So I’ve noticed that there’s a little group of accounts all with the same name, presumably the same person with alts on several instances, and they all like to upvote their own stuff from their other accounts with the same name on other instances (and from other accounts which don’t have the same name but seem likely to be the same person). Here’s what it looks like. (I have redacted their actual username, since I’m not sure if that is acceptable to post in a bigger and not-drama-centered community.)

Each of these little groupings is multiple votes from accounts with the exact same name, all applied to the same comment within a few minutes of each other from (for example) the programming.dev and slrpnk.net accounts, a little while after the infosec.pub account posted it:

SELECT p.actor_id, cl.score, cl.comment_id, cl.published FROM person p, comment_like cl WHERE p.name = 'redacted' AND cl.person_id = p.id ORDER BY published ASC;
              actor_id              | score | comment_id |           published           
------------------------------------+-------+------------+-------------------------------

(some excerpts:)

 https://infosec.pub/u/redacted     |     1 |    1961075 | 2025-02-22 16:22:56.014731+00
 https://slrpnk.net/u/redacted      |     1 |    1961075 | 2025-02-22 18:00:51.325286+00
 https://programming.dev/u/redacted |     1 |    1961075 | 2025-02-22 18:03:18.236992+00

 https://programming.dev/u/redacted |     1 |    1958485 | 2025-02-22 18:03:19.371003+00
 https://slrpnk.net/u/redacted      |     1 |    1958485 | 2025-02-22 18:00:50.886344+00
 https://infosec.pub/u/redacted     |     1 |    1958485 | 2025-02-22 11:23:42.226386+00

 https://programming.dev/u/redacted |     1 |    1958643 | 2025-02-22 18:03:19.093138+00
 https://slrpnk.net/u/redacted      |     1 |    1958643 | 2025-02-22 18:00:50.944788+00
 https://infosec.pub/u/redacted     |     1 |    1958643 | 2025-02-22 11:57:14.571075+00

 https://infosec.pub/u/redacted     |     1 |    1958775 | 2025-02-22 12:18:29.561662+00
 https://slrpnk.net/u/redacted      |     1 |    1958775 | 2025-02-22 18:00:51.007097+00
 https://programming.dev/u/redacted |     1 |    1958775 | 2025-02-22 18:03:19.019653+00

 https://programming.dev/u/redacted |     1 |    1958789 | 2025-02-22 18:03:18.814704+00
 https://slrpnk.net/u/redacted      |     1 |    1958789 | 2025-02-22 18:00:51.063719+00
 https://infosec.pub/u/redacted     |     1 |    1958789 | 2025-02-22 12:20:44.963274+00

 https://slrpnk.net/u/redacted      |     1 |    1958826 | 2025-02-22 17:59:48.55791+00
 https://programming.dev/u/redacted |     1 |    1958826 | 2025-02-22 18:02:49.300343+00

 https://slrpnk.net/u/redacted      |     1 |    1958827 | 2025-02-22 18:00:16.302578+00
 https://programming.dev/u/redacted |     1 |    1958827 | 2025-02-22 18:03:20.336056+00

 https://slrpnk.net/u/redacted      |     1 |    1958832 | 2025-02-22 17:59:48.497287+00
 https://programming.dev/u/redacted |     1 |    1958832 | 2025-02-22 18:02:49.359749+00

 https://programming.dev/u/redacted |     1 |    1958871 | 2025-02-22 18:02:49.420568+00
 https://slrpnk.net/u/redacted      |     1 |    1958871 | 2025-02-22 17:59:48.43862+00

 https://slrpnk.net/u/redacted      |     1 |    1958873 | 2025-02-22 17:59:24.697018+00
 https://programming.dev/u/redacted |     1 |    1958873 | 2025-02-22 18:04:55.884635+00

 https://programming.dev/u/redacted |     1 |    1958875 | 2025-02-22 18:04:55.795094+00
 https://slrpnk.net/u/redacted      |     1 |    1958875 | 2025-02-22 17:59:24.792819+00

