The fact that some of you are putting the blame on instance owners/moderators is just showing that you have about the same amount of brain rot as the people actually posting this vile trash
Honestly, my first thoughts were that reddit had probably funded some blackhats to sabotage shit because they’re still salty. Then, they could have it reported.
Honestly dude if you believe this is true you should speak with a therapist.
- argv_minus_one ( @argv_minus_one@beehaw.org ) 7•10 months ago
If you believe businesspeople never commit crimes to shut down their competition, you should read some history books. Antitrust violations, murders, aerial bombings—you name it, and if it’s illegal and gives a business an advantage over its competition, it’s happened.
Ignore these people telling you that you’re being too paranoid. I assumed the same about the series of DDoS attacks that lemmy.world experienced in the last few months. Reddit admins trying to undercut lemmy’s growing popularity “by any means necessary” is perfectly logical. DDoS followed by content attacks even follows Reddit’s own struggles over the years.
It’s okay. Thank you for the support. They seemed quick to complain and kinda organized to be this deep in some obscure comment thread.
https://en.wikipedia.org/wiki/The_lady_doth_protest_too_much,_methinks
And, agreed about the DDoS attacks.
The comment was more about inspiring a pro-fediverse angle, in any case. Imagine defending reddit, here of all places.
Right. This is a community effort, and it’s important we support our instances and figure out how to best keep them safe.
Looks like some CSAM fuzzy hashing would go a long way to catch someone trying to submit that kind of content if each uploaded image is scanned.
https://blog.cloudflare.com/the-csam-scanning-tool/
Not saying to go with CloudFlare (just showing how the detection works overall), but some kind of builtin detection system coded into Lemmy that grabs an updated hash table periodically
Not a bad idea, but I was working on a project once that would support user uploaded images and looked into PhotoDNA, but it was an incredible pain in the ass to get access to. I’m surprised that someone hasn’t realized that this should just be free and available. Kind of gross that it is put behind an application/paywall, imo. They’re just hashes and a library to generate the hashes. Why shouldn’t that just be open source and available through the NCMEC?
These comments so far stink, yall are something else.
OK, I am going to take a minute away from the shit stirring and potentially provide some insight speaking as an admin who’s had the misfortune of dealing with this so I can maybe shift this comment section into an actually meaningful discussion.
You can have your own opinion and feelings against lemmy.world but, this?
The only thing that could have prevented this is better moderation tools. And while a lot of the instance admins have been asking for this, it doesn’t seem to be on the developers roadmap for the time being. There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.
This is correct. Most lemmy admins likely agree as well, I don’t speak for anyone but myself but I can say that I think it would be hard to find someone who disagreed. What happened today is a result of a catastrophic failure on lemmys end, with issues that should have been addressed over a month ago just being completely ignored. The lemmy devs shared a roadmap during their AMA & they essentially were more concerned with making shit go faster… that’s about it.
Okay, honest question. What mod tools are lacking. If there’s something needed, what is that thing or things?
I went over to the feature request page for Lemmy and I couldn’t find anything massive in terms of requests for moderation tools that would have been sure fire ways to stop this particular event.
That said, there is over 400 open feature requests alone on Lemmy’s github. I obviously couldn’t go through every single one. But coming from the kbin side I’m just curious about our Lemmy brothers and sisters. It sounds dire and I’m woefully under informed on how bad it is.
There aren’t enough roles. There’s admin, moderator, and user, but it would be best to have tiers of user in between. Reports go to 4 categories of user when you file a report. Report a comment for violating a fun rule your community decided to implement (all post titles must contain “Jon Bois Rules!”)? That report goes to: the community moderators (good), the community’s host instance’s admin (bad), your instance’s admin (bad), the user who posted the “offending post”'s instance’s admin (bad).
Only admins can permanently remove illegal content. If a mod “removes” it, it still sits visible to all in modlog, and for the purposes of CSAM specifically, that counts as distribution which is prosecuted as a worse crime than possession. Federation with other instances is effectively binary. You can or cannot federate, you cannot set traffic as unidirectional like you can on most other fediverse platforms. The modlogs make it hard to parse who the moderator performing an action is acting on the behalf of. Was it a community mod? An admin? Your admin?
There’s more but my phone is getting low on battery
Agreed, I don’t know what AutoMod did on Reddit but if what mods need is a rule-configurable post remover then I’d be happy to clobber together something in Python
There’s this bot that is used in a couple of communities on feddit.de:
Oh great! This was literally how I envisioned my python script – JSON config file and all
If you’ve really got the time and energy I think you would see pretty heavy use of such a tool. I think the existing libraries are definitely mature enough. I’ve been surprised that nobody has done it already
Nice, do you happen to remember what the most popular moderation rules were? So far I can think of:
- Minimum karma/account age to post/comment
- Post title must contain X
I have exams in September but if I get a free day it should be enough to get something working
existing libraries
As in Python Lemmy libraries?
