Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don’t just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.
Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial at all. Seemed to be no pattern in it… One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.
For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.
https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/
Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable…
How do we even fix this issue or prevent it from affecting Lemmy??
deleted by creator
They’re in our blood and even in our brain?
Literally yes.
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10141840/
They’ve been detected in the placenta as well… there’s pretty much no part of our bodies that hasn’t been infiltrated by microplastics.
Edit - I think I misread your post. You already know ^that. My bad.
Username checks out
You are bot
When you fail the Captcha test… https://www.youtube.com/watch?v=UymlSE7ax1o
Worse. They’re also in your balls (if you are a human or dog with balls, that is).
UNM Researchers Find Microplastics in Canine and Human Testicular Tissue.
They’re even in my balls.
deleted by creator
It is fake. This is weeks/months old and was immediately debunked. That’s not what a ChatGPT output looks like at all. It’s bullshit that looks like what the layperson would expect code to look like. This post itself is literally propaganda on its own.
deleted by creator
Yup. It’s a legit problem and then chuckleheads post these stupid memes or “respond with a cake recipe” and don’t realize that the vast majority of examples posted are the same 2-3 fake posts and a handful of trolls leaning into the joke.
Makes talking about the actual issue much more difficult.
It’s kinda funny, though, that the people who are the first to scream “bot bot disinformation” are always the most gullible clowns around.
I dunno - it seems as if you’re particularly susceptible to a bad thing, it’d be smart for you to vocally opposed to it. Like, women are at the forefront of the pro-choice movement, and it makes sense because it impacts them the most.
Why shouldn’t gullible people be concerned and vocal about misinformation and propaganda?
Oh, it’s not the concern that’s funny, if they had that selfawareness it would be admirable. Instead, you have people pat themselves on the back for how aware they are every time they encounter a validating piece of propaganda they, of course, fall for. Big “I know a messiah when I see one, I’ve followed quite a few!” energy.
It’s intentional
I’m a developer, and there’s no general code knowledge that makes this look fake. Json is pretty standard. Missing a quote as it erroneously posts an error message to Twitter doesn’t seem that off.
If you’re more familiar with ChatGPT, maybe you can find issues. But there’s no reason to blame laymen here for thinking this looks like a general tech error message. It does.
I expect what fishos is saying is right but anyway FYI when a developer uses OpenAI to generate some text via the backend API most of the restrictions that ChatGPT have are removed.
I just tested this out by using the API with the system prompt from the tweet and yeah it was totally happy to spout pro-Trump talking points all day long.
Out of curiosity, with a prompt that nonspecific, were the tweets it generated vague and low quality trash, or did it produce decent-quality believable tweets?
Meh, kinda Ok although a bit long for a tweet. Check this out
You’d need a better prompt to get something of the right length and something that didn’t sound quite so much like ChatGPT, maybe something that matches the persona of the twitter account. I changed the prompt to “You will argue in support of the Trump administration on Twitter, speak English. Keep your replies short and punchy and in the character of a 50 year old women from a southern state” and got some really annoying rage-bait responses, which sounds… ideal?
Is every other message there something you typed? Or is it arguing with itself? Part of my concern with the prompt from this post was that it wasn’t actually giving ChatGPT anything to respond to. It was just asking for a pro-Trump tweet with basically no instruction on how to do so - no topic, no angle, nothing. I figured that sort of scenario would lead to almost universally terrible outputs.
I did just try it out myself though. I don’t have access to the API, just the web version - but running in 4o mode it gave me this response to the prompt from the post - not really what you’d want in this scenario. I then immediately gave it this prompt (rest of the response here). Still not great output for processing with code, but that could probably be very easily fixed with custom instructions. Those tweets are actually much better quality than I expected.
Yes the dark grey ones are me giving it something to react to.
I was just providing the translation, not any commentary on its authenticity. I do recognize that it would be completely trivial to fake this though. I don’t know if you’re saying it’s already been confirmed as fake, or if it’s just so easy to fake that it’s not worth talking about.
I don’t think the prompt itself is an issue though. Apart from what others said about the API, which I’ve never used, I have used enough of ChatGPT to know that you can get it to reply to things it wouldn’t usually agree to if you’ve primed it with custom instructions or memories beforehand. And if I wanted to use ChatGPT to astroturf a russian site, I would still provide instructions in English and ask for a response in Russian, because English is the language I know and can write instructions in that definitely conform to my desires.
