• dinckelman@kbin.social
    link
    fedilink
    arrow-up
    155
    arrow-down
    10
    ·
    1 year ago

    The fact that some of you are putting the blame on instance owners/moderators is just showing that you have about the same amount of brain rot as the people actually posting this vile trash

    • Franzia@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      27
      ·
      1 year ago

      Right. This is a community effort, and it’s important we support our instances and figure out how to best keep them safe.

    • uphillbothways@kbin.social
      link
      fedilink
      arrow-up
      28
      arrow-down
      50
      ·
      edit-2
      1 year ago

      Honestly, my first thoughts were that reddit had probably funded some blackhats to sabotage shit because they’re still salty. Then, they could have it reported.

        • PeleSpirit@lemmy.world
          link
          fedilink
          English
          arrow-up
          19
          arrow-down
          8
          ·
          1 year ago

          Why would a guy who called their free labor “landed gentry” and thinks Elon Musk is running the site formerly known as twitter well, not go after where a shit ton of his content creators went? It’s stupid enough to be him, lol.

          • shagie@programming.dev
            link
            fedilink
            arrow-up
            25
            arrow-down
            1
            ·
            1 year ago

            You drastically over estimate the number of people who were creating content on Reddit leaving for Lemmy.

            The entire population of Lemmy is smaller than a mid sized cat sub on Reddit and the only content that is being reliably generated is memes.

            Yes, a few subs did have their communities split, and some left permanently. But if you think Reddit corporate got at all bothered by Lemmy’s MAU numbers… no, they’re not that great.

            A bunch of mods did indeed stop activity on Reddit, but all in all there’s been no practicable drop in volume.

            • PeleSpirit@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              arrow-down
              5
              ·
              1 year ago

              Do you think that I haven’t been back to check? The niche groups are fine, the bigger ones are hurting for content. I can read you know.

        • argv_minus_one@beehaw.org
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          1 year ago

          If you believe businesspeople never commit crimes to shut down their competition, you should read some history books. Antitrust violations, murders, aerial bombings—you name it, and if it’s illegal and gives a business an advantage over its competition, it’s happened.

      • hedgehogging_the_bed@lemm.ee
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        1 year ago

        Ignore these people telling you that you’re being too paranoid. I assumed the same about the series of DDoS attacks that lemmy.world experienced in the last few months. Reddit admins trying to undercut lemmy’s growing popularity “by any means necessary” is perfectly logical. DDoS followed by content attacks even follows Reddit’s own struggles over the years.

    • gabe [he/him]@literature.cafe
      link
      fedilink
      arrow-up
      96
      arrow-down
      2
      ·
      1 year ago

      OK, I am going to take a minute away from the shit stirring and potentially provide some insight speaking as an admin who’s had the misfortune of dealing with this so I can maybe shift this comment section into an actually meaningful discussion.

      You can have your own opinion and feelings against lemmy.world but, this?

      The only thing that could have prevented this is better moderation tools. And while a lot of the instance admins have been asking for this, it doesn’t seem to be on the developers roadmap for the time being. There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.

      This is correct. Most lemmy admins likely agree as well, I don’t speak for anyone but myself but I can say that I think it would be hard to find someone who disagreed. What happened today is a result of a catastrophic failure on lemmys end, with issues that should have been addressed over a month ago just being completely ignored. The lemmy devs shared a roadmap during their AMA & they essentially were more concerned with making shit go faster… that’s about it.

      • IHeartBadCode@kbin.social
        link
        fedilink
        arrow-up
        27
        arrow-down
        1
        ·
        1 year ago

        Okay, honest question. What mod tools are lacking. If there’s something needed, what is that thing or things?

        I went over to the feature request page for Lemmy and I couldn’t find anything massive in terms of requests for moderation tools that would have been sure fire ways to stop this particular event.

        That said, there is over 400 open feature requests alone on Lemmy’s github. I obviously couldn’t go through every single one. But coming from the kbin side I’m just curious about our Lemmy brothers and sisters. It sounds dire and I’m woefully under informed on how bad it is.

        • The Cuuuuube@beehaw.org
          link
          fedilink
          English
          arrow-up
          25
          ·
          1 year ago

          There aren’t enough roles. There’s admin, moderator, and user, but it would be best to have tiers of user in between. Reports go to 4 categories of user when you file a report. Report a comment for violating a fun rule your community decided to implement (all post titles must contain “Jon Bois Rules!”)? That report goes to: the community moderators (good), the community’s host instance’s admin (bad), your instance’s admin (bad), the user who posted the “offending post”'s instance’s admin (bad).

