Right now the fediverse is nipping at the heels of the silos.

They know we are here, and they perceive us as a threat. We know this from leaked emails from facebook.

That said, they could attack us in an oblique manner with any number of poisoned waterhole attacks.

Earlier today someone predicted one or more of those platforms just integrate activitypub and crush us by incorporating us.

Another pointed at the potential for procedurally generated instances that just harvest data, or overwhelm our ability to suspend all of the instances they throw up.

When these attacks are adapted to... they'll get concerned, and will try to frame us as part of "the dark web(tm)"...

That's how we'll know we're winning.

@TheGibson

I'm interested in brainstorming immune system defenses

beyond our strength as actually real people who can tell the difference between fake and person, usually pretty obvious

@Food

I am interested in this as well.

I feel like some sort of new instance registry may be necessary if we see these sorts of co-opting efforts occurring...

Like a low speed probationary period or something...

@TheGibson @Food
>Instance registry

>looks at eris.Berkeley.EDU
>looks at Q-line
>looks at EFNet

history likes to repeat itself, doesn't it? :P

@Wolf480pl @Food

I am not necessarily suggesting it as the solution... but I don't know how we make ourselves resilient to abuse of the open system without some sort of whitelisting.

That said, yes... we tend to repeat ourselves.🤔

@TheGibson @Food

IMO, to a certain extent, this is a question of what our goals are.

Is our goal to have a federated network which _everyone_ can join with their instance, then we should allow Facebook et al. join us, and we should work on ways to make sure that the joining of Facebook won't cause harm to people on other instances.

If our goal is to have an isolated safe space away from mainstream socnets, then whitelisting would be a good approach, but it wouldn't be "Fediverse" anymore.

Follow

@Wolf480pl @TheGibson @Food if FB decided to federate, I doubt any existing fediverse instance could survive without blocking FB. I don’t see this is a philosophical question, but rather a technical and economic one. FB probably has 3 orders of magnitude more users and 4 to 5 orders of magnitude more traffic than does the fediverse. Even if pleroma/mastodon/etc could scale to that level of traffic without major changes, it would be too expensive to operate.

@jerry @TheGibson @Food
Only if people from your instance follow people from FB. And only to the extent they follow people from FB.

AFAIK, if people from my instance follow total of 5 people from .social, then my instance will only receive posts of 5 people from .social, not all posts from everyone on .social.
(if it's not the case then the protocol is terribly broken)

Now, do you think people from your instance would suddenly follow everyone from FB?

@Wolf480pl @jerry @Food
Your federated timeline, and thereby your required storage will explode.

@TheGibson @jerry @Food but federated timeline shows only posts from people who are followed by someone on your instance.

@Wolf480pl @jerry @Food

If I were an attacker, I would have accounts on prominent servers that would scriptomatically follow the accounts I wanted on the compromised servers.

@TheGibson @jerry @Food
Now we're talking!
This is a very interesting attack scenario.

So the key here is to distinguish a legit user following profiles from <bigInstance> from a bot following profiles from <bigInstance> in order to fill your disk.

Or is it?
Even if it's a real user following too many people from <bigInstnace> that can cause trouble for the admin. 1/2

@Wolf480pl @jerry @Food

This is the scenario when I refer to a poisoning scenario.

@TheGibson @jerry @Food

So we need a method in place for admins to identify users who cause too much load on the server and either politely ask them to move somewhere else, or to reduce the load they're causing, or have them cover part of the costs of the server, or find some other solution.

Either way, AFAIU, only people on your server can cause load on it (or, for that matter, other issues), and you need a way to monitor which of your users are causing issues.

@Wolf480pl @jerry @Food

So, kind of....

Let's say I have a compromised account on your server.

I follow a bunch of accounts from a thousand different instances that are mostly quiet.

Those accounts at some point start to all post heavy video content.

All of it comes to the federated timeline on your server.

Poof.

@TheGibson @jerry @Food
hmm... yeah, sounds like something that can be solved by manual intervention, but will cause downtime anyway, and a well prepared attacker can repeat the attack with different accounts over and over again.

Maybe some per-user rate limits for downloading content from other instances? This way other users of the instance wouldn't be affected by the compromised account.

@Wolf480pl @jerry @Food

Also, perhaps a NON-federated mode that the server can be brought up in to analyze the problem.

@Wolf480pl @jerry @Food

I suppose you could just block the IP from accessing the internet.

