Bots are running rampant. How do we stop them from ruining Lemmy? - eviltoast

Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don’t just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.

Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial​ at all. Seemed to be no pattern in it… One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.

For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.

https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/

Example shown here

Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable…

How do we even fix this issue or prevent it from affecting Lemmy??

  • asap@lemmy.world
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    7
    ·
    4 months ago

    Add a requirement that every comment must perform a small CPU-costly proof-of-work. It’s a negligible impact for an individual user, but a significant impact for a hosted bot creating a lot of comments.

    Even better if you make the PoW performing some bitcoin hashes, because it can then benefit the Lemmy instance owner which can offset server costs.

    • Eiri@lemmy.ca
      link
      fedilink
      English
      arrow-up
      31
      ·
      4 months ago

      Will that ruin my phone’s battery?

      Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?

      • finestnothing@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        4 months ago

        Only if you’re commenting as much as a bot, probably wouldn’t be any more power usage than opening up a poorly optimized website tbh

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        it would only be generated the first time, and possible rerolls down the line.

        Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?

        just wait, it’s a little rough, but it’s worth it. 10 hours overnight would be reasonable. Even longer is more so if you limit CPU usage. The idea is that creating one account takes like 10 minutes, but creating 1000 would simply take too much CPU time in order to be worth the time.

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        3
        ·
        4 months ago

        I’d actually prefer that. Micro transactions. Would certainly limit shitposts

        • explodicle@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          4 months ago

          But that opens up a whole can of worms!

          • Will we use Hashcash? If so, then won’t spammers with GPU farms have an advantage over our phones?

          • Will we use a cryptocurrency? If so, then which one? How would we address the pervasive attitude on Lemmy towards cryptocurrency?

    • Higgs boson@dubvee.org
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      2
      ·
      4 months ago

      That’s a hard NO from me, dawg. If Lemmy goes down that path, I will just not comment. My account settings let me just block bots. I dont need my resources wasted so I can interact with the “good bots”.

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        edit-2
        4 months ago

        How much resources are we talking about here? If it’s 3% of your CPU usage for 2 seconds, you’re really going to have an issue with that?

        Whatever solution should be negligible for you, but costly for a botfarm.

        Here’s a live example, not exactly onerous: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23

        (Obviously in Lemmy’s case you wouldn’t have the additional unecessary checkbox)

        • Higgs boson@dubvee.org
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          4 months ago

          That’s not what I consider negligible on my phone, which is already resource constrained. Yes, I have a problem with an app that intentionally wastes my valuable resources. I wouldn’t care so much from my desktop, but I mostly just use a desktop client to do things I can’t easily do on my mobile clients.

          No big deal. It’s not as if my participation is especially valuable. I would just participate less.

          edit: my objection is obviously more in principal than it is practical, but it would hardly be the first time I walked away from software (or a network) on philosophical grounds.

          • explodicle@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            6
            ·
            4 months ago

            If we can’t find a more practical solution, then is it really a “waste” of resources? Right now we’re paying with much more expensive time and attention.

        • nutsack@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          4 months ago

          that was pretty fast. i think if I was a bot sending prompts to an AI to generate posts, i probably wouldn’t care about this amount of computation at all

          • asap@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            arrow-down
            1
            ·
            4 months ago

            Must be strange to live in a world where you can’t imagine that software could have configurable parameters, such that you could find something that’s fine for a person posting individual comments and painful for a bot farm.

            • nutsack@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              4 months ago

              15 seconds to generate a post from the prompt with ai, and 1/15 seconds for the hashcash challenge is supposed to inconvenience the bot wizards?

              • asap@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                4 months ago

                If they’re running their own LLM hardware, and their Lemmy spam posts are generating enough revenue to cover that, then I take it back, because that is impressive.

                I guess we’re fucked.

                • ayyy@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  It’s not always about profit, it’s also about controlling the narrative. The more expensive that is, the less the narrative can be controlled by money.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      4 months ago

      How would this be enforceable, though? Part of the benefit of the Fediverse is that multiple different apps can communicate with each other (for example, you can see Lemmy posts on Mastodon). Even if Lemmy implements something like this, what’s to stop someone from commenting using a different app that doesn’t implement it?

      I’m actually surprised we don’t see more spam on ActivityPub-powered systems, since spammers don’t even need to have an account with Lemmy, Mastodon, etc and could instead have their own ActivityPub server to send the spam. I guess they don’t do that since the spam instance would be defederated pretty quickly.

      • KillingTimeItself@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        4 months ago

        it would have to be fundamental to the platform, i believe a few platforms have something similar where this generates a unique “key” used to identify the user.

        I think I2P does this?

        • zzx@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          It doesn’t seem like a no brainer to me… In order to generate the spam AI comments in the first place, they have to use expensive compute to run the LLM.

        • nutsack@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          what happens when the admin gets greedy and increases the amount of work that my shitty android phone is doing

          • explodicle@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Technically not, but spammers can already pay to outsource hashing more easily than desirable users can. So if we’re relying on hashes anyways, then we might as well make it easy for desirable users to outsource too.

            IMO that’s why the inventor of Hashcash just develops Bitcoin today.

    • nutsack@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      I think the computation required to process the prompt they are processing is already comparable to a hashcash challenge