 https://slrpnk.net/u/redacted      |     1 |    1958877 | 2025-02-22 17:59:24.743799+00
 https://programming.dev/u/redacted |     1 |    1958877 | 2025-02-22 18:04:55.84273+00

 https://slrpnk.net/u/redacted      |    -1 |    1958982 | 2025-02-22 18:00:51.647423+00
 https://infosec.pub/u/redacted     |    -1 |    1958982 | 2025-02-22 12:55:05.047563+00

 https://programming.dev/u/redacted |     1 |    1959091 | 2025-02-22 18:03:18.551263+00
 https://infosec.pub/u/redacted     |     1 |    1959091 | 2025-02-22 12:55:40.650352+00
 https://slrpnk.net/u/redacted      |     1 |    1959091 | 2025-02-22 18:00:51.138157+00

The reason I’m bringing this up:

  1. Isn’t this a problem? I get that it’s hard (impossible) to prevent this type of thing, but it seems weird that the infosec.pub admins weren’t into the idea of it being a problem when I pointed out this super-blatant instance of it to them. I do feel like dealing with blatant Lemmy-fraud when it happens is kind of a good instance hygiene type of thing to do.
  2. You should know that this user also talks pretty constantly about how the Democrats are bad, and anyone who votes for them is a fool, and Kamala Harris was the one who invaded Gaza, and so on. And they like using their multiple alts to upvote that content of their own. I feel like having that confluence pointed out is relevant.
  3. Is there something that I should be doing different than just pinging the admin and then moving on with my life if they don’t do anything?

I can’t exactly articulate why I feel like this is an issue, but I do. This also doesn’t necessarily seem like the right place to post this, but also, I wasn’t sure where to post it, and so…

    • PhilipTheBucket@ponder.catOP
      2·
      3 days ago

      You have to be running an instance of your own (either a self host or be an admin of a real host), sadly.

      In my opinion the system design should not include this hard distinction between “the admins” who can read everyone’s private messages and decide what “their” users can and can’t read and say and see who voted how, and “the users” who can do none of those things and are allowed to even exist purely at the pleasure or displeasure of the admins. But that’s a deeper discussion for another time.

      • wondrous_strange@lemmy.world
        1·
        2 days ago

        Hmmm very interesting and I appreciate the info. Thank you!

        I agree with you. Although, I’ve seen that there are docker compose files ready with all the needed services and it can run locally(not tested it yet). Will that be enough(running locally)? Or does a public instance is required?

        I do understand why it’s a limit. Nobody will host a database that will accept connections from anywhere. It’s not hard to execute a query that will chock the entire db. Thoughts?

        • PhilipTheBucket@ponder.catOP
          1·
          2 days ago

          You can set it up as a “public” instance with closed registrations, and basically just use it as a self-host but have a lot more visibility and control. Or, you could probably play around with the nginx config and make it so that only the federation endpoints are accessible to the world and the actual web app is limited to just you. It will need to be “public” in some sense in order to be reachable to receive the content from other instances though.

          I personally don’t use or like docker, partly just from inexperience with it and partly because I like to have more hands-on control over the deployment than I’m able to get with docker.

          Yeah, no admin is going to give you access to their database. Even if it is supposedly read-only or something, you would be able to read private messages and other things you really shouldn’t be able to read. There is also a theory that things like who voted for what are “supposed to” be private even though they are not. I don’t subscribe to that theory but that’s the prevailing view among Lemmy people I think. You would have to set up your own full instance which requires a fair investment of time and knowledge at this stage however you are doing it.

          • wondrous_strange@lemmy.world
            1·
            1 day ago

            You can set it up as a “public” instance with closed registrations, and basically just use it as a self-host but have a lot more visibility and control. Or, you could probably play around with the nginx config and make it so that only the federation endpoints are accessible to the world and the actual web app is limited to just you. It will need to be “public” in some sense in order to be reachable to receive the content from other instances though.