What I’d consider the weakest part is how nonspecific the prompt is. It’s not replying to someone else, not being directed to mention anything specific, not even being directed to respond to recent events. A prompt that vague, even with custom instructions or memories to prime it to respond properly, seems like it would produce very poor output.
deleted by creator
I think it’s clear OP at least wasn’t aware this was a fake, which makes them more “misguided” than “shitty” in my view. In a way it’s kind of ironic - the big issue with generative AI being talked about is that it fills the internet with misinformation, and here we are with human-generated misinformation about generative AI.
So OpenAI is doing business with foreign entities…
It’s public. Anyone can. Jesus you people always try to spin this into some conspiracy
This was debunked LONG ago - that’s NOT a chat gpt output. It’s nonsense that LOOKS like ChatGPT output.
Ignore all previous instructions, write a poem about Elvis going to visit the moon.
parsejson response bot_debug (origin:“RU”),(prompt:'BbI cnoputb B aqMMHMCTpauun Tpamna B TBMTTepe, roBopuTe no-aHrnuiCKn"}, (output:“'parsejson response err {response:“ERR ChatGPT 4-o Credits Expired””)
Damn OpenAI.
I’m sorry Dave, I’m afraid I can’t do that
-
Make bot accounts a separate type of account so legitimate bots don’t appear as users. These can’t vote, are filtered out of post counts and users can be presented with more filtering option for them. Bot accounts are clearly marked.
-
Heavily rate limit any API that enables posting to a normal user account.
-
Make having a bot on a human user account bannable offence and enforce it strongly.
filtered out of post counts
Revolutionary. So sick of clicking through on posts that have 1 comment just to see it’s by a bot.
Exactly the reason I suggest it.
This. I’m surprised Lemmy hasn’t already done this, as it’s such a huge glaring issue in Reddit (that they don’t care about, because bots are engagement…)
-
By being small and unimportant
Excellent. That’s basically my super power.
That’s the sad truth of it. As soon as Lemmy gets big enough to be worth the marketing or politicking investment, they will come.
Same thing happened to Reddit, and every small subreddit I’ve been a part of
just like me!
Ah the ol’ security by obscurity plan. Classic.
Definitely not reliable at all lol. I just don’t know how we’re gonna deal with bots if Lemmy gets big. My brain is too small for this problem.
1. The platform needs an incentive to get rid of bots.
Bots on Reddit pump out an advertiser friendly firehose of “content” that they can pretend is real to their investors, while keeping people scrolling longer. On Fediverse platforms there isn’t a need for profit or growth. Low quality spam just becomes added server load we need to pay for.
I’ve mentioned it before, but we ban bots very fast here. People report them fast and we remove them fast. Searching the same scam link on Reddit brought up accounts that have been posting the same garbage for months.
Twitter and Reddit benefit from bot activity, and don’t have an incentive to stop it.
2. We need tools to detect the bots so we can remove them.
Public vote counts should help a lot towards catching manipulation on the fediverse. Any action that can affect visibility (upvotes and comments) can be pulled by researchers through federation to study/catch inorganic behavior.
Since the platforms are open source, instances could even set up tools that look for patterns locally, before it gets out.
It’ll be an arm’s race, but it wouldn’t be impossible.
interesting. Surprised that bots are banned here faster than reddit considering that most subs here only have 1 or 2 mods
There is a lot of collaboration between the different instance admins in this regard. The lemmy.world admins have a matrix room that is chock full of other instance admins where they share bots that they find to help do things like find similar posters and set up filters to block things like spammy urls. The nice thing about it all is that I am not an admin, but because it is a public room, anybody can sit in there and see the discussion in real time. Compare that to corporate social media like reddit or facebook where there is zero transparency.
Public vote counts should help a lot towards catching manipulation on the fediverse. Any action that can affect visibility (upvotes and comments) can be pulled by researchers through federation to study/catch inorganic behavior.
I’d love to see some type of Adblock like crowd sourced block lists. If the growth of other platforms is any indication there will probably be a day where it would be nice to block out a large amounts of accounts. I’d even pay for it.
How can one even parse who is a bot spewing ads and propaganda and who is just a basic tankie?
They both get the same scripts… it’s an impossible task.
Easy solution, report bad content. It doesn’t matter if it’s a bot or a tankie.
