this post was submitted on 29 Jun 2023
58 points (100.0% liked)

The Agora

1600 readers
1 users here now

In the spirit of the Ancient Greek Agora, we invite you to join our vibrant community - a contemporary meeting place for the exchange of ideas, inspired by the practices of old. Just as the Agora served as the heart of public life in Ancient Athens, our platform is designed to be the epicenter of meaningful discussion and thought-provoking dialogue.

Here, you are encouraged to speak your mind, share your insights, and engage in stimulating discussions. This is your opportunity to shape and influence our collective journey, just like the free citizens of Athens who gathered at the Agora to make significant decisions that impacted their society.

You're not alone in your quest for knowledge and understanding. In this community, you'll find support from like-minded individuals who, like you, are eager to explore new perspectives, challenge their preconceptions, and grow intellectually.

Remember, every voice matters and your contribution can make a difference. We believe that through open dialogue, mutual respect, and a shared commitment to discovery, we can foster a community that embodies the democratic spirit of the Agora in our modern world.

Community guidelines
New posts should begin with one of the following:

Only moderators may create a [Vote] post.

Voting History & Results

founded 1 year ago
MODERATORS
 

If you look at the top ~20 servers on fedidb, they are very clearly botswarms. Either intentionally set up that way, or accidentally due to turning off protections and not deleting users.

You can tell this because they have 70,000 registered users, but only 10 of them are active.

I believe we should pre-emptively defederate with botswarms before they're turned on. If the instance owners clear out the bots on their instances (like lemmy.ninja did) then they should be immediately refederated.

I don't know about you guys, but I don't want this place to be drowned in spam as soon as they're activated.

top 18 comments
sorted by: hot top controversial new old
[–] Master 13 points 1 year ago* (last edited 1 year ago)

I also agree that lemmy instances should defederate from botswarm servers. If they can clean themselves or prove they are not botswarms then refederate. But there is little to no benefit from allowing them to run amok.

It's not even necessarily bot content that is an issue but bot swarms would dictate what content everyone sees through artificially altering the votes on content posted. It's one of the reasons people have been fleeing reddit and we dont want that here either.

[–] the_boxhead 13 points 1 year ago

Yup, fully agree.

[–] jwiggler 9 points 1 year ago (1 children)

Question: what is the practical effect of remaining federated with an active bot swarm? Is it just that I will see bot posts in my "all" page? Or that bots will be able to post and comment in communities here and those that we are federated with?

Sorry, I'm new to fediverse, so I'm not super familiar

[–] Barbarian 7 points 1 year ago* (last edited 1 year ago) (1 children)

There are 2 downsides, 1 small and 1 larger:

Small one: the few real users there will be defederated through no fault of their own

Larger downside: the admins of that instance will not see why they're defederated (technical limitation). They may not know why, or even know that they have a large botswarm on their instance

I feel that these downsides are worth it though.

[–] jwiggler 6 points 1 year ago* (last edited 1 year ago) (1 children)

Sure, but I guess my question is what are the risks if nothing happens? In your post you say,

I don’t want this place to be drowned in spam as soon as they’re activated.

But what does this actually practically mean for me? Will the spam show up in my "all" page, or is the spam in the form of comments from bots on communities in sh.itjust.works, or something else? I'm not familiar enough with Lemmy, I feel, to understand the risks that a bot swarm on a different server poses to other servers

[–] Barbarian 8 points 1 year ago (1 children)

Anything that a user can do and the bot owner wants to do.

Could be automated vote brigading, could be spam comments, could be spam posts in any community.

[–] jwiggler 5 points 1 year ago

Oh shit. Yeah, that's an issue.

[–] sneakyninjapants 9 points 1 year ago* (last edited 1 year ago) (1 children)

I've expressed concerns about the potential effects of a bot-swarm before, and have had a few mildly constructive conversations about it. Here is a thread where I lay out a few of my concerns on the matter, but I'll copy the relevant text here for easier discovery.


Me:

I’m all for bots that are used as tools for the community, the invidious one seems pretty great too. A bit concerned about what the potential “bot army” on some of these instances will be used for going forward though.

