Vote manipulation and how to solve it

[TheMikina]

Hello!

As of right now, it's extremely simple to manipulate votes by simply creating your own instance with how many accounts you want, and there's not really an effective way how to detect or stop it, aside from manual defederation.

But I think it's something that will eventually require some kind of a solution, because as otherwise the moment Lemmy gets popular, it will become a problem and make aggregated walls like All or Hot basically useless.

Now, I understand that this will be a hard issue to solve. Almost every solution I can think off, such as reputation-based systems or similar, wouldn't really work - they are either too difficult to implement feasibly, or would be easy to bypass anyway. That's why I started this as a discussion instead of a bug report or feature request, but if it would be better suited into the issue tracker, I can post it there too.

As for what I think would be the best solution in terms of ease of implementation and effectivnes - just split the upvotes by instance. Let the user display a list of total vote count from each instance, and then let them manually ban instances they don't recognize or don't care about. That way, we move the detection of spam instances over to the user, which would be better at spotting anomalies, while also having the added benefit of letting them to personalize the experience, if they for example don't really agree with the way users from an instance are voting on posts, and he doesn't want it to affect his front page and all.

But maybe I'm wrong and it's not that much of an issue, or there are better solutions that I haven't think off. However, I think that while it's not a priority right now, because the Lemmy isn't popular enough for the vote manipulation to be an issue just yet, I'm afraid that once more people realize this, it will become a problem.

[L3v3L]

I think passing this down to the individual user, although nice for power users, will leave most users that aren't investigating prone to this issue.

My proposal is a instance admin dashboard with some metrics that can highlight potential cases.

Start with things that are easy, like for example highlighting mass voting on one post from individual instances, or maybe those 100 users all voting with same ip address. Then add more triggers while we go. Some might trigger too many false positivies, thresholds will need to be adjusted, triggers will need updating or even removed. Don't focus on getting it 100% right.

I've heard responses like: "but spammers will always find a way". Don't focus on catching 100%.

We could also federate some of the admins choices, not to be applied but just so other instance admins get informed about other admins choices.

[poVoq]

We or rather I have been brainstorming a possible solution in the Matrix chat today. It involves Proof-of-Work, but hear me out... I hate wasteful Bitcoin mining as much as the next guy. But an article about implementing PoW to prevent DDoS on the Tor network got me thinking it might not be all bad if deployed carefully.

Here is the article: https://darkdot.com/articles/tor-ddos-leads-to-proof-of-work/

So the basic idea is that every instance can configure a PoW based exponential rate-limit on accepting votes (or any other federated activity really) from another instance. There would be certain sensible defaults that are deemed sufficient for a healthy federation, but ultimately each instance could fine tune it to their liking.

Thus if a malicious instance starts pushing lots of votes in a certain time, it will have to solve exponentially more difficult PoW questions making it (depending on the exact tuning of the algorithm) infeasible to manipulate votes due to the computational costs involved. Of course validating the PoW also takes some (but much less) compute, so at some point an instance could just stop accepting new votes from another instance that is at that point obviously flooding it with votes.

However a regular small instance would only send the occasional vote from real users and thus be nearly totally unaffected, due to the exponentially increasing PoW workload.

Theoretically an attacker could of course set up lots of small instances or infiltrate a lot of legitimate instances with bots, but this proposal would still make this more difficult.

The obvious down-side to this proposal would be that it puts (again depending on the tuning of the PoW algorithm) a size limit on instances, as an overly large instance would potentially appear like a malicious vote manipulator as it could send lots of votes in a short amount of time.

I personally consider the last point to be less of a down-side and more of a unintended side effect that might lead to a more healthy federation of many smaller instances, but one might disagree with that.

Edit: Tor seems to use this PoW algorithm: https://github.com/tevador/equix