Tag: mutual aid

Fediseer: A Fediverse Chain of Trust

Db01 Comment

Recently I’ve started running my own lemmy instance, as part of my decoupling from Reddit, due to them speed-running enshittification.

The instance has been growing nicely and holding up very well indeed. but there’s dark clouds forming on the horizon, as more of more of the early adopters and people with principles are leaving that service and are looking for alternatives.

The first signs of trouble appeared when I noticed that the top instances in the Fediverse Observer were growing by thousands of users per day, but had very little activity to speak of, with few threads and barely any comments. This was a clear sign of botted accounts being generated by the thousands.

My initial reaction was to cook up a quick REST API and a complementing script which would allow instance admins to quickly de-federate from instances with this amount of botted accounts, as it would point to an instance with insufficient protection, and those account could easily be used in the future to spam others. A small pre-emptive measure. It’s not particularly sophisticated, but I wanted to get something out before trouble occurs.

The Fediverse Fediseer was born, but I wanted something more. I feel like a big issue with the Fediverse as it stands right now is the same as email. It’s trivial for someone to set up hundreds or thousands fake fediverse domains and start spamming other instances. All it requires is that any account on those instances to follow their spam domains, to open the door. Sure, instances with manual user approval are somewhat more protected, but this approach does not scale well, and will lose us the opportunity to capture the people looking for alternatives outside of corporate control. Likewise any place with open registrations is available to botters to inject their fake accounts in order to follow their spam instances. In general, it’s a big problem to solve through de-federation alone.

My thoughts then was to find a way utilize the “whitelisting” capabilities of lemmy and the fediverse to ensure that only trusted instances are federated. But this has it’s own share of problems. Particularly, it’s also difficult to scale, and it easily excludes people running their own instances.

However the main benefit of whitelists, is that one does not have to be constantly vigilant. A dedicated bot network can spawn thousands of new domains and sleeper accounts to flood the fediverse and de-federation lists would easily grow exponentially to try and fruitlessly fight against this. A whitelist should theoretically remain relatively short and there’s natively protects against domain flooding.

So I wanted to come up with something that would both make it easy to compile and maintain whitelists, but also not lock out people from individual accounts.

After a day of work, I’m excited to unveil the new Fediseer functionality which works around a Chain of Trust!

This all works via a REST API (which I hope some enterprising people will make a fancy UI for it)

The first step is to use the Fediseer API to register your instance’s domain. You can do it from the provided interface, or use a curl call, But I hope in the future the community will develop way fancier UIs to handle this. You will need to provide a username which is an admin on the instance you want to claim (preferably yours).

If all goes well, the user you provided will then receive an API key via Private Message on their own instance, which they can then use to guarantee or endorse other instances.

A new account on the Fediseer however is not visible on the whitelist API by default. This is because only accounts which are “Guaranteed” by other instances are visible. The Fediseer starts with an core instance, the fediverse.com, which functions as the root for the Chain of Trust. Either this account, or another account previously guaranteed, will have to guarantee your instance, before it is available for the whitelist.

Using the Guarantee API endpoint you can now guarantee other instances with your own instance.

Once your instance is guaranteed, it also get its first endorsement from its guarantor, and now will be displayed on the whitelist using the default settings

This list can be exported also in csv format, for easy injection into lemmy whitelists

This naturally forms a network of trust with instances guaranteeing each other down the chain. The purpose of this guarantee is to prevent bad actors from sneaking in. So let’s pretend that a spam instance sneaks in, and starts causing trouble. What do we do?

Very easy, instead of having to waste time going around asking everyone to defederate that instance, and reminding new users to do likewise, we simply withdraw our guarantee for that instance. Once a guarantee is withdrawn, that instance is not anymore visible in the whitelist. Which means any servers which automatically pull and deploy the whitelist from the Fediseer, will automatically reject such instances.

