Bots are running rampant. How do we stop them from ruining Lemmy? - eviltoast

Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don’t just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.

Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial​ at all. Seemed to be no pattern in it… One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.

For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.

https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/

Example shown here

Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable…

How do we even fix this issue or prevent it from affecting Lemmy??

  • rglullis@communick.news
    link
    fedilink
    English
    arrow-up
    26
    ·
    4 months ago

    The indieweb already has an answer for this: Web of Trust. Part of everyone social graph should include a list of accounts that they trust and that they do not trust. With this you can easily create some form of ranking system where bots get silenced or ignored.

    • ByteOnBikes@slrpnk.net
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      4 months ago

      Every time I see this implemented, it always seems like screwing over the end user who is trying to join for the first time. Platforms like reddit and Tumblr benefit from a friction-free sign up system.

      Imagine how challenging it is for someone joining Lemmy for the first time and suddenly having to provide trust elements like answering a few questions, or getting someone to vouch for them.

      They’ll run away and call Lemmy a walled garden.

      • rglullis@communick.news
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        4 months ago

        Platforms like Reddit and Tumblr need to optimize for growth. We need to have growth, but it is does not be optimized for it.

        Yeah, things will work like a little elitist club, but all newcomers need to do is find someone who is willing to vouch for them.

      • Angry_Autist (he/him)@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        4 months ago

        lol reddit isnt friction free anymore, most subs want you to wait weeks or months before you post.

        Same story, no experience, need work for experience, can’t get work without experience.

        • Echo Dot@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          When I moderated a sub on Reddit I think I implemented a requirement that a poster must have at least positive three karma.

          Was amazing how many scammers couldn’t even be bothered to do that little effort. Seriously they could have just upvoted each other but they couldn’t even do that.

          All you have to do is introduce the smallest barrier to entry and it cuts bots admissions by about 95% as most of them out there are only looking for the lowest common denominator. They are unwilling to put in any effort at all.

      • DefederateLemmyMl@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        4 months ago

        Platforms like reddit and Tumblr benefit from a friction-free sign up system.

        Even on Reddit new accounts are often barred from participating in discussion, or even shadowbanned in some subs, until they’ve grinded enough karma elsewhere (and consequently, that’s why you have karmafarming bots).

      • grrgyle@slrpnk.net
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        4 months ago

        My instance requires that users say a little about why they want to join. Works just fine.

        If someone isn’t willing to introduce themselves, why would they even want to register? If they just want to lurk, they can do so anonymously.

        EDIT I just noticed we’re from the same instance lol, so you definitely know what I’m talking about 😆

    • A_Random_Idiot@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      4 months ago

      A system like that sounds like it could be easily abused/manipulated into creating echo chambers of nothing but agreed-to right-think.

      • rglullis@communick.news
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        That would be only true if people only marked that they trust people that conform with their worldview.

        • A_Random_Idiot@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          4 months ago

          which already happens with the stupid up/downvote system.

          Where popular things, not right things, frequently get uplifted.

          • rglullis@communick.news
            link
            fedilink
            English
            arrow-up
            2
            ·
            4 months ago

            Well, I am on record saying that we should get rid of one-dimensional voting systems so I see your point.

            But if anything, there is nothing stopping us from using both metrics (and potentially more) to build our feed.

            • A_Random_Idiot@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              Yeah, the up/down system is what prompted lots of bots to get created in the first place. because it leads to super easy post manipulation.

              Get rid of it and go back to how web forums used to be. No upvotes, No downvotes, no stickers, no coins, no awards. Just the content of your post and nothing more. So people have to actually think and reply, rather than joining the mindless mob and feeling like they did something.

              • grrgyle@slrpnk.net
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                As a forum user I agree, but would like to add that many forums do have a kind of “demerit point” system for incivility. Where racking up enough points gets you temporarily muted or banned.