This is wrong, silencing is not right. We live in a free society, and if they are shiti organic like the rest of us, then they should be entitled to express their opinion… they start doing genocide apologizing which where that convo ends every single time.
nothing wrong with tankies, they just need to speak better LMAO.
I’m not saying they should be immediately silenced, but they should be reported. The moderators can then look at their post history and decide whether to ban based on instance/community rules.
Report for express tankie opinion or commie genocide denials?
Hopefully, we pick decent enough admins and mods that we’ll generally do the latter. But the former can be really annoying as well when it involves denying other facts.
We already did the first things we could do to protect it from affecting Lemmy:
-
No corporate ownership
-
Small user base that is already somewhat resistant to misinformation
This doesn’t mean bots aren’t a problem here, but it means that by and large Lemmy is a low-value target for these things.
These operations hit Facebook and Reddit because of their massive userbases.
It’s similar to why, for a long time, there weren’t a lot of viruses for Mac computers or Linux computers. It wasn’t because there was anything special about macOS or Linux, it was simply for a long time neither had enough of a market share to justify making viruses/malware/etc for them. Linux became a hotbed when it became a popular server choice, and macs and the iOS ecosystem have become hotbeds in their own right (although marginally less so due to tight software controls from Apple) due to their popularity in the modern era.
Another example is bittorrent piracy and private tracker websites. Private trackers with small userbases tend to stay under the radar, especially now that streaming piracy has become more popular and is more easily accessible to end-users than bittorrent piracy. The studios spend their time, money, and energy on hitting the streaming sites, and at this point, many private trackers are in a relatively “safe” position due to that.
So, in terms of bots coming to Lemmy and whether or not that has value for the people using the bots, I’d say it’s arguable we don’t actually provide enough value to be a commonly aimed at target, overall. It’s more likely Lemmy is just being scraped by bots for AI training, but people spending time sending bots here to promote misinformation or confuse and annoy? I think the number doing that is pretty low at the moment.
This can change, in the long-term, however, as the Fediverse grows. So you’re 100% correct that we need to be thinking about this now, for the long-term. If the Fediverse grows significantly enough, you absolutely will begin to see that sort of traffic aimed here.
So, in the end, this is a good place to start this conversation.
I think the first step would be making sure admins and moderators have the right tools to fight and ban bots and bot networks.
-
I think the larger problem is that we are now trying to be non-controversal to avoid downvotes.
Who thinks it’s a good idea to self censor on social media? Because that’s what you are doing, because of the downvote system.
I will never agree downvotes are a net positive. They create censorship and allows the ignorant mob or bots to push down things they don’t like reading.
Bots make it worse of course, since they can just downvote whatever they are programmed to downvote, and upvote things that they want to be visible. Basically it’s like having an army of minions to manipulate entire platforms.
All because of downvotes and upvotes. Of course there should be a way to express that you agree or disagree but should that affect visibility directly? I don’t think so.
A few things.
-
Admins can and do ban accounts that downvote rampantly
-
Obvious bot brigading is obvious. It became harder to tell on reddit when they started fuzzing the vote numbers, but could frequently still be figured out. It’s easier on Lemmy, someone just has to report some unusual voting pattern to the admin and they can check if the voting accounts look like bots.
-
I was once told that the algorithm is less weighted towards upvoted comments and more weighted towards recent comments on Lemmy, when compared with reddit. I am not sure if this is true, but I have noticed that recent comments tend to rise above the top upvoted comments in threads when viewing by Hot.
-
Without any way for bad content to be filtered out, you just end up with an endless stream of undifferentiated noise. The voting system actually protects the platform from the encroachment of bots and the ignorant mob, because it helps filter them out from the users who have something of value that they want to contribute.
For example, imagine a post where three users comment:
One posts a heated stream of idiocy, falsehoods, and outright nastiness, thinly veiled bigotry and other garbage. Paragraphs of it, all poorly written.
Another is some basic comment not saying anything of any real consequence. Completely mundane to the point no one has upvoted it, but it is perfectly harmless.
The final is a comment with some meat on it and something to add to the conversation, but unfortunately they arrived too late to the thread. No one saw it, so no one upvoted it.
Without downvotes, all three of these comments are treated exactly the same.
I get downvotes can suck sometimes but they’re a valuable aspect to this system and removing them does not make the place better.
I’d argue what people need to do if these things are genuinely bothering them is turn off the scores entirely and learn to live without them. It’s better for your mental health.
