Lemmyshitpost community closed until further notice

58008, 9 months ago

Lads, as a casual Lemmy user, just how much danger am I in of having my mind permanently incinerated by seeing images of children being sexually tortured? I’ve been using the net since the mid-90s and I have never seen a single piece of CSAM in that time, and I now realise that I’ve been insanely lucky in that regard. My mind is already host to all manner of unspeakable internet shit (looking at you, cartels), but I don’t think I could endure seeing anything like the stuff those evil fucking degenerate nihilist cunts have on their hard drives. I would want to commit murder.

So, stay the hell off Lemmy or… ?

2d, 9 months ago

If you’re just browsing the front page/hot you should be fine, nothing awful will make it there

XylightNotAdmin, 9 months ago

Unless they use vote manipulation

khannie, 9 months ago

I wonder if “they” is just one person or entity.

Sanity_in_Moderation, 9 months ago

Highly likely. Someone is mad about something.

DogMuffins, 9 months ago

It’s an unusual vulnerability. Highly successful. No technical expertise required. No resources required. Rapidly propagating. Infects users & hosters alike. Real world consequences for infected.

khannie, 9 months ago

Some level of technical expertise is required or they’re going to prison. The Lemmy web server logs are all there. Email address associated with sign up is there. IP address used to create the email address is logged and so on.

Blaze, 9 months ago

If they could, they would have used that already

cybervseas, 9 months ago

Look I unfortunately ran into one of these pieces of content, and I think it will stay with me forever. I think it’s because I sort by “New” in order to try and help promote the good undiscovered content. As long as you focus on Hot/Active, I think you’ll be fine.

khannie, 9 months ago

Sorry for your troubles :( that’s shit

Blaze, 9 months ago

Sorry to hear that…

DogMuffins, 9 months ago

I just read another comment saying that posts were showing up in hot / active somehow despite being heavily downvoted. It wouldn’t surprise me TBH. Hot / active always seems to be buggy.

deweydecibel, 9 months ago

It’s not a bug, it’s just lack of content. You can downvote that shit, but if there’s no other content to stack “on top” of it, well, it can’t go any lower.

CoderKat, 9 months ago

I’d avoid hot. Unlike Reddit’s sort of the same name, Lemmy’s hot gives a lot of weight to brand new posts. I regularly saw lots of posts with no votes when I used it. Active or top is probably safer. Though admittedly, if someone is using bots to post content, they could use bots to upvote, too. Lemmy has pretty much nothing to prevent even basic botting. The way federation works is actually way worse for the ability to prevent bots, because bots just need any insecure instance and can spin up their own instance in minutes if they can’t find an existing insecure one (at the cost of burning a domain).

Afghaniscran, 9 months ago

I think I saw someone mention this before. Apparently hot sorts by the hottest posts of the communities. So if there’s a brand new community its first post will be at the top of hot because its the hottest post that community has had.

shotgun_crab, 9 months ago

From my experience, using “new” is dangerous on any platform. I’ve seen so many cursed thumbnails on youtube…

Lakija, 9 months ago

Same as you. I have avoided it this far. I think Imma back up for a little while. I cannot, cannot see that shit.

I’ll just go outside and read a book.

MrShankles, 9 months ago

I’m kind of the same in regards to this bullshit. Of all the crazy shit I’ve seen during my time on the web; I have never crossed any CSAM. Am I lucky?.. probably yes. But is someone(s) being fucking trash and deserves a slow horrible dismemberment, like I’ve seen online before… I also say yes

They’re trolling with that shit, which means they can find that shit (which I haven’t come across in my almost 30 years of interwebs use)… and I don’t give a shit about “the point” they’re trying to troll; because they’re contributing to it, at the end of the day. They think they’re fucking HaXzOR fuckwits, that found an easy way to cause turmoil?

Welcome. To. The. Fucking. Internet.

