bots is public, and they demonstrably didn't do anything. At least some of the malicious/clandestine bot accounts on commercial social media sites are active... so maybe here Lemmy gets the win since this massive wave of bots went unused. Now, that doesn't mean that OTHER more sophisticated and undetected bits aren't active on Lemmy just as they are on other social sites. But my bet is there is little to none because Lemmy doesn't matter enough to be worth attacking by the people who are able to run sophisticated bots. But this is hard to prove one way or another.

TLDR: This signup wave was so unsophisticated it would never have been possible on a major social site with a security team. But it also didn't do any altanfible damage, unlike clandestine bot activity on major social sites. Depending on what metrics you use to compare (and how made up your metrics are, since this is all about activity that attempts to stay hidden), either side can come out on top.

[–] [email protected] 5 points 1 year ago

I can't say. I don't know of a good way to tell an authentic human-driven account from a bot account, either on Lemmy or Reddit. Here on Lemmy we can at least get aggregate user data and point to suspicious trends, which is all I have done. Reddit, on the other hand, is a completely closed box.

[–] [email protected] 5 points 1 year ago

Thanks for the follow up and the update. Excellent work on your part!

[–] [email protected] 3 points 1 year ago

doing the lords work!

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 2 points 1 year ago

Wow, really awesome work you and the admins have done.

[–] [email protected] 2 points 1 year ago

That's cool, I'm sure there has been of bunch of those made here too

[–] [email protected] 1 points 1 year ago

You say there's nothing thing to worry about because you're narrowing your focus to one specific week of high activity. If this is the week the Reddit API changes took effect, this is the week I migrated over and I haven't logged into Reddit since. However, there has been some growing pains and with intermittent issues on different instances, I ended up creating accounts on multiple servers that week. I've only commented using this one so far but I appreciate having the others logged in on Jerboa so I can jump between them. Sometimes this is necessary when servers go down temporarily. So far, these other accounts are just for lurking but they can clearly be captured in your net of possible "bots". I think you are greatly underestimating the number of legit accounts you are sweeping up. One thing I have not seen from your posts is any evidence from of malicious activity on these accounts. Therefore, I don't agree with pressuring admins to terminate these accounts in bulk. I would prefer to see action based on truth rather than baseless speculation. What's wrong with removing accounts only if they ever become a problem?

[–] [email protected] 1 points 1 year ago
load more comments
view more: next ›