1y ago

LemmyWorld forced to close shitposting community due to CSAM spammers

lemmy.world Lemmyshitpost community closed until further notice - Lemmy.world

Hello everyone, We unfortunately have to close the !lemmyshitpost community for the time being. We have been fighting the CSAM (Child Sexual Assault Material) posts all day but there is nothing we can do because they will just post from another instance since we changed our registration policy. We k...

They also shut down registration

Whoever is spamming CP deserves the woodchipper

143 comments

The fact that some of you are putting the blame on instance owners/moderators is just showing that you have about the same amount of brain rot as the people actually posting this vile trash
- Right. This is a community effort, and it's important we support our instances and figure out how to best keep them safe.
- Honestly, my first thoughts were that reddit had probably funded some blackhats to sabotage shit because they're still salty. Then, they could have it reported.
  
  Honestly dude if you believe this is true you should speak with a therapist.
  
  Go outside and touch the very first grass you see
  
  Ignore these people telling you that you're being too paranoid. I assumed the same about the series of DDoS attacks that lemmy.world experienced in the last few months. Reddit admins trying to undercut lemmy's growing popularity "by any means necessary" is perfectly logical. DDoS followed by content attacks even follows Reddit's own struggles over the years.

These comments so far stink, yall are something else.
- OK, I am going to take a minute away from the shit stirring and potentially provide some insight speaking as an admin who's had the misfortune of dealing with this so I can maybe shift this comment section into an actually meaningful discussion.
  You can have your own opinion and feelings against lemmy.world but, this?
  The only thing that could have prevented this is better moderation tools. And while a lot of the instance admins have been asking for this, it doesn’t seem to be on the developers roadmap for the time being. There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.
  This is correct. Most lemmy admins likely agree as well, I don't speak for anyone but myself but I can say that I think it would be hard to find someone who disagreed. What happened today is a result of a catastrophic failure on lemmys end, with issues that should have been addressed over a month ago just being completely ignored. The lemmy devs shared a roadmap during their AMA & they essentially were more concerned with making shit go faster... that's about it.
  
  Okay, honest question. What mod tools are lacking. If there's something needed, what is that thing or things?
  I went over to the feature request page for Lemmy and I couldn't find anything massive in terms of requests for moderation tools that would have been sure fire ways to stop this particular event.
  That said, there is over 400 open feature requests alone on Lemmy's github. I obviously couldn't go through every single one. But coming from the kbin side I'm just curious about our Lemmy brothers and sisters. It sounds dire and I'm woefully under informed on how bad it is.
  
  As an admin, how do kbin moderation tools compare?
  Also does lemmy.world have the spare cash to offer cash for features?
  
  I don't know this for sure, but I have a feeling that a hard fork is in Lemmy's future. I don't want to get super into it, but programming is a form of communication. What features you bake into a platform are reflective of the messages you want to propogate on that platform. Lemmy's devs vision for what the platform should be might not be reflective of what most of us might think it should be. The moderation tools might not be a focus for a while, even if most of us view that as the greatest need
  
  It was worded a harshly but I'm happy to see you jump in here @gabe@literature.cafe <3
  To users this might seem like it came out of the blue but instance admins know this is has been a big issue for months. The "roadmap" they shared was indeed, optimize the database queries to make things go brrrr, get more funding and update join-lemmy.org
  
  Got a link to this AMA? Couldn't find it.
  I agree with @Cube6392@beehaw.org, if modtools (one of the reasons for Reddit API protests in the first place) aren't being prioritized, a hard fork of Lemmy will be inevitable. I know the Lemmy devs are known for being strangely hardheaded about certain issues.

Looks like some CSAM fuzzy hashing would go a long way to catch someone trying to submit that kind of content if each uploaded image is scanned.
https://blog.cloudflare.com/the-csam-scanning-tool/
Not saying to go with CloudFlare (just showing how the detection works overall), but some kind of builtin detection system coded into Lemmy that grabs an updated hash table periodically
- Not a bad idea, but I was working on a project once that would support user uploaded images and looked into PhotoDNA, but it was an incredible pain in the ass to get access to. I'm surprised that someone hasn't realized that this should just be free and available. Kind of gross that it is put behind an application/paywall, imo. They're just hashes and a library to generate the hashes. Why shouldn't that just be open source and available through the NCMEC?
- Works only if your server is hosted in the US

Is there not some way to involve the authorities? I feel like FBI/CIA or other foreign agencies would love to track down whoever is distributing. Like set up some sort of honeypot instance to catch them
- They probably connect using tor. Not much you can do with that information (without effort far exceeding the value of one CP spammer).
  
  Doesn't the NSA run half of all Tor exit nodes?

I'm a bit confused, how does locking down a single community help?
Are the spammers really just focusing on one community instead of switching to the next after it gets banned?
I do hope there is an IP ban option, so someone can't just use the same IP again to create an account on another instance and post CSAM from there. Obviously I do know about VPNs, but it makes it a tiny bit more difficult to spam in large amounts.
- Most people don't have static IP addresses, so banning their IP will only stop them temporarily. Then whoever gets that dynamic IP address next will be banned too. Then there's CGNAT where 1 IP address can have up to 128 people using it at once and the address changes even more frequently.
  
  We're talking about temporary bans here, which do work against spam. Private users do have dynamic IPs, but at home I think I've had the same IP for years. They don't wildly switch them around.
  On second thought the IP is probably not federated though, so if there isn't a common IP block list which instances subscribe to it won't work.
  
  What about IP + MAC Address?

