I’ve been on a journey today trying to understand the fediverse better.
I’ll be mindful to not start bitching about certain instances.
Here’s my example:
Is it technically possible that posts or comments still get downvote-brigaded by an instance that is technically defederated from the instance of the OP?
So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?
I’m trying to determine if the Fediverse has recourse against an r/TheDonald scenario, where one toxic element is allowed to flourish for too long and - in the case with the other site - eventually takes over and destroys everything.
If this debate has been had somewhere else, please feel free to point me there, otherwise I’d love to understand this better.
In 2023, this happened to a ton of unsecured Misskey instances who then proceeded to spam most of the Fediverse. It was just a troll in reality, but revealed that the Fediverse is no less vulnerable to coordinated, sophisticated attacks (and with how politically minded it is, there’s plenty of incentive for nation state actors to do so).
Yup, and I’ve probably still got a lot of those instances on my federation blocklist.
One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It’s just irresponsible to have open registrations when you don’t have an admin available 24/7.
On the one hand, one of the things we often tout about the Old Internet was the ability for anyone to run their own website, forum, blog, etc, free from corporatization. On the other hand, running your website is a responsibility on your part, and in the convenience-focused Internet we have now, seems to be a forgotten lesson.
On the third, mutant hand growing out of our back, fedi software should be designed with security-by-default, i.e. no open registration, to prevent the forgotten lesson from being a huge problem.
For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else’s problem as well. Hence my gripe lol.
It’s been so long since I setup my instance, I honestly don’t recall what the default “Registration mode” is.
I’m but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the “Registration” section in the admin panel to nag you if the config is insecure. lol
It will still let you do it, just with a persistent nag message on that page.