Instances, of course, have some bot-mitigation tools which they can use to prevent signups, etc.
However, what’s stopping bots from pretending to be their own brand new instance, and publishing their votes/spam to other instances?
Couldn’t I just spin up a python script to barrage this post, for example, with upvotes?
EDIT: Thanks to @Sibbo@sopuli.xyz ‘s answer, I am convinced that federation is NOT inherently susceptible, and effective mitigations can exist. Whether or not they’re implemented is a separate question, but I’m satisfied that it’s achievable. See my comment here: https://programming.dev/comment/313716
It seems like you could so long as this instance federated with any other instance without implementing any type of whitelisting or vetting. I’m just guessing based off various things I’ve read.
This is the how most instances operate at the moment. Some instances have an extensive blocklist, others have none or almost none. Whitelisting by default would be a bit antithetical to the idea of a federated social network, as any automated system for such a thing would still be able to be abused by the sort of person willing to set up a whole server just for spam or whatever and any manual system means you would probably end up with a bunch of small islands of federation and/or new instances being potentially unable to federate at all.