Is it that hard to not be completely retarded and innapropriate on the internet for these people? Only "viable" alternative to reddit and they have to fuck it up
- I'd assume that fucking it up is the goal. Some people are just irredeemable sociopaths who get satisfaction out of ruining other people's days.
- Those doing this want Lemmy to fail
  
  And I think its just some disgruntled online user who doesn't like when people are happy rather than some corpo entity. I've seen some people saying Reddit did this. I'm more likely to believe a user of a widely defederated instance that's shutting down because everyone defederated them is responsible, or a zealous fediverse user that refuses to touch Lemmy because of who the devs are and thinks theyre doing the world a favor by keeping anyone else from enjoying it

While I understand the move entirely I can't help but wonder if that might have been the intent of the perpetrators.
- Definitely was. It was just a flex of their power. I don't see any viable solution at the moment though, so going nuclear was the only sane option. When your options are to close a door versus playing an increasingly difficult game of cat and mouse w/ CP posters, most would opt to temporarily shutter their doors I feel.
  What is worrying is that any community on lemmy on any instance is vulnerable to this type of attack. This will continue happening again and again until a clear solution, technical or otherwise, can be devised.
  I gave my loyalty to Lemmy. I am not going to jump shit because some deranged lunatics decide to troll in the most abhorrent ways. I plan on donating to the project in show of support and I hope others do as well.
  
  Honestly, I think it was destined to happen one way or another because of an open-signups server getting so big. The burggit/vlemmy debacle was the warning shot.
  It should jump-start overdue efforts to improve moderation granularity and make it easier for mods to manage users and content.
  
  I gave my loyalty to Lemmy
  This is a weird way to think about a service. You're not a serf or lord. If the things tanks tomorrow I'm not losing sleep over it.

One solution, perhaps, is if Lemmy users were better able to overcome the inertia of moving Communities, Instances, accounts, etc. Essentially to be a moving target for anyone who might want to cause harm. DDoSing lemmy.world? Okay, but we're all on lemmy2.world now. Spamming a Community? Oh, you mean that one we all left?
I'm not criticizing others, because I'm as guilty of it any anyone, but it might be better if we realized that our usernames are meaningless, there's no Karma, our comment histories are full of ephemeral observations with only a very specific relevance. It wouldn't really matter if - worst case scenario - everything was deleted. I realise this wouldn't sound acceptable to new users, but since many of us on instances run by one person as a hobby, that might happen anyway.
(As I was typing this, someone just replied to a 17 days old comment I made, so maybe this is all rubbish)
- Hey, good to see you as usual.
  The issue here is more than illegal content gets propagated to every instance, so moving around doesn't help that much in that regard, the issue would remain.
  
  You too, of course.
  But, no, it does nothing for after something like this that has already happened. It was just more of a pie-in-the-sky solution to it ever happening in the first place.

After reading this thread, I think we need fediverselorelore

What is csam? I don't want to Google it.

i already filter shitposting coms. all the better

rise of uselessserver093? confirmed

Shit posting needs to die anyway. Only thing that should be allowed on the internet is knowledge and education. Throw out the corporations too.
- How will you enforce this new "no unapproved fun" policy? I think "Only knowledge and education" is a dangerous precedent to set, and we should strive for freedom of expression. And I mean real freedom of expression, not the "mandatory audience" version of freedom of expression the freeze peach folks want, I mean actual honest to goodness freedom of expression with freedom of association, including "We no longer wish to associate with you."
  Part of that is that we all must be respectful of the bodily and personal autonomy of all people, which requires moderation of content that does not respect bodily and personal autonomy.
  In conclusion:
  shitposting, fine
  CSAM, deplorable
- That sounds very extreme. I like humor, but not the trolling type. In my time we used to say "don't feed the trolls". When ignored they mostly go away. Nowadays there's always someone arguing with them. It's so stupid...
  
  How is education trolling? You do know the internet was made for communication and education until corporations took it over?

The only thing that could have prevented this is better moderation tools. And while a lot of the instance admins have been asking for this, it doesn’t seem to be on the developers roadmap for the time being. There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.
God, lemmy.world admins are something else
- I mean, they are correct and a majority of other lemmy admins would agree with that statement.
  
  They are correct, but I wanted to address the attitude towards the people doing basically free work.
  https://lemm.ee/comment/2872722
- Why?
  
  Because Lemmy is free and provided as is, nobody is obligated to do shit.
  It would have been different if they simply pointed this out, but they specifically aimed this at the two people doing a ton of work for free making it available for everyone. That's simply rude and ungrateful, in my opinion.

Lemmy.world is the worst, sucks to suck.
- You’re free to go back to Reddit where that type of thinking belongs. Otherwise- shush. No one cares about your shit attitude.
  
  Why the fuck would you suggest Reddit as an alternative to lemmy.world?? You realise the whole point of Lemmy is that you can just switch instances. I agree that lemmy.world sucks ass. Constant network issues and blocking piracy communities. Plus most of these problems stem from the fact that so many people are on the same instance. I'm glad they closed registration, it will force people to spread out.
  
  Or a different instance? He’s right tho, all the content I’ve seen from lemmy.world is trying to be edgy. Speaking of attitudes and kettles..
  
  I see this similar to people that want change in politics.
  Person: Biden could do this and that
  You: Yeah, well you can go vote for Trump with that kind of thinking.
  Instead of trying to change their minds you just tell them to f-off.
  Well, more trump votes will help the blues lose faster, but the republicans will get more power...
  
  Sorry to disrupt your echo chamber, you toxic arrogant blowhard.
- I'm so happy to have been the 💯th to give him his downvote

143 comments