The best part of the fediverse is that anyone can run their own server. The downside of this is that anyone can easily create hordes of fake accounts, as I will now demonstrate.
Fighting fake accounts is hard and most implementations do not currently have an effective way of filtering out fake accounts. I’m sure that the developers will step in if this becomes a bigger problem. Until then, remember that votes are just a number.
This was a problem on reddit too. Anyone could create accounts - heck, I had 8 accounts:
one main, one alt, one “professional” (linked publicly on my website), and five for my bots (whose accounts were optimistically created, but were never properly run). I had all 8 accounts signed in on my third-party app and I could easily manipulate votes on the posts I posted.
I feel like this is what happened when you’d see posts with hundreds / thousands of upvotes but had only 20-ish comments.
There needs to be a better way to solve this, but I’m unsure if we truly can solve this. Botnets are a problem across all social media (my undergrad thesis many years ago was detecting botnets on Reddit using Graph Neural Networks).
Fwiw, I have only one Lemmy account.
I see what you mean, but there’s also a large number of lurkers, who will only vote but never comment.
I don’t think it’s unfeasible to have a small number of comments on a highly upvoted post.
Maybe you’re right, but it just felt uncanny to see thousands of upvotes on a post with only a handful of comments. Maybe someone who active on the bot-detection subreddits can pitch in.
I agree completely. 3k upvotes on the front page with 12 comments just screams vote manipulation
Reddit had ways to automatically catch people trying to manipulate votes though, at least the obvious ones. A friend of mine posted a reddit link for everyone to upvote on our group and got temporarily suspended for vote manipulation like an hour later. I don’t know if something like that can be implemented in the Fediverse but some people on github suggested a way for instances to share to other instances how trusted/distrusted a user or instance is.
An automated trust rating will be critical for Lemmy, longer term. It’s the same arms race as email has to fight. There should be a linked trust system of both instances and users. The instance ‘vouches’ for the users trust score. However, if other instances collectively disagree, then the trust score of the instance is also hit. Other instances can then use this information to judge how much to allow from users in that instance.
LLM bots has make this approach much less effective though. I can just leave my bots for a few months or a year to get reputation, automate them in a way that they are completely indistinguishable from a natural looking 200 users, making my opinion carry 200x the weight. Mostly for free. A person with money could do so much more.
I got suspended multiple times because my partner and daughter were also in our city’s sub, and sometimes one of them would upvote my comments without realizing it was me. It got really fucking annoying, and of course there’s no way to talk to a real person at reddit to prove we’re different people. I’d appeal every time and they’d deny it every time. How reddit could have gotten so huge without realizing that multiple people can live in the same household is beyond me. In the end they both just stopped upvoting anything in the sub because it was too risky (for me).
I feel like this is what happened when you’d see posts with hundreds / thousands of upvotes but had only 20-ish comments.
Nah it’s the same here in Lemmy. It’s because the algorithm only accounts for votes and not for user engagement.
Yes, I feel like this is a moot point. If you want it to be “one human, one vote” then you need to use some form of government login (like id.me, which I’ve never gotten to work). Otherwise people will make alts and inflate/deflate the “real” count. I’m less concerned about “accurate points” and more concerned about stability, participation, and making this platform as inclusive as possible.
In my opinion, the biggest (and quite possibly most dangerous) problem is someone artificially pumping up their ideas. To all the users who sort by active / hot, this would be quite problematic.
I’d love to actually see some social media research groups actually consider how to detect and potentially eliminate this issue on Lemmy, considering Lemmy is quite new and is malleable at this point (compared to other social media). For example, if they think metric X may be a good idea to include in all metadata to increase chances of detection, then it may be possible to include this in the source code of posts / comments / activities.
I know a few professors and researchers who do research on social media and associated technologies, I’ll go talk to them when they come to their office on Monday.
I have been thinking about this government id aspect too. But it’s not coming to me.
Users sign up with govt ID, obtain a unique social media key that’s used for all activities beyond the sign up. One key per person, but a person can have multiple accounts? You know, like that database primary key.
The relationship between the govt id and social media key needs to be in a zero knowledge encryption so that no one can corelate the real person with their online presence. THIS is the bummer.
On Reddit there were literally bot armies by which thousands of votes could be instantly implemented. It will become a problem if votes have any actual effect.
It’s fine if they’re only there as an indicator, but if the votes are what determine popularity, prioritize visibility, it will become a total shitshow at some point. And it will be rapid. So yeah, better to have a defense system in place asap.