Keep that shit up, and they’re gonna get got. It’s low effort, beyond fucking despicable, and they deserve to rot for even entertaining that approach. And they SHOULD be fucking scared; cause they’re on everyone’s radar, and I can promise you that they’re not as fucking smart as they think

It means to me that they’re fucking dumb, (beyond) degenerate, and that they WILL get absolutely fucked by the majority, if they don’t slink back to their fucking gutter… and quick. I can promise you that people who give a shit about it and can do something… they’re already hunting them down. It’s like the type of person that thinks “swatting” people is “LoLz”, until they end up in “pound me up the ass” federal-fucking-prison, because they can’t conceive the fact that they’re not the only one(s) who know how to “use the interwebs”

Fuck around, piss off the right people, and find the fuck out. Think governments don’t have the resources to find your ass, when enough reports have been made? Their days are fucking numbered in my eyes, if they don’t backstep… but they’ve already opened a door to be found, so good fucking luck.

So, will I stay the hell off Lemmy? Nah. Just don’t sort “by new” for now, until they inevitably get cornered. And they better pray they get cornered by the authorities and not by someone(s) who’s got the time to ruin every inch of their being.

Fuck terrorists. And fuck them. Any shit I see is going straight to the proper authority; and the authorities aren’t dumb. And with enough reports?.. they’re gonna go for the source, not the unwilling bystander(s).

This is a feeble attempt at division and fear. Fuck fear… and good luck. Best hope they don’t get caught by the hands of someone who’s better. They’re “playing an ace” when they don’t know a god damn thing about cards

Don’t sort by new for now; I don’t wanna see that shit either. But I’ll be damned if I scroll on by (if I do see one) without helping the hammer get slammed down on them. Just a matter of time for those little bitches, if they wanna keep playing with fire.

Fuck them, they should be scared. I’m good here.

And I’ve got time. Fuck it, I’ll make time just to watch them burn. I’ve dealt with enough bullshit in my life, that I have the energy to contribute to any small bits that I can.

They should be the ones cowering; not us. They made the mistake and I hope they reap what they sow

Blaze, 9 months ago

Thank you for editing your comment. Take care!

leraje, 9 months ago

Is it possible to (at least temporarily):

1. Turn off instance image hosting (disable pictrs)
2. Disallow image and video posts across all communities
3. As in Firefish, turn off caching of remote images from other instances.

whilst longer term solutions are sought? This would at least ensure poor mods aren’t exposed to this shit and an instance could be more positive they’re not inadvertently hosting CSAM.

TacoButtPlug, 9 months ago

I think this is a good idea

Poppa_Mo, 9 months ago

This is flat out disgusting. Extremely questionable someone having an arsenal of this crap to spread to begin with. I hope they catch charges.

Whitehat93875, 9 months ago

deleted_by_author

Piecemakers3Dprints, 9 months ago

You must realize the logical fallacy in that statement, right?

HawlSera, 9 months ago

See that’s the part of this that bothers me most… Why do they have so much of it? Why do they feel comfortable letting others know they have so much of it? Why are they posting it on an open forum?

The worst part is, there is not a single god damn answer to ANY of those that wouldn’t keep a sane person up at night… shudder

mayo, 9 months ago

I’m sure it’s not hard to find on the dark web. Child porn is one of those horrible things that is probably a lot more widespread than anyone wants to know.

I don’t really get why they are doing this though.

HawlSera, 9 months ago

I hate to get conspiratorial, but it’s possible Reddit paid some people to do this to snuff out the competition.

Isn’t Spez a pedophile?

FlyingSquid, 9 months ago

I appreciate all the hard work you’re doing. Not only must it be exhausting to delete all this perverse filth, but I’m guessing you have to look at it too. At least the thumbnail.

Quacksalber, 9 months ago

I am wondering what kind of moderation tools would be needed.
On the top of my head, I’d say a trust-level system would be great, both for instances and users. New instances and users start out on a low trust level. Posts and commemts federated by them could be set to require approval or get deranked compared to other posts and comments. In time the trust-level increases and the content is shown as usual. If an incident occurs and content is getting reported, the trust level decreases again and eventually will have to be approved first again.