@TheGibson @jerry @Food that could accidentally block lots of other things which are useful when diagnosing the issue.

OTOH, blocking server-to-server endpoints at reverse proxy level (think nginx) would probably be an effective measure.

@Wolf480pl

@TheGibson @jerry

My helpful admin has contacted me personally when I was on a posting spree and let me know it would dominate the tl

That was helpful

I stopped doing it quite like that

@jerry @TheGibson @Food
And even if people from your instance followed a lot of people from FB, that'd mean they'd follow the same amount of people if all of them were on Fediverse instead of FB. So you'd get the same amount of traffic.

If fedi can't deal with the traffic your users want from FB, it means fedi is not a good replacement for FB.

@Wolf480pl

@jerry @TheGibson

Fb's its own world to me, one I want nothing to do with how they built it

@Wolf480pl @jerry @TheGibson

I think it's like going to a different country. Mastodon just works differently on a structural component and a cultural component

@Food @jerry @TheGibson
yeah, but the question is, do we want everyone to eventually move to our country, or do we think some people deserve to stay forever in North Korea / US / <insert-your-faviourite-opressive-regime-here>?

@Wolf480pl

@jerry @TheGibson

Well

Thats the terrifyingly beautiful part.

These tools to communicate are for people who are looking to communicate

They've got a finite reach in an infinitely complex organic world

The server is a direct reflection of the mods tending and the users being

Theres probably a N Korea and an Egypt and a USA set of instances and USA blocked N Korea or something

@Food @jerry @TheGibson
I'm thinking of FB as an N Korea, successively brainwashing

@Food @jerry @TheGibson

oops, I accidentally hit enter in the middle of a post...

@Food @jerry @TheGibson

I'm thinking of FB as a North Korea of socnets, successively brainwashing everyone who uses it.

Also, it's a problem when someone you want (a friend) or need (a classmate with whom you're doing a pair project) to communicate with uses only FB and expects everyone to be on FB.

If you're on FB, FB will abuse you and your data.
If you're not on FB, you won't have a way to communicate with people.

This is why we need to replace FB.
Why we need everyone to use sth else.

@Wolf480pl

@jerry @TheGibson

Absolutely true in my view

You could also ask for a phone number or meeting up in person and just be assertive about that and needs no explanation

@Food @jerry @TheGibson
Yes, you can.
But it doesn't always work, and is not as convenient as having them on IRC :P

Meanwhile the student's council still announces the most important announcements only on FB group, even though the university provides a mailing list on which all students are subscribed automatically, and which is a much better channel for official announcements.

@Wolf480pl

@jerry @TheGibson

I do think fb makes an incredibly droll homogenous fragile culture. This is why I'm not there lol: they're Brisket Boring , no offense to brisket lol

@Wolf480pl @Food @jerry @thegibson No only "This is why we need to replace FB. Why we need everyone to use sth else."

But *many* something'S' else.

Many other 'things' on many other servers, all federated.
- mastodon
- nextcloud
- pleroma
- pixelfed
- peertube
- more all the time!

Fediverse software platforms:

en.wikipedia.org/wiki/Fedivers

@gemlog @Food @jerry @TheGibson

Actually, I think we should get them to use more than one protocol at the same time, to get used to the fact that not everyone is on the same network.

@Wolf480pl @Food @jerry @thegibson
Some projects do support more than one protocol - it's not quite one ring to rule them all. Yet.
Which, yeah, might bring the same disaster as smtp for example.

@gemlog @Food @jerry @TheGibson
No no no, what I mean is, people should be used to the fact that they have to use 2 (or more) different, mutually incompatible applications, for accessing 2 or more separate networks, because there's no network that is used by everyone.

@gemlog @Food @jerry @TheGibson
It used to be that you needed 5 IMs because none of them alone would let you reach everyone.

Nowadays, people assume everyone can be reached through FB.

Replacing that by a belief that everyone can be reached by <some-federated-thing> would be better but still far from ideal.

Ideally, we'd have people believe that no IM or socnet can let them reach everyone, and than using multiple in parallel is normal and expected.

@Wolf480pl @jerry @Food

It's not the raw traffic necessarily. It's the individual servers being hosted at the cost of the admin that wouldn't be able to afford the cost of running.

And/or they just pump trash into the fediverse by procedurally generating instances and flooding everything.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.