          Only admins can permanently remove illegal content. If a mod “removes” it, it still sits visible to all in modlog, and for the purposes of CSAM specifically, that counts as distribution which is prosecuted as a worse crime than possession. Federation with other instances is effectively binary. You can or cannot federate, you cannot set traffic as unidirectional like you can on most other fediverse platforms. The modlogs make it hard to parse who the moderator performing an action is acting on the behalf of. Was it a community mod? An admin? Your admin?

          There’s more but my phone is getting low on battery

        • SubArcticTundra@lemmy.ml
          link
          fedilink
          arrow-up
          16
          ·
          1 year ago

          Agreed, I don’t know what AutoMod did on Reddit but if what mods need is a rule-configurable post remover then I’d be happy to clobber together something in Python

      • stevecrox@kbin.social
        link
        fedilink
        arrow-up
        13
        arrow-down
        1
        ·
        1 year ago

        As an admin, how do kbin moderation tools compare?

        Also does lemmy.world have the spare cash to offer cash for features?

      • The Cuuuuube@beehaw.org
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        1 year ago

        I don’t know this for sure, but I have a feeling that a hard fork is in Lemmy’s future. I don’t want to get super into it, but programming is a form of communication. What features you bake into a platform are reflective of the messages you want to propogate on that platform. Lemmy’s devs vision for what the platform should be might not be reflective of what most of us might think it should be. The moderation tools might not be a focus for a while, even if most of us view that as the greatest need

      • Antik 👾@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        It was worded a harshly but I’m happy to see you jump in here @[email protected] <3

        To users this might seem like it came out of the blue but instance admins know this is has been a big issue for months. The “roadmap” they shared was indeed, optimize the database queries to make things go brrrr, get more funding and update join-lemmy.org

        • gabe [he/him]@literature.cafe
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          100%, ultimately there might be disagreements amongst admins over many things but this is something that there is clear unity on and I felt important to establish it. Hell, I’ve disagreed with lemmy.world’s decisions on numerous fronts as well which you already know. I think the harshness is understandable as well, given you know

        • sunaurus@lemm.ee
          link
          fedilink
          arrow-up
          24
          ·
          1 year ago

          Forking solves the problem of inactive maintainers, or the problem of maintainers who don’t review and/or accept PRs, but Lemmy really doesn’t have either of these problems at the moment.

        • The Quuuuuill@slrpnk.net
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          With all forks of maintained projects it starts with saying several times “No, but seriously, you need to do something about this”

          Forks are the enemy of open source. The goal is merges. When someone forks a project without plans to merge back, it’s a sign that the project has failed them in some way

        • AnonymousLlama@kbin.social
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          It’s a shame it’s not written in a PHP framework or something that’s more common. Plenty of devs have been helping about contributing to kbin development, it sounds like it’s a lack of manpower on Lemmy’s end that’s contributing to this

          • SubArcticTundra@lemmy.ml
            link
            fedilink
            arrow-up
            7
            ·
            1 year ago

            Yeah, Rust was a good technical choice but in practice it really narrows down the pool of potential volunteers

            • stevecrox@kbin.social
              link
              fedilink
              arrow-up
              7
              ·
              1 year ago

              It was an incredibly poor technical choice.

              Programming goes through fads where people will claim X can solve every problem. Eventually people realise a languages strengths/weaknesses and communities form.

              Rust is the current fad language, its developed a strong following in C/C++ communities but they have nothing to do with middleware (the role Lemmy is using Rust).

              It means lemmy devs will have to build everything themselves (instead of focussing on lemmy) and the pool of contributor’s will remain small.

              • The Quuuuuill@slrpnk.net
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                Rust is a great and fabulous language, but flexible it is not. If I were starting a Lemmy or Kbin type project from scratch I’d likely start with Python, TypeScript, Lua, or Go depending on what specifically I was worried about bogging me down in the future. And then later on if there were really heavy procedures or db calls that couldn’t be simplified anyway else, do those in rust. I think Rust has some very interesting features for micro service development, but for a monolith like Lemmy, it’s surely a nightmare

                • stevecrox@kbin.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  See my goto is Java/Spring Boot or Typescript/TSOA.

                  I avoid Python because Setuptools/Twine/FastAPI/\ docs conflict and seems to change so creating a good practice project layout is a huge time sink and none of the Python devs I meet seem to understand it.

                  I am doing GoLang atm, its ok but dev adoption is low where I am and no one has shown me a killer library/framework and being controlled by Google I am waiting for them to get bored and kill it.

