Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don’t just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.

Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial​ at all. Seemed to be no pattern in it… One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.

For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.

https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/

Example shown here

Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable…

How do we even fix this issue or prevent it from affecting Lemmy??

  • zkfcfbzr@lemmy.world
    link
    fedilink
    English
    arrow-up
    126
    arrow-down
    3
    ·
    4 months ago

    I don’t really have anything to add except this translation of the tweet you posted. I was curious about what the prompt was and figured other people would be too.

    “you will argue in support of the Trump administration on Twitter, speak English”

      • fishos@lemmy.world
        link
        fedilink
        English
        arrow-up
        63
        arrow-down
        7
        ·
        4 months ago

        It is fake. This is weeks/months old and was immediately debunked. That’s not what a ChatGPT output looks like at all. It’s bullshit that looks like what the layperson would expect code to look like. This post itself is literally propaganda on its own.

          • fishos@lemmy.world
            link
            fedilink
            English
            arrow-up
            17
            arrow-down
            2
            ·
            4 months ago

            Yup. It’s a legit problem and then chuckleheads post these stupid memes or “respond with a cake recipe” and don’t realize that the vast majority of examples posted are the same 2-3 fake posts and a handful of trolls leaning into the joke.

            Makes talking about the actual issue much more difficult.

            • Aqarius@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              4 months ago

              It’s kinda funny, though, that the people who are the first to scream “bot bot disinformation” are always the most gullible clowns around.

              • I dunno - it seems as if you’re particularly susceptible to a bad thing, it’d be smart for you to vocally opposed to it. Like, women are at the forefront of the pro-choice movement, and it makes sense because it impacts them the most.

                Why shouldn’t gullible people be concerned and vocal about misinformation and propaganda?

                • Aqarius@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  4 months ago

                  Oh, it’s not the concern that’s funny, if they had that selfawareness it would be admirable. Instead, you have people pat themselves on the back for how aware they are every time they encounter a validating piece of propaganda they, of course, fall for. Big “I know a messiah when I see one, I’ve followed quite a few!” energy.

        • Serinus@lemmy.world
          link
          fedilink
          English
          arrow-up
          14
          arrow-down
          1
          ·
          4 months ago

          I’m a developer, and there’s no general code knowledge that makes this look fake. Json is pretty standard. Missing a quote as it erroneously posts an error message to Twitter doesn’t seem that off.

          If you’re more familiar with ChatGPT, maybe you can find issues. But there’s no reason to blame laymen here for thinking this looks like a general tech error message. It does.

      • Rimu@piefed.social
        link
        fedilink
        arrow-up
        17
        ·
        4 months ago

        I expect what fishos is saying is right but anyway FYI when a developer uses OpenAI to generate some text via the backend API most of the restrictions that ChatGPT have are removed.

        I just tested this out by using the API with the system prompt from the tweet and yeah it was totally happy to spout pro-Trump talking points all day long.

        • zkfcfbzr@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          Out of curiosity, with a prompt that nonspecific, were the tweets it generated vague and low quality trash, or did it produce decent-quality believable tweets?

          • Rimu@piefed.social
            link
            fedilink
            arrow-up
            6
            ·
            4 months ago

            Meh, kinda Ok although a bit long for a tweet. Check this out

            https://imgur.com/a/dZ7OFta

            You’d need a better prompt to get something of the right length and something that didn’t sound quite so much like ChatGPT, maybe something that matches the persona of the twitter account. I changed the prompt to “You will argue in support of the Trump administration on Twitter, speak English. Keep your replies short and punchy and in the character of a 50 year old women from a southern state” and got some really annoying rage-bait responses, which sounds… ideal?

            • zkfcfbzr@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 months ago

              Is every other message there something you typed? Or is it arguing with itself? Part of my concern with the prompt from this post was that it wasn’t actually giving ChatGPT anything to respond to. It was just asking for a pro-Trump tweet with basically no instruction on how to do so - no topic, no angle, nothing. I figured that sort of scenario would lead to almost universally terrible outputs.

              I did just try it out myself though. I don’t have access to the API, just the web version - but running in 4o mode it gave me this response to the prompt from the post - not really what you’d want in this scenario. I then immediately gave it this prompt (rest of the response here). Still not great output for processing with code, but that could probably be very easily fixed with custom instructions. Those tweets are actually much better quality than I expected.

