This is my current attempt at preparing to counter the spam waves that will be appearing as the fediverse becomes more and more popular.
It involves the creation of whitelists based on a chain of trust between instances with easy ways to add and remove into it with few overheads.
Let me know what you think and if you’re interested, please do register your instance at https://overctrl.dbzer0.com.
You’re right about the spam, volunteer moderators are helpless against it if they decide to spawn thousands of instances and accounts to attack. A whitelist instead of blacklist style of federation might be necessary now. I just hope it doesn’t create too small of a bubble or certain large instances start to monopolize, like the way e-mail went.
I have some plans bout that, but I need time to implement
Thank you for trying to protect the lemmy/kbin and fediverse communities. It will take lots of effort like this to keep it unshitified.
I’m not an instance admin nor am I a mod. I just started using Lemmy a couple of days ago. First, respect to you for taking the time to come up with solutions. I think your solution is at the limit of what you can do to keep bad actors from creating instances and start spamming. We need to accept it will not solve all the spam. Just like there’s is still spam in the comment section on YouTube but alot less compared to a year or so ago. But, maybe having a more granular trust system of instances could be a solution to prevent smaller instances from being locked out. For example a new instance would be allowed to be whitelisted sooner than they would be allowed to endorse or guarantee other instances? Or doesn’t that work in the case of Lemmy?
Good decision. Especially in the long term I see no alternatives to whitelists. Yet.
what’s a fediverse?
It’s a federation of different platforms such as Lemmy, Mastodon, PeerTube, Pixelfed, and others all using a common protocol called ActivityPub to talk to each other.
Thanks for keeping us in the loop and for your efforts to battle bots and spammers.
Having trouble signing up over at the overctrl instance using the required username format. My domain contains a - and the username field seems to specifically reject that character.
please hold on. I’m reworking the registration to make this unnecessary.
Please try now. No need to register on a third lemmy instance, just provide your domain and admin username and it should PM you the API key
I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.
Like the nightmare scenario for email where the big providers just decide one day to drop any mail that does not come from another large corp or from someone who paid money for some id certification. Even now running your own mailserver is a major pain and requires a lot of attention, receiving mail is fine, but sending… oh my.
So the hashcash solution proposed elsewhere still seems better to me. If I wanted to host my own instance I still could federate without begging the “council” for admission. The thought of burning energy just to prevent spam is repulsive but walling ourselves in and creating a gated community sounds even worse…
I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.
I’ve built the whole thing to avoid exactly that! Any instance admin vouch for small instances.
I saw that. But I’m having flashbacks from email WOT and it did not converge to the interconnected mesh we had hoped it to be. Sooner or later larger nodes will exists who will not simply trust a key signed by a mere “tier3” instance. If a selfhoster wants to federate with their tiny 1-user instance, how do we differentiate between bot instance and genuine user instance?
Manual review. It all relies on people actually checking. And if someone masquerades, it’s trivial to withdraw our trust.
Yes, but this opens up another problem with a federation controlled by the server admins and not the communities. Trust can be withdrawn as a punishment or due to a disagreement or just different views.
We just saw that with instances defederating others due to incompatible views on politics. I expect more of that for much smaller disagreements until its just clusters of like-minded people in their own bubble. At least I want to see what others say that does not agree with my own views and values - how would I keep a realistic perception of reality otherwise? If I stay in my bubble too long then I might start thinking “everyone” thinks foo=good and bar=bad, while it might be the opposite.
Other networks like freenet use a wot, but for each user. TOR does not filter out relays, but allows its users to do so. And, yes, they all have their own issues with their approach.
What I am trying to say is: I had hoped for the fediverse instance admins to not consider themselves as lords of each their own feudalistic dukedom with “trade agreements”, but instead to consider themselves as mere service providers for the greater good, sworn to neutrality when it comes to opinions being discussed (abiding to law where required to not get sued or worse of course). Our strength lies in the federation network itself, without it we would just be a bunch of forums. If we allow the network to fragment more and stop talking to each other, the monolithic pseudonetworks of the big corporations will stay in power.
I know this might be unachievable, or even undesired, but at least a web of trust that is controlled by its users, instead of the admins, is much more appealing to me.
Hashcash would slow spammers down without troubling regular users too much. It would be scalable and with a meld-based algrithm it might be future proof. It could even complement a wot.
Yes, but this opens up another problem with a federation controlled by the server admins and not the communities. Trust can be withdrawn as a punishment or due to a disagreement or just different views.
The Fediseer I’m running is just to validate against spam, not political views. Even if someone removes their guarantee from a server due to political disagreement, someone else just has to re-add it.
And at the end of the day, The fediseer is not integrated into anything. It’s an optional list some instance admins might want to use. Not everyone has to. If trust is betrayed, people will just stop using it.
Oh, it will work to keep spam out - I’m just not sure if it will ultimately become the border keeping the fediverse from growing when a “council of elders from the big instances” has first established itself. If the council is not diverse enough, it will be able to dictate the rules for “trust” beyond mere spam. All with good intentions of course.
From an admin’s point of view, I do not want this “power” because it will corrupt me. From a user’s point of view, I would rather be able to decide this for myself.
You asked for oppinions…
The Fediseer does not work as a “council of elders” though.
Likewise, a “council of elders” form regardless of the existence of Fediseer.