You can couple that with a reporting-trust-level. If a report is legitimate, future report will hold more weight, while illegitimate reports will make future reports hold less.

arudesalad, 9 months ago

The trust system wouldn’t work because it would effect people selfhosting their instances

lemann, 9 months ago

In this situation I think

• major instances define their own trust limits, or at least agree on a common variety
• self hosted instances go through the guarantor process with dbzer0’s fediseer service
• main instances pull data from fediseer and fediverse observer to see if an instance is malicious the first time we federate, if not percieved as such then apply the trust limits to each of the instances users in good faith that the provided data is not manipulated - we could try and cross reference activity with other instances using the activitypub API but this seems ripe for abuse as a DDoS attack vector if we’re running hundreds of user posts/comments through each of the instances it claims to exist on.

This is still not really ideal though and adds more friction.

I think the best compromise would be application signups + pictrs upload restrictions (at the source instance) for newly registered users, which does not exist as a feature. This would keep a human in the loop, who would likely spot opportunistic trolls, and not affect selfhosters too much if they themselves are the admin. Selfhosters who abuse can just be defedded instantly, and would need to buy another domain to continue (freenom no longer offers free domains).

quitenormal, 9 months ago

On the top of my head, I’d say a trust-level system would be great, both for instances and users. New instances and users start out on a low trust level. Posts and commemts federated by them could be set to require approval or get deranked compared to other posts and comments.

Good thinking, but devil’s advocate here: might make it difficult for new users to post anything. I can imagine a lot of communities would utilise that feature, maybe even the majority.

LEDZeppelin, 9 months ago

Thank you. I love fediverse.

30mag, 9 months ago

There are just two full-time developers on this project and they seem to have other priorities.

Can we do anything to help them?

JVT038, 9 months ago

Yeah, we can support by making useful PRs and fixing bugs. Unfortunately, I don’t know Rust, so I’ll have to look into that first.

MoistWanted, 9 months ago

Have you seen the amount of GitHub issues? They can not manage the amount of Reports.

30mag, 9 months ago

Is there a specific lemmy.world repo on guthub?

JVT038, 9 months ago

No, but there is a public Lemmy repo containing the code for the Lemmy server. Any PRS in that repo contribute to the overall experience of Lemmy. github.com/LemmyNet/lemmy

30mag, 9 months ago

Thanks

Pat12, 9 months ago

There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.

this doesn’t seem like a respectful comment to make. People have responsibilities; they aren’t paid for this. It doesn’t seem to fair to make criticisms of something when we aren’t doing anything to provide a solution. A better comment would be “there are just 2 full time developers on this project and they have other priorities. we are working on increasing the number of full time developers.”

khannie, 9 months ago

I agree with you, I’d just gently suggest that it’s borne of what is probably significant upset at having to deal with what they’re having to deal with.

TsarVul, 9 months ago

Imagine if you were the owner of a really large computer with CSAM in it. And there is in fact no good way to prevent creeps from putting more into it. And when police come to have a look at your CSAM, you are liable for legal bullshit. Now imagine you had dependents. You would also be well past the point of being respectful.

On that note, the captain db0 has raised an issue on the github repository of LemmyNet, requesting essentially the ability to add middleware that checks the nature of uploaded images (issue #3920 if anyone wants to check). Point being, the ball is squarely in their court now.

postmateDumbass, 9 months ago

I think the FBI or eqivilant keeps a record of hashes for a known CASM and middleware should be able to compare to that. Hopefully, if a match is found, kill the post and forward all info on to LE.

malloc, 9 months ago

Interesting. But aren’t hashes unique to a specific photo? Just a single change to the photo would inevitably change its hash.