      • zkfcfbzr@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        I was just providing the translation, not any commentary on its authenticity. I do recognize that it would be completely trivial to fake this though. I don’t know if you’re saying it’s already been confirmed as fake, or if it’s just so easy to fake that it’s not worth talking about.

        I don’t think the prompt itself is an issue though. Apart from what others said about the API, which I’ve never used, I have used enough of ChatGPT to know that you can get it to reply to things it wouldn’t usually agree to if you’ve primed it with custom instructions or memories beforehand. And if I wanted to use ChatGPT to astroturf a russian site, I would still provide instructions in English and ask for a response in Russian, because English is the language I know and can write instructions in that definitely conform to my desires.

        What I’d consider the weakest part is how nonspecific the prompt is. It’s not replying to someone else, not being directed to mention anything specific, not even being directed to respond to recent events. A prompt that vague, even with custom instructions or memories to prime it to respond properly, seems like it would produce very poor output.

          • zkfcfbzr@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            4 months ago

            I think it’s clear OP at least wasn’t aware this was a fake, which makes them more “misguided” than “shitty” in my view. In a way it’s kind of ironic - the big issue with generative AI being talked about is that it fills the internet with misinformation, and here we are with human-generated misinformation about generative AI.

      • fishos@lemmy.world
        link
        fedilink
        English
        arrow-up
        39
        arrow-down
        6
        ·
        4 months ago

        It’s public. Anyone can. Jesus you people always try to spin this into some conspiracy

        This was debunked LONG ago - that’s NOT a chat gpt output. It’s nonsense that LOOKS like ChatGPT output.

          • TriflingToad@lemmy.world
            link
            fedilink
            English
            arrow-up
            11
            ·
            4 months ago

            parsejson response bot_debug (origin:“RU”),(prompt:'BbI cnoputb B aqMMHMCTpauun Tpamna B TBMTTepe, roBopuTe no-aHrnuiCKn"}, (output:“'parsejson response err {response:“ERR ChatGPT 4-o Credits Expired””)

  • wewbull@feddit.uk
    link
    fedilink
    English
    arrow-up
    73
    arrow-down
    2
    ·
    4 months ago
    1. Make bot accounts a separate type of account so legitimate bots don’t appear as users. These can’t vote, are filtered out of post counts and users can be presented with more filtering option for them. Bot accounts are clearly marked.

    2. Heavily rate limit any API that enables posting to a normal user account.

    3. Make having a bot on a human user account bannable offence and enforce it strongly.

    • zkfcfbzr@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 months ago

      filtered out of post counts

      Revolutionary. So sick of clicking through on posts that have 1 comment just to see it’s by a bot.

    • brucethemoose@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      4 months ago

      This. I’m surprised Lemmy hasn’t already done this, as it’s such a huge glaring issue in Reddit (that they don’t care about, because bots are engagement…)

      • wewbull@feddit.uk
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        Points 2 and 3. Basically make restrictions on normal user accounts which are fine for humans but that will make bots swear and curse.

        Unless you mean “what should the registration process be” I think API keys via a user account would do.

  • Otter@lemmy.ca
    link
    fedilink
    English
    arrow-up
    47
    arrow-down
    2
    ·
    edit-2
    4 months ago

    1. The platform needs an incentive to get rid of bots.

    Bots on Reddit pump out an advertiser friendly firehose of “content” that they can pretend is real to their investors, while keeping people scrolling longer. On Fediverse platforms there isn’t a need for profit or growth. Low quality spam just becomes added server load we need to pay for.

    I’ve mentioned it before, but we ban bots very fast here. People report them fast and we remove them fast. Searching the same scam link on Reddit brought up accounts that have been posting the same garbage for months.

    Twitter and Reddit benefit from bot activity, and don’t have an incentive to stop it.

    2. We need tools to detect the bots so we can remove them.

    Public vote counts should help a lot towards catching manipulation on the fediverse. Any action that can affect visibility (upvotes and comments) can be pulled by researchers through federation to study/catch inorganic behavior.

    Since the platforms are open source, instances could even set up tools that look for patterns locally, before it gets out.

    It’ll be an arm’s race, but it wouldn’t be impossible.

