PSA: every interaction you make with various posts on kbin is viewable to everyone.

zeste@kbin.social to /kbin meta@kbin.social – 156 points –

If you click on the "more" button under a comment or link there will be an activity tab. In this tab you can see everyone who has boosted, favourited or reduced the post. I'm not sure if this a
Is a good feature but it's interesting to see when someone decides to reduce all of your content for no reason.

81

You are viewing a single comment
View all commentsShow the parent comment

So what happens with 300 people downvote a post and 500 upvote it? For that to work you'd need an 'account' per post/vote/user combination. Now your instance has 1000's of bot accounts that are now indistinguishable from bad vote manipulation.

Yeah. Because each instance would have a record of that but there’s nothing to stop a bad actor from doing that on one instance and federating that out.

Of course a bad actor can set up their own instance and just create thousands of fake bot accounts and do the same.

Edit: The more I think about it @VerifiablyMrWonka the only way to do it would be to have some kind of activitypub transaction that is flagged as an instances reputation.

E.g. it’s the same as using the per instance account but it allows you to say “here’s how kbin.social” calculated the reputation/weight of this item.

And then each instance can opt to include that or not as they see fit. Maybe they federate with all instances but only show the weight/reputation “favorites”/“reduce” from those that they trust to maintain that info. Lemmy.world, sure, but the new instances such as haxor.1488.de.feder.at yeah… that’s probably a no so by default all of those don’t show/include in that instances feed.

Of course a bad actor can set up their own instance and just create thousands of fake bot accounts and do the same.

A competent admin would then just defederate from them. Easy. But now throw in that all kbin instances look like bot fests and what do you do? Maybe what lemmy.ml have done and just block kbin useragents at the firewall.

Having an aggregate account that just sends totals could work, but then vote brigading just became even easier. What's that aggregate bot? Did you just send a vote ratio of 300:1.9k for this comment? Lovely.

It's a very hard problem to solve and I'm not sure it's doable. The only thing keeping ActivityPub together is the fact that it's so transparent and bad actors are easily spotted and blocked. As soon as you muddy the waters the primary benefactor is the bad person.

That’s true. Just something to consider since there are real life bad actors and things can and will be a security/safety risk for some groups