this post was submitted on 13 Oct 2024
14 points (68.4% liked)

New Communities

17172 readers
151 users here now

A place to post new communities all over Lemmy for discovery and promotion.

Rules

The rules for behavior are a straight carry over of Mastodon.World's rules. You can click the link but we've reposted them here in brief, as a guideline. We will continue to use the Mastodon.World rules as the master list. Over all, be nice to each other and remember this isn't a community built around debate. For the rules about formatting your posts, scroll down to number 2.

1. Follow the rules of Mastodon.world, which can be found here.

A. Provide an inclusive and supportive environment. This means if it isn't rulebreaking and we can't be supportive to them then we probably shouldn't engage.

B. No illegal content.

C. Use content warnings where appropriate. This means mark your submissions NSFW if need be.

D. No uncivil behavior. This includes, but is not limited to: Name Calling; Bullying; Trolling; Disruptive Commenting; or Personal Criticisms.

E. No Harrassment. As an example in relation to Transgender people this includes, deadnaming, misgendering, and promotion of conversion therapy. Similarly Misogyny, Misandry, and Racism are also banned here.

2. Include a community title and description in your post title. - A following example of this would be New Communities - A place to post new communities all over Lemmy for discovery and promotion.

3. Follow the formatting. - The formatting as included below is important for people getting universal links across Lemmy as easily as possible.

Formatting

Please include this following format in your post:

[link text](/c/community@instance.com)

This provides a link that should work across instances, but in some cases it won't

You should also include either:

!community@instance.com

or instance.com/c/community

FAQ:

Q: Why do I get a 404?

A: At least one user in an instance needs to search for a community before it gets fetched. Searching for the community will bring it into the instance and it will fetch a few of the most recent posts without comments. If a user is subscribed to a community, then all of the future posts and interactions are now in-sync.

Q: When I try to create a post, the circle just spins forever. Why is that?

A: This is a current known issue with large communities. Sometimes it does get posted, but just continues spinning, but sometimes it doesn't get posted and continues spinning. If it doesn't actually get posted, the best thing to do is try later. However, only some people seem to be having this problem at the moment.

Extra FAQ information

Image Attribution:

Fahmi, CC BY 4.0 https://creativecommons.org/licenses/by/4.0, via Wikimedia Commons>>

founded 2 years ago
MODERATORS
 

!world@quokk.au

Not going to lie, I got banned so I made my own World News Community. This community differs because there's no silly bot, I'll happily listen to the communities voice, and we're a bit more lax on rules policing.

Feel free to come on by and comment. I would love to foster a News community that's active in discussion.

you are viewing a single comment's thread
view the rest of the comments
[–] PhilipTheBucket@ponder.cat 5 points 1 month ago (1 children)

Maybe it could be addressed with cryptographically-signed votes

That is how it works, I believe. Each vote has to be signed by the actor of the user that voted.

There have been people who did transparent vote-stuffing by creating fake accounts en masse and get detected, because they were using random strings of letters for the usernames. Probably it's happened more subtly than that and not been detected sometimes, too, but it's not quite as simple as just reporting a high number.

[–] tal 1 points 1 month ago* (last edited 1 month ago) (1 children)

I believe that the basic metric of trust is instance-level. That is, it's the TLS certificates and whether-or-not an instance is federated that is the basis of trust. I don't think that users have individual keys -- I mean, it'd be meaningless to generate one rather than just trusting a home instance without client-side storage, and that definitely doesn't exist.

Having client-side keys would potentially, with other work, buy some neat things, like account portability across instances.

But the problem is that, as you point out, any solution on vote trust can't just be user-level keys, unless every admin is gonna police who they federate with and maintain only a network of instances that they consider legit. Once I federate with an instance, I grant it the right to create as many accounts as it wants and vote how it wants. And keep in mind that ownership of an instance could change. Like, an admin retires, a new one shows up, stuff like that.

[–] PhilipTheBucket@ponder.cat 2 points 1 month ago (1 children)

Your actor (https://lemmy.today/u/tal)'s public key is:

 -----BEGIN PUBLIC KEY-----                                      
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VR4k0/gurS2iULVe7D6
 xwlQNTeEsn0EOVuGC2e9ZBPHv4b02Z8mvuJmWIcLxWmaL+cgHu2cJCWx2lxNYyfQ
 ivorluJHQcwPtkx9B0gFBR5SHmQzMuk6cllDMhfqUBCONiy5cpYRIs4LBpChV4vg
 frSquHPl+5LvEs1jgCZnAcTtJZVKBRISNhSp560ftntlFATMh/hIFG2Sfdi3V3+/
 0nf0QDPm77vqykj2aUk8RnnkMG2KfPwSdJMUhHQ6HQZS+AZuZ7Q+t5bs8bISFeLR
 6uqJHcrXtvOIXuFe7d/g/MKjqURaSh/Pqet8dVIwvLFFr5oNkcKhWG1QXL1k62Tr
 owIDAQAB                                                        
 -----END PUBLIC KEY-----                                        

All ActivityPub users have their own private keys. I'm not completely sure, and I just took a quick look through the code and protocols and couldn't find the place where vote activity signatures are validated. But I swear I thought that all ActivityPub activities including votes were signed with the key of the actor that did them.

Regardless, I know that when votes federate, they do get identified according to the person who did the vote.

In practice, you are completely correct that the trust is per-instance, since the instance DB keeps all the actor private keys anyway, so it's six of one vs. half dozen of the other whether you have 100 fake votes from bad.instance signed with that instance's TLS key, or 100 fake votes signed with individual private keys that bad.instance made up. I'm just nitpicking about how it works at a protocol level.

[–] tal 1 points 1 month ago

Ah, thank you for that, then; that makes sense. And yeah, if there is a per-user key, then I'd expect it to be signing votes.