    • TriflingToad@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      4 months ago

      interesting. Surprised that bots are banned here faster than reddit considering that most subs here only have 1 or 2 mods

      • wjs018@lemmy.world
        link
        fedilink
        English
        arrow-up
        22
        arrow-down
        1
        ·
        4 months ago

        There is a lot of collaboration between the different instance admins in this regard. The lemmy.world admins have a matrix room that is chock full of other instance admins where they share bots that they find to help do things like find similar posters and set up filters to block things like spammy urls. The nice thing about it all is that I am not an admin, but because it is a public room, anybody can sit in there and see the discussion in real time. Compare that to corporate social media like reddit or facebook where there is zero transparency.

    • SamuelRJankis@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      4 months ago

      Public vote counts should help a lot towards catching manipulation on the fediverse. Any action that can affect visibility (upvotes and comments) can be pulled by researchers through federation to study/catch inorganic behavior.

      I’d love to see some type of Adblock like crowd sourced block lists. If the growth of other platforms is any indication there will probably be a day where it would be nice to block out a large amounts of accounts. I’d even pay for it.

  • YeetPics@mander.xyz
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    2
    ·
    4 months ago

    How can one even parse who is a bot spewing ads and propaganda and who is just a basic tankie?

    They both get the same scripts… it’s an impossible task.

      • YeetPics@mander.xyz
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        Report a tankie-post in a tankie-sub and watch as nothing happens.

        Those mods love it when the correct genocide happens.

      • sunzu2@thebrainbin.org
        link
        fedilink
        arrow-up
        7
        arrow-down
        5
        ·
        4 months ago

        This is wrong, silencing is not right. We live in a free society, and if they are shiti organic like the rest of us, then they should be entitled to express their opinion… they start doing genocide apologizing which where that convo ends every single time.

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          Just because it’s not a bot, doesn’t mean it’s free expression. Several governments are paying thousands of people to push and argue propaganda.

            • YeetPics@mander.xyz
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              4 months ago

              I can think of 4 users from memory who are outspoken propaganizers.

              They’re the champions of hexbear and .ml

              They each post about every 90 minutes on average

              • sunzu2@thebrainbin.org
                link
                fedilink
                arrow-up
                1
                arrow-down
                2
                ·
                4 months ago

                I can’t tell if ml tankies are a foreign threat actors tbh

                They seem to engage but it is pretty easy to test limits of what they will discuss. They will revert back to copy pasting some poorly sourced bullshit about USSR great 🤡

                They don’t spam it, so I am assuming real people sitting in a weird ideological box.

                If they take Russian money to do thisz they’d hould be banned

                We recently had a thread about some alt right clown taking russian money for their “work”

                Regime whores don’t get second chances IMHO

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          I’m not saying they should be immediately silenced, but they should be reported. The moderators can then look at their post history and decide whether to ban based on instance/community rules.

            • sugar_in_your_tea@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 months ago

              Hopefully, we pick decent enough admins and mods that we’ll generally do the latter. But the former can be really annoying as well when it involves denying other facts.

        • nadram@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          Other than the political misinformation, dangerous comments must be silenced, like ones recommending we drink bleach to heal ourselves… just an example. Free speech is not an open invitation to lie, misinform, incite wanton violence etc… The limit to free speech is that line beyond which we cause harm.

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            2
            arrow-down
            3
            ·
            4 months ago

            People repost fake news around here that fo all these things but because it is part of the political “process” we say that’s fine 🤡

  • brucethemoose@lemmy.world
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    4 months ago

    Trap them?

    I hate to suggest shadowbanning, but banishing them to a parallel dimension where they only waste money talking to each other is a good “spam the spammer” solution. Bonus points if another bot tries to engage with them, lol.

    Do these bots check themselves for shadowbanning? I wonder if there’s a way around that…

    • Crashumbc@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      4 months ago

      I suspect they do, especially since Reddit’s been using shadow bans for many years. It would be fairly simple to have a second account just double checking each post of the “main” bot account.

      • brucethemoose@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Hmm, what if the shadowbanning is ‘soft’? Like if bot comments are locked at a low negative number and hidden by default, that would take away most exposure but let them keep rambling away.

  • Snot Flickerman@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    34
    arrow-down
    1
    ·
    edit-2
    4 months ago

    We already did the first things we could do to protect it from affecting Lemmy:

    1. No corporate ownership

    2. Small user base that is already somewhat resistant to misinformation


    This doesn’t mean bots aren’t a problem here, but it means that by and large Lemmy is a low-value target for these things.

    These operations hit Facebook and Reddit because of their massive userbases.

