Fediverse

32257 readers

273 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago

MODERATORS

[email protected]

Downvote brigading via third instance hypothetical (lemmy.world)

submitted 4 days ago by [email protected] to c/[email protected]

13 comments fedilink hide all child comments

I’ve been on a journey today trying to understand the fediverse better.

I’ll be mindful to not start bitching about certain instances.

Here’s my example:

Is it technically possible that posts or comments still get downvote-brigaded by an instance that is technically defederated from the instance of the OP?

So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?

I’m trying to determine if the Fediverse has recourse against an r/TheDonald scenario, where one toxic element is allowed to flourish for too long and - in the case with the other site - eventually takes over and destroys everything.

If this debate has been had somewhere else, please feel free to point me there, otherwise I’d love to understand this better.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 6 points 4 days ago (1 children)

In the wild, it's far more common for them to just spin up a bunch of accounts across "good" instances (particularly those without registration applications) and coordinate.

In 2023, this happened to a ton of unsecured Misskey instances who then proceeded to spam most of the Fediverse. It was just a troll in reality, but revealed that the Fediverse is no less vulnerable to coordinated, sophisticated attacks (and with how politically minded it is, there's plenty of incentive for nation state actors to do so).

[–] [email protected] 7 points 4 days ago (1 children)

Yup, and I've probably still got a lot of those instances on my federation blocklist.

One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It's just irresponsible to have open registrations when you don't have an admin available 24/7.

[–] [email protected] 5 points 4 days ago (1 children)

On the one hand, one of the things we often tout about the Old Internet was the ability for anyone to run their own website, forum, blog, etc, free from corporatization. On the other hand, running your website is a responsibility on your part, and in the convenience-focused Internet we have now, seems to be a forgotten lesson.

On the third, mutant hand growing out of our back, fedi software should be designed with security-by-default, i.e. no open registration, to prevent the forgotten lesson from being a huge problem.

[–] [email protected] 3 points 4 days ago* (last edited 4 days ago)

For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else's problem as well. Hence my gripe lol.

It's been so long since I setup my instance, I honestly don't recall what the default "Registration mode" is.

I'm but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the "Registration" section in the admin panel to nag you if the config is insecure. lol

It will still let you do it, just with a persistent nag message on that page.