This is my current attempt at preparing to counter the spam waves that will be appearing as the fediverse becomes more and more popular.

It involves the creation of whitelists based on a chain of trust between instances with easy ways to add and remove into it with few overheads.

Let me know what you think and if you’re interested, please do register your instance at https://overctrl.dbzer0.com.

  • You’re right about the spam, volunteer moderators are helpless against it if they decide to spawn thousands of instances and accounts to attack. A whitelist instead of blacklist style of federation might be necessary now. I just hope it doesn’t create too small of a bubble or certain large instances start to monopolize, like the way e-mail went.

  • I’m not an instance admin nor am I a mod. I just started using Lemmy a couple of days ago. First, respect to you for taking the time to come up with solutions. I think your solution is at the limit of what you can do to keep bad actors from creating instances and start spamming. We need to accept it will not solve all the spam. Just like there’s is still spam in the comment section on YouTube but alot less compared to a year or so ago. But, maybe having a more granular trust system of instances could be a solution to prevent smaller instances from being locked out. For example a new instance would be allowed to be whitelisted sooner than they would be allowed to endorse or guarantee other instances? Or doesn’t that work in the case of Lemmy?

  • I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.

    Like the nightmare scenario for email where the big providers just decide one day to drop any mail that does not come from another large corp or from someone who paid money for some id certification. Even now running your own mailserver is a major pain and requires a lot of attention, receiving mail is fine, but sending… oh my.

    So the hashcash solution proposed elsewhere still seems better to me. If I wanted to host my own instance I still could federate without begging the “council” for admission. The thought of burning energy just to prevent spam is repulsive but walling ourselves in and creating a gated community sounds even worse…

    •  db0   ( @db0@lemmy.dbzer0.com ) OP
      link
      fedilink
      English
      11 year ago

      I’m still very concerned a whitelist scenario will ultimately lead to just a few megalithic instances without a chance for new, small instances to ever join the federation.

      I’ve built the whole thing to avoid exactly that! Any instance admin vouch for small instances.

      • I saw that. But I’m having flashbacks from email WOT and it did not converge to the interconnected mesh we had hoped it to be. Sooner or later larger nodes will exists who will not simply trust a key signed by a mere “tier3” instance. If a selfhoster wants to federate with their tiny 1-user instance, how do we differentiate between bot instance and genuine user instance?

          • Yes, but this opens up another problem with a federation controlled by the server admins and not the communities. Trust can be withdrawn as a punishment or due to a disagreement or just different views.

            We just saw that with instances defederating others due to incompatible views on politics. I expect more of that for much smaller disagreements until its just clusters of like-minded people in their own bubble. At least I want to see what others say that does not agree with my own views and values - how would I keep a realistic perception of reality otherwise? If I stay in my bubble too long then I might start thinking “everyone” thinks foo=good and bar=bad, while it might be the opposite.

            Other networks like freenet use a wot, but for each user. TOR does not filter out relays, but allows its users to do so. And, yes, they all have their own issues with their approach.

            What I am trying to say is: I had hoped for the fediverse instance admins to not consider themselves as lords of each their own feudalistic dukedom with “trade agreements”, but instead to consider themselves as mere service providers for the greater good, sworn to neutrality when it comes to opinions being discussed (abiding to law where required to not get sued or worse of course). Our strength lies in the federation network itself, without it we would just be a bunch of forums. If we allow the network to fragment more and stop talking to each other, the monolithic pseudonetworks of the big corporations will stay in power.

            I know this might be unachievable, or even undesired, but at least a web of trust that is controlled by its users, instead of the admins, is much more appealing to me.

            Hashcash would slow spammers down without troubling regular users too much. It would be scalable and with a meld-based algrithm it might be future proof. It could even complement a wot.

            •  db0   ( @db0@lemmy.dbzer0.com ) OP
              link
              fedilink
              English
              11 year ago

              Yes, but this opens up another problem with a federation controlled by the server admins and not the communities. Trust can be withdrawn as a punishment or due to a disagreement or just different views.

              The Fediseer I’m running is just to validate against spam, not political views. Even if someone removes their guarantee from a server due to political disagreement, someone else just has to re-add it.

              And at the end of the day, The fediseer is not integrated into anything. It’s an optional list some instance admins might want to use. Not everyone has to. If trust is betrayed, people will just stop using it.

              • Oh, it will work to keep spam out - I’m just not sure if it will ultimately become the border keeping the fediverse from growing when a “council of elders from the big instances” has first established itself. If the council is not diverse enough, it will be able to dictate the rules for “trust” beyond mere spam. All with good intentions of course.

                From an admin’s point of view, I do not want this “power” because it will corrupt me. From a user’s point of view, I would rather be able to decide this for myself.

                You asked for oppinions…