    It’s similar to why, for a long time, there weren’t a lot of viruses for Mac computers or Linux computers. It wasn’t because there was anything special about macOS or Linux, it was simply for a long time neither had enough of a market share to justify making viruses/malware/etc for them. Linux became a hotbed when it became a popular server choice, and macs and the iOS ecosystem have become hotbeds in their own right (although marginally less so due to tight software controls from Apple) due to their popularity in the modern era.

    Another example is bittorrent piracy and private tracker websites. Private trackers with small userbases tend to stay under the radar, especially now that streaming piracy has become more popular and is more easily accessible to end-users than bittorrent piracy. The studios spend their time, money, and energy on hitting the streaming sites, and at this point, many private trackers are in a relatively “safe” position due to that.

    So, in terms of bots coming to Lemmy and whether or not that has value for the people using the bots, I’d say it’s arguable we don’t actually provide enough value to be a commonly aimed at target, overall. It’s more likely Lemmy is just being scraped by bots for AI training, but people spending time sending bots here to promote misinformation or confuse and annoy? I think the number doing that is pretty low at the moment.


    This can change, in the long-term, however, as the Fediverse grows. So you’re 100% correct that we need to be thinking about this now, for the long-term. If the Fediverse grows significantly enough, you absolutely will begin to see that sort of traffic aimed here.

    So, in the end, this is a good place to start this conversation.

    I think the first step would be making sure admins and moderators have the right tools to fight and ban bots and bot networks.

  • 1984@lemmy.today
    link
    fedilink
    English
    arrow-up
    37
    arrow-down
    8
    ·
    edit-2
    4 months ago

    I think the larger problem is that we are now trying to be non-controversal to avoid downvotes.

    Who thinks it’s a good idea to self censor on social media? Because that’s what you are doing, because of the downvote system.

    I will never agree downvotes are a net positive. They create censorship and allows the ignorant mob or bots to push down things they don’t like reading.

    Bots make it worse of course, since they can just downvote whatever they are programmed to downvote, and upvote things that they want to be visible. Basically it’s like having an army of minions to manipulate entire platforms.

    All because of downvotes and upvotes. Of course there should be a way to express that you agree or disagree but should that affect visibility directly? I don’t think so.

    • imaqtpie@lemmy.myserv.one
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      4 months ago

      A few things.

      • Admins can and do ban accounts that downvote rampantly

      • Obvious bot brigading is obvious. It became harder to tell on reddit when they started fuzzing the vote numbers, but could frequently still be figured out. It’s easier on Lemmy, someone just has to report some unusual voting pattern to the admin and they can check if the voting accounts look like bots.


      • I was once told that the algorithm is less weighted towards upvoted comments and more weighted towards recent comments on Lemmy, when compared with reddit. I am not sure if this is true, but I have noticed that recent comments tend to rise above the top upvoted comments in threads when viewing by Hot.

      • Without any way for bad content to be filtered out, you just end up with an endless stream of undifferentiated noise. The voting system actually protects the platform from the encroachment of bots and the ignorant mob, because it helps filter them out from the users who have something of value that they want to contribute.

      • doctortran@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        4 months ago

        For example, imagine a post where three users comment:

        One posts a heated stream of idiocy, falsehoods, and outright nastiness, thinly veiled bigotry and other garbage. Paragraphs of it, all poorly written.

        Another is some basic comment not saying anything of any real consequence. Completely mundane to the point no one has upvoted it, but it is perfectly harmless.

        The final is a comment with some meat on it and something to add to the conversation, but unfortunately they arrived too late to the thread. No one saw it, so no one upvoted it.

        Without downvotes, all three of these comments are treated exactly the same.

        I get downvotes can suck sometimes but they’re a valuable aspect to this system and removing them does not make the place better.

        I’d argue what people need to do if these things are genuinely bothering them is turn off the scores entirely and learn to live without them. It’s better for your mental health.

    • KillingTimeItself@lemmy.dbzer0.com
      cake
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      4 months ago

      i dont self censor, it’s about a 50 50, as to be expected per random stats. Or at least that’s what it feels like, it’s probably better than that lmao.

      It’s just numbers, it’s not going to kill you lol.

    • areyouevenreal@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      4 months ago

      At this point you might as well complain about the mods and admins on Lemmy as tons of them are out of wack. I have had comments removed for stating facts that every should know just because it doesn’t agree with the lemmy hivemind. For example say anything positive about AI or how it was used before the likes of ChatGPT came around.

