this post was submitted on 09 Jul 2023
2103 points (97.3% liked)

Fediverse

17795 readers
30 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 5 years ago
MODERATORS
 

The best part of the fediverse is that anyone can run their own server. The downside of this is that anyone can easily create hordes of fake accounts, as I will now demonstrate.

Fighting fake accounts is hard and most implementations do not currently have an effective way of filtering out fake accounts. I'm sure that the developers will step in if this becomes a bigger problem. Until then, remember that votes are just a number.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 54 points 1 year ago (1 children)

Honestly, thank you for demonstrating a clear limitation of how things currently work. Lemmy (and Kbin) probably should look into internal rate limiting on posts to avoid this.

I'm a bit naive on the subject, but perhaps there's a way to detect "over x amount of votes from over x amount of users from this instance"? and basically invalidate them?

[–] [email protected] 21 points 1 year ago (1 children)

How do you differentiate between a small instance where 10 votes would already be suspicious vs a large instance such as lemmy.world, where 10 would be normal?

I don't think instances publish how many users they have and it's not reliable anyway, since you can easily fudge those numbers.

[–] [email protected] 6 points 1 year ago (1 children)

10 votes within a minute of each other is probably normal. 10 votes all at once, or microseconds of each other, is statistically less likely to happen.

I won't pretend to be an expert on the subject, but it seems like it's mathematically possible to set some kind of threshold? If a set percent of users from an instance are all interacting microseconds from each other on one post locally, that ought to trigger a flag.

Not all instances advertise their user counts accurately, but they're nevertheless reflected through a NodeInfo endpoint.

[–] [email protected] 16 points 1 year ago

Surely the bot server can just set up a random delay between upvotes to circumvent that sort of detection