But this goes even further. Let’s say someone pretend to be nice in order to start letting spam instances into the whitelist. When people shout about it, they say the right words and withdraw their guarantees, but keep adding new ones in. Eventually, we’re going to notice that all guarantees for spam seem to be coming from the same instance. When that happens, we just withdraw our guarantee for that instance which does 3 things. A) It prevents that instance from being in the whitelist. B) It prevents that instance from guaranteeing or endorsing others C) It removes the instances lower in the chain branch of that instance as well! So if instance A faked being nice, then guaranteed for 20 spam instances once in, all it would take for those 20 spam instances to be removed from thew whitelist, for the guarantor of instance A, to withdraw their guarantee! If they don’t want to do that, then whoever guaranteed them might withdraw it, until we find someone who does.

Now, I won’t claim that this system is perfect. Human nature being what it is, I expect power groups will form which might not agree with who else is guaranteed. This is where the fediseer being FOSS helps. If there’s a core disagreement between big groups of fediverse projects about who should be guaranteed in the first place, I expect other Fediseers to spawn with their own Chains of Trust which are more or less strict than other. An instance could very well be registered to multiple Overseers and thus be part of different whitelists. I am perfectly aware that I will not be able to satisfy everyone limits but I hope to provide a tool that can!

The main point here is to create the system which can start building Chains of Trust, which have a manual human control but are easy to adjust as the environment changes.

There’s more here that I haven’t mentioned yet, such as the endorsements, where guaranteed instances can endorse others, and anyone can set their whitelist to require more of less endorsements. Or being able to whitelist only instances with endorsements from another instance. Or how the Fediseer will PM you with changes to endorsements and guarantees etc

There’s plenty of ideas to add. This is merely the first step. And I’d love you all to help me take more of them!

Key Sharing

Db01 Comment

The AI Horde is built around the concept of Mutual Aid, to allow people who have, to aid with those who have not. It’s just that it is about aiding for one specific purpose, of using generative AI.

A lot of the design decisions of the AI Horde have been added to facilitate this purpose, such as kudos transfers, which have in turn been turned into things like discord emojis etc. And I’m always looking for ways to reinforce this behavior.

To this end, I am excited to announce a new feature on the AI Horde: Shared Keys

What are shared keys?

In short, they are API keys which can only be used to generate images and text, and not valid for doing any other operations, such as transferring kudos or rating images. The idea here is that someone can created a shared key to give to friends and family, to allow them to use their account priority and to lower the on-boarding requirements of registering their own accounts and not worrying that they might leak it.

Whenever a shared key is used, the kudos is consumed from the origin account and the priority used for that generation is the same as the owner’s. The generation also shares concurrency with that account so if you are planning to share with a lot of people they might end up getting in each other’s way.

Shared Keys can also be given an optional kudos limit, and an expiry date, after which they stop working. A kudos limit doesn’t affect their priority, just prevents the shared key form being used once that limit has been reached.

How do I create an API key?

Until UIs add the option to create them, the simplest way is to use the API web interface directly: http://aihorde.net

Alternatively you can open a console terminal and send a CURL call like so:

curl -X 'PUT' \
  'https://aihorde.net/api/v2/sharedkeys' \
  -H 'accept: application/json' \
  -H 'apikey: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
  "kudos": 10000,
  "name": "Mutual Aid"
}'Code language: PHP (php)

just add your own API Key and change the kudos limit and name as you wish. You can also set kudos to -1 to allow unlimited sharing with that key.

We also provide an endpoint to check how much a key has been utilized until now

{
  "id": "4cb776de-31f0-4895-9fc3-b2e1d17a64f0",
  "username": "db0#1",
  "kudos": 2320,
  "utilized": 7684
}Code language: JSON / JSON with Comments (json)

How do I use a Shared Key

Simply use it place of a normal API key to the UI of your choice.

Can I modify a Shared key

Yes, you can both “top-up” existing keys, add/remove expiry, or delete them altogether.

What’s next?

The Shared Keys are designed to be pretty open in their usage. I expect use cases around “service accounts” for communities where people are pooling their kudos somehow, but I am also curious what other emergent uses people will come up around this system.

And If you have a user-case which requires tweaking of this functionality, do let me know!

