This is my current attempt at preparing to counter the spam waves that will be appearing as the fediverse becomes more and more popular.

It involves the creation of whitelists based on a chain of trust between instances with easy ways to add and remove into it with few overheads.

Let me know what you think and if you’re interested, please do register your instance at https://overctrl.dbzer0.com.

  • Digital_Eclipse@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    2 years ago

    You’re right about the spam, volunteer moderators are helpless against it if they decide to spawn thousands of instances and accounts to attack. A whitelist instead of blacklist style of federation might be necessary now. I just hope it doesn’t create too small of a bubble or certain large instances start to monopolize, like the way e-mail went.

  • ArrrborDAY@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 years ago

    Thank you for trying to protect the lemmy/kbin and fediverse communities. It will take lots of effort like this to keep it unshitified.

  • jollyroger@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 years ago

    I’m not an instance admin nor am I a mod. I just started using Lemmy a couple of days ago. First, respect to you for taking the time to come up with solutions. I think your solution is at the limit of what you can do to keep bad actors from creating instances and start spamming. We need to accept it will not solve all the spam. Just like there’s is still spam in the comment section on YouTube but alot less compared to a year or so ago. But, maybe having a more granular trust system of instances could be a solution to prevent smaller instances from being locked out. For example a new instance would be allowed to be whitelisted sooner than they would be allowed to endorse or guarantee other instances? Or doesn’t that work in the case of Lemmy?

  • playmaker@feddit.de
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 years ago

    Good decision. Especially in the long term I see no alternatives to whitelists. Yet.

    • db0@lemmy.dbzer0.comOPM
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Please try now. No need to register on a third lemmy instance, just provide your domain and admin username and it should PM you the API key

    • ☆ Yσɠƚԋσʂ ☆@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      2 years ago

      It’s a federation of different platforms such as Lemmy, Mastodon, PeerTube, Pixelfed, and others all using a common protocol called ActivityPub to talk to each other.

  • voluntaryexilecat@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 years ago

    I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.

    Like the nightmare scenario for email where the big providers just decide one day to drop any mail that does not come from another large corp or from someone who paid money for some id certification. Even now running your own mailserver is a major pain and requires a lot of attention, receiving mail is fine, but sending… oh my.

    So the hashcash solution proposed elsewhere still seems better to me. If I wanted to host my own instance I still could federate without begging the “council” for admission. The thought of burning energy just to prevent spam is repulsive but walling ourselves in and creating a gated community sounds even worse…

    • db0@lemmy.dbzer0.comOPM
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.

      I’ve built the whole thing to avoid exactly that! Any instance admin vouch for small instances.

      • voluntaryexilecat@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        I saw that. But I’m having flashbacks from email WOT and it did not converge to the interconnected mesh we had hoped it to be. Sooner or later larger nodes will exists who will not simply trust a key signed by a mere “tier3” instance. If a selfhoster wants to federate with their tiny 1-user instance, how do we differentiate between bot instance and genuine user instance?

        • db0@lemmy.dbzer0.comOPM
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 years ago

          Manual review. It all relies on people actually checking. And if someone masquerades, it’s trivial to withdraw our trust.

          • voluntaryexilecat@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 years ago

            Yes, but this opens up another problem with a federation controlled by the server admins and not the communities. Trust can be withdrawn as a punishment or due to a disagreement or just different views.

            We just saw that with instances defederating others due to incompatible views on politics. I expect more of that for much smaller disagreements until its just clusters of like-minded people in their own bubble. At least I want to see what others say that does not agree with my own views and values - how would I keep a realistic perception of reality otherwise? If I stay in my bubble too long then I might start thinking “everyone” thinks foo=good and bar=bad, while it might be the opposite.

            Other networks like freenet use a wot, but for each user. TOR does not filter out relays, but allows its users to do so. And, yes, they all have their own issues with their approach.

            What I am trying to say is: I had hoped for the fediverse instance admins to not consider themselves as lords of each their own feudalistic dukedom with “trade agreements”, but instead to consider themselves as mere service providers for the greater good, sworn to neutrality when it comes to opinions being discussed (abiding to law where required to not get sued or worse of course). Our strength lies in the federation network itself, without it we would just be a bunch of forums. If we allow the network to fragment more and stop talking to each other, the monolithic pseudonetworks of the big corporations will stay in power.

            I know this might be unachievable, or even undesired, but at least a web of trust that is controlled by its users, instead of the admins, is much more appealing to me.

            Hashcash would slow spammers down without troubling regular users too much. It would be scalable and with a meld-based algrithm it might be future proof. It could even complement a wot.

            • db0@lemmy.dbzer0.comOPM
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 years ago

              Yes, but this opens up another problem with a federation controlled by the server admins and not the communities. Trust can be withdrawn as a punishment or due to a disagreement or just different views.

              The Fediseer I’m running is just to validate against spam, not political views. Even if someone removes their guarantee from a server due to political disagreement, someone else just has to re-add it.

              And at the end of the day, The fediseer is not integrated into anything. It’s an optional list some instance admins might want to use. Not everyone has to. If trust is betrayed, people will just stop using it.

              • voluntaryexilecat@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 years ago

                Oh, it will work to keep spam out - I’m just not sure if it will ultimately become the border keeping the fediverse from growing when a “council of elders from the big instances” has first established itself. If the council is not diverse enough, it will be able to dictate the rules for “trust” beyond mere spam. All with good intentions of course.

                From an admin’s point of view, I do not want this “power” because it will corrupt me. From a user’s point of view, I would rather be able to decide this for myself.

                You asked for oppinions…

                • db0@lemmy.dbzer0.comOPM
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  2 years ago

                  The Fediseer does not work as a “council of elders” though.

                  Likewise, a “council of elders” form regardless of the existence of Fediseer.