The Beehaw admins made this choice, and documented their rationale here: https://beehaw.org/post/567170

I think you’ll be ok. The comment I reported is the one I replied to, not the one in the Swartz thread. There’s nothing naughty in your comments in this thread, so admin will have to read and click before even encountering your Swartz comment and will at that point be primed to investigate sockpuppeting rather than content policing. They’re also pretty chill here, I haven’t stumbled on anything in your history that would lead me to be concerned about them finding you to be at fault for this situation or otherwise an abusive user.

This sounds to me like sockpuppeted profile stalking and downvoting. I’m going to try reporting your comment with a note that while the comment itself is ok, the material it describes warrants an admin investigation into sockpuppeted voting. Instance admins mod this community, and hopefully they have time to take a look. Given that there are several credible reports of this kind of thing now, it seems worth an admin checking out.

I don’t know the answer to this question, maybe someone else will chime it. If I were to guess though, typically things that “disable downvoting” on Lemmy simply ignore it and fail to display it, which is consistent with how blocking and defederation handle other things.

For example, Beehaw has defederated with Lemmy.world where my account is. I can still see Beehaw posts to communities on other instances though. I can reply to those posts, and people on other instances see my comments. The Beehaw commenter cannot though, it’s a sort of see-no-evil-hear-no-evil situation, but the evil is still out there for everyone else. I believe blocking works the same way for comments, it’s a one-way block on your side… they still see you and can interact with your stuff in ways that others can see, unless I’m mistaken.

I’d expect blocking yo interact similarly with downvotes if it interacts at all. But I’m not positive.

Admins can definitely do more though, like banning/deleting the sockpuppet accounts.

Kbin doesn’t federate downvotes from Lemmy. If you look at their Lemmy profile, you can see there are many seemingly innocuous comments with 5-20 downvotes: https://sh.itjust.works/u/jballs?page=1&sort=New&view=Comments

The web-ui doesn’t seem to show downvotes and upvotes separately anymore, but many of those totals around -1 or whatever are the sum of 10-20 upvotes and downvotes. There’s definitely a weird amount of downvoting hitting that account on comments that seem… ok at least.

@jballs@sh.itjust.works there was another report of mass downvoting on Lemmy.world: https://lemmy.world/post/2343398 I’d say it’s too early to tell if these are true cases of individuals or groups sockpuppeting many accounts to mass downvotes or if someone is just attracting random downvotes for some reason. The other poster had an annoying flashy gif profile photo and banner that might have been annoying people. If you have something about your account, or have been antagonistic to people in comments/DMs that’s another likely explanation.

No major social media site publishes estimates on bot activity, so unless someone is citing a research paper with a reasonable bot-id technique, they’re speculating. That said, there are a few useful things we can say with only modest speculation:

1. No commercial social media site has as trivial a sign up process as these instances. They had no email verification, no captcha, and no validation or gating process of any kind. Scripts created this users with a single API call, hitting it as fast as the server would respond. So on the account validation front, reddit does better than these instances of keeping bots out.
2. Every commercial social media site has a security team that attempts to monitor bots and has the capability to remove them. Some of these admins were aware of the signups, and others didn’t know how to respond. So on the monitoring and response front, reddit is more sophisticated at detecting and responding to bots.
3. These instances I believe had zero or one active users vs 100k+ bot accounts. It’s hard to say what the bot rates are on commercial social media sites, but I think we can confidently bound it to something lower than 100k to 1 in favor of bots.
4. The aggregate number of bots represented about half the total lemmyverse. I’m sure someone will disagree with me, but I would be pretty surprised if half the signups at commercial sites are malicious. But that’s more plausible than 100k to 1.
5. But one the other hand, the activity of these bots is public, and they demonstrably didn’t do anything. At least some of the malicious/clandestine bot accounts on commercial social media sites are active… so maybe here Lemmy gets the win since this massive wave of bots went unused. Now, that doesn’t mean that OTHER more sophisticated and undetected bits aren’t active on Lemmy just as they are on other social sites. But my bet is there is little to none because Lemmy doesn’t matter enough to be worth attacking by the people who are able to run sophisticated bots. But this is hard to prove one way or another.

TLDR: This signup wave was so unsophisticated it would never have been possible on a major social site with a security team. But it also didn’t do any altanfible damage, unlike clandestine bot activity on major social sites. Depending on what metrics you use to compare (and how made up your metrics are, since this is all about activity that attempts to stay hidden), either side can come out on top.