                  Spring Boot takes longer to get going than TSOA/Express but hibernate makes SQL interactions trivial. I love typescript but types makes complex NoSQL queries far more convoluted than Java equivalents (its because Types can’t inherit and client libraries don’t use interfaces). So TSOA rocks in cases of speed or simplicity.

        • gabe [he/him]@literature.cafe
          link
          fedilink
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          It is, there are currently discussions of attempting to do so but the issue lies that Rust is not only a really new programming language that really never was well suited for an application like this, forking means nothing if no one is going to contribute to the fork in the first place. I know that pawb.social is working on a fork iirc

      • McGriffTheCrimeDog@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Got a link to this AMA? Couldn’t find it.

        I agree with @[email protected], if modtools (one of the reasons for Reddit API protests in the first place) aren’t being prioritized, a hard fork of Lemmy will be inevitable. I know the Lemmy devs are known for being strangely hardheaded about certain issues.

  • m-p{3}@lemmy.ca
    link
    fedilink
    arrow-up
    49
    ·
    1 year ago

    Looks like some CSAM fuzzy hashing would go a long way to catch someone trying to submit that kind of content if each uploaded image is scanned.

    https://blog.cloudflare.com/the-csam-scanning-tool/

    Not saying to go with CloudFlare (just showing how the detection works overall), but some kind of builtin detection system coded into Lemmy that grabs an updated hash table periodically

    • wagesj45@kbin.social
      link
      fedilink
      arrow-up
      25
      ·
      1 year ago

      Not a bad idea, but I was working on a project once that would support user uploaded images and looked into PhotoDNA, but it was an incredible pain in the ass to get access to. I’m surprised that someone hasn’t realized that this should just be free and available. Kind of gross that it is put behind an application/paywall, imo. They’re just hashes and a library to generate the hashes. Why shouldn’t that just be open source and available through the NCMEC?

      • shagie@programming.dev
        link
        fedilink
        arrow-up
        27
        ·
        1 year ago

        Putting it behind a 3rd party API that has registration ensures that the 3rd party that is under contract to report it does so. It isn’t enough just to block it - it needs to be reported too. Google and Cloudflare report it to the proper authorities.

        Additionally, if it was open source, people trying to evade it could just download the open source tool and tweak their images until they come back without getting flagged.

        • wagesj45@kbin.social
          link
          fedilink
          arrow-up
          16
          ·
          1 year ago

          They could tweak their images regardless. Security through obscurity is never a good solution.

          I can understand the reporting requirement.

  • ninjirate@kbin.social
    link
    fedilink
    arrow-up
    38
    ·
    1 year ago

    Is there not some way to involve the authorities? I feel like FBI/CIA or other foreign agencies would love to track down whoever is distributing. Like set up some sort of honeypot instance to catch them

  • Vlyn@lemmy.zip
    link
    fedilink
    English
    arrow-up
    33
    ·
    1 year ago

    I’m a bit confused, how does locking down a single community help?

    Are the spammers really just focusing on one community instead of switching to the next after it gets banned?

    I do hope there is an IP ban option, so someone can’t just use the same IP again to create an account on another instance and post CSAM from there. Obviously I do know about VPNs, but it makes it a tiny bit more difficult to spam in large amounts.

    • cmnybo@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      Most people don’t have static IP addresses, so banning their IP will only stop them temporarily. Then whoever gets that dynamic IP address next will be banned too. Then there’s CGNAT where 1 IP address can have up to 128 people using it at once and the address changes even more frequently.

      • Vlyn@lemmy.zip
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        1 year ago

        We’re talking about temporary bans here, which do work against spam. Private users do have dynamic IPs, but at home I think I’ve had the same IP for years. They don’t wildly switch them around.

        On second thought the IP is probably not federated though, so if there isn’t a common IP block list which instances subscribe to it won’t work.

        • Darkassassin07@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Every time my router restarts I get a fresh wan IP. I can also manually grab a new one via the DHCP release/renew functions in it’s config page.

          • Vlyn@lemmy.zip
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            1 year ago

            Weird, are you 100% sure? I can restart my router all day, my ISP gives me the same IP back pretty much every time.

            Probably depends on the ISP.

  • NGC2346@sh.itjust.works
    link
    fedilink
    arrow-up
    29
    arrow-down
    9
    ·
    1 year ago

    Is it that hard to not be completely retarded and innapropriate on the internet for these people? Only “viable” alternative to reddit and they have to fuck it up

    • ahornsirup@artemis.camp
      link
      fedilink
      arrow-up
      31
      arrow-down
      1
      ·
      1 year ago

      I’d assume that fucking it up is the goal. Some people are just irredeemable sociopaths who get satisfaction out of ruining other people’s days.

