this post was submitted on 27 Jul 2025
-14 points (34.1% liked)

Selfhosted

49933 readers
156 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
-14
keeping the fediverse human [edited] (discuss.tchncs.de)
submitted 2 days ago* (last edited 2 days ago) by gandalf_der_12te@discuss.tchncs.de to c/selfhosted@lemmy.world
18 comments fedilink hide all child comments
 

As a follow up to this post in this community: The Future is NOT Self-Hosted

I have thought about how to set up local, community-hosted fediverse servers that respect privacy and anonymity while still guaranteeing that users joining the server are human-beings.

The reasoning behind these requests is that:

  • You want anonymity to guarantee that people won't face repercussions in real life for the opinions they voice in the internet. (liberty of free speech)
  • You want to keep the fediverse human, i.e. make sure that bot accounts are in the minority.

This might sound like an impossible and self-contradictory set of constraints, but it is indeed possible. Here's how:

Make the local library set up a fediverse server. Once a month, there's a "crypto party" where participants throw a piece of paper with their fediverse account name into a box. The box is then closed and shaked to mix all the tokens in it. Then, each one is picked out and the library confirms that this account name is indeed connected to a human. Since humans have to be physically present to throw in a paper, it is guaranteed that no bot army just opens a hundred anonymous accounts. Also, the papers are not associated to a particular person that way.

top 18 comments
sorted by: hot top controversial new old
[–] poVoq@slrpnk.net 17 points 2 days ago (1 children)

Admin review of account applications in Lemmy works fine. If you ask people to write a bit, it's quite easy to sort out the bots as there are always give-aways. And if people use LLMs to write the responses, then that's on them 🀷

[–] gandalf_der_12te@discuss.tchncs.de 4 points 2 days ago* (last edited 2 days ago) (2 children)

today, yes. it's a very simplistic worldview to assume that AI won't becomes less distinguishable from humans when writing applications in the future, and i don't expect it to hold true

[–] fhein@lemmy.world 4 points 1 day ago* (last edited 1 day ago)

Can't help but think about this old XKCD from 2010.

[–] poVoq@slrpnk.net 6 points 2 days ago (1 children)

You can just make the questions more location or theme specific. There is no way a bot will not slip up on stuff like that, and it doesn't need to be 100% fail proof either.

We get a lot of LLM bot applications on our instance, and even if it would get 10x harder, they would be still really easy to spot.

[–] omniman@piefed.zip -1 points 1 day ago

what if we explicitly say to user write something like i am not a robot and i am creating this account with a buch of slurs or some freaky stuff . ai will never write these stuff

[–] rtxn@lemmy.world 14 points 2 days ago* (last edited 2 days ago) (1 children)

Have you heard of surveillance cameras and facial recognition? If a hostile actor knows in advance that members of a targeted online community will be physically present at a location at a given time, those people will be linked to the community. It doesn't take a lot from then to link specific persons to accounts.

Besides, libraries are having a hard enough time just existing in America. They don't need the burden of protecting the identities of dozens of people and fighting off lawyers and enforcers.

[–] gandalf_der_12te@discuss.tchncs.de -5 points 2 days ago* (last edited 2 days ago) (1 children)

if the group of people registering their account names is big enough, facial recognition doesn't do much, as it can only link the person to one-of-a-hundred-or-thousand account names.

[–] rtxn@lemmy.world 9 points 2 days ago* (last edited 2 days ago)

I don't think you fully comprehend just how many footprints people leave behind on the internet. Users would have to practice perfect opsec -- and I mean completely, absolutely perfect. One mistake, like using an e-mail address or an alias off-site, will link a person to the account. If that person cracks under legal threats, the entire operation is fucked. It's happened before.

Thinking you can solve the issue of privacy with a single idea is simply delusional.

[–] skribe@aussie.zone 7 points 2 days ago (1 children)

Immediate flaws, I can see:

Cameras (or human observer) undo any sense of anonymity. A bad actor could link participant with account.

What's preventing a MitM attack, where the BBEL (Big Bad Evil Librarian) substitutes the participant addresses with bot addresses?

[–] gandalf_der_12te@discuss.tchncs.de -1 points 2 days ago* (last edited 2 days ago)

Cameras (or human observer) undo any sense of anonymity. A bad actor could link participant with account.

hence the mixing (shuffling) of paper cards before they are being registered. so there's no one-to-one mapping of humans and account names anymore.

[–] savvywolf@pawb.social 4 points 2 days ago (1 children)

How does the library confirm that the account name is connected to an actual person?

[–] gandalf_der_12te@discuss.tchncs.de 0 points 2 days ago* (last edited 2 days ago) (1 children)

you have to go there in person to cast a piece of paper with your account name on it, similar to a vote in a ballot. it's anonymous because the pieces of paper cannot be associated to a physical human, just like voting ballots are anonymous, but it still transports the information that a human registered this account.

[–] savvywolf@pawb.social 2 points 2 days ago (1 children)

What's stopping someone making a new account every month this way or going to many different libraries and then just selling the account to bot farm operators?

[–] gandalf_der_12te@discuss.tchncs.de 1 points 1 day ago (1 children)

it would be a lot of work

[–] savvywolf@pawb.social 3 points 1 day ago

Would it? I would assume a "confirmed human" Fedi account could be worth $5-20. If you live close enough to the library, it's like 5 mins to pop in, drop off the piece of paper and go about your day. Double if you can sneak in two pieces of paper.

[–] Alphane_Moon@lemmy.world 1 points 2 days ago* (last edited 2 days ago) (1 children)

And what if you don't want to use crypto?

[–] gandalf_der_12te@discuss.tchncs.de 6 points 2 days ago (1 children)

"crypto parties" often refers to key signing parties, i.e. parties where you exchange cryptographic keys. sorry i should have made that clearer

[–] Alphane_Moon@lemmy.world 4 points 2 days ago

Ah, Ok!

Thanks for the clarification!