            Honestly ot only need to be done once and we could spin up this kind of an instance just to explore the data on Lemmy. I bet it can be a ‘temporary’ instance without a static ip or domain and spin it up every time. You can also probably have that as an ordinary instance running from your local with ngrok or something. Probably even block requests from unknown users. I’ll think about it once I get some free time

            I personally don’t use or like docker, partly just from inexperience with it

            Drop me a line sometime in case you wish to discuss docker and I can show you how I use it. My line of work is around Kubernetes and been working with containers for years.

            and partly because I like to have more hands-on control over the deployment than I’m able to get with docker.

            Can you elaborate? What type of control don’t you have when using docker?

            Yeah, no admin is going to give you access to their database. Even if it is supposedly read-only or something, you would be able to read private messages and other things you really shouldn’t be able to read. There is also a theory that things like who voted for what are “supposed to” be private even though they are not.

            I guess we should keep an open mind about it. I mean, the main point of Lemmy is not private messaging. And I kinda like the idea of a social network where everything is public and read only except for the parts a user is allowed to write/edit. Even if it’s not, I treat it as such. Meaning I don’t expect my data to be private and the platform doesn’t push for stepping out of anonymity so for me it’s perfect.

            I don’t subscribe to that theory but that’s the prevailing view among Lemmy people I think. You would have to set up your own full instance which requires a fair investment of time and knowledge at this stage however you are doing it.

            I mean, it does require some work. But if you are a person that can xonverse with me on such topics, its probably not that much for you or any real barrier. But I should look into it more deeply. It would be awesome to be able to spin up some instance which is only for data exploration and is read only.

            • PhilipTheBucket@ponder.catOP
              1·
              21 hours ago

              I bet it can be a ‘temporary’ instance without a static ip or domain and spin it up every time.

              This doesn’t work though. It has to be sitting, subscribed to get API calls when people do votes, otherwise it won’t be able to find out any of the voting information. You can cause Lemmy to dump the comments or posts (up to a point) from a selected actor, but you can’t do that for votes. You’re either subscribed when the votes happen and available to get a call, or else it’s gone for good.

              Drop me a line sometime in case you wish to discuss docker and I can show you how I use it. My line of work is around Kubernetes and been working with containers for years.

              I know a little bit about it. I actually made myself use podman for a deployment not that long ago and I just didn’t like it. I think mostly the issue is just that I have not been in a position where I really had to do anything with it, but if I do wind up in one I may take you up on it.

              Can you elaborate? What type of control don’t you have when using docker?

              Generally I like to muck around with the code for pretty much any service I am using / hosting. Just little tweaks to make things more amenable to how I like them. Telling docker/podman to do a source checkout and then recompile when I change something in the source in the container was beyond me and it didn’t really seem like it was set up with that kind of thing in mind, so I more or less abandoned it and went back to doing “from scratch” installations for any stuff I’m mucking around with.

              Probably if I didn’t do that, I would prefer the simplicity / reproducibility and such that Docker gives, but that’s usually my priority over that.

              Meaning I don’t expect my data to be private and the platform doesn’t push for stepping out of anonymity so for me it’s perfect.

              Yeah, agreed. Like I say, I think it is fine as long as it’s clearly communicated to users that the expectation is that. I think without that clear communication, presenting a false sense of privacy, it’s wrong.

  • MrKaplan@lemmy.worldEnglish
    22·
    5 days ago

    I’ve sent out warnings to 10 other users in the past few days about similar behavior already and also banned two users for this type of behavior. one of them appealed and is unbanned again.

    I also had this account in my list of such accounts, but I hadn’t followed up on it yet, as I figured I’d just deal with the top n users and then review it again at a later point in time.

    i’ve sent them a warning about this as well now that they’ll get banned from our instance if they continue engaging in this behavior.

      • MrKaplan@lemmy.worldEnglish
        13·
        5 days ago

        yes, we have a matrix room for coordinated efforts against spam and other types of abuse, which admins are welcome to join.

        once lemmy allows reporting user profiles directly this will probably become more likely to reach the instances admins of instances that are less actively maintained as well.

    • PhilipTheBucket@ponder.catOP
      2·
      5 days ago

      Sounds good to me. They’ve got some other alts, I think, with different names. They claim that those are friends of their who just really like hopping on and upvoting their content right after they post it, but I’m skeptical. If you want, I can try to take some time to sort out a full list and send who I think might be those accounts.