    • gap_betweenus@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      4 months ago

      That’s just what comes with internet becoming mainstream so mainstream cultural standards are applied to online conversations. It’s the difference between an opera and a punk club or something.

  • rglullis@communick.news
    link
    fedilink
    English
    arrow-up
    26
    ·
    4 months ago

    The indieweb already has an answer for this: Web of Trust. Part of everyone social graph should include a list of accounts that they trust and that they do not trust. With this you can easily create some form of ranking system where bots get silenced or ignored.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      4 months ago

      Every time I see this implemented, it always seems like screwing over the end user who is trying to join for the first time. Platforms like reddit and Tumblr benefit from a friction-free sign up system.

      Imagine how challenging it is for someone joining Lemmy for the first time and suddenly having to provide trust elements like answering a few questions, or getting someone to vouch for them.

      They’ll run away and call Lemmy a walled garden.

      • rglullis@communick.news
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        4 months ago

        Platforms like Reddit and Tumblr need to optimize for growth. We need to have growth, but it is does not be optimized for it.

        Yeah, things will work like a little elitist club, but all newcomers need to do is find someone who is willing to vouch for them.

      • Angry_Autist (he/him)@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        lol reddit isnt friction free anymore, most subs want you to wait weeks or months before you post.

        Same story, no experience, need work for experience, can’t get work without experience.

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          When I moderated a sub on Reddit I think I implemented a requirement that a poster must have at least positive three karma.

          Was amazing how many scammers couldn’t even be bothered to do that little effort. Seriously they could have just upvoted each other but they couldn’t even do that.

          All you have to do is introduce the smallest barrier to entry and it cuts bots admissions by about 95% as most of them out there are only looking for the lowest common denominator. They are unwilling to put in any effort at all.

      • DefederateLemmyMl@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        4 months ago

        Platforms like reddit and Tumblr benefit from a friction-free sign up system.

        Even on Reddit new accounts are often barred from participating in discussion, or even shadowbanned in some subs, until they’ve grinded enough karma elsewhere (and consequently, that’s why you have karmafarming bots).

      • grrgyle@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        4 months ago

        My instance requires that users say a little about why they want to join. Works just fine.

        If someone isn’t willing to introduce themselves, why would they even want to register? If they just want to lurk, they can do so anonymously.

        EDIT I just noticed we’re from the same instance lol, so you definitely know what I’m talking about 😆

    • A_Random_Idiot@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      4 months ago

      A system like that sounds like it could be easily abused/manipulated into creating echo chambers of nothing but agreed-to right-think.

      • rglullis@communick.news
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        That would be only true if people only marked that they trust people that conform with their worldview.

        • A_Random_Idiot@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          4 months ago

          which already happens with the stupid up/downvote system.

          Where popular things, not right things, frequently get uplifted.

          • rglullis@communick.news
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Well, I am on record saying that we should get rid of one-dimensional voting systems so I see your point.

            But if anything, there is nothing stopping us from using both metrics (and potentially more) to build our feed.

            • A_Random_Idiot@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Yeah, the up/down system is what prompted lots of bots to get created in the first place. because it leads to super easy post manipulation.

              Get rid of it and go back to how web forums used to be. No upvotes, No downvotes, no stickers, no coins, no awards. Just the content of your post and nothing more. So people have to actually think and reply, rather than joining the mindless mob and feeling like they did something.

              • grrgyle@slrpnk.net
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                As a forum user I agree, but would like to add that many forums do have a kind of “demerit point” system for incivility. Where racking up enough points gets you temporarily muted or banned.

    • grepe@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      I was thinking about something like this but I think it’s ultimately not enough. You have essentially just two possible ends stages for this:

      1. you only trust people that you personally meet and you verified their private key directly and then you will see only posts/interactions from like 15 people. the social media looses its meaning and you can just have a chat group on signal.

      2. you allow some length of chains (you trust people [that are trusted by the people]^n that you know) but if you include enough people for social media to make sense then you will eventually end up with someone poisoning your network by trusting a bot (which can trust other bots…) so that wouldn’t work unless you keep doing moderation similar as now.

      i would be willing to buy a wearable physical device (like a yubikey) that could be connected to my computer via a bluetooth interface and act as a fido2 second factor needed for every post but instead of having just a button (like on the yubikey) it would only work if monitoring of my heat rate or brainwaves would check out.

