this post was submitted on 08 Sep 2024
395 points (98.8% liked)

Fediverse

27820 readers
842 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
395
The two most upvoted comments on any Lemmy instance are on Feddit.dk, but you won't see them on your own instance (feddit.dk)
submitted 1 week ago* (last edited 1 week ago) by SorteKanin@feddit.dk to c/fediverse@lemmy.world
82 comments fedilink hide all child comments
 

I recently discovered an interesting (and somewhat disappointing, as we'll find later) fact. It may surprise you to hear that the two most upvoted comments on any Lemmy instance (that I could find at least) are both on Feddit.dk and are quite significantly higher than the next top comments.

The comments in question are:

  1. This one from @bstix@feddit.dk with a whopping 3661 upvotes.
  2. This one from @TDCN@feddit.dk with 1481 upvotes.

These upvote counts seems strange when you view them in relation to the post - both of the comments appear in posts that do not even have 300 upvotes.

Furthermore, if you go on any instance other than Feddit.dk and sort for the highest upvoted comments of all time, you will not find these comments (you'll likely instead find this one from @Plume@lemmy.blahaj.zone).

Indeed, if you view the comments from another instance (here and here), you will see a much more "normal" upvote count: A modest 132 upvotes and a mere 17 upvotes, respectively.

What's going on?

Well, the answer is Mastodon. Both of these comments somehow did very well in the Mastodon microblogging sphere. I checked my database and indeed, the first one has 3467 upvotes from Mastodon instances and the second one has 1442 upvotes from Mastodon instances.

Notice how both comments, despite being comments on another post, sound quite okay as posts in their own right. A Mastodon user stumbling upon one of these comments could easily assume that it is just another fully independent "toot" (Mastodon's equivalent of tweet).

Someone from Mastodon must have "boosted" (retweeted) the comments and from there the ball started rolling - more and more people boosted, sharing the comments with their followers and more and more people favorited it. The favorites are Mastodon's upvote equivalent and this is understood by Lemmy, so the upvote count on Lemmy also goes up.

Okay, so these comments got hugely popular on Mastodon (actually I don't know if 3.4k upvotes is unusual on Mastodon with their scale but whatever), but why is there this discrepancy between the Lemmy instances then? Why is it only on Feddit.dk that the extra upvotes appear and they don't appear on other instances?

The reason is the way that Mastodon federates Like objects (upvotes). Like objects are unfortunately only federated to the instance of the user receiving the Like, and that's where the discrepancy comes from. All the Mastodon instances that upvoted the comments only sent those upvotes directly to Feddit.dk, so no other instances are aware of those upvotes.

This feels disappointing, as it highlights how Lemmy and Mastodon still don't really function that well together. The idea of a Lemmy post getting big on Mastodon and therefore bigger on Lemmy and thus spreading all over the Fediverse, is unfortunately mostly a fantasy right now. It simply can't really happen due to the technical way Mastodon and Lemmy function. I'm not sure if there is a way to address this on either side (or if the developers would be willing to do so even if there was).

I personally find Mastodon's Like sharing mechanism weird - only sharing with the receiving instance means that big instances like mastodon.social have an advantage in "gathering Likes". When sorting toots based on favorites, bigger instances are able to provide a much better feed for users than smaller instances ever could, simply because they see more of the Likes being given. This feels like something that encourages centralization, which is quite unfortunate I think.

TL;DR: The comments got hugely popular on Mastodon. Mastodon only federates upvotes to the receiving instance so only Feddit.dk has seen the Mastodon upvotes, and other instances are completely unaware.

top 50 comments
sorted by: hot top controversial new old
[–] Fubarberry@sopuli.xyz 99 points 1 week ago

That was a good investigation and explanation about a weird number of up votes. Thanks for explaining it.

[–] flamingos@feddit.uk 68 points 1 week ago (1 children)

It simply can’t really happen due to the technical way Mastodon and Lemmy function. I’m not sure if there is a way to address this on either side (or if the developers would be willing to do so even if there was).