This leads into my next concern which is GDPR, because now i can’t be certain that a users data gets deleted upon their request and i’m not certain whether i would be liable since my instance federates with the malicious instance (which may also not be hosted in the EU which is itself problematic, and even if i’m not liable it’s still not great).

I’m not a lawyer, but I have done compliance work, but not for GPDR… so take with several grains of salt.

I’d be fairly surprised if other instances caching your data had any impact on your GPDR status (unless you wrongfully made that data public in the first place).

If WordPress.com hosts an intentionally public blog post for a user, and archive.org scrapes it and saves a copy, and the user deletes it from WordPress (which correctly handles the deletion), would GPDR hold WordPress liable for a different organization retaining a copy on a different server? It would surprise me if it did, I can’t imagine how anyone could be in compliance while hosting public content under any circumstances if that were so. ActivityPub is not exactly the same as this, as it automates the process of copying data to many servers. But so does RSS and that’s not new. If this were an issue, I think we’d have seen examples of it before now.

It’s more likely that each ActivityPub instance is a different service from GPDR’s perspective, and each instance needs the capability to delete content associated with a user upon request. But I believe deletes are already federated by default, so we’re only talking about malicious instances that deliberately ignore deletion requests. These would not be GPDR compliant, but I suspect that doesn’t reflect on your liability.

… which may also not be hosted in the EU which is itself problematic…

Data locality is an interesting question, but I’m again inclined to suspect that YOU are not hosting data outside the EU. Other instances are, and the liability for doing so is theirs not yours.

If you were concerned about this, you could do whitelist federation where you explicitly add instances in appropriate jurisdictions rather than Federating by default with a blacklist. The opportunity cost of doing this is, of course, cultural irrelevance. You’d be cutting yourself off from most of the physical and virtual world in order to achieve improved data locality.

The loss of control over content is also something that i don’t particularly like…

This is real but rather the point of federation. If you really don’t like it, then federation is not for you. But consider multiple perspectives:

• As a user of reddit or another centralized publishing platform, you already didn’t have control over your data. The hoster did, as did the untold millions who scraped it maliciously and silently. This does not compare favorably to the fediverse.
• As an admin of a traditional forum like PHPBB, you do give up control in the Fediverse. Though when you account for malicious scrapers, how much you give up is debatable.
• But as a user of that PHPBB forum, the fediverse gives you MORE control. If the admin of that non-federated forum throws a tantrum and shuts it down, the community and posts are lost. As a user in the Fediverse, federation allows users on other instances to retain their account identity, recover posts from caches, and re-establish their community elsewhere against the wishes of the previous hoster.

Federation does require the hoster to give up power, but more than equally increases the power of users in return. Like GPDR, federation aims at increasing the data autonomy of users, but rather than focusing on privacy and data destruction to facilitate a user who wants to take their toys and go home, it focuses on how users can continue to access their data usefully in the face of an admin who want to take their toys and go home. Although the means to achieve them are often in conflict… control over data destruction and control over data preservation are two sides of the same data-autonomy coin.

Read up on history. You have this completely backwards. It took many years of government intervention to force them to open their networks. And in some countries banks still don’t interoperate or charge obscene rates for it.

I have nothing backwards because I said nothing about cause and effect, you appear to have fabricated some historical error about regulation so you could have something to condescend to me about. But even so, regulators did not invent cross-network calls nor did they invent inter-bank transfers. Both of these industries had those things prior to regulatory mandates and went through “wild west” periods that have clear parallels to the fediverse today (the early 1900s for telephones and the 17th century for banks) when interoperation existed but was quite selective. My point was that mature federated ecosystems converge on valuing connectivity very highly, and the fact that this value was so clear in these two cases that it was eventually encoded in law supports rather than refutes that claim.

It is the ability of communities to choose not to federate with anyone else which gives Mastodon its strength.

There are zero mature federated ecosystems where this statement is true. While the freedom to (dis)associate is foundational to federated systems as an abuse management tool, it’s existentially dangerous when deployed as an idealogical weapon or negotiating lever.

• The internet is federated, but you don’t see tier 1 ISPs de-peering each other over arguments on social media.
• Email (which IS a great analogy… exactly because of the precedent for combatting abuse at scale) is federated, and you don’t see major providers blackholing major providers.
• Telephone networks and the banking system are both federated, and generally major players don’t de-peer other major players within established ecosystems.