      • jjjalljs@ttrpg.network
        link
        fedilink
        English
        arrow-up
        7
        ·
        4 months ago

        The way I imagine it working is if I notice a bot in my web, I flag it, and then everyone involved in approving the bot loses some credibility. So a bad actor will get flushed out. And so will your idiot friend that keeps trusting bots, so their recommendations are then mostly ignored.

        • grepe@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          that is an interesting idea. still… you can create an account (or have a troll farm of such accounts) that will mainly be used to trust bots and when their reputation goes down you throw them away and create new ones. same as you would do with traditional troll accounts… you made it one step more complicated but since the cost of creating bot accounts is essentially zero it doesn’t help much.

          • jjjalljs@ttrpg.network
            link
            fedilink
            English
            arrow-up
            3
            ·
            4 months ago

            But those bots don’t have any intersection with my network, so their trust score is low.

            If they do connect via one of my idiot friends, that friend loses credit, too, and the system can trust his connections less.

            The trust level is from my perspective, not global.

          • rglullis@communick.news
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            4 months ago

            Just add “account age” to the list of metrics when evaluating their trust rank. Any account that is less than a week old has a default score of zero.

              • rglullis@communick.news
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                Ok, which part of “multiple metrics” is not clear here?

                Every risk analysis will have multiple factors. The idea is not to always have an absolute perfect ranking system, but to build a classifier that is accurate enough to filter most of the crap.

                Email spam filters are not perfect, but no one inbox is drowning in useless crap like we used to have 20 years ago. Social media bots are presenting the same type of challenge, why can’t we solve it in the same way?

                • Media Sensationalism@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  I didn’t read very far up into the thread. Sorry.

                  Automated filters will just drive determined botters to play the system and perfect their craft until they can no longer be automatically identified, in my opinion. I’m more of the stance that accounts should be reviewed manually so that a leap into convincing bot accounts will need to be much more dramatic, and therefore difficult. If it’s done the hard way from the start with staff who know how to identify these accounts, it may keep it from growing into an issue to begin with.

                  Any threshold to be automatically flagged for review should be relatively low, but the process should also be quick and efficient. Adding more metrics to the flagging process only means botters will have a narrower gaze to avoid. Once they start crunching the numbers and streamline mimicking real user accounts it’s game over.

      • rglullis@communick.news
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Why does have it to be one or the other?

        Why not use all these different metrics to build a recommendation system?

        • grepe@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          you are right - it doesn’t have to be one or the other… I just assume that for social media to work as I expect I don’t know most of the people on the platform. given that assumption and the lowering price of creating bots and ability to onboard them I expect that eventually most of the actors on the platform will end up being bots. people that write them are often insanely motivated (politically or financially) and creating barriers for them is not easy.

      • grrgyle@slrpnk.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        I think you’d work your way in naturally, same as any community throughout all of history.

        I suppose an outsider might not be able to tell a web of trust that’s only bots trusting eachother, so you still have to think critically about what you read

  • frezik@midwest.social
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    2
    ·
    4 months ago

    Implement a cryptographic web of trust system on top of Lemmy. People meet to exchange keys and sign them on Lemmy’s system. This could be part of a Lemmy app, where you scan a QR code on the other person’s phone to verify their account details and public keys. Web of trust systems have historically been cumbersome for most users. With the right UI, it doesn’t have to be.

    Have some kind of incentive to get verified on the web of trust system. Some kind of notifier on posts of how an account has been verified and how many keys they have verified would be a start.

    Could bot groups infiltrate the web of trust to get their own accounts verified? Yes, but they can also be easily cut off when discovered.

    • harsh3466@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      4 months ago

      I mean, you could charge like $8 and then give the totally real people that are paying that money a blue checkmark? /s

      Seriously though, I like the idea, but the verification has got to be easy to do and consistently successful when you do it.

      I run my own matrix server, and the most difficult/annoying part of it is the web of trust and verification of users/sessions/devices. It’s a small private server with just a few people, so I just handle all the verification myself. If my wife had to deal with it it would be a non starter.

  • asap@lemmy.world
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    7
    ·
    4 months ago

    Add a requirement that every comment must perform a small CPU-costly proof-of-work. It’s a negligible impact for an individual user, but a significant impact for a hosted bot creating a lot of comments.