Mastodon needs to implement group support, you can follow the issue here (don't get your hopes up though).

[–] SorteKanin@feddit.dk 22 points 1 week ago (4 children)

Group support would fix it for Lemmy, but it doesn't fully fix the problem as I see it with this way of sharing the Like objects. For toots outside of any group (in Lemmy terms: comments/posts outside a community), presumably it would continue to function like this, i.e. only the receiving instance is aware of the Like. This still encourages centralization if you ask me.

[–] flamingos@feddit.uk 21 points 1 week ago

Yeah, I'm not going to defend Mastodon's frankly bizarre Like system. It's not even a privacy thing as favourites are fully public.

load more comments (3 replies)
[–] BentiGorlich@gehirneimer.de 39 points 1 week ago (1 children)

Its not really a "not playing well" with each other, it is just the mastodon works. That is the reason why most toots in my mastodon timeline have 0 favourites (upvotes) and only a few boosts... I don't know why they do it, because at the minimum the followers of that user should be notified about that like...

[–] SorteKanin@feddit.dk 16 points 1 week ago (1 children)

at the minimum the followers of that user should be notified about that like…

I agree - the problem is that the instance that sends the Like (on instance A) doesn't know the followers of the user receiving the Like (on instance B), because followers are not (necessarily) public. So it doesn't know which instances to send the Like to. And instance B can't forward the Like to the followers itself, because the signatures in ActivityPub are not made for that, as I explained elsewhere in the thread.

[–] BentiGorlich@gehirneimer.de 10 points 1 week ago (1 children)

AP has a tool for that called inbox forwarding and mastodon uses it for sharing the comments under posts. It works like this: you send a reply to a user with their follower collection as the recipient. You of course cannot know who is following that user, however they than just forward this reply to the follower collection, because the server knows that it has authority over that collection. https://www.w3.org/TR/activitypub/#inbox-forwarding

[–] SorteKanin@feddit.dk 7 points 1 week ago

however they than just forward this reply to the follower collection

How do the receivers of this indirect activity verify that the activity was indeed produced from the original instance?

[–] Linus_Torvalds@lemmy.world 24 points 1 week ago

Thank you for putting in this amount of effort highlighting some shortcomings of the Fediverse

[–] pruwybn@discuss.tchncs.de 19 points 1 week ago (1 children)

Interesting. This explains why posts never seem to have more than a few likes on the small Mastodon instance I use. I have to say I'm not a fan.

[–] SorteKanin@feddit.dk 13 points 1 week ago (1 children)

Yep exactly, it also leads to Mastodon instances only seeing local likes for remote posts. You'll never see remote likes on remote posts as they wouldn't be sent to your instance. I honestly don't understand how this hasn't been a bigger problem for Mastodon, but I guess Mastodon is more about boosts and chronological timelines and less about sorting stuff based on likes.

load more comments (1 replies)
[–] FundMECFSResearch@lemmy.blahaj.zone 16 points 1 week ago

great post, thanks

[–] EleventhHour@lemmy.world 14 points 1 week ago (1 children)

Perhaps you should report this as a bug to the devs. Otherwise, this was an interesting read.

[–] SorteKanin@feddit.dk 29 points 1 week ago (1 children)

The Mastodon devs are aware of how their Like federation works and considers it a feature, not a bug.

[–] EleventhHour@lemmy.world 6 points 1 week ago* (last edited 1 week ago) (1 children)

I was referring to the lemmy devs, but ok, I guess

[–] SorteKanin@feddit.dk 24 points 1 week ago

I don't think there is anything the Lemmy devs can do to fix this. The ball is in Mastodon's court, so to speak.

[–] pe1uca@lemmy.pe1uca.dev 11 points 1 week ago (1 children)

Unless lemmy devs have changed something since last year, this shouldn't be the case, there's a bug in there.

All interactions are recived by the instance hosting the community, and that instance is responsible for broadcasting that interaction to each instance where a user subscribed to it is hosted.
So, mastodon is only responsible for sending the upvote to feddit.dk and then feddit.dk to all other instances.