In all these cases, there were phases where the network was immature and these squabbles did happen. But players who isolated themselves lost relevance, and eventually the value of connecting to the wider network (with all of the challenges and opportunities that brings), became greater than the value of winning any other dispute.

This idea that de-peering everyone you don’t like is normal and how marginalized communities get protected is only popular right now for a short while because the fediverse only just barely matters at all, and almost everyone is willing to disrupt the health of the network is truly painful ways for any reason or no reason. If the fediverse doesn’t kill itself with infighting, the groups that find ways to address their disputes while remaining connected will come to form the fediverse that matters.

Of course, anyone who disagrees can defederate with anyone and everyone if they wish. But in so doing, they limit their own reach and relevance until eventually they’re left alone talking to themselves on a fedi-desert-island. I get marginalized communities not wanting to deal with the hassle of a growing network, but getting marginalized stories heard is one of the key ways to improve things going forward and defederate-first-ask-questions-later doesn’t help there.

No worries, I think there’s a legit bug in Lemmy doing this right now even if you make no mistakes.

Did your comment end up on the wrong post? Websockets seem to be falling apart this week and leading to all kinds of weird bugs.

It should be noted that cosocial has 10 registered users according to their front-page. Small instances frequently make idiosyncratic federation decisions and exactly because they’re small they have little impact on the overall health of the network.

Beehaw’s defederation as a “load-bearing” instance in the lemmyverse that is already entangled via cross-instance subscriptions is much more damaging and degrades service for like an aggregate 50% of the lemmyverse.

I wouldn’t sweat this cosocial thing, it will probably never impact you in a perceivable way.

I believe hot is the only ranking that runs as a scheduled task, as it is uniquely expensive to compute. I believe others are updated in real-time. It’s possible I’m mistaken, but I’ve been watching a few GitHub issues and this is the impression I got from dev discussion there.

I think bug-wise that only affects hot. But if I understand what active does, it’s posts with lots of recent comments. So if hot is broken and leaving the same posts up, probably those posts are gonna affect active as well… so even if active isn’t bugged, it ends up being very slow to change because people sorting by hot keep seeing and commenting on the same posts.

No ideas on how to help, but upvoting and commenting for visibility to drive the active and top scores. I can say also that in another thread where this person asked for help on a different topic, they were responsive and provided the information necessary to get to the bottom of things. If somebody has ideas, OP will not likely waste your time.

Now I can’t subscribe to the communities I find cause I can’t login on my instance. Spinning button forever, can’t login. And can’t subscribe through Jerboa app 😑

Dude, you’ve fallen out of the tree and are hitting every branch on the way down. If clearing your browser cache doesn’t work (which may log you out of other websites unless you use advanced browser features to wipe the cache for just your lemmy instance), I’d make a new post in this same community. If it’s not your browser, maybe there’s something funky going on with the server itself… and they do watch this community for bug reports. I don’t have further advice on this front though, and can’t test as my account is on a different instance.

Good luck. Although Lemmy has no shortage of sharp edges, I can say you’re having a considerably worse than average day right now. If you get this stuff sorted, it’s… not exactly polished… but nicer than this on the far side.

Oh, I see it… the type dropdown in the upper-left underneath the word Search is set to communities (which… intuitively seems like it should work and in my opinion the fact that it doesn’t is a bug). You need to change it from communities to all. I thought from your OP you had done this, but you must have been referring to one of the other boxes with all as a value… there are a couple there.

Technically, this step is described in step 2c of https://lemmy.world/post/9296, but it’s so confusing and unintuitive that you have to read it so perfectly and precisely and get no feedback when it goes wrong. Fixup your type dropdown and you’ll be good though.

Oh, I guess I didn’t read your OP closely enough. You did seem to hit the key points. I’m not sure what’s wrong and don’t have further suggestions. I have to think it’s something simple you’re missing, otherwise we’d be hearing a flood of similar reports… but what you’ve described should work. Sorry you’re having trouble.

This post explains how to discover remote communities (which can be very non-intuitive), have a read through it and I think you’ll be able to get yourself sorted: https://lemmy.world/post/9296

… an open sourced, volunteer network…

Are you talking about the early days of the internet and email, or the Fediverse today? I can’t tell which.

How about you help create those tools since you view the current status as such a travesty?

You say that like I’m the admin of an instance with 13k users with the platform to crowdfund additional developers on the core project. I have a simpler idea though, what if I engineer a crisis by splitting the network and forcing existing devs to choose between working on my pet features or forking the network with no notice. That sounds way easier.