Yep. That’s what I’ve been looking at at least
Here’s some things Beehaw admind have been asking for from moderation since June: https://beehaw.org/comment/397674
I don’t know this for sure, but I have a feeling that a hard fork is in Lemmy’s future. I don’t want to get super into it, but programming is a form of communication. What features you bake into a platform are reflective of the messages you want to propogate on that platform. Lemmy’s devs vision for what the platform should be might not be reflective of what most of us might think it should be. The moderation tools might not be a focus for a while, even if most of us view that as the greatest need
As an admin, how do kbin moderation tools compare?
Also does lemmy.world have the spare cash to offer cash for features?
Kbin moderation tools are worse. And potentially. I guess a bug bounty could be started up.
EDIT: my app attached my reply to the wrong comment. Please ignore in this context
Got a link to this AMA? Couldn’t find it.
I agree with @Cube6392@beehaw.org, if modtools (one of the reasons for Reddit API protests in the first place) aren’t being prioritized, a hard fork of Lemmy will be inevitable. I know the Lemmy devs are known for being strangely hardheaded about certain issues.
They have shifted gears recently and been pretty receptive to this major critique. Things are going in a much better direction now that 2 months have passed. If I can find the AMA I will link you.
OP never delivered. :'(
Yeah, unfortunately took a rapid shift away and my optimism is gone. A hard fork is being made from scratch in a new programming language, that I am actively involved in whatever way I can be.
I’m a bit confused, how does locking down a single community help?
Are the spammers really just focusing on one community instead of switching to the next after it gets banned?
I do hope there is an IP ban option, so someone can’t just use the same IP again to create an account on another instance and post CSAM from there. Obviously I do know about VPNs, but it makes it a tiny bit more difficult to spam in large amounts.
Most people don’t have static IP addresses, so banning their IP will only stop them temporarily. Then whoever gets that dynamic IP address next will be banned too. Then there’s CGNAT where 1 IP address can have up to 128 people using it at once and the address changes even more frequently.
We’re talking about temporary bans here, which do work against spam. Private users do have dynamic IPs, but at home I think I’ve had the same IP for years. They don’t wildly switch them around.
On second thought the IP is probably not federated though, so if there isn’t a common IP block list which instances subscribe to it won’t work.
Every time my router restarts I get a fresh wan IP. I can also manually grab a new one via the DHCP release/renew functions in it’s config page.
Weird, are you 100% sure? I can restart my router all day, my ISP gives me the same IP back pretty much every time.
Probably depends on the ISP.
Is there not some way to involve the authorities? I feel like FBI/CIA or other foreign agencies would love to track down whoever is distributing. Like set up some sort of honeypot instance to catch them
They probably connect using tor. Not much you can do with that information (without effort far exceeding the value of one CP spammer).
The only thing that could have prevented this is better moderation tools. And while a lot of the instance admins have been asking for this, it doesn’t seem to be on the developers roadmap for the time being. There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.
God, lemmy.world admins are something else
I mean, they are correct and a majority of other lemmy admins would agree with that statement.
They are correct, but I wanted to address the attitude towards the people doing basically free work.
Nope, they are being paid now. They receive an immense amount of donations now, enough to likely make a solid monthly income. Take a look at their liberapay page if you don’t believe me. I understand that to a degree, but it only goes so far. When they are actively ignoring safety features despite its urgency in spite of that fact is difficult to justify.
- EhForumUser ( @EhForumUser@lemmy.ca ) 8•10 months ago
Take a look at their liberapay page if you don’t believe me.
I took a look. “Lemmy receives US$392.03 per week from 287 patrons.”
enough to likely make a solid monthly income.
Approximately $850 per month each. Is that a solid income? Lots of developers are making $850 per day!
When they are actively ignoring safety features
The license agreement clearly places this onus on the instance operators. If they cannot commit to those terms, why did they accept the agreement? It is not like someone holds a gun to your back and forces you to start a Lemmy instance.
I’m sorry for not being more focused on being nicer to the devs of lemmy after problems that were discussed nearly a month ago being ignored have caused me and other instance admins to have to deal with the stress of dealing with CSAM federating into our instances and having to witness that content in order to remove it.
That is sarcasm by the way. In comparison to how I actually feel currently, I could be a lot more indignant about this but I am fighting that urge as it is not productive.
- EhForumUser ( @EhForumUser@lemmy.ca ) 1•10 months ago
Nothing cares whether you present yourself as being nice or not. Information has no feelings.
But the Lemmy devs clearly pushed that responsibility downstream under the contractual terms of using the software. Maybe that made the agreement a bad deal, but nobody else had to ever agree to the bad terms. It seems you did agree to it. Why?
What the contract also allowed, however, was the ability for you to modify the software as you see fit. That part is a good deal. It seems the solution is staring you right in the face. Since you’re already committed, why spend your typing here and not in your favourite code editor?
https://github.com/LemmyNet/lemmy/blob/main/LICENSE
The software provided as is. Period. They never agreed to be support boys for someone, and the amount of work doesn’t really correlate to the amount of money they get from donations unless they both live in a third world country.
https://jacobtomlinson.dev/posts/2022/dont-be-that-open-source-user-dont-be-me/
It’s just a matter of not being entitled, that’s it. All I’m asking for is so that people would be more polite to FOSS devs. If they stop doing their work right now what are you going to do? Implement the mod tools yourself? Then go ahead.
