Fediseer: A Fediverse Chain of Trust

Recently I’ve started running my own lemmy instance, as part of my decoupling from Reddit, due to them speed-running enshittification.

The instance has been growing nicely and holding up very well indeed. but there’s dark clouds forming on the horizon, as more of more of the early adopters and people with principles are leaving that service and are looking for alternatives.

The first signs of trouble appeared when I noticed that the top instances in the Fediverse Observer were growing by thousands of users per day, but had very little activity to speak of, with few threads and barely any comments. This was a clear sign of botted accounts being generated by the thousands.

My initial reaction was to cook up a quick REST API and a complementing script which would allow instance admins to quickly de-federate from instances with this amount of botted accounts, as it would point to an instance with insufficient protection, and those account could easily be used in the future to spam others. A small pre-emptive measure. It’s not particularly sophisticated, but I wanted to get something out before trouble occurs.

The Fediverse Fediseer was born, but I wanted something more. I feel like a big issue with the Fediverse as it stands right now is the same as email. It’s trivial for someone to set up hundreds or thousands fake fediverse domains and start spamming other instances. All it requires is that any account on those instances to follow their spam domains, to open the door. Sure, instances with manual user approval are somewhat more protected, but this approach does not scale well, and will lose us the opportunity to capture the people looking for alternatives outside of corporate control. Likewise any place with open registrations is available to botters to inject their fake accounts in order to follow their spam instances. In general, it’s a big problem to solve through de-federation alone.

My thoughts then was to find a way utilize the “whitelisting” capabilities of lemmy and the fediverse to ensure that only trusted instances are federated. But this has it’s own share of problems. Particularly, it’s also difficult to scale, and it easily excludes people running their own instances.

However the main benefit of whitelists, is that one does not have to be constantly vigilant. A dedicated bot network can spawn thousands of new domains and sleeper accounts to flood the fediverse and de-federation lists would easily grow exponentially to try and fruitlessly fight against this. A whitelist should theoretically remain relatively short and there’s natively protects against domain flooding.

So I wanted to come up with something that would both make it easy to compile and maintain whitelists, but also not lock out people from individual accounts.

After a day of work, I’m excited to unveil the new Fediseer functionality which works around a Chain of Trust!

This all works via a REST API (which I hope some enterprising people will make a fancy UI for it)

The first step is to use the Fediseer API to register your instance’s domain. You can do it from the provided interface, or use a curl call, But I hope in the future the community will develop way fancier UIs to handle this. You will need to provide a username which is an admin on the instance you want to claim (preferably yours).

If all goes well, the user you provided will then receive an API key via Private Message on their own instance, which they can then use to guarantee or endorse other instances.

A new account on the Fediseer however is not visible on the whitelist API by default. This is because only accounts which are “Guaranteed” by other instances are visible. The Fediseer starts with an core instance, the fediverse.com, which functions as the root for the Chain of Trust. Either this account, or another account previously guaranteed, will have to guarantee your instance, before it is available for the whitelist.

Using the Guarantee API endpoint you can now guarantee other instances with your own instance.

Once your instance is guaranteed, it also get its first endorsement from its guarantor, and now will be displayed on the whitelist using the default settings

This list can be exported also in csv format, for easy injection into lemmy whitelists

This naturally forms a network of trust with instances guaranteeing each other down the chain. The purpose of this guarantee is to prevent bad actors from sneaking in. So let’s pretend that a spam instance sneaks in, and starts causing trouble. What do we do?

Very easy, instead of having to waste time going around asking everyone to defederate that instance, and reminding new users to do likewise, we simply withdraw our guarantee for that instance. Once a guarantee is withdrawn, that instance is not anymore visible in the whitelist. Which means any servers which automatically pull and deploy the whitelist from the Fediseer, will automatically reject such instances.

But this goes even further. Let’s say someone pretend to be nice in order to start letting spam instances into the whitelist. When people shout about it, they say the right words and withdraw their guarantees, but keep adding new ones in. Eventually, we’re going to notice that all guarantees for spam seem to be coming from the same instance. When that happens, we just withdraw our guarantee for that instance which does 3 things. A) It prevents that instance from being in the whitelist. B) It prevents that instance from guaranteeing or endorsing others C) It removes the instances lower in the chain branch of that instance as well! So if instance A faked being nice, then guaranteed for 20 spam instances once in, all it would take for those 20 spam instances to be removed from thew whitelist, for the guarantor of instance A, to withdraw their guarantee! If they don’t want to do that, then whoever guaranteed them might withdraw it, until we find someone who does.

Now, I won’t claim that this system is perfect. Human nature being what it is, I expect power groups will form which might not agree with who else is guaranteed. This is where the fediseer being FOSS helps. If there’s a core disagreement between big groups of fediverse projects about who should be guaranteed in the first place, I expect other Fediseers to spawn with their own Chains of Trust which are more or less strict than other. An instance could very well be registered to multiple Overseers and thus be part of different whitelists. I am perfectly aware that I will not be able to satisfy everyone limits but I hope to provide a tool that can!

The main point here is to create the system which can start building Chains of Trust, which have a manual human control but are easy to adjust as the environment changes.

There’s more here that I haven’t mentioned yet, such as the endorsements, where guaranteed instances can endorse others, and anyone can set their whitelist to require more of less endorsements. Or being able to whitelist only instances with endorsements from another instance. Or how the Fediseer will PM you with changes to endorsements and guarantees etc

There’s plenty of ideas to add. This is merely the first step. And I’d love you all to help me take more of them!