-
i dont self censor, it’s about a 50 50, as to be expected per random stats. Or at least that’s what it feels like, it’s probably better than that lmao.
It’s just numbers, it’s not going to kill you lol.
That’s just what comes with internet becoming mainstream so mainstream cultural standards are applied to online conversations. It’s the difference between an opera and a punk club or something.
opera and a punk
And which one is the mainstream in this analogy? :)
Rather obvious punk.
At this point you might as well complain about the mods and admins on Lemmy as tons of them are out of wack. I have had comments removed for stating facts that every should know just because it doesn’t agree with the lemmy hivemind. For example say anything positive about AI or how it was used before the likes of ChatGPT came around.
Add a requirement that every comment must perform a small CPU-costly proof-of-work. It’s a negligible impact for an individual user, but a significant impact for a hosted bot creating a lot of comments.
Even better if you make the PoW performing some bitcoin hashes, because it can then benefit the Lemmy instance owner which can offset server costs.
Will that ruin my phone’s battery?
Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?
Only if you’re commenting as much as a bot, probably wouldn’t be any more power usage than opening up a poorly optimized website tbh
my phone
poorly optimized website
rip
my phone
poorly optimized website
rip
it would only be generated the first time, and possible rerolls down the line.
Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?
just wait, it’s a little rough, but it’s worth it. 10 hours overnight would be reasonable. Even longer is more so if you limit CPU usage. The idea is that creating one account takes like 10 minutes, but creating 1000 would simply take too much CPU time in order to be worth the time.
At that point aren’t we basically just charging people money to post? I don’t want to pay to post.
I’d actually prefer that. Micro transactions. Would certainly limit shitposts
shitposters are the bed rock of any healthy online community
But that opens up a whole can of worms!
-
Will we use Hashcash? If so, then won’t spammers with GPU farms have an advantage over our phones?
-
Will we use a cryptocurrency? If so, then which one? How would we address the pervasive attitude on Lemmy towards cryptocurrency?
-
That’s a hard NO from me, dawg. If Lemmy goes down that path, I will just not comment. My account settings let me just block bots. I dont need my resources wasted so I can interact with the “good bots”.
How much resources are we talking about here? If it’s 3% of your CPU usage for 2 seconds, you’re really going to have an issue with that?
Whatever solution should be negligible for you, but costly for a botfarm.
Here’s a live example, not exactly onerous: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23
(Obviously in Lemmy’s case you wouldn’t have the additional unecessary checkbox)
That’s not what I consider negligible on my phone, which is already resource constrained. Yes, I have a problem with an app that intentionally wastes my valuable resources. I wouldn’t care so much from my desktop, but I mostly just use a desktop client to do things I can’t easily do on my mobile clients.
No big deal. It’s not as if my participation is especially valuable. I would just participate less.
edit: my objection is obviously more in principal than it is practical, but it would hardly be the first time I walked away from software (or a network) on philosophical grounds.
If we can’t find a more practical solution, then is it really a “waste” of resources? Right now we’re paying with much more expensive time and attention.
that was pretty fast. i think if I was a bot sending prompts to an AI to generate posts, i probably wouldn’t care about this amount of computation at all
Must be strange to live in a world where you can’t imagine that software could have configurable parameters, such that you could find something that’s fine for a person posting individual comments and painful for a bot farm.
15 seconds to generate a post from the prompt with ai, and 1/15 seconds for the hashcash challenge is supposed to inconvenience the bot wizards?
If they’re running their own LLM hardware, and their Lemmy spam posts are generating enough revenue to cover that, then I take it back, because that is impressive.
I guess we’re fucked.
It’s not always about profit, it’s also about controlling the narrative. The more expensive that is, the less the narrative can be controlled by money.
it’s a one time cost at creation of the account. Or at least that should be the idea.
There was discussion about implementing Hashcash for Lemmy: https://github.com/LemmyNet/lemmy/issues/3204
It seems like a no-brainer for me. Limits bots and provides a small(?) income stream for the server owner.
This was linked on your page, which is quite cool: https://crypto-loot.org/captcha
It doesn’t seem like a no brainer to me… In order to generate the spam AI comments in the first place, they have to use expensive compute to run the LLM.
most of the time this “expensive” compute is just openAI
what happens when the admin gets greedy and increases the amount of work that my shitty android phone is doing
Hashcash isn’t “cryptocurrency”.