I think Apple was going to implement a similar system and deploy to all iPhones/Macs in some iOS/macOS update. However was eventually 86’d due to privacy concerns from many people and the possible for abuse and/or false positives.

A system like this might work on a small scale though as part of moderating tools. Not sure where you would get a constantly updated database of CSAM hashes though.

AeonFelis, 9 months ago

Interesting. But aren’t hashes unique to a specific photo? Just a single change to the photo would inevitably change its hash.

Most people are lazy and stupid, so maybe hash checking is enough to catch a huge portion (probably more than 50%, maybe even 80% or 90%?) of the CSAM that doesn’t bother (or know how) to do that?

TechnoBabble, 9 months ago

I’m almost positive they’ve been developing an image recognition AI that will make slightly altering csam photos obsolete.

Here’s hoping.

dipshit, 9 months ago

A hash would change if even one bit changed in that file. This could be from corruption, automated resizing by any photo processing tools (i.e., most sites will resize photos if you give them one too big), saving a lossy file time again (adding more jpg), etc… This is why there aren’t many automated tools for this detection. Sites that have tried by using skin tones in a photo have failed spectacularly.

I’ve never heard of this FBI middleware. Does anyone have the link to this? I’d like to understand what tools are available to combat this as I’ve been considering starting my own instance for some time now.

postmateDumbass, 9 months ago

In my utopia world, the FBI has a team updating the DB.

The utopia algorithim would do multiple subsets of the picture so cropping or watermarking wouldn’t break the test (assume the ‘crux’ of the CSAM would be most likely unaltered?) , maybe handle simple image transformations (color, tint, gamma, etc.) with a formula.

reev, 9 months ago

What you’re talking about is digital (aka forensic) watermarking.

MsPenguinette, 9 months ago

IMO scanning images before posting them to a forum is a distinct and utterly completely different world than having your photo collection scanned. Especially in context and scale

snowe, 9 months ago

You can already protect your instance using CloudFlare’s CSAM protection, and sorry to say it, but I would not use db0’s solution. It is more likely to get you in trouble than help you out. I posted about it in their initial thread, but they are not warning people about actual legal requirements that are required in many places and their script can get you put in jail (yes, put in jail for deleting CSAM).

TsarVul, 9 months ago

The developers of LemmyNet are being asked for the ability to define a subroutine by which uploaded images are to be preprocessed and denied or passed thereafter. There is no such feature right now. Even if they wanted to use CloudFlare CSAM protection, they couldn’t. That’s the entire problem. This preprocessing routine could use Microsoft PhotoDNA and Google CSAI, it could use a self-hosted alternative as db0 desires or it could even be your own custom solution that doesn’t destroy, but stores CSAM on a computer you own and stops it from being posted.

snowe, 9 months ago

Even if they wanted to use CloudFlare CSAM protection, they couldn’t.

? CF’s solution happens at the DNS level. It has absolutely nothing to do with lemmy and there’s nothing the devs could do to change that.

TsarVul, 9 months ago

Yeah I just looked it up. Serving stuff through CF does a check for illicit material. Pretty neat. Be that as it may, the original complaint is that Lemmy is lacking moderation tools. Such a moderation tool would be something that disallows CSAM even being stored in the server in the first place.

Graphine, 9 months ago

I mean, the “other priorities” comment does seem to be in bad taste. But as for the comment on the future of Lemmy, I dunno. I feel like they’re just being realistic. I think the majority of us understand the devs have lives but if things don’t get sorted out soon enough it could impact the future of Lemmy.

Blaze, 9 months ago

we are working on increasing the number of full time developers.

I see where you are coming from, but who is supposed to make this statement, LW admins? Because it’s not their role. And if it’s Lemmy devs, then it shouldn’t be we.

Pat12, 9 months ago

I see where you are coming from, but who is supposed to make this statement, LW admins? Because it’s not their role. And if it’s Lemmy devs, then it shouldn’t be we.

whoever came up with “we should have full time developers” and is managing that team should be the person thinking of how to help the full time developers given the increased responsibilities/work load

ttmrichter, 9 months ago

Are you volunteering?

