Technology @lemmy.world Buttflapper @lemmy.world 2 mo. ago

Bots are running rampant. How do we stop them from ruining Lemmy?

Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don't just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.

Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial at all. Seemed to be no pattern in it... One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.

For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.

https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/

Example shown here

Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable...

How do we even fix this issue or prevent it from affecting Lemmy??

302

You're viewing a single thread.

302 comments

Add a requirement that every comment must perform a small CPU-costly proof-of-work. It's a negligible impact for an individual user, but a significant impact for a hosted bot creating a lot of comments.

Even better if you make the PoW performing some bitcoin hashes, because it can then benefit the Lemmy instance owner which can offset server costs.
- Will that ruin my phone's battery?
  
  Also what if I'm someone poor using an extremely basic smartphone to connect to the internet?
  
  Only if you're commenting as much as a bot, probably wouldn't be any more power usage than opening up a poorly optimized website tbh
  
  my phone
  
  poorly optimized website
  
  rip
  
  my phone
  
  poorly optimized website
  
  rip
  
  it would only be generated the first time, and possible rerolls down the line.
  
  Also what if I’m someone poor using an extremely basic smartphone to connect to the internet?
  
  just wait, it's a little rough, but it's worth it. 10 hours overnight would be reasonable. Even longer is more so if you limit CPU usage. The idea is that creating one account takes like 10 minutes, but creating 1000 would simply take too much CPU time in order to be worth the time.
- At that point aren't we basically just charging people money to post? I don't want to pay to post.
  
  I'd actually prefer that. Micro transactions. Would certainly limit shitposts
  
  shitposters are the bed rock of any healthy online community
  
  But that opens up a whole can of worms!
  
  Will we use Hashcash? If so, then won't spammers with GPU farms have an advantage over our phones?
  
  Will we use a cryptocurrency? If so, then which one? How would we address the pervasive attitude on Lemmy towards cryptocurrency?
- How would this be enforceable, though? Part of the benefit of the Fediverse is that multiple different apps can communicate with each other (for example, you can see Lemmy posts on Mastodon). Even if Lemmy implements something like this, what's to stop someone from commenting using a different app that doesn't implement it?
  
  I'm actually surprised we don't see more spam on ActivityPub-powered systems, since spammers don't even need to have an account with Lemmy, Mastodon, etc and could instead have their own ActivityPub server to send the spam. I guess they don't do that since the spam instance would be defederated pretty quickly.
  
  it would have to be fundamental to the platform, i believe a few platforms have something similar where this generates a unique "key" used to identify the user.
  
  I think I2P does this?
  
  If the bots are already using gpt4 then a little crypto heat is essentially the same thing
  
  you'd still need to front it on the bot farm side though. Shit's still costly.
  
  Regardless, if it's not enough, just make it more lmao.
- That's a hard NO from me, dawg. If Lemmy goes down that path, I will just not comment. My account settings let me just block bots. I dont need my resources wasted so I can interact with the "good bots".
  
  How much resources are we talking about here? If it's 3% of your CPU usage for 2 seconds, you're really going to have an issue with that?
  
  Whatever solution should be negligible for you, but costly for a botfarm.
  
  Here's a live example, not exactly onerous: https://demo.mcaptcha.org/widget/?sitekey=pHy0AktWyOKuxZDzFfoaewncWecCHo23
  
  (Obviously in Lemmy's case you wouldn't have the additional unecessary checkbox)
  
  That's not what I consider negligible on my phone, which is already resource constrained. Yes, I have a problem with an app that intentionally wastes my valuable resources. I wouldn't care so much from my desktop, but I mostly just use a desktop client to do things I can't easily do on my mobile clients.
  
  No big deal. It's not as if my participation is especially valuable. I would just participate less.
  
  edit: my objection is obviously more in principal than it is practical, but it would hardly be the first time I walked away from software (or a network) on philosophical grounds.
  
  If we can't find a more practical solution, then is it really a "waste" of resources? Right now we're paying with much more expensive time and attention.
  
  that was pretty fast. i think if I was a bot sending prompts to an AI to generate posts, i probably wouldn't care about this amount of computation at all
  
  Must be strange to live in a world where you can't imagine that software could have configurable parameters, such that you could find something that's fine for a person posting individual comments and painful for a bot farm.
  
  15 seconds to generate a post from the prompt with ai, and 1/15 seconds for the hashcash challenge is supposed to inconvenience the bot wizards?
  
  If they're running their own LLM hardware, and their Lemmy spam posts are generating enough revenue to cover that, then I take it back, because that is impressive.
  
  I guess we're fucked.
  
  It’s not always about profit, it’s also about controlling the narrative. The more expensive that is, the less the narrative can be controlled by money.
  
  it's a one time cost at creation of the account. Or at least that should be the idea.
- There was discussion about implementing Hashcash for Lemmy: https://github.com/LemmyNet/lemmy/issues/3204
  
  It seems like a no-brainer for me. Limits bots and provides a small(?) income stream for the server owner.
  
  This was linked on your page, which is quite cool: https://crypto-loot.org/captcha
  
  what happens when the admin gets greedy and increases the amount of work that my shitty android phone is doing
  
  It doesn't seem like a no brainer to me... In order to generate the spam AI comments in the first place, they have to use expensive compute to run the LLM.
  
  most of the time this "expensive" compute is just openAI
  
  Hashcash isn't "cryptocurrency".
  
  Technically not, but spammers can already pay to outsource hashing more easily than desirable users can. So if we're relying on hashes anyways, then we might as well make it easy for desirable users to outsource too.
  
  IMO that's why the inventor of Hashcash just develops Bitcoin today.
- I think the computation required to process the prompt they are processing is already comparable to a hashcash challenge
  
  But that's on the LLM side not the bot side.

You've viewed 302 comments.