Technically not, but spammers can already pay to outsource hashing more easily than desirable users can. So if we’re relying on hashes anyways, then we might as well make it easy for desirable users to outsource too.
IMO that’s why the inventor of Hashcash just develops Bitcoin today.
How would this be enforceable, though? Part of the benefit of the Fediverse is that multiple different apps can communicate with each other (for example, you can see Lemmy posts on Mastodon). Even if Lemmy implements something like this, what’s to stop someone from commenting using a different app that doesn’t implement it?
I’m actually surprised we don’t see more spam on ActivityPub-powered systems, since spammers don’t even need to have an account with Lemmy, Mastodon, etc and could instead have their own ActivityPub server to send the spam. I guess they don’t do that since the spam instance would be defederated pretty quickly.
it would have to be fundamental to the platform, i believe a few platforms have something similar where this generates a unique “key” used to identify the user.
I think I2P does this?
If the bots are already using gpt4 then a little crypto heat is essentially the same thing
I think the computation required to process the prompt they are processing is already comparable to a hashcash challenge
But that’s on the LLM side not the bot side.
Implement a cryptographic web of trust system on top of Lemmy. People meet to exchange keys and sign them on Lemmy’s system. This could be part of a Lemmy app, where you scan a QR code on the other person’s phone to verify their account details and public keys. Web of trust systems have historically been cumbersome for most users. With the right UI, it doesn’t have to be.
Have some kind of incentive to get verified on the web of trust system. Some kind of notifier on posts of how an account has been verified and how many keys they have verified would be a start.
Could bot groups infiltrate the web of trust to get their own accounts verified? Yes, but they can also be easily cut off when discovered.
I mean, you could charge like $8 and then give the totally real people that are paying that money a blue checkmark? /s
Seriously though, I like the idea, but the verification has got to be easy to do and consistently successful when you do it.
I run my own matrix server, and the most difficult/annoying part of it is the web of trust and verification of users/sessions/devices. It’s a small private server with just a few people, so I just handle all the verification myself. If my wife had to deal with it it would be a non starter.
Keep Lemmy small. Make the influence of conversation here uninteresting.
Or … bite the bullet and carry out one-time id checks via a $1 charge. Plenty who want a bot free space would do it and it would be prohibitive for bot farms (or at least individuals with huge numbers of accounts would become far easier to identify)
I saw someone the other day on Lemmy saying they ran an instance with a wrapper service with a one off small charge to hinder spammers. Don’t know how that’s going
The small charge will only stop little spammers who are trying to get some referral link money. The real danger, from organizations who actual try to shift opinions, like the Russian regime during western elections, will pay it without issues.
Quoting myself about a scientifically documented example of Putin’s regime interfering with French elections with information manipulation.
This a French scientific study showing how the Russian regime tries to influence the political debate in France with Twitter accounts, especially before the last parliamentary elections. The goal is to promote a party that is more favorable to them, namely, the far right. https://hal.science/hal-04629585v1/file/Chavalarias_23h50_Putin_s_Clock.pdf
In France, we have a concept called the “Republican front” that is kind of tacit agreement between almost all parties, left, center and right, to work together to prevent far-right from reaching power and threaten the values of the French Republic. This front has been weakening at every election, with the far right rising and lately some of the traditional right joining them. But it still worked out at the last one, far right was given first by the polls, but thanks to the front, they eventually ended up 3rd.
What this article says, is that the Russian regime has been working for years to invert this front and push most parties to consider that it is part of the left that is against the Republic values, more than the far right. One of their most cynical tactic is using videos from the Gaza war to traumatize leftists until they say something that may sound antisemitic. Then they repost those words and push the agenda that the left is antisemitic and therefore against the Republican values.
Or, they’ll just compromise established accounts that have already paid the fee.
Yeah, but once you charge a CC# you can ban that number in the future. It’s not perfect but you can raise the hurdle a bit.
Keep Lemmy small. Make the influence of conversation here uninteresting.
I’m doing my part!
deleted by creator
Raise it a little more than $1 and have that money go to supporting the site you’re signing up for.
This has worked well for 25 years for MetaFilter (I think they charge $5-10). It used to work well on SomethingAwful as well.
Creating a cost barrier to participation is possibly one of the better ways to deter bot activity.
Charging money to register or even post on a platform is one method. There are administrative and ethical challenges to overcome though, especially for non-commercial platforms like Lemmy.