[–] SorteKanin@feddit.dk 20 points 1 week ago (11 children)

All interactions are recived by the instance hosting the community

Exactly - but Mastodon doesn't do it like that. Mastodon sends the upvote directly to the instance with the user receiving the Like. So the community never sees the Like at all. So this is Mastodon not supporting groups, it is not a bug in Lemmy.

[–] pe1uca@lemmy.pe1uca.dev 9 points 1 week ago (1 children)

Ohhh! Now I understand!

Yeah, then that's an issue on mastodon.
I mentioned some time ago, the fact that mastodon and Lemmy use the same protocol is annoying, because the experiences are different, so it causes a lot of issues :/

[–] SorteKanin@feddit.dk 15 points 1 week ago

the fact that mastodon and Lemmy use the same protocol is annoying

Well I think this is still better than the alternative, which is no interaction between them at all 😅. The protocol is what binds different Lemmy instances together too.

load more comments (10 replies)
[–] iso@lemy.lol 9 points 1 week ago (1 children)

Does the receiver instance federate that like object to other instances? If not, it is shit for sure.

[–] SorteKanin@feddit.dk 21 points 1 week ago (4 children)

No, but how could it? Let's say Feddit.dk receives a Like from mastodon.social. Then Feddit.dk would have to tell the other instances that mastodon.social sent that Like. But how can Feddit.dk prove that the Like actually did come from mastodon.social, i.e. it is not just a fabricated Like that Feddit.dk made up and hid by pretending it came from mastodon.social. That's not easy.

[–] rglullis@communick.news 8 points 1 week ago* (last edited 1 week ago) (1 children)

The like is an activity. Any activity has an actor. Every actor has a public key. If the activity is sent with a cryptographic signature (like LD signatures, which Mastodon does implement) then any one can verify that the activity is legit.

[–] SorteKanin@feddit.dk 11 points 1 week ago* (last edited 1 week ago) (1 children)

Mastodon explicitly discourages support of LD signatures. It seems it has kind of landed in what I would call "specification hell".

[–] rglullis@communick.news 6 points 1 week ago

Discouraged, but still supported. There is also another FEP (forgot the code now) being worked on and implemented by Mitra.

The point is that it is possible for an instance to federate an activity which is not originated by them.

[–] ShittyKopper@lemmy.blahaj.zone 6 points 1 week ago* (last edited 1 week ago) (1 children)

I seriously doubt Lemmy currently does any validation whatsoever. There were communities using this blatant security issue for non-malicious purposes (see https://endlesstalk.org/c/tails@lemmon.website, which re-wrote posts from people (which is only possible if the posts weren't validated, or at least re-fetched from their origins)).

There is a way to re-share and validate remote activities, either through LD signatures (ew, JSON-LD processing :vomit:) (which only Mastodon and Misskey implement) or the newfangled FEP-8b32 Object Integrity Proofs (which nobody relevant on the microblogging space implements).

[–] SorteKanin@feddit.dk 3 points 1 week ago (1 children)

There were communities using this blatant security issue for non-malicious purposes (see https://endlesstalk.org/c/tails@lemmon.website, which re-wrote posts from people (which is only possible if the posts weren’t validated, or at least re-fetched from their origins)).

The reason this is possible is because of the way Lemmy federates activities.

When you on instance A post, comment or upvote something in a community on instance B, your instance sends the activity to instance B, regardless of the instance of who you're replying to or upvoting. It is sent to the community, and the community then shares it out to all other instances. AFAIK, lemmy does nothing to verify that received content from a community actually comes from the original instance. See here for one of the main Lemmy devs commenting on this..

Is this secure or reasonable? I'm honestly not sure but it doesn't feel great. Signatures on objects could fix this I think.

[–] ShittyKopper@lemmy.blahaj.zone 4 points 1 week ago* (last edited 1 week ago) (7 children)

Instead of sending the entire object embedded in the activity the secure way would be to only the URI instead. This is permitted by JSON-LD.

