Everyone I have something very important to say about The Agora.
The Problem
Let me be super clear here to something people don’t seem to understand about lemmy and the fediverse. Votes mean absolutely nothing. No less than nothing.
In the fediverse, anyone can open a instance, create as many users as they want and one person can easily vote 10,000 times. I’m serious. This is not hard to do.
Voting at best is a guide to what is entertaining.
As soon as you allow a incentive the vast majority of votes will be fake. They might already be mostly fake.
If you try to make any decision using votes as a guide someone WILL manipulate votes to control YOU.
one solution (think of others too!)
A counsel of trusted users.
The admin, top mods may set up a group to decide on who to ban and what instances to defederate from. You will not get it right 100% of the time but you also won’t be controlled by one guy in his basement, running 4 instances and 1,000 alts.
Now i’m gonna go back to shit posting.
Based on your username and post history it’s pretty clear why you’re against the democratic process.
This is not a safe space for people that believe the way you do. This will never be a haven for hateful ignorance like yours.
Try Parler, or or one of the other right wing echo chambers.
Stop trying to turn this website into your own personal hateful circlrjerk, it’s not gonna happen.
This place is not for you.
Says the guy using his alt and getting sudden upvotes
I’m not on an alt. I’m getting upvotes because I’m right and you’re wrong. What the fuck are you even talking about? Are you trying to troll? Is this your sad attempt at trolling?
You clearly have no idea what you’re talking about. Just stop trying. Your username alone proves that you’re a bullshit liar and here in bad faith.
Go away.
I don’t think you should tell people to go away on this community.
You have not even remotely addressed my concerns. You have not disproven them. They are demonstrably true. Your refusal to address them is further proof it’s a valid concern
What is demonstrably true should be demonstrated to demonstrate its demonstrability.
Good God.
Do you want me to make ten alts, vote ten times and take a screenshot?
i was referring to your claim that he was an alt
deleted by creator
Given that your account showed up immediately during the defederation of sh.itjustworks discussion and the removal of a certain account and community, I think the bad faith argument is valid.
For one, a ton of new users are coming in from reddit as of recent. Hardly seems unusual to complain if an instance that seemed like something they’d enjoy makes changes they don’t enjoy.
Secondly, why is it bad faith if he came from another instance after it was defederated? If he enjoyed the content here, but was blocked from actually interacting with it, would it not be a reasonable decision to make an account here?
I should clarify, it wasn’t the beehaw defed. It was the notification that our defederation was being discussed elsewhere, the Donald community was closed, and users were banned, which did not occur with the beehaw defed.
At the time of that ban, this user came, with similar though less antagonistic talking points, replying in the same thread as their only activity as a registered user, and has since deleted their comments in that thread.
It is possible it’s in good faith, though given the above experience, I find it less likely.
Sure, there’s a baby inside, but OP really doesn’t want all of this bathwater.
Community guided direction is a good idea that can be improved on as needed.
Heh, clever.
We have a “counsel of trusted users”, it’s the mod team who are committed to making our little democracy thrive. We don’t want to be in control, we want to facilitate the community in choosing its own direction.
The simplicity of our process works in our favor. If somebody spun up 1000 alts to mess with a vote, we would notice. All of the discussions and votes happen publicly, so anyone can audit the profiles involved if things seem weird. I’ll play whack-a-mole with bots every day if I need to, and that can also be audited on the publicly-visible modlog.
No system is perfect. This is the system we decided to try, despite the challenges that could arise from it.
Nooooo votes bad dictatorship good
This is a valid concern. Our procedure for voting requires that a user comment Aye/Nay. Therefore, anyone is free to view the user profile to assess whether they might be a bot.
We will continue to assess whether we can better protect the decision making process from bots, but due to the small size of this forum, it would seem fairly tricky to influence the vote just yet.
Rest assured that we won’t be fooled by one guy in his basement running 1,000 alts.
In the fediverse, anyone can open a instance, create as many users as they want and one person can easily vote 10,000 times. I’m serious. This is not hard to do.
No. We will not be accepting 10,000 votes from Lulzsec.troll in our Agora threads. This is an easy problem to solve.
Then you will need to check every single votes profile. Ensure they have a valid history, with active comments and post. And then you will still likely be dealing with power users who maintain a dozen or more alts.
Bots can mimic this type of thing very easily BTW. You can write scripts to just repost top reddit post, hacker news post.
There are so many ways to game the system I just don’t understand what you actually expect to accomplish with votes.
I will check every profile. If people have dozens of alts with active, legitimate comment histories within a month of the platform forming, then I commend them for their activity.