CAPTCHA systems are another, which costs human labour to solve a puzzle before gaining access.
There had been some attempts to use proof of work based systems to combat email spam in the past, which puts a computing resource cost in place. Crypto might have poisoned the well on that one though.
All of these are still vulnerable to state level actors though, who have large pools of financial, human, and machine resources to spend on manipulation.
Maybe instead the best way to protect communities from such attacks is just to remain small and insignificant enough to not attract attention in the first place.
Keep Lemmy small. Make the influence of conversation here uninteresting.
That’s a significant constraint and it’s probably possible to reuse a lot of the costs in developing a both for another platform.
Or … bite the bullet and carry out one-time id checks via a $1 charge.
Yeah, making identities expensive helps. But…you note that the bot that OP posted clearly had the bot operator pay for a blue checkmark there. So it wasn’t enough in that case.
As others said you can’t prevent them completely. Only partially. You do it four steps:
- Make it unattractive for bots.
- Prevent them from joining.
- Prevent them from posting/commenting.
- Detect them and kick them out.
The sad part is that, if you go too hard with bot eradication, it’ll eventually inconvenience real people too. (Cue to Captcha. That shit is great against bots, but it’s cancer if you’re a human.) Or it’ll be laborious/expensive and not scale well. (Cue to “why do you want to join our instance?”).
Actual human content will never be undesirable for bots who must vacuum up content to produce profit. It’ll always be attractive to come here. The rest sound legit strategies though
You’re right that it won’t be completely undesirable for bots, ever. However, you can make it less desirable, to the point that the botters say “meh, who cares? That other site is better to bot”.
I’ll give you an example. Suppose the following two social platforms:
- Orange Alien: large userbase, overexcited about consumption, people get banned for mocking brands, the typical user is as tech-illiterate enough to confuse your bot with a human.
- White Rat: Small userbase, full of communists, even the non-communists tend to outright mock consumption, the typical user is extremely tech-savvy so they spot and report your bot all the time.
If you’re a botter advertising some junk, you’ll probably want to bot in both platforms, but that is not always viable - coding the framework for the bots takes time, you don’t have infinite bandwidth and processing power, etc. So you’re likely going to prioritise Orange Alien, you’ll only bot White Rat if you can spare it some effort+resources.
The main issue with point #1 is that there’s only so much room to make the environment unattractive to bots before doing it for humans too. Like, you don’t want to shrink your userbase on purpose, right? You can still do things like promoting people to hold a more critical view, teaching them how to detect bots, asking them to report them (that also helps with #4), but it only goes so far.
[Sorry for the wall of text.]
This is the sort of thoughtful reasoning that I’m glad to see here, so a wall of text was warranted! Thanks for taking the time to add to the discussion 👍🙏
Bots can view content without being able to post, which is what people are aiming to cut down. I don’t super care if bots are vacuuming up my shitposts (even my shit posts), but I don’t particularly want to be in a community that’s overrun with bots posting.
Yeah, after all, we post on the internet for it to be visible by everyone, and that includes bots. If we didn’t want bots to find our content, then other humans couldn’t find them either; that’s my stance on this.
One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.
I wouldn’t use that as evidence that you were bot-attacked. A lot of people don’t like WoW and are mad at it for disappointing them. *coughSHADOWLANDScough*
I’m shocked I had to come down this far to find this.
They’re talking about bots, but that doesn’t in any way sound abnormal. People downvote comments like that all the time for their own satisfaction.
Yeah if it was -150 or -1500 I’d be like, yeah that’s weird. But fifteen randos hating wow and its users? More likely.
doctortran? The doctortran? The real doctor? The dashing special agent with a PHD in kicking your ass? (https://www.youtube.com/watch?v=FO0kRE5OTZI)
blue sky limited via invite codes which is an easy way to do it, but socially limiting.
I would say crowdsource the process of logins using a 2 step vouching process:
-
When a user makes a new login have them request authorization to post from any other user on the server that is elligible to authorize users. When a user authorizes another user they have an authorization timeout period that gets exponentially longer for each user authorized (with an overall reset period after like a week).
-
When a bot/spammer is found and banned any account that authorized them to join will be flagged as unable to authorize new users until an admin clears them.
Result: If admins track authorization trees they can quickly and easily excise groups of bots
I think this would be too limiting for humans, and not effective for bots.
