this post was submitted on 09 Jul 2023
1473 points (100.0% liked)

Fediverse

757 readers
1 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
deadsuperhero@lemmy.ml
wakest@lemmy.ml
1473
PSA: Lemmy votes can be manipulated (feddit.nl)
submitted 1 year ago by koper@feddit.nl to c/fediverse@lemmy.ml
121 comments fedilink hide all child comments
 

The best part of the fediverse is that anyone can run their own server. The downside of this is that anyone can easily create hordes of fake accounts, as I will now demonstrate.

Fighting fake accounts is hard and most implementations do not currently have an effective way of filtering out fake accounts. I'm sure that the developers will step in if this becomes a bigger problem. Until then, remember that votes are just a number.

top 50 comments
sorted by: hot top controversial new old
[–] PetrichorBias@lemmy.one 185 points 1 year ago* (last edited 1 year ago) (9 children)

This was a problem on reddit too. Anyone could create accounts - heck, I had 8 accounts:

one main, one alt, one "professional" (linked publicly on my website), and five for my bots (whose accounts were optimistically created, but were never properly run). I had all 8 accounts signed in on my third-party app and I could easily manipulate votes on the posts I posted.

I feel like this is what happened when you'd see posts with hundreds / thousands of upvotes but had only 20-ish comments.

There needs to be a better way to solve this, but I'm unsure if we truly can solve this. Botnets are a problem across all social media (my undergrad thesis many years ago was detecting botnets on Reddit using Graph Neural Networks).

Fwiw, I have only one Lemmy account.

[–] InternetPirate@lemmy.fmhy.ml 20 points 1 year ago* (last edited 1 year ago) (1 children)

I feel like this is what happened when you’d see posts with hundreds / thousands of upvotes but had only 20-ish comments.

Nah it's the same here in Lemmy. It's because the algorithm only accounts for votes and not for user engagement.

[–] AndrewZabar 12 points 1 year ago

Yeah votes are the worst metric to measure anything because of bot voters.

[–] AndrewZabar 20 points 1 year ago

On Reddit there were literally bot armies by which thousands of votes could be instantly implemented. It will become a problem if votes have any actual effect.

It’s fine if they’re only there as an indicator, but if the votes are what determine popularity, prioritize visibility, it will become a total shitshow at some point. And it will be rapid. So yeah, better to have a defense system in place asap.

[–] dandroid@dandroid.app 12 points 1 year ago

If you and several other accounts all upvoted each other from the same IP address, you'll get a warning from reddit. If my wife ever found any of my comments in the wild, she would upvoted them. The third time she did it, we both got a warning about manipulating votes. They threatened to ban both of our accounts if we did it again.

But here, no one is going to check that.

[–] Thorny_Thicket@sopuli.xyz 12 points 1 year ago (1 children)

I always had 3 or 4 reddit accounts in use at once. One for commenting, one for porn, one for discussing drugs and one for pics that could be linked back to me (of my car for example) I also made a new commenting account like once a year so that if someone recognized me they wouldn't be able to find every comment I've ever written.

On lemmy I have just two now (other is for porn) but I'm probably going to make one or two more at some point

[–] authed@lemmy.ml 7 points 1 year ago

I have about 20 reddit accounts... I created/ switched account every few months when I used reddit

[–] AndrewZabar 6 points 1 year ago (1 children)

May I ask how do you format your text? My format bar has disappeared from wefwef.

[–] PetrichorBias@lemmy.one 11 points 1 year ago* (last edited 1 year ago) (1 children)

I don't use wefwef, I use jerboa for android.

**bold**

*italics*

> quote

`code`

# heading

- list

[–] AndrewZabar 9 points 1 year ago* (last edited 1 year ago) (1 children)

Ah ok. Yeah I thought the markdown was the same as reddit being markdown but it used to have a toolbar.

Thanks for response.

Also I’ve wondered why don’t they have an underline markdown.

[–] TWeaK@lemm.ee 5 points 1 year ago* (last edited 1 year ago)

Fun fact: old reddit used to use one of the header functions as an underline. I think it was 5x # that did it. However, this was an unofficial implementation of markdown, and it was discarded with new reddit. Also, being a header function you could only apply it to an entire line or paragraph, rather than individual words.