In the receiving side, if the object is untrusted (i.e. if it isn't signed or if it's from a separate authority from the parent object containing it) it should be thrown away and the id should be fetched from the remote instance directly (same as it would happen if it was a URI instead of an inline object). This is completely an oversight on Lemmy's implementation and not a protocol problem.

load more comments (7 replies)
[–] iso@lemy.lol 5 points 1 week ago

You're right, that's worse.

[–] finickydesert@lemmy.ml 4 points 1 week ago (1 children)

I mean it could be proven by having every account create a cryptographic key and adding a public key to the vote. Memory might be an issue though.

[–] SorteKanin@feddit.dk 4 points 1 week ago (13 children)

This is in fact how Feddit.dk knows that the Like came from mastodon.social at first. The problem is that the signature is a HTTP Signature which is only associated with the HTTP request that mastodon.social makes to Feddit.dk. It is not on the Like object itself. Thus that signature can't be transferred to the Like object if Feddit.dk wanted to share it further.

load more comments (13 replies)
[–] SorteKanin@feddit.dk 8 points 1 week ago

(mentioning people mentioned in post because post mentions apparently do not work)

@bstix@feddit.dk @TDCN@feddit.dk @Plume@lemmy.blahaj.zone

[–] benjhm@sopuli.xyz 6 points 1 week ago (1 children)

Interesting observation and analysis, and illustrates the potential of more lemmy-mastodon interaction.
Indeed mdon like-federation seems weird but I presume it was setup this way for efficiency, to reduce the number of small communications? Although Lemmy has a backend in rust - more efficient than mdon's ruby - still I wonder whether the lemmy system of federating all upvotes would scale well if the number of users grows to that of mastodon and beyond ? Could there be some intermediate compromise solution (e.g. federate batches of 100 likes)?

[–] SorteKanin@feddit.dk 3 points 1 week ago

still I wonder whether the lemmy system of federating all upvotes would scale well if the number of users grows to that of mastodon and beyond ?

It's a good question and really we just don't know yet I think. It's very hard to predict performance of complex systems. The only way to know, is basically by measuring, and the only way to do that is if we actually had that amount of users.

Could there be some intermediate compromise solution (e.g. federate batches of 100 likes)?

Unfortunately ActivityPub has no way to "batch" activities like this.

[–] reddwarf@feddit.nl 5 points 1 week ago (7 children)

Can't even see these posts, I clicked and got:

400 {"error":"couldnt_find_post"}

load more comments (7 replies)
[–] p03locke@lemmy.dbzer0.com 5 points 1 week ago (2 children)

A Mastodon user stumbling upon one of these comments could easily assume that it is just another fully independent “toot” (Mastodon’s equivalent of tweet).

Wait, back up... Mastodon calls these "toots"? So, everybody is posting farts?

[–] veeesix@lemmy.ca 14 points 1 week ago

Tooting the way you’d toot a horn/trumpet, or in this case an elephant trunk.

load more comments (1 replies)
[–] Randomgal@lemmy.ca 5 points 1 week ago (1 children)

Is this a bug? Sounds like a feature of decentralization.

[–] SorteKanin@feddit.dk 6 points 1 week ago

Mastodon doesn't support groups so it's maybe not a "bug" per se, but it is at least a missing feature.

Consider also that if Lemmy shared upvotes the same way, you would only see the upvotes on posts from your own instance, i.e. upvotes would only appear on the local feed. The all feed would be pointless and in general it would be pointless to try to sort posts across the whole fediverse, as you only receive upvotes for your local posts.

Lemmy simply would not function if it shared votes like that. So in that sense, it's a bug kind of. And as mentioned above, I think it's a bad way of doing it, as it encourages centralization.

[–] DarkThoughts@fedia.io 4 points 1 week ago

16 & 4 upvotes here on Fedia (mbin), with 0 boosts on each.

load more comments
view more: next ›