How are "We" to place trust in the fediverse? - eviltoast

I came here for the same reasons as most of you and chiefly among them was to escape the corporate embrace of common social media platforms.

But how much trust can we place into Lemmy, Mastodon, and/or other various integrated Fediverse platform instances?

I’m all for open-source and transparency which the devs seem to provide, although providing source code and routinely audited source code are entirely different concepts.

Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.

So I ask simply: How much faith do you have? (Please provide supporting documentation links supporting your answer because I’m genuinely interested.)

EDIT: I literally removed a semi-colon character ‘:’

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Kind of but not really? You’d have to federate out every vote individually. There’s no upvotes totals anywhere, there’s a vote table that contains who voted up/down on what, and it’s counted as needed. So if you want to send out 1000 votes, you need 1000 valid users and also send 1000 different activities to at least one instance.

    You can make it display 100000 votes on your own instance if you want, but it’s not going to alter the rating on other instances because they run their own tally.

    If you really want this to work long term, you need a credible looking instance with credible looking users that are ideally actually subscribed to the target community, and credible activity patterns too. Otherwise, the community can detect what you’re doing and defederate you and purge all the activities from your instance, and also revert all those votes as a side effect.

    Remember, all votes are individual activities, and all votes are replicated individually to every instance. On Kbin, you can even see all the votes right from the UI, they don’t even hide it! You can count them yourself if you want. So anyone with the dataset can analyze it and sound the alarm. And each instance can potentially have its own algorithm for that, so instead of having just one target to game, like Reddit and a subreddit, you have hundreds of instances to fool. There’s so many signals I could use to fight spam: instance age, instance user growth, the frequency and timing of the votes, are the users seemingly active 24/7, what other communities those users post into, what are they voting for, do they all vote in agreement with each other, and on and on.

    So, you technically can manipulate votes but it takes a lot of effort and care to make it as hard as possible to detect in practice. We play the same cat and mouse game as Reddit, but distributed and with many more eyes on it.