No?

Then shut up and let the adults talk about how to solve things.

ToxicWaste, 9 months ago

Lemmy is developed open source and the people operating the servers are not the same people writing the source code.

While I do not agree with the salty comment made about an amazing open source project, they corrected it. Maybe this is a great opportunity for people to contribute. Not everyone needs to be a programmer to provide value to a project like this. Sources can be found here: github.com/LemmyNet

Blaze, 9 months ago

They just edited their comment

MoistWanted, 9 months ago

I can’t seem to find the AMA thread from the devs but I remember they said they actually are being paid by some dutch organisation

BuddyTheBeefalo, 9 months ago (edited 9 months ago)

Funded by nlnet.nl

plus ~4400$/month from donations from

opencollective.com/lemmy

www.patreon.com/dessalines

liberapay.com/Lemmy

liberapay.com/dessalines/

liberapay.com/nutomic/

They also take bitcoin, etherium, monero and cardano.

join-lemmy.org/donate

Deftdrummer, 9 months ago

Good bot

HobbitFoot, 9 months ago

No one is paid for this, but moderation is going to become a problem for Lemmy and the volunteers who are admins are going to need support.

Pat12, 9 months ago

No one is paid for this, but moderation is going to become a problem for Lemmy and the volunteers who are admins are going to need support.

yes, that’s what i’m saying. We should acknowledge that we are fortunate to have dedicated volunteer devs and work on helping/supporting them.

HobbitFoot, 9 months ago

We definitely should acknowledge the volunteer devs supporting the platform, but we need to address that there may be issues with the tools for mods as is and we need the paid devs to pull back from only coding and do more design of the architecture that can be filled in by volunteer devs.

DogMuffins, 9 months ago

There are paid devs?

HobbitFoot, 9 months ago

There are donation pages that fund the two devs. They haven’t complained about the funds yet.

DogMuffins, 9 months ago

Oh. Is there any indication of how much they may have actually received via these donation pages?

The vast majority of FOSS projects receive hardly anything in donations - even those with many users.

The term “paid dev” implies a salaried position. I would be astonished if the amount they’ve received is anything like a salary given the time requirements.

can, 9 months ago

The do get a certain amount from a foundation each time they reach a certain milestone. Perhaps those milestones need to be adjusted.

TacoButtPlug, 9 months ago

Wish I was a dev. I’d jump in to help so fast.

Whitehat93875, 9 months ago

Maybe you could start with making pull-requests to help and maybe also writting them an application on Matrix. I’m not being snarky just pointing out that it’s easier to help than you might think.

TacoButtPlug, 9 months ago

I have no idea what a pull request or matrix is but I’ll start reading about them.

Whitehat93875, 9 months ago

Matrix is a secure chat protocol used by the Devs to message eachother.

A pull request is a way of proposing and contributing code on git-based platforms like github, gitlab, and codeberg.

TacoButtPlug, 9 months ago

Yea, thank you. I found the github list but yea… guess it’s a good time to learn!

lagomorphlecture, 9 months ago

I think taco butt plug meant that they aren’t a developer, like at all, so can’t help with coding or PRs or anything.

Whitehat93875, 9 months ago

Fair enough.

lemann, 9 months ago

I’m a dev but i’m in no way familiar with Rust (or more importantly, the code structure).

Very early on I also had a look at the codebase for their join-lemmy.org site to see if I could contibute some UX changes to make it less text-heavy, but the framework they use for the UI is something I’m not familiar with either.

Perhaps they’re both things to revisit when I have more spare time…

sab, 9 months ago (edited 9 months ago)

You don’t become a developer by wishing. Here’s a tutorial if you want to learn

(edit: Rust, not Go)

TacoButtPlug, 9 months ago

Thank you!!!

