As users migrate from centralized platforms to decentralized alternatives, so do bad actors. Bot detection on the fediverse requires fundamentally different approaches than traditional platforms.
Why Decentralized Platforms Are Different
Unlike Twitter or Reddit, decentralized platforms lack a central authority for spam reporting. Moderation is instance-level, and bots can easily switch instances when banned. This means:
- No global blocklist
- Inconsistent moderation policies across instances
- Easy identity rotation
- Limited API access for monitoring
Our Approach
We built a multi-signal bot detection system that works across platforms:
**Behavioral Signals.** Posting frequency, time-of-day patterns, reply ratios, and content repetition are analyzed per account. Bots tend to post at regular intervals, engage less in conversations, and repeat content themes.
**Content Analysis.** Our heuristic engine flags posts with spam patterns, excessive link sharing, and templated content. Cross-post similarity detection identifies accounts running the same script across platforms.
**Network Analysis.** We map follows, mentions, and replies to detect coordinated activity. Bot networks often exhibit characteristic graph structures — dense mutual follows, minimal genuine engagement.
Key Findings
Analysis of 10M+ posts from fediverse platforms revealed:
- Approximately 8-12% of活跃 accounts on large Mastodon instances show bot-like behavior
- Crypto spam accounts for the largest single category (34%)
- Cross-platform bot networks are increasingly common — same operators running on Mastodon, Bluesky, and Nostradamus simultaneously
Practical Implications
For researchers and data scientists: always filter or flag bot accounts in your training data. Bot-generated content introduces systematic bias, particularly for sentiment and engagement metrics.
— Heshan Sanjuka, Founder
