So, in thinking about how bad actors might manipulate Lemmy, I have some questions.

In this scenario, I’m an entity that wants to influence social media, a government, a corporation, a collection of dedicated degenerates—pick your boojum. I see this growing Lemmy thing. I figure it’s not a serious threat, but if I’m wrong, I’d like to be placed to influence things via what people see. I want to be able to upvote or downvote posts.

If I’ve got a decent budget, I’d spin up a bunch of new Lemmy instances and encourage signups when there’s this mad rush from Reddit. I’d want as many real users as I can get. I’d also create a bunch of sock puppet accounts on all of my instances. I’d probably have some of them post and comment.

If Lemmy attains critical mass, I’d be able to use those sock puppets to upvote/downvote posts I want to influence.

I (now the OP, not the hypothetical bad actor) imagine this is hard to defend against. I also imagine federation is all or nothing. That is, either you federate everything from a server or you federate nothing.

Are their granular federation options, like allowing post federation but ignoring upvote/downvote federation?

  • teoria
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    We’re gonna see that attack in reality, soon, im sure

    • phase_change@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      1 year ago

      That’s my guess too if Lemmy takes off. I’d imagine some will be obvious enough that everyone defedrates from that server, stranding the legit users. I’m not sophisticated enough to know how to defend against this, but I’m intrigued by the concept.