Natanael

Of course a group of people could use violence to oppress other people. But then you no longer have anarchy.

The irony is that the amount of coordination needed to protect anarchism would no longer be called anarchism

You will always end up recreating some form of organizations to manage resources. The best you can do is ensure those organizations are structured with accountability to make sure they’re fair to everybody

Bridgy started without that requirement and it pissed off too many Mastodonians so they reworked it

If you’ve already noticed incoming traffic is weird, you try to look for what distinguishes the sources you don’t want. You write rules looking at the behaviors like user agent, order of requests, IP ranges, etc, and put it in your web server and tells it to check if the incoming request matches the rules as a session starts.

Unless you’re a high value target for them, they won’t put endless resources into making their systems mimic regular clients. They might keep changing IP ranges, but that usually happens ~weekly and you can just check the logs and ban new ranges within minutes. Changing client behavior to blend in is harder at scale - bots simply won’t look for the same things as humans in the same ways, they’re too consistent, even when they try to be random they’re too consistently random.

When enough rules match, you throw in either a redirect or an internal URL rewrite rule for that session to point them to something different.

The trick is distinguishing them by behavior and switching what you serve them

Have you heard of bridgy?

Some people only browse global feeds and downvote stuff as if they’re trying to train the Netflix recommendation algorithm, completely ignoring the rules of the community it originates from

Hashing alone if it’s just usernames isn’t enough. Need something like keyed hashes, but then malicious servers can lie about numbers of votes.

Otherwise you need something ridiculously overengineered like public but encrypted logs of user actions and Zero-knowledge proofs of correctness mapping everything to a distinct existing user without revealing who it is.

As I mentioned in another post: for consistency is better to have each server count total votes from their own users, send a signed & timestamped message with the count to the host of the post being voted on. Then the host can display a consistent vote count to everybody that shows where votes are coming from without manipulation of external votes.

Each individual server can lie about its count, but not by too much or else it will be detected and the server can get defederated (or have its votes ignored).

Especially in federated networks where the data isn’t under access control, doubly so if the privacy extension is optional

The postage stamp asked strangers to lick its behind!