      To get rid of them all is obviously a Sisyphean task but thank you. Like I say, I think most of the reason it’s valuable to do is because of the cultural message, not because it will do much to prevent someone shifting to new accounts and doing it again. I do think the cultural thing is important. LMK if you want and I can look more into the actual accounts involved.

  • JayDee@lemmy.sdf.org
    9·
    5 days ago

    I agree that this should be cracked down on when reported or discovered.

    I imagine it wouldn’t be hard to find users doing this by just crunching upvote data, but that kind of data analysis might get pretty cumbersome for larger instances.

  • can@sh.itjust.worksM
    6·
    5 days ago

    This also doesn’t necessarily seem like the right place to post this, but also, I wasn’t sure where to post it, and so…

    Then it was the right place.

    I agree that this kind of behaviour goes against the spirit of the threadiverse (or whatever you prefer to call it) but I wonder how it would be combatted? Would each instance admin team have to address it individually?

    • PhilipTheBucket@ponder.catOP
      5·
      5 days ago

      I think you have to. If you’re running an instance, it’s your responsibility that bullshit doesn’t fly off your instance and affect the rest of the network. That applies to spam, unrepentant disruption of communities, whatever it is.

      I think it is impossible to really detect this kind of vote rigging if someone is trying to be stealthy about it, no matter how much database analysis you do. Here’s why I think it is a somewhat important thing anyway to get rid of it if someone’s being blatant about it: Part of making a good place to be involves aspects that aren’t technical. They are cultural. People don’t lie, people don’t deliberately try to cause damage or distortion. By banning someone who’s being overt about rigging votes or lying about it when they’re caught, you’re sending a message that really needs to be there if you’re going to be able to build a good foundation. By allowing it, you instantly engage people’s cynicism, and so why bother try to do anything.

  • PhilipTheBucket@ponder.catOP
    5·
    5 days ago

    Just because I thought it was notably super-interesting. Here’s the most recent comment that got voter-fraud-ed by this person:

    https://ponder.cat/comment/2910556

    That one was upvoted from the redacted user’s alts on infosec.sub and slrpnk.net, and also one of the other accounts on infosec.pub that I think is an alt for them, and the original comment was posted by another account also hosted on infosec.pub.

    And, I think I found a whole new alt account of theirs on infosec.pub, which gave an upvote sandwiched in between a couple of those alt account upvotes all within a few minutes of each other. With the fake upvotes, it’s voted at +7/-6. Without the fake upvotes, it would be voted at +3/-6.

    Interesting-er and interesting-er. Like I say, there’s a certain type of subject matter that seems like it gets consistently fake-upvoted by this user, although they also fake-upvote just random innocuous comments of theirs for reasons I don’t really know.

    • MrKaplan@lemmy.worldEnglish
      6·
      5 days ago

      i’ve banned all the accounts i could identify as part of this scheme from lemmy.world now.

      i originally sent them a warning before i was aware of the scale of this involving a bunch of alts with different usernames. if i had known that when i sent the warning it would’ve been a ban straight away.

      they replied to my warning pretending they didn’t know about any recent vote manipulation, so they’re clearly not interested in acting in good faith going forward.

      • PhilipTheBucket@ponder.catOP
        2·
        5 days ago

        Sounds good to me. And yes, the whole “I’m going to lie to your face and fuck with your network because at the end of the day what the fuck are you going to do about it? Nothing, that’s what” attitude, and its impact on the community, is the reason why I feel like this stuff is worth banning. It’s not that any single account ban is bulletproof or anything, but definitely just making it okay and mandating everyone pretend it isn’t happening, is 100% not the answer.

  • tal@lemmy.todayEnglish
    4·
    5 days ago

    Be interesting to have software to look for and red flag high vote correlation.

  • ramble81@lemm.ee
    4·
    5 days ago

    Eh, votes don’t mean the same thing on Lemmy as they did on Reddit. Some instances won’t even log downvotes so you it isn’t even accurate across the fediverse. You can probably try to talk to the instance admins that they’re on, or the mods of the communities they post to if you really want.