Instance Admins: Check Your Instance for Vote Manipulation Accounts [PSA]
Over the past 5-6 months, I've been noticing a lot of new accounts spinning up that look like this format:
https://instance.xyz/u/gmbpjtmt
https://instance.xyz/u/tjrwwiif
https://instance.xyz/u/xzowaikv
What are they doing?
They're boosting and/or downvoting mostly, if not exclusively, US news and politics posts/comments to fit their agenda.
Edit: Could also be manipulating other regional news/politics, but my instance is regional and doesn't subscribe to those which limits my visibility into the overall manipulation patterns.
What do these have in common?
Most are on instances that have signups without applications (I'm guessing the few that are on instances with applications may be from before those were enabled since those are several months old, but just a guess; they could have easily just applied and been approved.)
Most are random 8-character usernames (occasionally 7 or 9 characters)
Most have a common set of users they're upvoting and/or downvoting consistently
No posts/comments
No avatar or bio (that's pretty common in general, but combine it with the other common attributes)
Update: Have had several anonymous reports (thanks!) that these users are registering with an @sharklasers.com email address which is a throwaway email service.
What can you, as an instance admin, do?
Keep an eye on new registrations to your instance. If you see any that fit this pattern, pick a few (and a few off this list) and see if they're voting along the same lines. You can also look in the login_token table to see if there is IP address overlap with other users on your instance and/or any other of these kinds of accounts.
You can also check the local_user table to see if the email addresses are from the same provider (not a guaranteed way to match them, but it can be a clue) or if they're they same email address using plus-addressing (e.g. [email protected], [email protected], etc).
Why are they doing this?
Your guess is as good as mine, but US elections are in a few months, and I highly suspect some kind of interference campaign based on the volume of these that are being spun up and the content that's being manipulated. That, or someone, possibly even a ghost or an alien life form, really wants the impression of public opinion being on their side. Just because I don't know exactly why doesn't mean that something fishy isn't happening that other admins should be aware of.
Who are the known culprits?
These are ones fitting that pattern which have been identified. There are certainly more, but these have been positively identified. Some were omitted since they were more garden-variety "to win an argument" style manipulation.
These all seem to be part of a campaign. This list is by no means comprehensive, and if there are any false positives, I do apologize. I've tried to separate out the "garden variety" type from the ones suspected of being part of a campaign, but may have missed some.
Edit: If you see anyone from your instance on here, please please please verify before taking any action. I'm only able to cross-check these against the content my instance is aware of.
Lemmy should do something like make captcha and email verification the default in the next version, and reject federation from anyone with a lower version. If we accept federation from any instance where this was never turned on, banning accounts one by one is worse than Sisyphean. They'll just keep finding more vulnerable instances that are already trusted and abuse them to spam the rest of the fediverse.
If admins want to manually turn it off, then they should be prepared to manage that.
Blahaj is not unmaintained but it only upgraded from 0.19.3 a few weeks ago. They are always a tad behind, and so I think calling them "unmaintained" is a bit much.
I think it's unreasonable to call every instance that doesn't update immediately with every release "unmaintained" if anything a lot of these bleeding edge instances which update to the latest version immediately without waiting at all are kind of reckless.
After all everyone remembers the Federation bugs that were present in one of the releases and ended up being very bad for a lot of the instances, it caused content to fail to be federated between the instances. Not good.
So I'm really not into the idea of trying to force or incentivize updates to unstable and untested versions if admins are unwilling to do it. And I'm especially not into the idea of criticizing admins who prefer to hold off on updating until they are sure the versions are stable.