We are following a democratic process here. We aren’t delegating the decision making to an oligarchy, even if it would simplify things.
There is no example of the system being manipulated thus far. Wait until you have evidence of that occurring before fearmongering like this.
I… posted proof of vote manipulation… perhaps, not yet detected here- but, its legitimately effortless to do (and to be extremely hard to detect)
https://lemmyonline.com/post/11492
two days before this comment was made…
I will check every profile. If people have dozens of alts with active, legitimate comment histories within a month of the platform forming, then I commend them for their activity.
When you run a script which randomly generates bot accounts on other various servers- you aren’t going to notice anything tied back to a particular profile.
In the case of the proof I linked, the bot names were very generic, and extremely easy to spot. However, its VERY easy to have the bot generate real usernames.
Its also, extremely easy to have the workflow generate actual comments, related to random posts and conversations too.
Lastly- despite my username, this actually is not a bot account. lol.
Ok, I get that bots exist on Lemmy, but I don’t think they have the capability to infiltrate a tiny community such as this just yet. Please keep an eye out and inform me immediately if you see suspicious activity. I appreciate the information regarding their capabilities.
Lastly- despite my username, this actually is not a bot account. lol.
That’s exactly what your username already says xD
Maybe stop locking threads within a couple days if you want a decent democratic process instead of just whoever jumped on the vote first
deleted by creator
There aren’t going to be thousands of votes though.
I repeat, if you ever see any evidence of vote manipulation, simply report it and we can discuss it at that time. Until then, kindly refrain from needlessly sowing dissension.
deleted by creator
What makes you think there will be thousands of votes?
I get you have a stressful day job, but there’s no need to take it out on me or anyone else on this server.
deleted by creator
They ain’t sowing dissension, dude.
As for fraud voting, during the Mod Election, a few accounts were freshly created and voting for Seraph.
He’s hypothesizing about bots manipulating our votes and questioning my integrity by saying I’m not going to verify the accounts, all before we have even made a single vote that I was responsible for.
Additionally, his profile clearly demonstrates that he’s the type who likes to pick fights. He calls it “directness”. Directly to confrontation. Brilliant strategy.
Whether it’s merely a character defect or an intentional decision, this individual is most certainly sowing dissension.
We can investigate those allegations, PM me whichever accounts you found suspicious.
He can question your integrity just fine.
We are following a democratic process here. We aren’t delegating the decision making to an oligarchy, even if it would simplify things.
Yes you are because the people swaying the vote will be users with dozens of accounts aka the Oligarchs.
Your example of a “democratic process” is one user having 50 votes and another user having 1. If one user is 50 times more powerful than the other that isn’t democracy is it? That is apartheid.
To prove it I would literally have to do it myself.
to prove it I would literally have to do it myself
So no one else is doing this? If it’s not a thing that’s happening, why are you here trying to undermine the voting process?
You’re the only one here threatening to abuse the voting system.
Oh yeah because people usually warn others before attempting to manipulate others
:/
Find people that are clearly using bots. It’s easy to do. It’s only hard if those user do not exist.
I can do it myself and show you it’s possible. It’s not hard. Actually I can walk you through it
What is your goal on this server?
If your intentions are pure, there is no reason for you to do something like that. If you witness people manipulating votes, by all means, come forward. But what is the point of posing this hypothetical, and suggesting that you would manipulate the vote?
“What the point in security if I never had any accidents?”
There’s a fine line between legitimate concerns and divisive red herrings. Do you honestly believe that our votes are being manipulated by bots right now?
What’s the solution?
I’m not giving any solution, only participating in this debate about a potential (or not) problem.
Only saying that your point is, as far as my understanding, to say that “Hypothetical” problems does not need any actions.
My point is that hypothetical things may happen. We need to evaluate the chance for it to happen, against the damages it can do.
Currently, I have these 2 things in the balance:
- Interest that any organization/company/attacker may have in manipulating/disturbing our community - vs. Having a part of the community being manipulated - or (in the best case IMO) the community to be removed entirelyThe choice does not seems obvious for me, I can find reasons to manipulate this instance or what appears to be on this instance. Manipulating it may have impacts on others instances of all the federations (even if at lower levels).
My current opinion is that, there is a problem that CAN happen, and so I don’t want to do nothing about it, and let it probably happen. And if it happen, cry.
You seems to think that it may never happen (contrary to me), what does make you think that ? That is the question to answer to make me change my mind ! (And I’m ready for it, I’m not here to force my opinion, I’m here to read others and improve my opinion)
“I don’t plan on getting hacked, so why shouldn’t my password be ‘password’”
Read and post content? What is your goal?
Ok. Go right ahead.