I always had 3 or 4 reddit accounts in use at once. One for commenting, one for porn, one for discussing drugs and one for pics that could be linked back to me (of my car for example) I also made a new commenting account like once a year so that if someone recognized me they wouldn’t be able to find every comment I’ve ever written.
On lemmy I have just two now (other is for porn) but I’m probably going to make one or two more at some point
If you and several other accounts all upvoted each other from the same IP address, you’ll get a warning from reddit. If my wife ever found any of my comments in the wild, she would upvoted them. The third time she did it, we both got a warning about manipulating votes. They threatened to ban both of our accounts if we did it again.
But here, no one is going to check that.
May I ask how do you format your text? My format bar has disappeared from wefwef.
I don’t use wefwef, I use jerboa for android.
**bold**
*italics*
> quote
`code`
# heading
- list
Ah ok. Yeah I thought the markdown was the same as reddit being markdown but it used to have a toolbar.
Thanks for response.
Also I’ve wondered why don’t they have an underline markdown.
I’d just make new usernames whenever I thought of one I thought was funny. I’ve only used this one on Lemmy (so far) but eventually I’ll probably make a new one when I have one of those “Oh shit, that’d be a good username” moments.
You can change your display name on Lemmy to whatever you want whenever you want.
I had all 8 accounts signed in on my third-party app and I could easily manipulate votes on the posts I posted.
There’s no chance this works. Reddit surely does a simple IP check.
I would think that they need to set a somewhat permissive threshold to avoid too many false positives due to people sharing a network. For example, a professor may share a reddit post in a class with 600 students with their laptops connected to the same WiFi. Or several people sharing an airport’s WiFi could be looking at /r/all and upvoting the top posts.
I think 8 accounts liking the same post every few days wouldn’t be enough to trigger an alarm. But maybe it is, I haven’t tried this.
I had one main account but also a couple for using when I didn’t want to mix my “private” life up with other things. I don’t even know if it’s not allowed in the TOS?
Anyway, I stupidly made a Valmond account on several Lemmy instances before I got the hang of it, and when (if!) my server will one day function I’ll make an account there so …
I guess it might be like in the old forum days, you have a respectable account and another if you wanted to ask a stupid question etc. admin would see (if they cared) but not the ordinary users.
I think the best solution there is so far is to require captcha for every upvote but that’d lead to poor user experience. I guess it’s the cost benefit of user experience degrading through fake upvotes vs through requiring captcha.
If any instance ever requires a captcha for something as trivial as an upvote, I’ll simply stop upvoting on that instance.
I don’t know how you got away with that to be honest. Reddit has fairly good protection from that behaviour. If you up vote something from the same IP with different accounts reasonably close together there’s a warning. Do it again there’s a ban.
I’m curious what value you get from a bot? Were you using it to upvote your posts, or to crawl for things that you found interesting?
The latter. I was making bots to collect data (for the previously-mentioned thesis) and to make some form of utility bots whenever I had ideas.
I once had an idea to make a community-driven tagging bot to tag images (like hashtags). This would have been useful for graph building and just general information-lookup. Sadly, the idea never came to fruition.
The lack of karma helps some. There’s no point in trying to rack up the most points for your account(s), which is a good thing. Why waste time on the lamest internet game when you can engage in conversation with folks on lemmy instead.
It can still be used to artificially pump up an idea. Or used to bury one.
This is the problem. All the algorithms are based on the upvote count. Bad actors will abuse this.
So maybe more weight should be put on comment count? Much harder to fake those.
Agree. Farming karma is nothing compared to making a single individual polar-opinion APPEAR as though it is other’s (or most’s) polar-opinion. We know that other’s opinions are not our own, but they do influence our opinions. It’s pretty important that either 1) like numbers mean nothing, in which case hot/active/etc. are meaningless or 2) we work together to ensure trust in like numbers.
Lack of karma is a fallacy. The default Lemmy UI doesn’t display it but the karma system appears to be fully built.
This is near inevitable if this platform takes off.
Advertisers gonna advertise.
Just rip them in the comments and boycott their brand
Edit: or even meme them into the ground. I could start a parody account if I saw someone advertising. I could pretend I’m them and align myself with nazi values in satire ads hypothetically.
I was actually talking to someone that works in advertising and for big companies this is unlikely. Pepsi for example pays a lot for the guarntee that their product ads won’t appear near posts they don’t want them to. Since Lemmy advertising would only be through regular posts where they have no control over this, they likely wouldn’t risk the potential detriment to brand perception.
Now this can change if the potential reach of Lemmy is big enough but that size will be different for each company.
Maybe I’m misunderstanding karma, but Memmy appears to show the total upvotes I’ve gotten for comments and posts, isn’t that basically karma?
