A follow-on to my "Nazi Sucker-punch Problem" post, to address the most common argument I get, which boils down to:
-
@kimlockhartga I've been tempted to start collecting the attacks I get and publishing them (with content warnings!) because a thing I hear over and over is:
"Really? I never see stuff like that here."
And these (mostly) white (mostly) guys were saying the same thing when #BlackMastodon talks about #Racism.
Or when #FemmeFedi talks about #Sexism.
It's like, dude, you don't see it because you're not the target.
โ
@alice Although you shouldn't have to publish such attacksโand for that matter you shouldn't have to receive themโI think that if you do choose to publish some of them, that might indeed be a helpful service.
-
@alice an excellent analysis
I'd add one addendum for those in the audience who want a low effort policy that's more aggressive
There is another option much more heavy-handed -- toward "innocent" and "guilty" alike. One common to servers including mine:
By referral, after referrer has been registered X months
The number who accidentally invite someone who doesn't share culture and values of the place is very low
And if fedi shows anything imo, it's that this scales better than many think
@jhwgh1968 @alice i wouldn't likely be here if referrals were in place - the number of people I know on fedi that I knew before joining is tiny, and the number of them that I'd have offline conversations with about social media is zero.
Which, fine, I recognize my presence isn't crucial to the success of fedi but still I don't like the idea of a policy that would have kept me locked out.
-
@jhwgh1968 @alice i wouldn't likely be here if referrals were in place - the number of people I know on fedi that I knew before joining is tiny, and the number of them that I'd have offline conversations with about social media is zero.
Which, fine, I recognize my presence isn't crucial to the success of fedi but still I don't like the idea of a policy that would have kept me locked out.
@dragonfrog indeed, which is why I phrased it the way I did: "for those in the audience who wan a low effort policy that's more aggressive"
I personally think that we need a diversity of admin opinion as to what level and type of litmus test is acceptable, in order to create communities for different types of users with different threat models
If there's any flaw, it's that instance migration to a new home is too difficult. Hopefully that will be worked on
-
@jhwgh1968 @alice i wouldn't likely be here if referrals were in place - the number of people I know on fedi that I knew before joining is tiny, and the number of them that I'd have offline conversations with about social media is zero.
Which, fine, I recognize my presence isn't crucial to the success of fedi but still I don't like the idea of a policy that would have kept me locked out.
@jhwgh1968 @alice I can't speak for how it is now cause I closed my accounts a few years ago, but on most of my posts on Facebook and Twitter I'd get some conversation. When I mentioned Mastodon to try to get people to move over, crickets.
I'm pretty sure those platforms were just never showing people those posts. Requiring referrals risks letting Facebook et al decide who gets to join fedi.
-
@dragonfrog indeed, which is why I phrased it the way I did: "for those in the audience who wan a low effort policy that's more aggressive"
I personally think that we need a diversity of admin opinion as to what level and type of litmus test is acceptable, in order to create communities for different types of users with different threat models
If there's any flaw, it's that instance migration to a new home is too difficult. Hopefully that will be worked on
@dragonfrog I would also add as an optimistic take, don't be so sure you "wouldn't be here"
When I wanted to join fedi, I asked a "veteran" friend if I could join their instance. They were not accepting new members, but asked their network and found someone who got me an invite link to where I landed. To this day, I don't know who actually invited me
As another reply put it, it's more the Web of Trust model. Which requires adjustment, but I think scales better than many think
-
@dragonfrog indeed, which is why I phrased it the way I did: "for those in the audience who wan a low effort policy that's more aggressive"
I personally think that we need a diversity of admin opinion as to what level and type of litmus test is acceptable, in order to create communities for different types of users with different threat models
If there's any flaw, it's that instance migration to a new home is too difficult. Hopefully that will be worked on
@jhwgh1968 @alice that's true it's a sound approach for individual servers to take. If half the servers here used referral and half used moderated application, I'd be here, just on a server that used moderated application. And no shade on the servers using referrals or the folks who'd be on those servers instead.
-
A follow-on to my "Nazi Sucker-punch Problem" post, to address the most common argument I get, which boils down to:
"""
Moderated registration won't stop Nazis, because they'll just pretend to be human to fool moderators, but it will stop normal people, who won't spend the effort to answer the application question or want to wait for approval.
"""Okay, I'm going to try to use points that I hope are pretty acceptable to anyone arguing in good faith, and I'm going to expand the definition of Nazis to "attackers" and lump in bigots, trolls, scammers, spammers, etc. who use similar tactics.
Attackers: we can group attackers into two main types: dedicated and opportunistic. Dedicated attackers have a target picked and a personal motiveโthey hunt. Opportunistic attackers have an inclination and will attack if a target presents itselfโthey're scavengers. In my years of experience as an admin on multiple Fedi servers, most attackers are opportunistic.
Victims: when someone is attacked, they (and people like them) will be less likely to return to the place they were attacked.
In general: without a motive to expend more effort, humans will typically make decisions that offer the best perceived effort-to-reward ratio in the short-term (the same is true of risk-to-reward).
Why does any of this matter?