[–] Hexorg 6 points 1 year ago (2 children)

I think the best solution there is so far is to require captcha for every upvote but that’d lead to poor user experience. I guess it’s the cost benefit of user experience degrading through fake upvotes vs through requiring captcha.

[–] HappyMeatbag 9 points 1 year ago (2 children)

If any instance ever requires a captcha for something as trivial as an upvote, I’ll simply stop upvoting on that instance.

[–] Hexorg 5 points 1 year ago

Yes that’s what I meant by degrading user experience

load more comments (1 replies)
[–] Catsrules@lemmy.ml 4 points 1 year ago

I could see this being useful on a per community basis. Or something that a moderator could turn on and off.

For example on a political or news community during an election. It might be worth while to turn captcha on.

[–] Puph@lemmy.dbzer0.com 5 points 1 year ago (3 children)

I had all 8 accounts signed in on my third-party app and I could easily manipulate votes on the posts I posted.

There's no chance this works. Reddit surely does a simple IP check.

load more comments (3 replies)
load more comments (2 replies)
[–] Wander@yiffit.net 47 points 1 year ago (1 children)

In case anyone's wondering this is what we instance admins can see in the database. In this case it's an obvious example, but this can be used to detect patterns of vote manipulation.

[–] toish@yiffit.net 24 points 1 year ago (1 children)

“Shill” is a rather on-the-nose choice for a name to iterate with haha

[–] Evergreen5970 11 points 1 year ago* (last edited 1 year ago)

I appreciate it, good for demonstration and just tickles my funny bone for some reason. I will be delighted if this user gets to 100,000 upvotes—one for every possible iteration of shill#####.

[–] 7heo@lemmy.ml 38 points 1 year ago* (last edited 1 year ago) (3 children)

expired

[–] nekat_emanresu@lemmy.ml 8 points 1 year ago

Interesting idea.

[–] SQL_InjectMe@partizle.com 4 points 1 year ago (1 children)

Small instances are cheap, so we need a way to prevent 100 bot instances running on the same server from gaming this too

load more comments (1 replies)
load more comments (1 replies)
[–] Andreas@feddit.dk 33 points 1 year ago (1 children)

Federated actions are never truly private, including votes. While it's inevitable that some people will abuse the vote viewing function to harass people who downvoted them, public votes are useful to identify bot swarms manipulating discussions.

[–] Wander@yiffit.net 5 points 1 year ago (1 children)

This. It's only a matter of time until we can automatically detected vote manipulation. Furthermore, there's a possibility that in future versions we can decrease the weight of votes coming from certain instances that might be suspicious.

[–] hawkwind@lemmy.management 5 points 1 year ago

And it’s only a matter of time until that detection can be evaded. The knife cuts both ways. Automation and the availability of internet resources makes this back and forth inevitable and unending. The devs, instance admins and users that coalesce to make the “Lemmy” have to be dedicated to that. Everyone else will just kind of fade away as edge cases or slow death.

[–] mintyfrog@lemmy.ml 20 points 1 year ago

PSA: internet votes are based on a biased sample of users of that site and bots

[–] SkyNTP@lemmy.ml 17 points 1 year ago

So far, the majority of content that approaches spam I've come across on Lemmy has been posts on !fediverse@lemmy.ml which highlight an issue attributed to the fediverse, but which ultimately have a corollary issue on centralised platforms.

Obviously there are challenges to address running any user-content hosting website, and since Lemmy is a comminity-driven project, it behooves the community to be aware of these challenges and actively resolve them.

But a lot of posts, intentionally or not, verge on the implication that the fediverse uniquely has the problem, which just feeds into the astroturfing of large, centralized media.

[–] deadsuperhero@lemmy.ml 15 points 1 year ago (3 children)

Honestly, thank you for demonstrating a clear limitation of how things currently work. Lemmy (and Kbin) probably should look into internal rate limiting on posts to avoid this.

I'm a bit naive on the subject, but perhaps there's a way to detect "over x amount of votes from over x amount of users from this instance"? and basically invalidate them?

load more comments (3 replies)
[–] AbyssalChord@feddit.de 14 points 1 year ago* (last edited 1 year ago) (5 children)

I‘m not a fan of up- and downvotes, also but not only for the aforementioned reasons. Classic forums ran fine without any of it.

[–] nekat_emanresu@lemmy.ml 6 points 1 year ago* (last edited 1 year ago)

I keep thinking about this. The only reason for votes that a forum cant do, is filtering massive content quantities through an equally massive userbase to get pages of great and revolving posts. In a forum you can just filter with posts/hour and give free promotion to new posts.

