So, in thinking about how bad actors might manipulate Lemmy, I have some questions.
In this scenario, I’m an entity that wants to influence social media, a government, a corporation, a collection of dedicated degenerates—pick your boojum. I see this growing Lemmy thing. I figure it’s not a serious threat, but if I’m wrong, I’d like to be placed to influence things via what people see. I want to be able to upvote or downvote posts.
If I’ve got a decent budget, I’d spin up a bunch of new Lemmy instances and encourage signups when there’s this mad rush from Reddit. I’d want as many real users as I can get. I’d also create a bunch of sock puppet accounts on all of my instances. I’d probably have some of them post and comment.
If Lemmy attains critical mass, I’d be able to use those sock puppets to upvote/downvote posts I want to influence.
I (now the OP, not the hypothetical bad actor) imagine this is hard to defend against. I also imagine federation is all or nothing. That is, either you federate everything from a server or you federate nothing.
Are their granular federation options, like allowing post federation but ignoring upvote/downvote federation?
I don’t think there are granular controls, but I honestly don’t think it’s as big a deal as you’re describing. It’ll get pretty obvious at an admin server log level what’s happening. Brigading is brigading, whether it’s bots or people. The admin of server1 (the victim) can then politely ask the admin of server2 (the attacker) to sort themselves out. Maybe describe the issue, and ask them to moderate their server better.
If that doesn’t happen, then server1 would be completely justified in blocking server2. If server2 then starts brigading servers 3 through 10, they’re going to get blocked there too. Then comes the angry man shouting at himself in a mirror step, where users on server2 turn to eachother. Eventually, everyone sane leaves.
Truth SocialGab is a mastodon instance. This is what happened to them.EDIT: Also, old-timers around here told me there have been multiple extreme alt-right Lemmy instances set up shop over the years of development. Every time they did, they got blocked by everyone else, bored with having nobody to shout at, then left.
This is what happened to Gab. IIRC Truth Social never federated at all.
We’re gonna see that attack in reality, soon, im sure
That’s my guess too if Lemmy takes off. I’d imagine some will be obvious enough that everyone defedrates from that server, stranding the legit users. I’m not sophisticated enough to know how to defend against this, but I’m intrigued by the concept.