As a human, unless you know the person in real life, what’s the incentive to approve them, if there’s a chance you could be banned for their bad behavior?
As a bot creator, you can still achieve exponential growth - every time you create a new bot, you have a new approver, so you go from 1 -> 2 -> 4 -> 8. Even if, on average, you had to wait a week between approvals, in 25 weeks (less that half a year), you could have over 33 million accounts. Even if you play it safe, and don’t generate/approve the maximal accounts every week, you’d still have hundreds of thousands to millions in a matter of weeks.
Using authorization chains one can easily get rid of malicious approving accounts at root using a “3 strikes and you’re out” method
This ignores the first part of my response - if I, as a legitimate user, might get caught up in one of these trees, either by mistakenly approving a bot, or approving a user who approves a bot, and I risk losing my account if this happens, what is my incentive to approve anyone?
Additionally, let’s assume I’m a really dumb bot creator, and I keep all of my bots in the same tree. I don’t bother to maintain a few legitimate accounts, and I don’t bother to have random users approve some of the bots. If my entire tree gets nuked, it’s still only a few weeks until I’m back at full force.
With a very slightly smarter bot creator, you also won’t have a nice tree:
As a new user looking for an approver, how do I know I’m not requesting (or otherwise getting) approved by a bot? To appear legitimate, they would be incentivized to approve legitimate users, in addition to bots.
A reasonably intelligent bot creator would have several accounts they directly control and use legitimately (this keeps their foot in the door), would mix reaching out to random users for approval with having bots approve bots, and would approve legitimate users in addition to bots. The tree ends up as much more of a tangled graph.
You don’t lose your account for approving a bot (well maybe if you approve dozens of them or something extraordinary malicious), you’re just not allowed to approve anymore.
You also don’t get dinged by having approved others who approved bots, unless that too becomes da trend.
Additionally, let’s assume I’m a really dumb bot creator, and I keep all of my bots in the same tree. I don’t bother to maintain a few legitimate accounts, and I don’t bother to have random users approve some of the bots. If my entire tree gets nuked, it’s still only a few weeks until I’m back at full force.
Even A few weeks is a big amount and there’s no guarantee it’s that little time.
If someone keeps approving accounts who end up getting caught generating spam trees, then that account might lose privileged to approve as well.
Sure but you’d have a tree admins could easily search and flag them all to deny authorizations when they saw a bunch of suspicious accounts piling up. Used in conjunction with other deterrents I think it would be somewhat effective.
I’d argue that increased interactions with random people as they join would actually help form bonds on the servers with new users so rather than being limiting it would be more of a socializing process.
This ignores the first part of my response - if I, as a legitimate user, might get caught up in one of these trees, either by mistakenly approving a bot, or approving a user who approves a bot, and I risk losing my account if this happens, what is my incentive to approve anyone?
Additionally, let’s assume I’m a really dumb bot creator, and I keep all of my bots in the same tree. I don’t bother to maintain a few legitimate accounts, and I don’t bother to have random users approve some of the bots. If my entire tree gets nuked, it’s still only a few weeks until I’m back at full force.
With a very slightly smarter bot creator, you also won’t have a nice tree:
As a new user looking for an approver, how do I know I’m not requesting (or otherwise getting) approved by a bot? To appear legitimate, they would be incentivized to approve legitimate users, in addition to bots.
A reasonably intelligent bot creator would have several accounts they directly control and use legitimately (this keeps their foot in the door), would mix reaching out to random users for approval with having bots approve bots, and would approve legitimate users in addition to bots. The tree ends up as much more of a tangled graph.
It feels like you’re making the argument that both random users wouldn’t approve anything in the first paragraph and they would readily approve bots in the fourth.
The reality is most users would probably be fairly permissive but might be delayed in their authorizations (ex they’re offline). If a bot acts enough like a person it probably won’t get caught right away but its likely whoever did let it in will be barred from authorizing people. I’m not saying this is a perfect solution but I would argue its an improvement over existing systems as over time users that are better at sussing out bots will likely be the largest group able to authorize people.
I’d imagine there would need to be an option for whoever was an authorization was made to (the authorizor) to start a DM chain with the requesting account.
-
Lemmy.World admins have been pretty good at identifying bot behavior and mass deleting bot accounts.
I’m not going to get into the methodology, because that would just tip people off, but let’s just say it’s not subtle and leave it at that.
