Right now the fediverse is nipping at the heels of the silos.
They know we are here, and they perceive us as a threat. We know this from leaked emails from facebook.
That said, they could attack us in an oblique manner with any number of poisoned waterhole attacks.
Earlier today someone predicted one or more of those platforms just integrate activitypub and crush us by incorporating us.
Another pointed at the potential for procedurally generated instances that just harvest data, or overwhelm our ability to suspend all of the instances they throw up.
When these attacks are adapted to... they'll get concerned, and will try to frame us as part of "the dark web(tm)"...
That's how we'll know we're winning.
I'm interested in brainstorming immune system defenses
beyond our strength as actually real people who can tell the difference between fake and person, usually pretty obvious
I am interested in this as well.
I feel like some sort of new instance registry may be necessary if we see these sorts of co-opting efforts occurring...
Like a low speed probationary period or something...
IMO, to a certain extent, this is a question of what our goals are.
Is our goal to have a federated network which _everyone_ can join with their instance, then we should allow Facebook et al. join us, and we should work on ways to make sure that the joining of Facebook won't cause harm to people on other instances.
If our goal is to have an isolated safe space away from mainstream socnets, then whitelisting would be a good approach, but it wouldn't be "Fediverse" anymore.
@Wolf480pl @TheGibson @Food if FB decided to federate, I doubt any existing fediverse instance could survive without blocking FB. I don’t see this is a philosophical question, but rather a technical and economic one. FB probably has 3 orders of magnitude more users and 4 to 5 orders of magnitude more traffic than does the fediverse. Even if pleroma/mastodon/etc could scale to that level of traffic without major changes, it would be too expensive to operate.
AFAIK, if people from my instance follow total of 5 people from .social, then my instance will only receive posts of 5 people from .social, not all posts from everyone on .social.
(if it's not the case then the protocol is terribly broken)
Now, do you think people from your instance would suddenly follow everyone from FB?
So the key here is to distinguish a legit user following profiles from <bigInstance> from a bot following profiles from <bigInstance> in order to fill your disk.
Or is it?
Even if it's a real user following too many people from <bigInstnace> that can cause trouble for the admin. 1/2
So we need a method in place for admins to identify users who cause too much load on the server and either politely ask them to move somewhere else, or to reduce the load they're causing, or have them cover part of the costs of the server, or find some other solution.
Either way, AFAIU, only people on your server can cause load on it (or, for that matter, other issues), and you need a way to monitor which of your users are causing issues.
So, kind of....
Let's say I have a compromised account on your server.
I follow a bunch of accounts from a thousand different instances that are mostly quiet.
Those accounts at some point start to all post heavy video content.
All of it comes to the federated timeline on your server.
@TheGibson @jerry @Food
hmm... yeah, sounds like something that can be solved by manual intervention, but will cause downtime anyway, and a well prepared attacker can repeat the attack with different accounts over and over again.
Maybe some per-user rate limits for downloading content from other instances? This way other users of the instance wouldn't be affected by the compromised account.
Welcome to your niu world ! We are a cute and loving international community Ｏ(≧▽≦)Ｏ !