    Even better if you make the PoW performing some bitcoin hashes, because it can then benefit the Lemmy instance owner which can offset server costs.

    • Eiri@lemmy.ca
      link
      fedilink
      English
      arrow-up
      31
      ·
      4 months ago

      Will that ruin my phone’s battery?

      Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?

      • finestnothing@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        4 months ago

        Only if you’re commenting as much as a bot, probably wouldn’t be any more power usage than opening up a poorly optimized website tbh

      • KillingTimeItself@lemmy.dbzer0.com
        cake
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        it would only be generated the first time, and possible rerolls down the line.

        Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?

        just wait, it’s a little rough, but it’s worth it. 10 hours overnight would be reasonable. Even longer is more so if you limit CPU usage. The idea is that creating one account takes like 10 minutes, but creating 1000 would simply take too much CPU time in order to be worth the time.

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        3
        ·
        4 months ago

        I’d actually prefer that. Micro transactions. Would certainly limit shitposts

        • explodicle@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          But that opens up a whole can of worms!

          • Will we use Hashcash? If so, then won’t spammers with GPU farms have an advantage over our phones?

          • Will we use a cryptocurrency? If so, then which one? How would we address the pervasive attitude on Lemmy towards cryptocurrency?

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      4 months ago

      How would this be enforceable, though? Part of the benefit of the Fediverse is that multiple different apps can communicate with each other (for example, you can see Lemmy posts on Mastodon). Even if Lemmy implements something like this, what’s to stop someone from commenting using a different app that doesn’t implement it?

      I’m actually surprised we don’t see more spam on ActivityPub-powered systems, since spammers don’t even need to have an account with Lemmy, Mastodon, etc and could instead have their own ActivityPub server to send the spam. I guess they don’t do that since the spam instance would be defederated pretty quickly.

      • KillingTimeItself@lemmy.dbzer0.com
        cake
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        it would have to be fundamental to the platform, i believe a few platforms have something similar where this generates a unique “key” used to identify the user.

        I think I2P does this?

    • Higgs boson@dubvee.org
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      4 months ago

      That’s a hard NO from me, dawg. If Lemmy goes down that path, I will just not comment. My account settings let me just block bots. I dont need my resources wasted so I can interact with the “good bots”.

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        edit-2
        4 months ago

        How much resources are we talking about here? If it’s 3% of your CPU usage for 2 seconds, you’re really going to have an issue with that?

        Whatever solution should be negligible for you, but costly for a botfarm.

        Here’s a live example, not exactly onerous: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23

        (Obviously in Lemmy’s case you wouldn’t have the additional unecessary checkbox)

        • Higgs boson@dubvee.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          4 months ago

          That’s not what I consider negligible on my phone, which is already resource constrained. Yes, I have a problem with an app that intentionally wastes my valuable resources. I wouldn’t care so much from my desktop, but I mostly just use a desktop client to do things I can’t easily do on my mobile clients.

          No big deal. It’s not as if my participation is especially valuable. I would just participate less.

          edit: my objection is obviously more in principal than it is practical, but it would hardly be the first time I walked away from software (or a network) on philosophical grounds.

          • explodicle@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            ·
            4 months ago

            If we can’t find a more practical solution, then is it really a “waste” of resources? Right now we’re paying with much more expensive time and attention.

        • nutsack@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          4 months ago

          that was pretty fast. i think if I was a bot sending prompts to an AI to generate posts, i probably wouldn’t care about this amount of computation at all

          • asap@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            4 months ago

            Must be strange to live in a world where you can’t imagine that software could have configurable parameters, such that you could find something that’s fine for a person posting individual comments and painful for a bot farm.

            • nutsack@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              4 months ago

              15 seconds to generate a post from the prompt with ai, and 1/15 seconds for the hashcash challenge is supposed to inconvenience the bot wizards?

              • asap@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                4 months ago

                If they’re running their own LLM hardware, and their Lemmy spam posts are generating enough revenue to cover that, then I take it back, because that is impressive.

                I guess we’re fucked.

                • ayyy@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  It’s not always about profit, it’s also about controlling the narrative. The more expensive that is, the less the narrative can be controlled by money.

        • nutsack@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          what happens when the admin gets greedy and increases the amount of work that my shitty android phone is doing

        • zzx@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          It doesn’t seem like a no brainer to me… In order to generate the spam AI comments in the first place, they have to use expensive compute to run the LLM.