      • The Quuuuuill@slrpnk.net
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        And I think its just some disgruntled online user who doesn’t like when people are happy rather than some corpo entity. I’ve seen some people saying Reddit did this. I’m more likely to believe a user of a widely defederated instance that’s shutting down because everyone defederated them is responsible, or a zealous fediverse user that refuses to touch Lemmy because of who the devs are and thinks theyre doing the world a favor by keeping anyone else from enjoying it

  • 21Cabbage@lemmynsfw.com
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    While I understand the move entirely I can’t help but wonder if that might have been the intent of the perpetrators.

    • gndagreborn@lemmy.world
      link
      fedilink
      arrow-up
      28
      ·
      1 year ago

      Definitely was. It was just a flex of their power. I don’t see any viable solution at the moment though, so going nuclear was the only sane option. When your options are to close a door versus playing an increasingly difficult game of cat and mouse w/ CP posters, most would opt to temporarily shutter their doors I feel.

      What is worrying is that any community on lemmy on any instance is vulnerable to this type of attack. This will continue happening again and again until a clear solution, technical or otherwise, can be devised.

      I gave my loyalty to Lemmy. I am not going to jump shit because some deranged lunatics decide to troll in the most abhorrent ways. I plan on donating to the project in show of support and I hope others do as well.

      • Rentlar@lemmy.ca
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Honestly, I think it was destined to happen one way or another because of an open-signups server getting so big. The burggit/vlemmy debacle was the warning shot.

        It should jump-start overdue efforts to improve moderation granularity and make it easier for mods to manage users and content.

        • snor10@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          What was the burggit/vlemmy debacle?

          I know that vlemmy suddenly disappeared with no warning.

          • The Quuuuuill@slrpnk.net
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            Can’t speak to Burggit’s place in the saga, but its widely speculated the vlemmy admin found some CSAM in the data storage and shut the whole thing down so as not to be further legally liabile for illegal activity on the server. I’ve seen some people saying admins don’t have to worry about that because of this section of this code of that countries legal doctrine or whatever, but the reality a lot of us face is that law enforcement and prosecutors don’t care how the CSAM got there, or if you knew about it, because its your burden of proof to prove them wrong about that, and they just have to make jurors who don’t know how the tech works think its your hardware, your hosted service, and therefore, your CSAM. The consequences of mishandling or not documenting your actions in regards to CSAM are incredibly dire. You could see yourself permanently sent to prison, and if not, upon your release permanently ostracized in very complex ways that could render you permanently homeless.

            I like… Don’t understand the stance that Ruud or VLemmy are overreacting at all. Those are the stakes in some places, including where the majority of instances are hosted. It gives me the read some people don’t care that the admins are just people like you and me hosting these services to make good communities happen. The expectation for some people seems to be just like… “Keep the service up no matter what. I want to view content. if it becomes impossible to host, just sail out into international water. The content must flow”

          • Rentlar@lemmy.ca
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            Though I haven’t confirmed it (nor would I want to at this point), from my recollection of events, some community from burggit.moe was allegedly the source instance of the problematic images that were thought to have taken vlemmy.net down, which was reportedly some sexual depiction of young fictional cartoon/animal characters. This might not be illegal in some places but it definitely is in Ireland, so the server owner was notified as such and had most of their online accounts removed.

            My Fedilore+drama post on it

      • iegod@lemm.ee
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        I gave my loyalty to Lemmy

        This is a weird way to think about a service. You’re not a serf or lord. If the things tanks tomorrow I’m not losing sleep over it.

        • gndagreborn@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          Let me clarify. I am loyal to Lemmy because they demonstrate a few important things to me. Openness, transparency, and community ownership. I have never used any piece of social media, content aggregation, whatever else, that has given me such confidence and transparency. Lemmy (as a project, not a single instance) has earned my trust because they have actually shown accountability and been open to communication.

  • freamon@endlesstalk.org
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    One solution, perhaps, is if Lemmy users were better able to overcome the inertia of moving Communities, Instances, accounts, etc. Essentially to be a moving target for anyone who might want to cause harm. DDoSing lemmy.world? Okay, but we’re all on lemmy2.world now. Spamming a Community? Oh, you mean that one we all left?

    I’m not criticizing others, because I’m as guilty of it any anyone, but it might be better if we realized that our usernames are meaningless, there’s no Karma, our comment histories are full of ephemeral observations with only a very specific relevance. It wouldn’t really matter if - worst case scenario - everything was deleted. I realise this wouldn’t sound acceptable to new users, but since many of us on instances run by one person as a hobby, that might happen anyway.