[–] howdy@thesimplecorner.org 4 points 1 year ago* (last edited 1 year ago)

Ironically, I agree and upvoted this.

load more comments (3 replies)
[–] nekat_emanresu@lemmy.ml 12 points 1 year ago (1 children)

Upvotes aren't just a number, they determine placing on the algorithm along with comments. It's easy to censor an unwanted view by mass downvoting it.

[–] jarfil 9 points 1 year ago (1 children)

Some instances don't allow downvoting. It doesn't really matter, mass upvoting the remaining content has the same effect.

[–] nekat_emanresu@lemmy.ml 7 points 1 year ago (3 children)

I disagree, i just got massively bandwagon downvoted into oblivion in this thread and noticed that as soon as a single downvote hits, it's like blood in the water and the piranhas will instantly downvote, even if its nonsensical. Downvotes act as a guide for people that don't really think about the message contents, and need instructions on how to vote. I'd love if comments got their votes censored for 1 hour after posting.

[–] Black_Gulaman@lemmy.dbzer0.com 9 points 1 year ago (1 children)

Better if the votes are permanently hidden to users and are only visible to mods, admins and the system.

load more comments (1 replies)
load more comments (2 replies)
[–] hawkwind@lemmy.management 12 points 1 year ago

IMO, likes need to be handled with supreme prejudice by the Lemmy software. A lot of thought needs to go into this. There are so many cases where the software could reject a likely fake like that would have near zero chance of rejecting valid likes. Putting this policing on instance admins is a recipe for failure.

[–] milicent_bystandr@lemmy.ml 10 points 1 year ago (1 children)

I wonder if it's possible ...and not overly undesirable... to have your instance essentially put an import tax on other instances' votes. On the one hand, it's a dangerous direction for a free and equal internet; but on the other, it's a way of allowing access to dubious communities/instances, without giving them the power to overwhelm your users' feeds. Essentially, the user gets the content of the fediverse, primarily curated by the community of their own instance.

load more comments (1 replies)
[–] bloodfart@lemmy.ml 7 points 1 year ago (7 children)

Get rid of votes. They suck.

[–] Duke_Nukem_1990@feddit.de 12 points 1 year ago (2 children)

Nah, I want to downvote Nazis. Their opinions don't matter and should be suppressed.

[–] bloodfart@lemmy.ml 8 points 1 year ago (1 children)

Suppress nazis by bullying them, not by passively downvoting their hate speech and moving on.

[–] Duke_Nukem_1990@feddit.de 6 points 1 year ago (1 children)

You can do both.

[–] bloodfart@lemmy.ml 6 points 1 year ago (2 children)

I guess. Ones really effective and tells everyone around you that the person is a nazi in case they were cloaking it, pushes back on their bullshit and makes everyone aware that it’s not okay to say shit like that and that it is okay to fight them.

The other is a downvote and changes where the nazi content ends up in a rank.

load more comments (2 replies)
load more comments (1 replies)
load more comments (6 replies)
[–] retronautickz 7 points 1 year ago

Reddit had/has the same problem. It's just that federation makes it way more obvious on the threadiverse.

[–] thedarkfly@feddit.nl 6 points 1 year ago (3 children)

Two solutions that I see:

  1. Mods and/or admins need to be notified when a post has a lot of upvotes from accounts on the same instance.
  2. Generalize whitelists and requests to federate from new instances.
load more comments (3 replies)
[–] lemming007@lemm.ee 6 points 1 year ago (5 children)

What is the definition of a "fake account"?

[–] hawkwind@lemmy.management 6 points 1 year ago (5 children)

In this context it would be an account with the sole purpose of boosting the visible popularity of a post or comment.

load more comments (5 replies)
load more comments (4 replies)
[–] menturi@lemmy.ml 5 points 1 year ago (1 children)

I wonder if an instance could only allow votes by users who are part of instances that require email verification or some other verification method. I would imagine that would heavily help reduce vote manipulation on that particular instance.

load more comments (1 replies)
[–] XCraftMC@lemmy.fmhy.ml 4 points 1 year ago

They could try requiring a phone number to sign up. Obviously, you could use temp phone numbers but there’s ways to circumvent that.

load more comments
view more: next ›