@[email protected]

There is an option to hide bot accounts in your account settings. This is also why all bots must be tagged as such so people can choose if they want to see them or not, that’s the agreement with allowing bots on Lemmy for most instances.

Me:

I guess with that in mind, that brings different concerns into view for me. I’m wondering what proportion of this wave of bots have checked that option identifying themselves as such? If they’re good bots they will of course, but I’ve also read through posts of instance operators claiming they’ve gotten thousands of bot signups in hours, which doesn’t seem like good bot behavior to me. Are they likely to identify themselves as bots? Even if they did, would it matter? One example off the cuff, I should be able filter bots from my feed and comments as you say, but what’s stopping them from upvoting / downvoting a specific group of user’s submissions and comments to the top of my hot feed, or upvoting / downvoting by keyword? If that happens en-masse you wouldn’t really be able to say that posts and comments are being ranked or discovered organically based on merit. While this sort of thing I suspect happens often elsewhere, it can serve to control the flow of information based on a single or small group of people’s will(s).


That is just one of the more insidious possibilities that a bot-swarm could be used for. Spamming, scamming, brigading, and poisoning discussions en-masse are all possible with even a moderately sized number of bots with the technical ability to put them to use on a platform of this size.

I've also seen announcement posts and the resulting post in The Agora covering the use of one tool (The Lemmy Overseer) that can help to automate the de/refederation of likely bot-infested instances. While I don't think the tool is going to deter particularly motivated actors, it should take care of the "low-hanging fruit" that is the tens of thousands of suspected bot accounts that have had no engagement on the platform since account creation. Instance owners take on a lot of responsibility when federating with others, just one of which is being responsible for securing their instance against automated signups. Once they take care of their bot problem they can become refederated automatically.

TLDR: I think we should defederate botted instances preemptively. Automatic refederation is possible, and a Matrix channel for instance operators exists for discussing refederation as a fallback measure.

[–] Barbarian 6 points 1 year ago (1 children)

Thank you for your input. You've obviously thought a lot about this and are bringing a lot to the table.

Personally, priority number one is removing the low-hanging fruit. Once we've done that, we can think about more complex goals in terms of how to defend ourselves against more complex bots. We need to start here though, and soon.

[–] sneakyninjapants 3 points 1 year ago* (last edited 1 year ago)

Of course and thank you. I agree completely. I think going forward, that instance admins who are utilizing a defense-in-depth strategy with tools like Lemmy Overseer, automated account creation hurdles, and other emergent tools (one example) will be the most effective in keeping this part of the federation largely free of the bot-swarm.

[–] haxe11 9 points 1 year ago (1 children)

We did vote for using an automated tool, even, to protect against such instances: https://sh.itjust.works/post/338826

[–] Barbarian 6 points 1 year ago

Right as that vote was happening, we had new mods appointed and a new system for voting that involved a mandatory discussion step (which I 100% agree with).

Starting this with the new process and rules I felt was important as this is an important issue.

[–] nanoUFO 6 points 1 year ago

Aye, the only reason we haven't seen any damage yet because they haven't used against us yet. I don't know any positive reason for why someone would make 20k accounts on an instance. Those instances should be refederated once they solve that issue.

[–] kersploosh 3 points 1 year ago

I generally agree, but it depends on the criteria used to identify suspected botswarm servers. I'd be okay with something simple like calculating an instance's (monthly active users) / (total users) = X and then defederate if X is below some very small value.

The automated tool mentioned by @[email protected] sounds interesting in concept but can't dig into the details at the moment.

[–] thetokenlady 2 points 1 year ago

Agree. Defederate

[–] goat 2 points 1 year ago
[–] thelsim 1 points 1 year ago

I'm not very well versed in how all of this works or what the consequences of a defederation are (besides, you know, not getting to see its content anymore). But an instance with such an odd composition of users and active users should be watched with suspicion. I don't know if immediate defederation is the best solution, but it might be a good idea to have some kind of policy ready should suspicions be proven to be true?

[–] goat -4 points 1 year ago