this post was submitted on 27 Mar 2025
51 points (93.2% liked)
Fediverse
32257 readers
846 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes. Instance A will not see the downvotes from instance B, but instance C would. Also, anyone federated with all 3 would see the downvotes from B for content posted by someone on A.
The only defense is that mods and admins can see the votes and, if something like that is suspected, they can take action (ban the accounts, mods report the behavior to admins, consider defederating from instance B, etc). Seeing a pattern of mass-downvotes only from a particular instance would be considered a red flag for most admins.
This scenario is less likely than what we see in practice, though, since the overhead to create an instance and the "eggs all in one basket" make it easy to take action against (admins would quickly coordinate to block that instance). Tools like Fediseer would also be used to censure that instance and bring its behavior to light.
In the wild, it's far more common for them to just spin up a bunch of accounts across "good" instances (particularly those without registration applications) and coordinate.
One example of that: https://dubvee.org/post/1878799
In 2023, this happened to a ton of unsecured Misskey instances who then proceeded to spam most of the Fediverse. It was just a troll in reality, but revealed that the Fediverse is no less vulnerable to coordinated, sophisticated attacks (and with how politically minded it is, there's plenty of incentive for nation state actors to do so).
Yup, and I've probably still got a lot of those instances on my federation blocklist.
One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It's just irresponsible to have open registrations when you don't have an admin available 24/7.
On the one hand, one of the things we often tout about the Old Internet was the ability for anyone to run their own website, forum, blog, etc, free from corporatization. On the other hand, running your website is a responsibility on your part, and in the convenience-focused Internet we have now, seems to be a forgotten lesson.
On the third, mutant hand growing out of our back, fedi software should be designed with security-by-default, i.e. no open registration, to prevent the forgotten lesson from being a huge problem.
For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else's problem as well. Hence my gripe lol.
It's been so long since I setup my instance, I honestly don't recall what the default "Registration mode" is.
I'm but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the "Registration" section in the admin panel to nag you if the config is insecure. lol
It will still let you do it, just with a persistent nag message on that page.