GivingEuropeASpook, 9 months ago

Thing is, if this continues to be a problem and if the userbase/admins of instances are organised, we can shift those priorities. They may not have envisioned this being a problem with the work they decided to work on for the next several months. Truly, the solution is to get more developers involved so that more can happen at once.

danielton, 9 months ago

Seriously. We need to cut them some slack because nobody expected Reddit to go full Elon in May.

GivingEuropeASpook, 9 months ago

Exactly, and Mastodon had been kinda gunning for Twitter for years before Elon went full Elon, so they were primed for the influx. Lemmy I think expected to have years to go before it’s userbase would similarly skyrocket.

danielton, 9 months ago

Yeah, Reddit was famously open to third party developers for 15 years or so, and now they and their bootlickers are claiming they didn’t know that there were third party apps using the API to browse the whole site.

Even the Apollo dev said nothing but good things about Reddit because they were very transparent with him until they decided to paywall the API. Nobody saw this coming.

antonim, 9 months ago (edited 9 months ago)

People have responsibilities

Exactly - when you create a site, you have a responsibility to make sure it’s not used to distribute child porn.

Pat12, 9 months ago

Exactly - when you create a site, you have a responsibility to make sure it’s not used to distribute child porn.

1 6

Body

Cancel Preview Reply

That burden should not rest on 2 people.

antonim, 9 months ago

Then the logical conclusion is that the 2 people should find some other people to share the burden.

I really don’t see how my statement is controversial. This is sadly how the internet works, regardless of how much or how little you can invest into your site - you need mechanisms to fight off against such spam and malice.

dipshit, 9 months ago

DEVELOPERS produce a software to help people post images and text online. Nothing bad about that.

ADMINS install the developers software on a server and run it as an instance.

MODS (if any exist besides the admin) moderate the instance to keep illegal content off the site.

USERS may choose to use the software to post CSAM.

None of these groups of people have paid for or are getting paid for their time. USERS generally don’t take much legal risk for what’s posted, as instance owners don’t ask for personally identifiable information from users.

Sites like reddit, although we all hate it, do make a profit, and some of that profit is used to pay “trust and safety” teams who are paid (generally not very well, usually in underdeveloped or developing countries) to wade through thousands of pictures of CSAM, SA, DV/IPV and other violent material, taking it down as it gets posted to facebook, reddit, other major online properties.

—-

Developers, admins and mods are generally doing this in their free time. Not sure how many people realize this but developers, admins and mods are also people who need to eat - developers have a skill of developing software, so many open source devs are also employed and contribute to open source in their off time. Admins may be existing sysadmins at companies but admin lemmy instances in their off time. Mods do it to protect the community and the instance itself.

USERS can be a bit self-important at times. We get it, you all generate the content on this site. Some content isn’t just unwanted though, it’s illegal and if not responded to quickly could mean not only a shutdown instance but also possible jailtime for admins, who ultimately will be the ones who are running a “reddit-like site” or “a haven for child porn”.

nobleshift, 9 months ago

deleted_by_author

khannie, 9 months ago

Ultimately this is what it boils down to. This needs proper resourcing. That’s what’s being attacked.

If, as a group, we pay with skills, time or money then this problem is solvable.

nobleshift, 9 months ago

deleted_by_author

khannie, 9 months ago

Agreed

mo_lave, 9 months ago

It’s one of the few things Reddit handles the situation better by being a centralized entity with a dedicated workforce filtering out these content. It’s a shame it has to be this way, but I understand why it has to be done.

seitanic, 9 months ago

So, Mastodon has this same problem?

mo_lave, 9 months ago

I don’t use it, so I can’t answer that.

dantheclamman, 9 months ago

There have been issues in the larger instances with slow or unresponsive moderation, leading to occasional bursts of bot activity

Yttra, 9 months ago

Pretty sure it does, actually

mongooseofrevenge, 9 months ago

Pretty much. I recently had my mastodon feed spammed with racist, homophobic, and gore-filled posts just because they would post with a list of unrelated hashtags. You could keep blocking the poster or the instance but they would pop back up from another instance or with another account. It eventually stopped but I’m sure it’ll happen again. You’re apparently able to filter out certain offensive terms with a filter but I think you have to manually enter the terms yourself.