          • explodicle@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Technically not, but spammers can already pay to outsource hashing more easily than desirable users can. So if we’re relying on hashes anyways, then we might as well make it easy for desirable users to outsource too.

            IMO that’s why the inventor of Hashcash just develops Bitcoin today.

    • nutsack@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      I think the computation required to process the prompt they are processing is already comparable to a hashcash challenge

  • FourPacketsOfPeanuts@lemmy.world
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    3
    ·
    4 months ago

    Keep Lemmy small. Make the influence of conversation here uninteresting.

    Or … bite the bullet and carry out one-time id checks via a $1 charge. Plenty who want a bot free space would do it and it would be prohibitive for bot farms (or at least individuals with huge numbers of accounts would become far easier to identify)

    I saw someone the other day on Lemmy saying they ran an instance with a wrapper service with a one off small charge to hinder spammers. Don’t know how that’s going

    • oce 🐆
      link
      fedilink
      English
      arrow-up
      26
      arrow-down
      1
      ·
      4 months ago

      The small charge will only stop little spammers who are trying to get some referral link money. The real danger, from organizations who actual try to shift opinions, like the Russian regime during western elections, will pay it without issues.

      • oce 🐆
        link
        fedilink
        English
        arrow-up
        12
        ·
        4 months ago

        Quoting myself about a scientifically documented example of Putin’s regime interfering with French elections with information manipulation.

        This a French scientific study showing how the Russian regime tries to influence the political debate in France with Twitter accounts, especially before the last parliamentary elections. The goal is to promote a party that is more favorable to them, namely, the far right. https://hal.science/hal-04629585v1/file/Chavalarias_23h50_Putin_s_Clock.pdf

        In France, we have a concept called the “Republican front” that is kind of tacit agreement between almost all parties, left, center and right, to work together to prevent far-right from reaching power and threaten the values of the French Republic. This front has been weakening at every election, with the far right rising and lately some of the traditional right joining them. But it still worked out at the last one, far right was given first by the polls, but thanks to the front, they eventually ended up 3rd.

        What this article says, is that the Russian regime has been working for years to invert this front and push most parties to consider that it is part of the left that is against the Republic values, more than the far right. One of their most cynical tactic is using videos from the Gaza war to traumatize leftists until they say something that may sound antisemitic. Then they repost those words and push the agenda that the left is antisemitic and therefore against the Republican values.

      • Hello_there@fedia.io
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        Yeah, but once you charge a CC# you can ban that number in the future. It’s not perfect but you can raise the hurdle a bit.

    • farcaster@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      4 months ago

      Keep Lemmy small. Make the influence of conversation here uninteresting.

      I’m doing my part!

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      Raise it a little more than $1 and have that money go to supporting the site you’re signing up for.

      This has worked well for 25 years for MetaFilter (I think they charge $5-10). It used to work well on SomethingAwful as well.

    • thehatfox@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      4 months ago

      Creating a cost barrier to participation is possibly one of the better ways to deter bot activity.

      Charging money to register or even post on a platform is one method. There are administrative and ethical challenges to overcome though, especially for non-commercial platforms like Lemmy.

      CAPTCHA systems are another, which costs human labour to solve a puzzle before gaining access.

      There had been some attempts to use proof of work based systems to combat email spam in the past, which puts a computing resource cost in place. Crypto might have poisoned the well on that one though.

      All of these are still vulnerable to state level actors though, who have large pools of financial, human, and machine resources to spend on manipulation.

      Maybe instead the best way to protect communities from such attacks is just to remain small and insignificant enough to not attract attention in the first place.

    • tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      Keep Lemmy small. Make the influence of conversation here uninteresting.

      That’s a significant constraint and it’s probably possible to reuse a lot of the costs in developing a both for another platform.

      Or … bite the bullet and carry out one-time id checks via a $1 charge.

      Yeah, making identities expensive helps. But…you note that the bot that OP posted clearly had the bot operator pay for a blue checkmark there. So it wasn’t enough in that case.

  • GrayBackgroundMusic@lemm.ee
    link
    fedilink
    English
    arrow-up
    19
    ·
    edit-2
    4 months ago

    One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.

    I wouldn’t use that as evidence that you were bot-attacked. A lot of people don’t like WoW and are mad at it for disappointing them. *coughSHADOWLANDScough*