I’m sorry, but I have difficulty being polite to someone who has actively ignored addressing safety concerns that were brought up months ago. FOSS or not.
Stop misconstruing it as safety. It’s about legality. Nobody’s safety is in jeopardy because they saw an illegal image accidentally. This is about following the law, not protecting the safety of users.
“CSAM laws aren’t for the safety of real people” is one of the hottest takes I’ve ever seen in my life
It ties into safety as well, websites have “trust and safety” teams. This is where it falls under. Sorry for not being more concise.
While I understand the move entirely I can’t help but wonder if that might have been the intent of the perpetrators.
One solution, perhaps, is if Lemmy users were better able to overcome the inertia of moving Communities, Instances, accounts, etc. Essentially to be a moving target for anyone who might want to cause harm. DDoSing lemmy.world? Okay, but we’re all on lemmy2.world now. Spamming a Community? Oh, you mean that one we all left?
I’m not criticizing others, because I’m as guilty of it any anyone, but it might be better if we realized that our usernames are meaningless, there’s no Karma, our comment histories are full of ephemeral observations with only a very specific relevance. It wouldn’t really matter if - worst case scenario - everything was deleted. I realise this wouldn’t sound acceptable to new users, but since many of us on instances run by one person as a hobby, that might happen anyway.
(As I was typing this, someone just replied to a 17 days old comment I made, so maybe this is all rubbish)
Hey, good to see you as usual.
The issue here is more than illegal content gets propagated to every instance, so moving around doesn’t help that much in that regard, the issue would remain.
You too, of course.
But, no, it does nothing for after something like this that has already happened. It was just more of a pie-in-the-sky solution to it ever happening in the first place.
Indeed
Lemmy.world is the worst, sucks to suck.
Shit posting needs to die anyway. Only thing that should be allowed on the internet is knowledge and education. Throw out the corporations too.
How will you enforce this new “no unapproved fun” policy? I think “Only knowledge and education” is a dangerous precedent to set, and we should strive for freedom of expression. And I mean real freedom of expression, not the “mandatory audience” version of freedom of expression the freeze peach folks want, I mean actual honest to goodness freedom of expression with freedom of association, including “We no longer wish to associate with you.”
Part of that is that we all must be respectful of the bodily and personal autonomy of all people, which requires moderation of content that does not respect bodily and personal autonomy.
In conclusion:
- shitposting, fine
- CSAM, deplorable
That sounds very extreme. I like humor, but not the trolling type. In my time we used to say “don’t feed the trolls”. When ignored they mostly go away. Nowadays there’s always someone arguing with them. It’s so stupid…
How is education trolling? You do know the internet was made for communication and education until corporations took it over?
Humor = education? Trouble reading much?
i already filter shitposting coms. all the better
Why not just block images (and block the cache and thumbnail too) and only allow a text link to external image host? I mean if CSAM stuff gets on imgur, it isn’t lemmy.world’s problem, right?
So you’re asking why they didn’t “just” let people post links to child porn?
I think he’s asking why it is instances don’t ban self-hosting images and have posters use imgur and the like to post any kind of image, to prevent the proliferation of CP to begin with. Because presumably imgur and the like already have filters and mod armies checking uploads.
His comment literally accounts for a scenario of if child porn does get on imgur. His intent was to avoid accountability to lemmy, not avoid proliferation of CSAM. Which was what my question was trying to highlight
🤔 Hmm. Okay, I’m lost for an explanation then.
There are actual child rape apologists making their way onto Lemmy, aren’t there? Maybe that’s what he’s doing. Getting his foot in the door to defend obscene shit
He’s looking to minimise risk to the Lemmy host not advocating for defending shit. Seriously how did you come to this conclusion?
I was talking in general. I have noticed on .world’s news feed that there was an inundation of apologists specifically in the threads talking about the most blatantly heinous of crimes. There were people demanding empathy for the perpetrators, then speaking in generalities to subtly imply punishment itself is an inherently bad or unhelpful thing and that the perps in each thread should be given leniency.
I even noticed it in a meme thread I made talking specifically about rape apologia. Same argumentation style, same M.O., and others in my own thread thought it was sus.
Then I saw people using that same argumentation style to the letter to defend possession of CP last night.
The pattern is clear – evil is upon us, and we need to pressure mods and instances of admins to not allow people to defend serious criminals anymore, because that is what it leads to.
Bro don’t be too proud to talk with a therapist
I have a feeling his comment was more of a “not our problem” kind of thing, as opposed to defending CP. It’s not uncommon for people to want to do the minimum if it’s impacting something they like, possibly such as the sub that got closed. So I was trying to force some empathy into the conversation lol
Literally everybody is talking past each other
After reading this thread, I think we need fediverselorelore
rise of uselessserver093? confirmed