PeleSpirit, 9 months ago

Twitter had that problem in the beginning, people forget that. I’ve seen some shitty stuff on Reddit as well and reported it, it’s a problem everywhere.

ttmrichter, 9 months ago

Yep. It’s why I curate my feed very carefully and am very quick with the “block” button.

Kecessa, 9 months ago

Someone has never heard of /r/jailbait

CoderKat, 9 months ago

That’s because Reddit chose to leave it up until the media reported on it, though.

That said, it’s really hard to protect against a dedicated, targeted attack. Eg, stuff like captchas can make it harder to create accounts, but think about how fast you could make accounts manually if you wanted to. You don’t need thousands of accounts to cause mayhem. Even a few dozen can cause serious problems. I think a lot of the internet depends on the general good will of most users. Plus the threat of legal action if they get caught (but that basically requires depending on police and we know police aren’t dependable).

One thing Reddit had that I’m not sure Lemmy does (never heard mentions of it) is the option to require all posts and comments to be approved by a mod before it’s visible. That might even have just been an automod thing combined with how Reddit let admins hide and unhide comments. But even if they were to use that, it’s not fair for volunteer mode to have to deal with that. It’s also sooo much work. You can’t just approve posts, cause attackers will use comments. And you have to approve edits or attackers will post something innocent and then edit it to be malicious. And even without an edit, they can link to an image and then change the file itself to a different one (checksums could prevent that, but it’s more work and it’s a constant battle against malice).

victron, 9 months ago

I mean, that’s reddit prehistory at this point.

favrion, 9 months ago

deleted_by_moderator

TheMadnessKing, 9 months ago

I do think if the platform needs to grow more, we need more full time devs working on it and building it up to par. Good time to start funding campaign for Lemmy

SubArcticTundra, 9 months ago

They actually are (were?) already funded by NLNet
nlnet.nl/project/Lemmy/

krayj, 9 months ago

How does closing lemmyshitpost do anything to solve the issue? Isn’t it a foregone conclusion that the offenders would just start targeting other communities or was there something unique about lemmyshitpost that made it more susceptible?

Whitehat93875, 9 months ago

They also changed the account sign ups to be application only so people can’t create accounts without being approved.

Cabrio, 9 months ago

It stops their instance hosting CSAM and removes their legal liability to deal with something they don’t have the capacity to at this point in time.

How would you respond to having someone else forcibly load up your pc with child porn over the Internet? Would you take it offline?

krayj, 9 months ago (edited 9 months ago)

How would you respond to having someone else forcibly load up your pc with child porn over the Internet? Would you take it offline?

But that’s not what happened. They didn’t take the server offline. They banned a community. If some remote person had access to my pc and they were loading it up with child porn, I would not expect that deleting the folder would fix the problem. So I don’t understand what your analogy is trying to accomplish because it’s faulty.

Also, I think you are confusing my question as some kind of disapproval. It isn’t. If closing a community solves the problem then I fully support the admin team actions.

I’m just questioning whether that really solves the problem or not. It was a community created on Lemmy.world, not some other instance. So if the perpetrators were capable of posting to it, they are capable of posting to any community on lemmy.world. You get that, yeah?

My question is just a request for clarification. How does shutting down 1 community stop the perpetrators from posting the same stuff to other communities?

Cabrio, 9 months ago

It’s not meant to solve the problem, it’s meant to limit liability.

krayj, 9 months ago

How does it limit liability when they could continue posting that content to any/every other community on lemmy.world?

Cabrio, 9 months ago (edited 9 months ago)

But it does remove the immediate issue of CSAM coming from shitpost so world isn’t hosting that content.

