Instances, of course, have some bot-mitigation tools which they can use to prevent signups, etc.
However, what’s stopping bots from pretending to be their own brand new instance, and publishing their votes/spam to other instances?
Couldn’t I just spin up a python script to barrage this post, for example, with upvotes?
EDIT: Thanks to @[email protected] ‘s answer, I am convinced that federation is NOT inherently susceptible, and effective mitigations can exist. Whether or not they’re implemented is a separate question, but I’m satisfied that it’s achievable. See my comment here: https://programming.dev/comment/313716
Mastodon requires you to have a domain if I remember correctly. Maybe Lemmy has the same? Then it would cost some 10€ to get a new domain each time you get blocked.
I see. So each instance in the “fediverse”, whether Kbin or Lemmy or Mastodon could have their own rules on what to allow. Those that allow too much and get spammed are likely to lose standing in the community and be defederated by other instances.
Requiring a domain and having a mechanism to block domains seems like a good approach to start with.
Thank you! That cleared it up for me.
Subdomains work, and AFAIK you can’t block a TLD, only the full domain. You could probably write a script to auto-block subdomains or something though.