Unidan could just create an account on multiple instances and vote for his posts/comments with all these accounts. That way his content would gain more attention than those of sincere users.

In case of malicious bots (like those annoying bootleg bots on reddit), it might even be profitable for them to create their own instance(s) just for that purpose.

Is there a mechanism to prevent that? (other than user/instance banning and the introduction question on user creation)

  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    1 year ago

    There isn’t and Lemmygrad.ml users have been doing it in the past. Mostly down-vote brigading though and this is the main reason why down-votes are disabled on our instance.

    Personally I think there should be a setting to prevent down-votes from federating as there is really no point in federating them to instances with other rules and different community culture.

    • rowdy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Huh - I had not even considered downvotes in other instances… Yeah that seems problematic. Maybe rather than defederating downvotes, there could be a way to differentiate between local and global up/downvotes.

      • CaptainBlagbird@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        This sounds interesting. I see two possibilities for that:

        • Let downvotes from external users be less effective
        • Display up/down ratio twice, once from local votes and once from external votes; plus only have the local ones affect sorting

        Actually when I think about it, a combination of both would also be possible.

  • Gollum@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I guess this kind of instances will be banned. If it becomes obvious.

    There are already a bunch of spam-bot-instances, the admins have to spot them and block them actively.

  • rowdy@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Malicious instances would need to be blocked by the instance you are registered to.

    As for multiple accounts - couldn’t the same thing be done on reddit? Just make a bunch of alts and self-inflate your own posts/comments.

    These issues are as old as the internet and can only be mitigated, not prevented.

    • CaptainBlagbird@lemmy.one
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yeah it’s a cat and mouse game sadly…

      Malicious instances would need to be blocked by the instance you are registered to.

      Couldn’t they keep the instance running and just change the domain name? Or if not easily possible, then just have a setup script that creates a new instance under the new domain name with X number of users.

      As for multiple accounts - couldn’t the same thing be done on reddit? Just make a bunch of alts and self-inflate your own posts/comments.

      Sure, but as mentioned it might be easier with Lemmy since they could just run their own instance. Or maybe it’s harder because Lemmy admins check account creation better on their own instance and are more sceptical of other instances.

      It’s an interesting topic, time will tell how it’s gonna be. It certainly isn’t bad to talk about it already today. ;)

    • samick1@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I’m 99% sure reddit does a lot of backflips to detect and prevent that. One casual bad actor can only burn up so many IP addresses or API keys in a short period, and I think there’s some undisclosed/“secret” logic to it. It’s like burglary - you can’t stop it but you can cost the burglar sufficient time or money to deter them.

      I haven’t dug into Lemmy’s code yet but I am curious what countermeasures against abuse are apart of federation. Signed, time-boxed tokens and IP addresses could be part of the protocol to mitigate abuse via federation.

  • gylotip@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    arrow-down
    1
    ·
    1 year ago

    Please do not make it ban based, just don’t count it if you somehow make a vote manipulation detector.