this post was submitted on 05 Sep 2024
1 points (100.0% liked)

Technology

59651 readers
2617 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don't just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.

Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial​ at all. Seemed to be no pattern in it... One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.

For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.

https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/

Example shown here

Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable...

How do we even fix this issue or prevent it from affecting Lemmy??

you are viewing a single comment's thread
view the rest of the comments
[–] Dark_Arc@social.packetloss.gg 0 points 2 months ago (3 children)

I've been thinking postcard based account validation for online services might be a strategy to fight bots.

As in, rather than an email address, you register with a physical address and get mailed a post card.

A server operator would then have to approve mailing 1,000 post cards to whatever address the bot operator was working out of. The cost of starting and maintaining a bot farm skyrockets as a result (you not only have to pay to get the postcard, you have to maintain a physical presence somewhere ... and potentially a lot of them if you get banned/caught with any frequency).

Similarly, most operators would presumably only mail to folks within their nation's mail system. So if Russia wanted to create a bunch of US accounts on "mainstream" US hosted services, they'd have to physically put agents inside of the United States that are receiving these postcards ... and now the FBI can treat this like any other organized domestic crime syndicate.

[–] QuadratureSurfer@lemmy.world 0 points 2 months ago (2 children)

Easy way to get around that with "virtual" addresses: https://ipostal1.com/virtual-address.php

Just pay $10 for every account that you want to create.... you may as well just go with the solution of charging everyone $10 to create an account. At least that way the instance owner is getting supported and it would have the same effect.

[–] tal@lemmy.today 0 points 2 months ago (1 children)

Just pay $10 for every account that you want to create

So, making identities expensive helps. It'd probably filter out some. But, look at the bot in OP's image. The bot's operator clearly paid for a blue checkmark. That's (checks) $8/mo, so the operator paid at least $8, and it clearly wasn't enough to deter them. In fact, they chose the blue checkmark because the additional credibility was worth it; X doesn't mandate that they get one.

And it also will deter humans. I don't personally really care about the $10 because I like this environment, but creating that kind of up-front barrier is going to make a lot of people not try a system. And a lot of times financial transactions come with privacy issues, because a lot of governments get really twitchy about money-laundering via anonymous transactions.

[–] QuadratureSurfer@lemmy.world 0 points 2 months ago

Yep, exactly this. It might deter some small time bot creators, but it won't stop larger operations and may even help them to seem more legitimate.

If anything, my favorite idea comes from this xkcd:

https://xkcd.com/810/

[–] Dark_Arc@social.packetloss.gg 0 points 2 months ago* (last edited 2 months ago) (1 children)

Hm... I'm not sure if this is enough to defeat the strategy.

It looks like even with that service, you have to sign up for Form 1583.

Even if they're willing in incur the cost, there's a real paper trail pointing back to a real person or organization. In other words, the bot operator can be identified.

As you note, this is yet another additional cost. So, you'd have say ... $2-3 for the card + an address for the account. If you require every unique address to have no more than 1 account ... that's $13 per bot plus a paper trail to set everything up.

That certainly wouldn't stop every bot out there ... but the chances of a large scale bot farms operating seem like they would be significantly deterred, no?

[–] QuadratureSurfer@lemmy.world 0 points 2 months ago (1 children)

That's a good point. I didn't know about the USPS Form 1583 for virtual mailboxes... Although that is a U.S. specific thing, so finding a similar service in a country that doesn't care so much might be the way to go about that.

[–] Dark_Arc@social.packetloss.gg 0 points 2 months ago

True, though presumably users in those places would be stuck with the "less trustworthy" instances (and ideally, would be able to get their local laws changed to make themselves more trust worthy).

It's definitely not perfectly moral... but little in the world is and maybe it's sufficient pragmatic.

[–] catloaf@lemm.ee 0 points 2 months ago (1 children)

I am absolutely not giving some Lemmy admin my address.

[–] Omniraptor@lemm.ee 0 points 2 months ago (1 children)

Am I missing something? I thought you weren't required to put a return address on postcards. Just put your username and email.

[–] catloaf@lemm.ee 0 points 2 months ago

They are sending the card to you.

[–] Scribble902@feddit.uk 0 points 2 months ago

I was thinking physical mail too. But I think It definitely would require some sort of system that is either third party or government backed that annonomyses you like how the covid Bluetooth tracing system worked (stupidly called track and trace in the UK). Plus you'd have to interact with someone at a postal office to legitimise it. But I'm talking, just a worker at a counter.

So you'd get a one time unique annonomysed postal address. You go to a post office and hand your letter over to someone. You, and perhaps they, will not know the address, but the system will. Maybe a process which re-envelopes the letter down the line into a letter with the real address on.

This way, you've kept the server owner private and you've had to involve some form of person to person interaction meaning, not a bot!

This system could be used for all sorts of verification other than for socal media so may have enough incentive for governments/3rd partys to set up to use beyond that.

Could it be abused though and if how are there solutions to mitigate them?