Double_A, 9 months ago

Shitpost is not the only community on World Ffs!

stealthnerd, 9 months ago

They’re taking a whack-a-mole approach for sure but it’s either that or shut the whole instance down. I imagine their hope is that either the bad guys give up/lose interest or that it buys them some time.

Either way, it shows they are taking action which ultimately should help limit their liability.

Ghostalmedia, 9 months ago

Fact of the matter is that these mods are not lawyers, and even if they were not liable, they would not have the means to fight this in court if someone falsely, or legitimately, claimed they were liable. They’re hobbits with day jobs.

I also mod a few large communities here, and if I’m ever in that boat, I would also jump. I have other shit to do, and I don’t have the time or energy to fight trolls like that.

If this was Reddit, I’d let all the paid admins, legal, PR, SysOps, engineers and UX folks figure it out. But this isn’t Reddit. It’s all on the hobbyist mods to figure it out. Many are not going to have the energy to put up with it.

Ghostalmedia, 9 months ago

It doesn’t solve the bigger moderation problem, but it solves the immediate issue for the mods who don’t want to go to jail for modding a community hosting CSM.

krayj, 9 months ago

Doesn’t that send a clear message to the perpetrators that they can cause any community to be shut down and killed and all they have to do is post CSAM to it? What makes you or anyone else think that, upon seeing that lemmyshitpost is gone, that the perpetrators will all just quit. Was lemmyshitpost the only community they were able to post in?

Ghostalmedia, 9 months ago

Yup. The perpetrators win.

If you were in their shoes, would you want to risk going to jail for kiddy porn, risk having your name associated with CSM online, or drain your personal savings account to fight these folks?

These mods are not protected by a well funded private legal team. This isn’t Reddit.

krayj, 9 months ago

You don’t have to explain how liability works. I get it. What I don’t get is how removing that specific community is going to limit their liability when the perpetrators will just target a different community.

Whitehat93875, 9 months ago

Sign-ups are manual approval applications, no more automated sign-ups from them, if they have existing accounts and target another community it’ll be closed as well and those accounts banned, there isn’t a stream of new accounts though because all accounts going forward need to be manually approved.

ttmrichter, 9 months ago

One of the ways you avoid liability is you show that you’re actively taking measures to prevent illegal content.

MsPenguinette, 9 months ago

The perps are taking a big risk as well. Finding and uploading csam means being in possession of it. So we can at least take solace in knowing it’s not a tool that just anyone wiill use to take down a community.

Uploading to websites counts as distribution. The authorities will actually care about this. It’s not just some small thing that is technically a crime. It’s big time crime being used for skme thing petty.

So while the perp might win in the short term, they are risking their lives using this tactic. I’m not terribly worried about it becoming a common tactic

I’d anything, if I were the one doing this, I’d be worried that I might be pissing off the wrong group of people. If they keep at it and become a bigger problem, everyone is going to be looking for them. And then that person is going to big boy prison.

krayj, 9 months ago

That is a great point. I don’t know if the admin team are proactively reporting that activity to law enforcement, but I hope they are.

prettydarknwild, 9 months ago

wtf did just happened

jarfil, 9 months ago

What happened is I came to like 20 answers to comments in “post not found” conversations. Where am I supposed to shitcomment now? 🤬

SubArcticTundra, 9 months ago

Just post to [email protected]

prettydarknwild, 9 months ago

Talking seriously, if the scenario that im thinking happened, im so happy that i wasnt around when hell broke loose. I really dont like the idea of watching cp by surprise and having my browser’s cache filled up with that shit, i also dont like the idea of my ISP noticing it

jarfil, 9 months ago

True. I don’t know when it started, think I checked a post this morning, and it was throwing an error for a jpeg I know was fine yesterday. Wonder whether that was part of the countermeasures, or if the attackers were trying to overload LW’s pictrs storage… or if there is some bug involved.

I can think of a pretty catastrophic scenario if ALL images served by LW could be replaced by CSAM. 😬