Do you want to decide how we make decisions here or do you want to read and post content?
I just want to build an alternative to reddit. And I want it to be enjoyable for the users.
This is in fact an example of me reading, posting , and commenting.
To prove it I would literally have to do it myself.
Guess you really are a conservative…
How is botting gonna help your case?
This topic came up in a couple of posts here before, with different proposed solutions like
- “only local users should have a vote”
- “only trusted users should have a vote”
- “only paying users should have a right to vote”
I too see the potential for fake votes becoming a problem, but at the moment i don’t like the solutions.
at some point we probably will have to vote on it. ;)
Edit: typo and formating
I still hold that “who should get to vote” should depend on what the vote is for; I could see some policies being restricted to donating members when the policy in question involves how actual money should be spent, where votes to add/subtract moderators or amend the instance’s policies would be open to all members of the instance.
Given the recently announced policy of votes first being announced a week ahead of time to allow for discussion, I think an effective way to prevent an influx of brigade accounts would be to limit votes to members whose cake days are before the topic was announced. Should cut down on the “signed up a few hundred times to vote” issue.
I’m also going to ask: What votes are we going to hold here in the shitjustworks agora that will attract that much attention? Electing mods of !main and !agora?
Sure but it’s like the problem on voting for the solution is you are gonna have the guy with 50 votes voting on the solution.
While I like the idea of the agora, and have seen genuine debate on the issues presented there. I can’t help but also agree with this. It’s hard for multi-billion dollar companies to keep bots from ruining their services, and comparatively lemmy has little defense. I don’t know if I like the idea of blocking it off for only a few moderators to make the decisions either, but at the same time I can’t think of a better alternative.
I’m not really sure what the best solution is but open voting is obviously not going to work with open federation and users not being validated as real humans. If someone wants me to write a bot and prove what i’m saying I can totally do it. In fact I probably will if votes are used in the future just to prove how easily it is to manipulate things.
Check this guy’s post history and consider his motivations.
This is kind of just ad hominem, “that guy believes ‘X’ so he can’t be right about this!” Doesn’t really work. If you read the post they’re not saying voting is bad, so much as that voting this way can easily be flooded (and influenced heavily) by bots which is bad for everyone. The solution in the short term could just be not to hold votes, but longer term would likely be better served with just better voting platforms.
But once you know their motivations it becomes clear why they want to limit voting power. We can’t let this site/instance become another ignorant right-wing circlejerk. OP is suggesting this in bad faith to further their own agenda.
I don’t think it’s in bad faith. They’re engaging with others offering solutions and giving their own cents in.
What motivations? Not wanting other users to be manipulated? My shit posting history does not disprove an obvious logical/technical flaw.
Bad actors gonna act. How do we determine a council of trusted users? The idea of the agora is to avoid power in the hands of the few because those few might be or become the problem.
I’m not saying your argument is wrong but if someone wants to manipulate a community bad enough, they will find a way.
When the community it big enough to worry about voter manipulation then there will be resources to counter it.
Yeah OP is just another bad actor here, trying to turn lemmy into another crazy pit.
Feels kinda big now. Anyway I don’t think you are gonna get better than a few trusted users. Federation already protects against power being in the hands of a few or one.
I just have seen so much manipulation in voting and trolling I don’t see why anyone would think votes from anonymous users mean anything at all.
I think OP raises a valid concern. In the near term, I don’t know what will be voted on that will be worth the effort of spinning up a bot army. But it could happen eventually. Large floods of votes might be easier to detect. Smaller bot armies could be harder, but still impactful to the outcome.
Perhaps we could fire up some kind of identity service. A user goes there, puts in their username, solves a CAPTCHA, and gets back a url to a page that contains their username. The pages can be specific to a particular vote so urls aren’t reusable. Every time a user votes, they need to solve a new CAPTCHA. User will include their identity url when voting.
Admins can confirm that user names and identity urls match.
Could be more efficient ways to do it, this was my first thought.
A public/private key pair is more effective. Thats how “https” sites work. SSL/TLS uses certificates to authenticate who is who. Every site with https has a SSL certificate which basically contains the public key of the site. The site can then use its private key to sign all data it sends to you, and you can verify that it actually came from them by trying to decrypt it with their public key. Certificates are granted by a certificate authority, which are basically the identity service you are talking about. Certificates are usually themselves signed by the certificate authority so that you can tell that someone didnt just man-in-the-middle-attack you and swap out the certificate, and the site can still directly serve you the certificate instead of you needing to go elsewhere to find the certificate
The problem with this is severalfold. You would need some kind of digital identity organization(s) to be handling sensitive user data. This organization would need to
-
Be trusted. Trust is the key to having these things work. Certificate authorities are often large companies with a vested interest in having people keep business with them, so they are highly unlikely to mess with people’s data. If you can’t trust the organization, you can’t trust any certificate issued or signed by them.
