this post was submitted on 27 Mar 2025
50 points (93.1% liked)

Fediverse

32257 readers
307 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
50
Downvote brigading via third instance hypothetical (lemmy.world)
submitted 4 days ago by kingofras@lemmy.world to c/fediverse@lemmy.world
13 comments fedilink hide all child comments
 

I’ve been on a journey today trying to understand the fediverse better.

I’ll be mindful to not start bitching about certain instances.

Here’s my example:

Is it technically possible that posts or comments still get downvote-brigaded by an instance that is technically defederated from the instance of the OP?

So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?

I’m trying to determine if the Fediverse has recourse against an r/TheDonald scenario, where one toxic element is allowed to flourish for too long and - in the case with the other site - eventually takes over and destroys everything.

If this debate has been had somewhere else, please feel free to point me there, otherwise I’d love to understand this better.

you are viewing a single comment's thread
view the rest of the comments
[–] ptz@dubvee.org 27 points 4 days ago* (last edited 4 days ago) (6 children)

So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?

Yes. Instance A will not see the downvotes from instance B, but instance C would. Also, anyone federated with all 3 would see the downvotes from B for content posted by someone on A.

The only defense is that mods and admins can see the votes and, if something like that is suspected, they can take action (ban the accounts, mods report the behavior to admins, consider defederating from instance B, etc). Seeing a pattern of mass-downvotes only from a particular instance would be considered a red flag for most admins.

This scenario is less likely than what we see in practice, though, since the overhead to create an instance and the "eggs all in one basket" make it easy to take action against (admins would quickly coordinate to block that instance). Tools like Fediseer would also be used to censure that instance and bring its behavior to light.

In the wild, it's far more common for them to just spin up a bunch of accounts across "good" instances (particularly those without registration applications) and coordinate.

One example of that: https://dubvee.org/post/1878799

[–] HarkMahlberg@kbin.earth 6 points 4 days ago (3 children)

In the wild, it's far more common for them to just spin up a bunch of accounts across "good" instances (particularly those without registration applications) and coordinate.

In 2023, this happened to a ton of unsecured Misskey instances who then proceeded to spam most of the Fediverse. It was just a troll in reality, but revealed that the Fediverse is no less vulnerable to coordinated, sophisticated attacks (and with how politically minded it is, there's plenty of incentive for nation state actors to do so).

[–] ptz@dubvee.org 7 points 4 days ago (2 children)

Yup, and I've probably still got a lot of those instances on my federation blocklist.

One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It's just irresponsible to have open registrations when you don't have an admin available 24/7.

[–] HarkMahlberg@kbin.earth 5 points 4 days ago (1 children)

On the one hand, one of the things we often tout about the Old Internet was the ability for anyone to run their own website, forum, blog, etc, free from corporatization. On the other hand, running your website is a responsibility on your part, and in the convenience-focused Internet we have now, seems to be a forgotten lesson.

On the third, mutant hand growing out of our back, fedi software should be designed with security-by-default, i.e. no open registration, to prevent the forgotten lesson from being a huge problem.

[–] ptz@dubvee.org 3 points 4 days ago* (last edited 4 days ago)

For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else's problem as well. Hence my gripe lol.

It's been so long since I setup my instance, I honestly don't recall what the default "Registration mode" is.

I'm but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the "Registration" section in the admin panel to nag you if the config is insecure. lol

It will still let you do it, just with a persistent nag message on that page.

load more comments (2 replies)