What do you mean by “trust”?

Do I trust that vanilla Lemmy code doesn’t contain something nefarious, such as code that detects political positions it doesn’t like and reduces their visibility? Sure. It would be hard to hide something like that.

Do I trust that major servers aren’t secretly running software that manipulates content? Mostly yes. I think it would get noticed since there are lots of vanilla servers to compare behavior to.

Do I trust that all the software is well-designed and bug-free? I write software for a living. No software is bug-free and most of it isn’t well-designed.

Do I trust that everyone who runs a fediverse server isn’t an asshole? Absolutely not. Any jackass can run a server. I run a Mastodon server (on which all users are me).

I have quite a lot of faith, but I think the majority of my faith is that whilst you’re right that abuses can happen because some people are cunts, there seems to be a groundswell of willingness to react to that possibility and tackle it.

The relatively recent CSAM attack on .world Communities is a prime example of that. Code was written and systems put into place (not by the lead developers it has to be said but by @db0 and others) to tackle that threat.

This is a social media website. If you don’t trust it, no one is making you use it.

I came here for the same reasons as most of you

Ah, so you’re tired of Reddit’s manipulation of mods and users?

I’m mostly a fan, because I don’t feel like I have to have faith.

If my instance explodes, I’ll make an account on another instance. If the Lemmy devs collectively evaporate (and neither me nor others want to pick up the slack), then I can go to Mastodon or Kbin or whatever.

Individual rogue instances can be defederated. If e.g. Reddit truely disappears over night and Lemmy were to gain mass market appeal, then I can likely find a more isolated instance with a smaller community sharing my interests.

Similarly, the high availability of source code may lead to malicious instances, actors, and/or back-end modifications that would favor specific instances resounding consequence throughout the Fediverse.

That’s ultimately just the Internet being the Internet.

On the fediverse, any instance shouldn’t blindly trust any other instance for that exact reason. That’s part of the game. Instances share the data over ActivityPub, and it’s up to you to process and make use of that data. That includes spam filtering and whatnot. Some instances have CSAM detection for example.

Every instance that’s subscribed to a user or community gets the full set of data: every vote, from every user, from every instance involved. We have the data, we can analyze it. And that’s what really matters.

It doesn’t matter if there’s rogue instances trying to manipulate votes. Everyone have the data to detect and filter out the noise. Maybe one day it’ll be like E-Mail where the majority of the traffic is spam. But just like E-Mail, we’ll make filters and make it work. If all else fails, there’s always the allowlist method: only see content from sources you trust not be spammy. You can even run AI models on it to filter the data if you want. You have the data, you can do whatever you want with it to make it useful for you.

I have faith in the protocol and its openness, not the software that runs it.

Who cares? If baddies subvert the backend, the worst case scenario is that I get lower quality memes.

I care slightly more about clients. Those run in sandboxes on your phone or browser, so they’re probably fine-ish too.

🤷