-
Be secure. Leaking data or being compromised is completely unnaceptable for this type of service
-
Know your identity. The ONLY way to be 100% sure that it isnt someone just making a new account and a new key or certificate (e.g. bots) would be to verify someone’s details through some kind of identification. This is pretty bad for several reasons. Firstly it puts more data at risk in the event of a security breach. Secondly there is the risk of doxxing or connecting your real identity to your online identity should your data be leaked. Thirdly it could allow impersonation using leaked keys (though im sure theres a way to cryptographically timestamp things and then just mark the key as invalid). Fourth, you could allow one person to make multiple certificates for various accounts to keep them separately identifiable, but this would also potentially enable making many alts.
There may be less agressive ways of verifying individual humanness of a user, or just preventing bots as in that 3rd point may be better. For example, a simple sign up with questions to weed out bots, which generates an identity (certificate / key) which you can then add to your account. That would then move the bot target from various lemmy instances, solely to the certificate authorities. Certificate authorities would probably need to be a smaller number of trusted sources, as making them “spin up your own” means that anyone could do just that, with less pure intentions or modified code that lets them impersonate other users as bots. That sucks because it goes against the fundamental idea that anyone should be able to do it themselves and the open source ideology. Additionally, you would need to invest in tools to prevent DDOS attacks and chatgpt bots.
There most certainly exists user authentication authorities, however it wouldn’t surprise me a bit if there were no suitable drop in solutions for this. This in and of itself is a fairly difficult project because of the scale needed to start as well as the effort put into verifying users are human. It’s also a service that would have to be completly free to be accepted, yet cannot just shut down at risk of preventing further users from signing up. I considered perhaps charging instances a small fee (e.g. $1/mo) if they have over a certain threshold of users to allow issuing further certificates to their instance, but its the kind of thing I think would need to be decoupled from Lemmy to have a chance of surviving through more widespread use.
What the fuck happened to the internet? What happened to “never share your real name or any identifying information on the internet”?
some kind of digital identity organization(s) to be handling sensitive user data
Like Equifax? Excuse me if I am a little skeptical of “trusted” organizations handling my data.
I literally addressed this. My point is that we’d need to give personal identifying information to be 100% sure, so the best way at the moment would instead be to just verify humanness as best as possible (e.g. better captcha, AI/chatgpt response detection, etc.) and shift the account sign up to the authority’s side, accepting <100% unique individuals making accounts and prevent bots in other ways.
Also “trusted organizations handling your data” is exactly how 99% of the modern internet works. Rarely if ever do we give thought to the fact that companies like Verisign exist, nor that people regularly give credit card information to websites. At the same time, companies and corporations arent just some random schmuck spinning up their own authentication service
Interesting idea, but I don’t think it would be practical to verify identities for a global community. If you’ve ever worked in a bar or other business that checks ID (and are from the US) you know how hard it is just to verify the identity of US citizens. If you’re considering a global community, US and EU users would be the easiest to verify, and citizens of smaller countries would be much harder. How do you handle countries that have extremely corrupt governments, where it’s easy to bribe an official for “real” documents for fictitious people?
There are companies that do this with IDs but they are typically already global corporations or SSL certificate authorities already. One example is Verisign and another is Globalsign. Their products are unsuitable however because it connects your real identity to the account. It could be useful for a one time humanness verification though.
The main goal would be to decouple the humanness check from Lemmy and give it over to an authority meant just to create certificates which cannot be linked back to the person. You could probably rate limit each person after the human check for creating new certificate. This would allow creating alts but limit the number of bots one person could create, as theyd need to pass the automate the verification.
One issue would be trust because you would need to trust the authority saying that the person who created the certificate was human
-
Huh, a conservative trying to downplay voting in favor of an oligarchy. Well I never.
Nay.
Hey TGB! Just so you know, this isn’t a voting thread. We currently divide posts here between [Discussion] and [Vote], and this one is just about discussing OP’s take/proposal (which I guess is suspending the Agora system entirely).
I see you’ve been here for a little over a week now - I’m curious what your thoughts are about what OP’s saying based on what you’ve seen so far?
