I’ve been on a journey today trying to understand the fediverse better.
I’ll be mindful to not start bitching about certain instances.
Here’s my example:
Is it technically possible that posts or comments still get downvote-brigaded by an instance that is technically defederated from the instance of the OP?
So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?
I’m trying to determine if the Fediverse has recourse against an r/TheDonald scenario, where one toxic element is allowed to flourish for too long and - in the case with the other site - eventually takes over and destroys everything.
If this debate has been had somewhere else, please feel free to point me there, otherwise I’d love to understand this better.
Yes. Instance A will not see the downvotes from instance B, but instance C would. Also, anyone federated with all 3 would see the downvotes from B for content posted by someone on A.
The only defense is that mods and admins can see the votes and, if something like that is suspected, they can take action (ban the accounts, mods report the behavior to admins, consider defederating from instance B, etc). Seeing a pattern of mass-downvotes only from a particular instance would be considered a red flag for most admins.
This scenario is less likely than what we see in practice, though, since the overhead to create an instance and the “eggs all in one basket” make it easy to take action against (admins would quickly coordinate to block that instance). Tools like Fediseer would also be used to censure that instance and bring its behavior to light.
In the wild, it’s far more common for them to just spin up a bunch of accounts across “good” instances (particularly those without registration applications) and coordinate.
One example of that: https://dubvee.org/post/1878799
Cool, I think I understand it better now.
So an r/TheDonald situation on Lemmy would effectively mean this community can exist forever until it is just lonely sitting by itself defederated from every other instance in the lemmyverse (fediverse?). So it is impossible to basically shut something like that down on a global scale, only to North Korea it. (At which point, as the analogy goes, they are forced to send their soldiers to help with the Russians and find a way to make trouble that way)
I suppose that’s a fair price to pay for decentralisation. Thanks for the responses.
Basically, yeah. Not all admins would defederate, so they probably wouldn’t be completely isolated off, but they would definitely have a very reduced audience for their, uh, antics.
In 2023, this happened to a ton of unsecured Misskey instances who then proceeded to spam most of the Fediverse. It was just a troll in reality, but revealed that the Fediverse is no less vulnerable to coordinated, sophisticated attacks (and with how politically minded it is, there’s plenty of incentive for nation state actors to do so).
Yup, and I’ve probably still got a lot of those instances on my federation blocklist.
One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It’s just irresponsible to have open registrations when you don’t have an admin available 24/7.
On the one hand, one of the things we often tout about the Old Internet was the ability for anyone to run their own website, forum, blog, etc, free from corporatization. On the other hand, running your website is a responsibility on your part, and in the convenience-focused Internet we have now, seems to be a forgotten lesson.
On the third, mutant hand growing out of our back, fedi software should be designed with security-by-default, i.e. no open registration, to prevent the forgotten lesson from being a huge problem.
For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else’s problem as well. Hence my gripe lol.
It’s been so long since I setup my instance, I honestly don’t recall what the default “Registration mode” is.
I’m but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the “Registration” section in the admin panel to nag you if the config is insecure. lol
It will still let you do it, just with a persistent nag message on that page.