The problem with almost any solution is that it just pushes it to custom instances that don't place the restrictions, which pushes big instances to be more insular and resist small instances, undermining most of the purpose of the federation.
Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
If they don't blink and you hear the servos whirring, that's a pretty good sign.
leading to significant manipulation of public discourse
Pretending that this wasn't already a massive issue on places like reddit since years ago, with or without bots, is a little bit disingenuous.
Ban them all.
No current social network can be bot-proof. And Lemmy is in the most unprotected situation here, saved only by his low fame. On Twitter, I personally have already banned about 15000 Russian bots, but that's less than 1% of the existing ones. I've seen the heads of bots with 165000 followers. Just imagine that all 165000 will register accounts on Lemmy, there is nothing to oppose them. I used to develop a theory for a new social network, where bots could exist as much as he want, but could not influence your circle of subscriptions and subscribers. But it's complicated...
Also, the "bot"/"human" distinction doesn't have to be binary. Say one has an account that mostly has a bot post generated text, but then if it receives a message, hands it off to a human to handle. Or has a certain percentage of content be human-crafted. That may potentially defeat a lot of approaches for detecting a bot.
You don't.
You employ critical thinking skills in all interactions on the web.
A chain/tree of trust. If a particular parent node has trusted a lot of users that proves to be malicious bots, you break the chain of trust by removing the parent node. Orphaned real users would then need to find a new account that is willing to trust them, while the bots are left out hanging.
Not sure how well it would work on federated platforms though.
I don't think that would work well, because I knew no one when I came here.
by embracing methods of verifying that a user is a real person
edit: to add this example
I've been thinking postcard based account validation for online services might be a strategy to fight bots.
As in, rather than an email address, you register with a physical address and get mailed a post card.
A server operator would then have to approve mailing 1,000 post cards to whatever address the bot operator was working out of. The cost of starting and maintaining a bot farm skyrockets as a result (you not only have to pay to get the postcard, you have to maintain a physical presence somewhere ... and potentially a lot of them if you get banned/caught with any frequency).
Similarly, most operators would presumably only mail to folks within their nation's mail system. So if Russia wanted to create a bunch of US accounts on "mainstream" US hosted services, they'd have to physically put agents inside of the United States that are receiving these postcards ... and now the FBI can treat this like any other organized domestic crime syndicate.
Fundamentally the problem only has temporary solutions unless you have some kind of system that makes using bots expensive.
One solution might be to use something like FIDO2 usb security tokens. Assuming those tokens cost like 5€. Instead of using an email you can create an account that is anonymous (assuming the tokens are sold anonymously) and requires a small cost investment. If you get banned you need to buy a new fido2 token.
PS: Fido tokens still cost too much but also you can make your own with a raspberry pico 2 and just overwrite and make a new key. So this is no solution either without some trust network.
For example, a bot on Twitter using an API call to GPT-4o ran out of funding and started posting their prompts and system information publicly.
While there's obviously botspam out there, this post is clearly a fake as anyone with the programming experience will notice immediately. It's just engagemeb bait
You were targeted by someone and they used the bots to punish you. It could have been a keyword in your posts. I had some tool that would down vote any post where I used the word snowflake. I guess the little snowflake didn't like me calling him one. I played around with bots for a while but it wasn't worth it. I was a OP on several IRC networks back in the day and the bots we ran then actually did something useful. Like a small percentage of reddit bots.
How do we even fix this issue or prevent it from affecting Lemmy??
Simple. Just scream that everyone whose opinion you dislike is a bot.
I disagree with this statement, so Ensign_Crab must be a bot. Reported.
You can't get rid of bots, nor spammers. The only thing is that you can have a more aggressive automated punishment system, which will unevitably also punish good users, along with the bad users.