If you look at the top ~20 servers on fedidb, they are very clearly botswarms. Either intentionally set up that way, or accidentally due to turning off protections and not deleting users.
You can tell this because they have 70,000 registered users, but only 10 of them are active.
I believe we should pre-emptively defederate with botswarms before they’re turned on. If the instance owners clear out the bots on their instances (like lemmy.ninja did) then they should be immediately refederated.
I don’t know about you guys, but I don’t want this place to be drowned in spam as soon as they’re activated.
I’ve expressed concerns about the potential effects of a bot-swarm before, and have had a few mildly constructive conversations about it. Here is a thread where I lay out a few of my concerns on the matter, but I’ll copy the relevant text here for easier discovery.
Me:
@[email protected]
Me:
That is just one of the more insidious possibilities that a bot-swarm could be used for. Spamming, scamming, brigading, and poisoning discussions en-masse are all possible with even a moderately sized number of bots with the technical ability to put them to use on a platform of this size.
I’ve also seen announcement posts and the resulting post in The Agora covering the use of one tool (The Lemmy Overseer) that can help to automate the de/refederation of likely bot-infested instances. While I don’t think the tool is going to deter particularly motivated actors, it should take care of the “low-hanging fruit” that is the tens of thousands of suspected bot accounts that have had no engagement on the platform since account creation. Instance owners take on a lot of responsibility when federating with others, just one of which is being responsible for securing their instance against automated signups. Once they take care of their bot problem they can become refederated automatically.
TLDR: I think we should defederate botted instances preemptively. Automatic refederation is possible, and a Matrix channel for instance operators exists for discussing refederation as a fallback measure.
Thank you for your input. You’ve obviously thought a lot about this and are bringing a lot to the table.
Personally, priority number one is removing the low-hanging fruit. Once we’ve done that, we can think about more complex goals in terms of how to defend ourselves against more complex bots. We need to start here though, and soon.
Of course and thank you. I agree completely. I think going forward, that instance admins who are utilizing a defense-in-depth strategy with tools like Lemmy Overseer, automated account creation hurdles, and other emergent tools (one example) will be the most effective in keeping this part of the federation largely free of the bot-swarm.