Social media platforms like Twitter and Reddit are increasingly infested with bots and fake accounts, leading to significant manipulation of public discourse. These bots don't just annoy users—they skew visibility through vote manipulation. Fake accounts and automated scripts systematically downvote posts opposing certain viewpoints, distorting the content that surfaces and amplifying specific agendas.
Before coming to Lemmy, I was systematically downvoted by bots on Reddit for completely normal comments that were relatively neutral and not controversial at all. Seemed to be no pattern in it... One time I commented that my favorite game was WoW, down voted -15 for no apparent reason.
For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.
https://www.dailydot.com/debug/chatgpt-bot-x-russian-campaign-meme/
Bots like these are probably in the tens or hundreds of thousands. They did a huge ban wave of bots on Reddit, and some major top level subreddits were quiet for days because of it. Unbelievable...
How do we even fix this issue or prevent it from affecting Lemmy??
I've been thinking postcard based account validation for online services might be a strategy to fight bots.
As in, rather than an email address, you register with a physical address and get mailed a post card.
A server operator would then have to approve mailing 1,000 post cards to whatever address the bot operator was working out of. The cost of starting and maintaining a bot farm skyrockets as a result (you not only have to pay to get the postcard, you have to maintain a physical presence somewhere ... and potentially a lot of them if you get banned/caught with any frequency).
Similarly, most operators would presumably only mail to folks within their nation's mail system. So if Russia wanted to create a bunch of US accounts on "mainstream" US hosted services, they'd have to physically put agents inside of the United States that are receiving these postcards ... and now the FBI can treat this like any other organized domestic crime syndicate.
Easy way to get around that with "virtual" addresses: https://ipostal1.com/virtual-address.php
Just pay $10 for every account that you want to create.... you may as well just go with the solution of charging everyone $10 to create an account. At least that way the instance owner is getting supported and it would have the same effect.
Hm... I'm not sure if this is enough to defeat the strategy.
It looks like even with that service, you have to sign up for Form 1583.
Even if they're willing in incur the cost, there's a real paper trail pointing back to a real person or organization. In other words, the bot operator can be identified.
As you note, this is yet another additional cost. So, you'd have say ... $2-3 for the card + an address for the account. If you require every unique address to have no more than 1 account ... that's $13 per bot plus a paper trail to set everything up.
That certainly wouldn't stop every bot out there ... but the chances of a large scale bot farms operating seem like they would be significantly deterred, no?
That's a good point. I didn't know about the USPS Form 1583 for virtual mailboxes... Although that is a U.S. specific thing, so finding a similar service in a country that doesn't care so much might be the way to go about that.
True, though presumably users in those places would be stuck with the "less trustworthy" instances (and ideally, would be able to get their local laws changed to make themselves more trust worthy).
It's definitely not perfectly moral... but little in the world is and maybe it's sufficient pragmatic.
Yeah, the other thing I could see happening is a similar tactic used by scammers where they use Mules who pick up mail from various Airbnbs throughout whatever country, but this would definitely limit most bot operations... Unless some organization specializes in this and just offers some service to create a bunch of accounts for anyone willing to pay.
Also, how many accounts would you limit to a single address, and how long would you lock up an address before it could be used again (given that people do move around from time to time).
edit:typo.