I don’t think other people can see it though. On Reddit bot accounts would rack up karma so that when they switch to posting spam it looks like they have a lot of karma and are someone who posts worthwhile things.
I’m using wefwef and can see what everyone score is on any given comment as well as their overall score when I go to their profile
I can click on you and see the same stats for you… though the numbers seems too low when I eyeball it compared to your comments, but I’m thinking maybe it’s just total points for a single lemmy server?
EDIT I was wrong! Lemmy does have karma, even listed in the API, though for some reason it doesn’t show this to you itself. So, those of us just using Lemmy directly have been under the mistaken idea that it didn’t do it, and those using third party apps are seeing it: https://lemmy.world/post/1250922?scrollToComments=true
~~That’s interesting, because on the Lemmy website, there is no total upvotes number visible. It only shows the total number of posts and total number of comments. It then shows the list of posts and comments, and you can see the scores for each, but there’s no total. Memmy must be calculating this itself. This seems to be something third party app developers are adding which is not present in actual Lemmy itself, in order to try to replicate Reddit Karma somewhat.
As Lemmy works itself: On Reddit, in addition to your posts and comments having visible scores, your username also has an aggregate score, which Lemmy does not have. At least, when I go to your profile, I can see the scores for your posts and comments, but I cannot see any aggregate score for you as a user. That’s what Reddit Karma is. I don’t know what black magic formula Reddit calculates it from, as old Reddit and new Reddit show different Karma numbers for the same user, but whatever algorithm they use, it’s an overall user score that Lemmy does not have (so far, at least). ~~
While the Lemmy UI doesn’t expose the data is available via the API. That’s how clients like Memmy are getting it.
In case anyone’s wondering this is what we instance admins can see in the database. In this case it’s an obvious example, but this can be used to detect patterns of vote manipulation.
Oh cool 👀 What’s the rest of that table? Is the actor_id one column in like… an upvotes table or something?
You can buy 700 votes anonymously on reddit for really cheap
I don’t see that it’s a big deal, really. It’s the same as it ever was.
Over a houndred dollars for 700 upvotes O_o
I wouldn’t exactly call that cheap 🤑
On the other hand, ten or twenty quick downvotes on an early answer could swing things I guess …
For the companies who want a huge advantage over others, $100 is nothing in an advertising budget.
I have a small business and I do $1000 a week in advertising.
I don’t know anything about advertising but what are you doing that costs $1000 a week? I am legitimately curious.
huge advantage over others, $100 is nothing in an advertising budget.
the only problem here is that 700 reddit upvotes is not “huge advantage over others”. i honestly fail to see how someone could pay $100 for that. i’d consider $10 too much.
or do you spend your $1000 budget on 7000 reddit upvotes? :D
Web of trust is the solution. Show me vote totals that only count people I trust, 90% of people they trust, 81% of people they trust, etc. (0.9 multiplier should be configurable if possible!)
Fwiw, search engines need to figure out what is “reliable”. The original implementations were, well if BananaPie.com is referenced by 10% of the web, it must be super trustworthy! So people created huge networks of websites that all linked each other and a website they wanted to promote in order to gain reliability.
It could be implemented on both the server and the client, with the client trusting the server most of the time and spot checking occasionally to keep the server honest.
The origins of upvotes and downvotes are already revealed on objects on Lemmy and most other fediverse platforms. However, this is not an absolute requirement; there are cryptographic solutions that allow verifying vote aggregation without identifying vote origins, but they are mathematically expensive.
That sounds a bit hyperbolic.
You can externalize the web of trust with a decentralized system, and then just link it to accounts at whatever service you’re using. You could use a browser extension, for example, that shows you whether you trust a commenter or poster.
That list wouldn’t get federated out, it could live in its own ecosystem, and update your local instance so it provides a separate list of votes for people in your web of trust. So only your admin (which could be you!) would know who you trust, and it would send two sets of vote totals to your client (or maybe three if you wanted to know how many votes it got from your instance alone).
So no, I don’t think it needs to be invasive at all.
What if the web of trust is calculated with upvotes and downvotes? We already trust server admins to store those.
For each vote, read user post content and vote history and age
This should happen in the client and easily controllable by the user. As well as to investigate why one particular post or current was selected by the local content discovery algorithm. So you can quickly find fraudulent accounts and block them.
And this public, user led moderation actions then go on to inform the content discovery algorithm of other users until we have consensus user led content discovery and moderation.
And just like that we eliminate the need for shadowy humans of the moderator priesthood to play human spamfilter / human thought manipulator