The most fitting piece of clothing

Db02 Comments

I have finally found the most appropriate T-Shirt for me evar

A while ago I noticed that this T-Shirt had become available and I just knew I had to have one (for reasons that I expect are immediately obvious). Unfortunately they wouldn’t ship outside of the USA so it was impossible to order one myself.

I thus decided to shout it out and see if anyone in the US is willing to order it for me and fortunately I managed to tickle the mutual aid of Joseph, a fellow anarchist who volunteered to get it for me and send it, via post. Little did I know that he is more forgetful than I am 🙂

So, 6 months later, he remembered that he still hadn’t sent the package, or rather, according to him, his girlfriend reminded him which in turn led to him sending the package over. Unfortunately, I seem to have forgotten to provide him with my IRL name which led to the hilarious event of giving them my alias (as they wouldn’t ship without a name) and telling them that I was some kind of radio personality.

This in turn meant that the package came here without a proper name (The package had no name on it, not even my “radio” alias), and the nice German delivery person, not knowing how to deal with this, dumped the package on top of the mailboxes. It was only by sheer luck that my eyes passed over the package and the name of the sender clicked in my head and made me realize this is for me.

But in the end, things turned out alright, and finally I have the most fitting T-Shirt evar. W00t!

Mad props to Joseph!

Reblog this post [with Zemanta]

Once more, reality shows that "Human nature" is not what the liberals claim it is

Db069 Comments

Katrina shows us another empirical example of what Human Nature truly is. Not the wild beast that liberals will always claim it is, but one based on co-operation.

New Orleans is Flooded
Image by Spiritwood Images via Flickr

“Human Nature” has become the eternal cliche, the final argument that all those “civilized” and “liberal” will utter when a system that is not based on domination of human over human is proposed. An argument that has been refuted and debunked too many times to count and yet is commonly trotted out as the ultimate trump card in support of the State when everything else has been demolished.

And yet, once more reality begs to differ. When the chips are down and humans have nothing else to rely on other than their “nature”, we see time and again that it is mutual aid that overwhelmingly comes to the fore, not greed or any vice.

I just read this article from the Guardian which shines some light on the disaster of Katrina and what the reaction was from the poor, the rich and those in power. Needless to say, those who are most blamed about their “Human Nature” were the ones that empirically refuted this nonsense, while the ones who are supposed to be more “civilized” or enlightened enough to maintain order by limiting the excesses of “human nature” where the true monsters.

Here’s some choice quotes from the article. All emphasis mine.

Louisiana’s governor at the time, Kathleen Blanco, announced as she dispatched National Guard troops: “I have one message for these hoodlums: these troops know how to shoot and kill, and they are more than willing to do so if necessary, and I expect they will.” She and the city’s mayor had called off the rescue efforts to focus on protecting private property – with lethal force if necessary.

Just in case you still believe that the state is for the benefit of the common people

One group of suburban white men who believed the rumours or just anticipated that in the absence of authority we all become monsters became monsters themselves, even as they fantasised they were preserving order. These men in Algiers Point across the river from the city of New Orleans gathered an arsenal and launched their own little murder spree, killing several black men and injuring and threatening others.

Just in case you think that believing in the nonsense about “human nature” is harmless.

Most people behave beautifully in disasters (and most Americans, incidentally, believe Obama was born in this country). The majority in Katrina took care of each other, went to great lengths to rescue each other – including the “cajun navy” of white guys with boats who entered the flooded city the day after the levees broke – and were generally humane and resourceful. A minority that included the most powerful believed they were preventing barbarism while they embodied it.

“Human Nature” my arse!

This is why every time I see this fucking argument made by any of those civilized people which prefer to support the true monsters, those “scientifically-minded” who ignore all empirical evidence, those bleeding-hearts who won’t let people help themselves, I get annoyed.

And then I get angry when in the face of all evidence, human nature will be brought up as an argument, when all that is really being shown is how ignorant and biased they are. And do you know why I get angry? Because it’s this argument that actually causes such horrible situation. When people are convinced that humans are basically evil when left uncontrolled, then one’s reaction when in such a situation will be to expect others to act like monsters and therefore they start acting like this themselves, making their false beliefs self-fulfilling and things worse than they already are.

Reblog this post [with Zemanta]