If you look at the top ~20 servers on fedidb, they are very clearly botswarms. Either intentionally set up that way, or accidentally due to turning off protections and not deleting users.

You can tell this because they have 70,000 registered users, but only 10 of them are active.

I believe we should pre-emptively defederate with botswarms before they’re turned on. If the instance owners clear out the bots on their instances (like lemmy.ninja did) then they should be immediately refederated.

I don’t know about you guys, but I don’t want this place to be drowned in spam as soon as they’re activated.

  • sneakyninjapants
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    1 year ago

    I’ve expressed concerns about the potential effects of a bot-swarm before, and have had a few mildly constructive conversations about it. Here is a thread where I lay out a few of my concerns on the matter, but I’ll copy the relevant text here for easier discovery.


    Me:

    I’m all for bots that are used as tools for the community, the invidious one seems pretty great too. A bit concerned about what the potential “bot army” on some of these instances will be used for going forward though.

    @[email protected]

    There is an option to hide bot accounts in your account settings. This is also why all bots must be tagged as such so people can choose if they want to see them or not, that’s the agreement with allowing bots on Lemmy for most instances.

    Me:

    I guess with that in mind, that brings different concerns into view for me. I’m wondering what proportion of this wave of bots have checked that option identifying themselves as such? If they’re good bots they will of course, but I’ve also read through posts of instance operators claiming they’ve gotten thousands of bot signups in hours, which doesn’t seem like good bot behavior to me. Are they likely to identify themselves as bots? Even if they did, would it matter? One example off the cuff, I should be able filter bots from my feed and comments as you say, but what’s stopping them from upvoting / downvoting a specific group of user’s submissions and comments to the top of my hot feed, or upvoting / downvoting by keyword? If that happens en-masse you wouldn’t really be able to say that posts and comments are being ranked or discovered organically based on merit. While this sort of thing I suspect happens often elsewhere, it can serve to control the flow of information based on a single or small group of people’s will(s).


    That is just one of the more insidious possibilities that a bot-swarm could be used for. Spamming, scamming, brigading, and poisoning discussions en-masse are all possible with even a moderately sized number of bots with the technical ability to put them to use on a platform of this size.

    I’ve also seen announcement posts and the resulting post in The Agora covering the use of one tool (The Lemmy Overseer) that can help to automate the de/refederation of likely bot-infested instances. While I don’t think the tool is going to deter particularly motivated actors, it should take care of the “low-hanging fruit” that is the tens of thousands of suspected bot accounts that have had no engagement on the platform since account creation. Instance owners take on a lot of responsibility when federating with others, just one of which is being responsible for securing their instance against automated signups. Once they take care of their bot problem they can become refederated automatically.

    TLDR: I think we should defederate botted instances preemptively. Automatic refederation is possible, and a Matrix channel for instance operators exists for discussing refederation as a fallback measure.

    • BarbarianOP
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Thank you for your input. You’ve obviously thought a lot about this and are bringing a lot to the table.

      Personally, priority number one is removing the low-hanging fruit. Once we’ve done that, we can think about more complex goals in terms of how to defend ourselves against more complex bots. We need to start here though, and soon.

      • sneakyninjapants
        link
        fedilink
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Of course and thank you. I agree completely. I think going forward, that instance admins who are utilizing a defense-in-depth strategy with tools like Lemmy Overseer, automated account creation hurdles, and other emergent tools (one example) will be the most effective in keeping this part of the federation largely free of the bot-swarm.