    (As I was typing this, someone just replied to a 17 days old comment I made, so maybe this is all rubbish)

    • Blaze@discuss.tchncs.de
      link
      fedilink
      arrow-up
      20
      arrow-down
      1
      ·
      1 year ago

      Hey, good to see you as usual.

      The issue here is more than illegal content gets propagated to every instance, so moving around doesn’t help that much in that regard, the issue would remain.

  • WtfEvenIsExistence1️@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Why not just block images (and block the cache and thumbnail too) and only allow a text link to external image host? I mean if CSAM stuff gets on imgur, it isn’t lemmy.world’s problem, right?

      • pinkdrunkenelephants@sopuli.xyz
        link
        fedilink
        arrow-up
        12
        arrow-down
        1
        ·
        1 year ago

        I think he’s asking why it is instances don’t ban self-hosting images and have posters use imgur and the like to post any kind of image, to prevent the proliferation of CP to begin with. Because presumably imgur and the like already have filters and mod armies checking uploads.

        • NattyNatty2x4@beehaw.org
          link
          fedilink
          arrow-up
          6
          arrow-down
          5
          ·
          1 year ago

          His comment literally accounts for a scenario of if child porn does get on imgur. His intent was to avoid accountability to lemmy, not avoid proliferation of CSAM. Which was what my question was trying to highlight

          • pinkdrunkenelephants@sopuli.xyz
            link
            fedilink
            arrow-up
            5
            arrow-down
            6
            ·
            edit-2
            1 year ago

            🤔 Hmm. Okay, I’m lost for an explanation then.

            There are actual child rape apologists making their way onto Lemmy, aren’t there? Maybe that’s what he’s doing. Getting his foot in the door to defend obscene shit

            • n3m37h@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              12
              arrow-down
              1
              ·
              1 year ago

              He’s looking to minimise risk to the Lemmy host not advocating for defending shit. Seriously how did you come to this conclusion?

              • pinkdrunkenelephants@sopuli.xyz
                link
                fedilink
                arrow-up
                6
                arrow-down
                5
                ·
                1 year ago

                I was talking in general. I have noticed on .world’s news feed that there was an inundation of apologists specifically in the threads talking about the most blatantly heinous of crimes. There were people demanding empathy for the perpetrators, then speaking in generalities to subtly imply punishment itself is an inherently bad or unhelpful thing and that the perps in each thread should be given leniency.

                I even noticed it in a meme thread I made talking specifically about rape apologia. Same argumentation style, same M.O., and others in my own thread thought it was sus.

                Then I saw people using that same argumentation style to the letter to defend possession of CP last night.

                The pattern is clear – evil is upon us, and we need to pressure mods and instances of admins to not allow people to defend serious criminals anymore, because that is what it leads to.

            • NattyNatty2x4@beehaw.org
              link
              fedilink
              arrow-up
              1
              arrow-down
              2
              ·
              1 year ago

              I have a feeling his comment was more of a “not our problem” kind of thing, as opposed to defending CP. It’s not uncommon for people to want to do the minimum if it’s impacting something they like, possibly such as the sub that got closed. So I was trying to force some empathy into the conversation lol

  • ineedaunion @lemm.ee
    link
    fedilink
    arrow-up
    6
    arrow-down
    25
    ·
    1 year ago

    Shit posting needs to die anyway. Only thing that should be allowed on the internet is knowledge and education. Throw out the corporations too.

    • The Quuuuuill@slrpnk.net
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      1
      ·
      1 year ago

      How will you enforce this new “no unapproved fun” policy? I think “Only knowledge and education” is a dangerous precedent to set, and we should strive for freedom of expression. And I mean real freedom of expression, not the “mandatory audience” version of freedom of expression the freeze peach folks want, I mean actual honest to goodness freedom of expression with freedom of association, including “We no longer wish to associate with you.”

      Part of that is that we all must be respectful of the bodily and personal autonomy of all people, which requires moderation of content that does not respect bodily and personal autonomy.

      In conclusion:

      • shitposting, fine
      • CSAM, deplorable
    • 8ace40@programming.dev
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      1 year ago

      That sounds very extreme. I like humor, but not the trolling type. In my time we used to say “don’t feed the trolls”. When ignored they mostly go away. Nowadays there’s always someone arguing with them. It’s so stupid…

      • ineedaunion @lemm.ee
        link
        fedilink
        arrow-up
        1
        arrow-down
        11
        ·
        1 year ago

        How is education trolling? You do know the internet was made for communication and education until corporations took it over?

        • Ech@lemm.ee
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          1
          ·
          1 year ago

          Humor = education? Trouble reading much?