2266
PSA: Lemmy votes can be manipulated
(feddit.nl)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 09 Jul 2023
2266 points (97.6% liked)
Fediverse
17669 readers
4 users here now
A community dedicated to fediverse news and discussion.
Fediverse is a portmanteau of "federation" and "universe".
Getting started on Fediverse;
- What is the fediverse?
- Fediverse Platforms
- How to run your own community
founded 4 years ago
MODERATORS
Web of trust is the solution. Show me vote totals that only count people I trust, 90% of people they trust, 81% of people they trust, etc. (0.9 multiplier should be configurable if possible!)
Fwiw, search engines need to figure out what is "reliable". The original implementations were, well if BananaPie.com is referenced by 10% of the web, it must be super trustworthy! So people created huge networks of websites that all linked each other and a website they wanted to promote in order to gain reliability.
Client must computer all raw data. All individual moderation action (vote,block, subscribe) would be made public by default and stealth optional.
Only user led moderation has a future, it all has to be transparent, public, client sided, optional and consensual
It could be implemented on both the server and the client, with the client trusting the server most of the time and spot checking occasionally to keep the server honest.
The origins of upvotes and downvotes are already revealed on objects on Lemmy and most other fediverse platforms. However, this is not an absolute requirement; there are cryptographic solutions that allow verifying vote aggregation without identifying vote origins, but they are mathematically expensive.
It's nothing. You don't recompute everything for each page refresh. Your sucks well the data, compute reputation total over time and discard old raw data when your local cache is full.
Historical daily data gets packaged, compressed, and cross signed by multiple high reputation entities.
When there are doubts about a user's history, your client drills down those historical packages and reconstitute their history to recalculate their reputation
Whenever a client does that work, they publish the result and sign it with their private keys and that becomes a web of trust data point for the entire network.
Only clients and the network matter, servers are just untrustworthy temporary caches.
Any solution that only works because the platform is small and that doesn't scale is a bad solution though.
That sounds a bit hyperbolic.
You can externalize the web of trust with a decentralized system, and then just link it to accounts at whatever service you're using. You could use a browser extension, for example, that shows you whether you trust a commenter or poster.
That list wouldn't get federated out, it could live in its own ecosystem, and update your local instance so it provides a separate list of votes for people in your web of trust. So only your admin (which could be you!) would know who you trust, and it would send two sets of vote totals to your client (or maybe three if you wanted to know how many votes it got from your instance alone).
So no, I don't think it needs to be invasive at all.
My point is you can have a mixed system. For example:
That's not a ton of data, and the "special interest" users wouldn't need to be synchronized to any other instance. The client would store the WoT data and update the server as needed (this way the server doesn't need any transitive logic, the client handles it).
Facebook and Twitter have always had their equivalent of upvotes be public.
What if the web of trust is calculated with upvotes and downvotes? We already trust server admins to store those.
I think that could work well. At the very least, I want the feature where I can see how many times I've upvoted/down voted a given individual when they post.
That wouldn't/shouldn't give you transitive data imo, because voting for something doesn't mean you trust them, just that the content is valuable (e.g. it could be a useful bot).
Your client has to compute the raw data, not the server or else it will just be your server manipulating what you see and think.
For each vote, read user post content and vote history and age
This should happen in the client and easily controllable by the user. As well as to investigate why one particular post or current was selected by the local content discovery algorithm. So you can quickly find fraudulent accounts and block them.
And this public, user led moderation actions then go on to inform the content discovery algorithm of other users until we have consensus user led content discovery and moderation.
And just like that we eliminate the need for shadowy humans of the moderator priesthood to play human spamfilter / human thought manipulator
This was a great feature of reddit enhancement suite.