Because it all comes down to a fairly simple equation for the attackers: effort > reward. If this is true, then the opportunistic attackers will go elsewhere. If it isn't true, then their victims will go elsewhere.
How can we tip that scale out of the attackers' favor?
By making sure moderation efforts scale faster against attackers' behaviors than against normal users' behaviors.
- A normal user only has to register once, while an attacker has to re-register every time they get suspended.
- A normal user proves their normality with each action they take, while every action an attacker takes risks exposing them to moderation.
- A new user / attacker likely spends a minute or two signing up, while a moderator can review most applications in a matter of seconds. Yes, attackers can automate signups to reduce that effort (and some do, and we have tools to address some of that, but again, most attackers aren't dedicated).
- Reviewing an application is lower effort than trying to fix the damage from an attack. As someone who gets targeted regularly by attackers from open-registration servers, I'd personally rather skim and reject a page-long AI-generated application, than spend another therapy session exploring the trauma of being sent execution videos.
I believe this points to moderated registration being the lowest effort remedy for the problem of the Nazi Sucker-punch. So before we "engineer a new solution" that doesn't yet exist, we should exhaust the tools that are already available on the platform today. Yes, we could implement rate limits, or shadow bans, or trust networks, or quarantine servers, but we don't have those today, and even if we did, there's no evidence that those would be a better solution for Fedi than moderated signups.
Will it stop *all* the attackers? No. But it will stop most opportunistic attackers.
Will it deter *some* potential new users? Yes. But communities are defined by who stays, not by how many come through the door.
๐ ฐ๐ ป๐ ธ๐ ฒ๐ ด (๐๐ฆ) (@alice@lgbtqia.space)
Why reactive moderation isn't going to cut it, aka, "The Sucker-punch Problem". Imagine you invite your friendโlet's call him Markโto a club with you. It's open-door, which is cool, because you like when a lot of folx show up. Sure, it might get a little rowdy, but they have a bouncer, and you've never seen things getting out of hand. So, you're busy dancing when a new guy walks in wearing a "I Hate Mark" shirt and promptly sucker-punches Mark. You didn't see it happen, but Mark is upset and tells the bouncer, who kicks the guy out. A few minutes later, the same guy walks back in and sucker-punches Mark again. Same result. Some people in the club say they'll tell the bouncer if they see him come in again. Mark wants to leave, but you tell him it's not that badโafter all, you've never been punched, and you didn't see Mark get punched, so maybe he's just being sensitive. A different guy walks in wearing a "I Plan On Punching Mark" shirt. No one tells the bouncer, because they've never seen *this* guy punch Mark. He sucker-punches Mark. At this point, Mark is pissed and yelling about being punched. The club members talk about putting up a "No Punching Mark" sign, but the owner is worried it'll hurt his club's growth. Another Mark in the club proposes they turn away anyone wearing an anti-Mark shirt or espousing anti-Mark rhetoric at the door, but this gets shot down for the same reason as the sign ideaโthen someone sucker-punches him. By the end of the night, your friend Mark is beat to fuck and says he'll never come to this club again. In fact, he's going to tell anyone named Mark to stay clear of this place. The next time you go to the club, half the folx there are wearing "I Kill Marks" shirts, but there aren't any Marks there, so it doesn't come up. I've been sucker-punched every day, for the last three days in a row by some of the most vile hate-speech and imagery. The accounts are using open registration servers and signing up with variations on the username "heilhitler1488". I fully expect it'll continue as long as we have open registration servers. And no, username pattern blocking alone won't fix this, it'll help a little, but mostly it'll just make them wear a different shirt while they sucker-punch us. #OpenRegistrationHurts
LGBTQIA.Space (lgbtqia.space)
This might be perhaps not the best time to ask but. What would some neat instances to set up shop at that are not the big two open instances?
-
This might be perhaps not the best time to ask but. What would some neat instances to set up shop at that are not the big two open instances?
@zanagb well, I happen to know the admins of LGBTQIA.space and infosec.exchange, both of which are cool instances
-
This might be perhaps not the best time to ask but. What would some neat instances to set up shop at that are not the big two open instances?
@zanagb @alice Iโm over here on wandering shop bc it was started by a friend of mine. The overall vibe is meant to be something like โcoffee shop lined with bookshelves full of sci-fi and fantasy,โ as there are many genre writers and readers present on the server.
Registration requires that someone on the server share the monthly invite code with you.
-
@zanagb @alice Iโm over here on wandering shop bc it was started by a friend of mine. The overall vibe is meant to be something like โcoffee shop lined with bookshelves full of sci-fi and fantasy,โ as there are many genre writers and readers present on the server.
Registration requires that someone on the server share the monthly invite code with you.
@maco I'll take note of that! It's good to know though!
-
@zanagb well, I happen to know the admins of LGBTQIA.space and infosec.exchange, both of which are cool instances
@alice One of those "yeah one possible answer is literally in front of you" moments isn't it? hahaha.
Noted. Account migration is certainly one of these things that seem incredibly cumbersome so we'll work towards that in the near future
-
J Jรผrgen Hubert shared this topic