    • grepe@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      I was thinking about something like this but I think it’s ultimately not enough. You have essentially just two possible ends stages for this:

      1. you only trust people that you personally meet and you verified their private key directly and then you will see only posts/interactions from like 15 people. the social media looses its meaning and you can just have a chat group on signal.

      2. you allow some length of chains (you trust people [that are trusted by the people]^n that you know) but if you include enough people for social media to make sense then you will eventually end up with someone poisoning your network by trusting a bot (which can trust other bots…) so that wouldn’t work unless you keep doing moderation similar as now.

      i would be willing to buy a wearable physical device (like a yubikey) that could be connected to my computer via a bluetooth interface and act as a fido2 second factor needed for every post but instead of having just a button (like on the yubikey) it would only work if monitoring of my heat rate or brainwaves would check out.

      • jjjalljs@ttrpg.network
        link
        fedilink
        English
        arrow-up
        7
        ·
        4 months ago

        The way I imagine it working is if I notice a bot in my web, I flag it, and then everyone involved in approving the bot loses some credibility. So a bad actor will get flushed out. And so will your idiot friend that keeps trusting bots, so their recommendations are then mostly ignored.

        • grepe@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          that is an interesting idea. still… you can create an account (or have a troll farm of such accounts) that will mainly be used to trust bots and when their reputation goes down you throw them away and create new ones. same as you would do with traditional troll accounts… you made it one step more complicated but since the cost of creating bot accounts is essentially zero it doesn’t help much.

          • jjjalljs@ttrpg.network
            link
            fedilink
            English
            arrow-up
            3
            ·
            4 months ago

            But those bots don’t have any intersection with my network, so their trust score is low.

            If they do connect via one of my idiot friends, that friend loses credit, too, and the system can trust his connections less.

            The trust level is from my perspective, not global.

          • rglullis@communick.news
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            4 months ago

            Just add “account age” to the list of metrics when evaluating their trust rank. Any account that is less than a week old has a default score of zero.

              • rglullis@communick.news
                link
                fedilink
                English
                arrow-up
                1
                ·
                4 months ago

                Ok, which part of “multiple metrics” is not clear here?

                Every risk analysis will have multiple factors. The idea is not to always have an absolute perfect ranking system, but to build a classifier that is accurate enough to filter most of the crap.

                Email spam filters are not perfect, but no one inbox is drowning in useless crap like we used to have 20 years ago. Social media bots are presenting the same type of challenge, why can’t we solve it in the same way?

                • Media Sensationalism@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  4 months ago

                  I didn’t read very far up into the thread. Sorry.

                  Automated filters will just drive determined botters to play the system and perfect their craft until they can no longer be automatically identified, in my opinion. I’m more of the stance that accounts should be reviewed manually so that a leap into convincing bot accounts will need to be much more dramatic, and therefore difficult. If it’s done the hard way from the start with staff who know how to identify these accounts, it may keep it from growing into an issue to begin with.

                  Any threshold to be automatically flagged for review should be relatively low, but the process should also be quick and efficient. Adding more metrics to the flagging process only means botters will have a narrower gaze to avoid. Once they start crunching the numbers and streamline mimicking real user accounts it’s game over.

                  • Fedizen@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    4 months ago

                    if the bots get so effective at mimicking users that they start to generate useful information that is also a win.

      • rglullis@communick.news
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Why does have it to be one or the other?

        Why not use all these different metrics to build a recommendation system?

        • grepe@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          you are right - it doesn’t have to be one or the other… I just assume that for social media to work as I expect I don’t know most of the people on the platform. given that assumption and the lowering price of creating bots and ability to onboard them I expect that eventually most of the actors on the platform will end up being bots. people that write them are often insanely motivated (politically or financially) and creating barriers for them is not easy.

      • grrgyle@slrpnk.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        I think you’d work your way in naturally, same as any community throughout all of history.

        I suppose an outsider might not be able to tell a web of trust that’s only bots trusting eachother, so you still have to think critically about what you read