You’re not wrong that the integrity of online voting is hard to protect - like, REALLY hard. However:
a) Our last vote on whether voting rights should be extended to members of other instances landed on it being sh.it.heads only. If it comes to a revote (or if the current vote thread is actually still live, it’s not super clear to me how the pre-mod voting threads are being dealt with), that might change, but if it holds this at least cuts out the bot instance vector.
b) While you might be right about bots being in this instance (I have no hard facts to support replacing that ‘might be’ with ‘are’), the community has bandied about different means of evaluating what other factors should matter for counting a user’s vote. There is a LOT of disagreement on this at the moment, but whatever is finally landed on should be designed with bots and bad actors in mind (stuff like age of account, participation metrics [could extend to patterns that suggest human activity* v. bot activity, where/if possible], linked e-mail or donation, manual user evaluation, etc. etc.). I don’t know if whatever’s landed on will be successful, or if anything tried will be useless in practice, but I say shit, why not try? Hell, it’s a long shot, but in the experiment we could land on something that works and could be ported to other instances - who knows?
While SysOp (and Council) as Benevolent Dictator - where there is no vote, but there is a suggestion box, and it is looked at and discussed by a small number of people who aren’t ass-clowns - is the tried-and-tested method for online community governance, I say why not at least entertain the experiment? The absolute worst case scenario that happens is that it goes to shit, TheDude says fuck it and closes shop, and users migrate** to other instances. Sucks, but it’s not life-threatening.
*I don’t know about y’all, but for instance I edited this thing like 7 times over 30 minutes. I do this on pretty much all of my posts longer than 4 sentences. Is this routine practice of a bot or human? Is this information stored somewhere to evaluate my meatiness?
**There’s a lot of hand-wringing about instance migration, as right now it pretty much means “Make a new account elsewhere and start from scratch”. Doesn’t matter all that much to me, but I’m also not the sentimental type - shit, my history here is some of the longest I’ve kept without pruning in a while. But as portability of accounts increases (which is a challenging, but insistent feature being asked for across many instances), this may turn into a complete nothingburger in general.
The only way a council of trusted users could work (and still maintain democratic legitimacy)is if it’s chosen by something like sortition for each issue individually. This would be from a larger pool of active and at least verified non-bot users.
Even with that, the tools to set this up don’t exist, and it would require far more community participation than is likely to actually happen. Without going through a process like sortition you end up with a council of clerics effectively ruling by decree.
The exact solution is difficult. That’s why no one has done it, but the proposed method is clearly flawed with many ways to game it by a few bad actors.
Sure, but your solution is to abandon democracy entirely and rely on someone to rule over you. I’d rather the effort be put into making democracy work.
deleted by creator
Great. How?
I already said sortition is a possibile solution that could eventually be implemented. I’m sure the community can come up with others as different problems arise.
I already said sortition is a possibile solution that could eventually be implemented.
sortition, solecting a sample of votes? How is selection a sample from a pool of 500 votes where 200 are fake a possible solution though?
The pool of potential voters would need some level of verification for activity and status as a real person, so no fresh accounts or easy botting. It also increases the level of effort required to manipulate a vote, there’s no guarantee for a hostile actor to actually get randomly selected enough to affect whatever votes they want.
I don’t think it’s foolproof, but I’m sure there are workable solutions to any issues.
Closest to a workable solution i’ve seen yet. The problem I have with these sort of tactics is this is basically how shadow banning became a thing. The war against bots made it so you never eve knew if your comments where being seen.
I’m not entirely opposed. But gaining membership in this trusted subset of users should be a fairly open process somehow. Like, have a community where people can post an intro about themselves, have conversations about themselves with others, and, if most superusers who bother to vote deem them human enough, they are inducted into the club.
I have no idea of how the trusted users would be chosen. For starters though, I recommend they be proven real humans. They can always primarily use another alt to keep their privacy.
Then we lose basically all voting power and it’s just people who don’t represent the community voting on behalf of us. There should be some limit on the voting like old users with posts and comments that consistently post and engage with the community. I don’t think there are that many botted accounts on this instance yet.
I think rather than voting we have discussions. It’s a bit more complicated than writing an up voting script and will hopefully get points across that a mere yes/no would never.
It’s just gonna be a race to see who can have the most alts.
Bots are everywhere here BTW. And because of federation bots from other instances can be used here .
This is assuming complete inactivity on the side of the admin & mods. When issues arise, we can address them.
To paraphrase many people in these comments: the baby may be yeeted into the stratosphere, but the bathwater has the potential to maybe have some fungus grow in it! Shoot the lot into space.
Nay.
To elaborate: I actually think the yea/nay is too limiting, or at the very least we jump to that simple vote instead of reaching consensus. I had gotten the impression from TheDude that he wanted to run this instance along the lines of direct democracy, which means we should be trying to figure out ways to increase democratic input beyond first-past-the-post and simple majorities.
