Current spam/attacks of explicit, illegal images (CSAM) posted from various Lemmy instances - How does Reddthat react to it?
Current spam/attacks of explicit, illegal images (CSAM) posted from various Lemmy instances - How does Reddthat react to it?
It seems like, luckily, Reddthat wasn't a victim of such (yet), but I think there should be some precaution applied here as well.
What is it about?
- Temporary Changes to our Sign-Up Policy (on Lemmy.world)
- Lemmyshitpost community closed until further notice (on Lemmy.world)
- Image uploads are now disabled on lemm.ee due to malicious users (on Lemm.ee)
- lemm.ee plans for mitigating image upload abuse (on Lemm.ee)
- (and more...)
I am worried of such happening on our instance. Is anything planned?
You're viewing a single thread.
I won't be taking such drastic measures regarding the signup policy. I'll be going straight to reporting to the authorities. https://www.accce.gov.au/report . With all logs, ips, user agents, usernames & emails.
I do not tolerate child exploitation.
Reddthat is currently a one person show on the admin side of things, that doesn't mean that only I deal with content. All of the wonderful moderators also help out here dealing with reports in their own communities.
These people (the posters) have gone out of their way to cause a ruccus, and I'm sure they are feeding off all these stories. We won't be closing our user signups or moving to an application process unless it becomes completely horrendous with bot attacks.
The application processes can be "gamed". They could create an account and sit on it or even wait 30days and then flood it with csam. There is no way for me to tell if a user has good or bad intentions unless I make people write a paragraph of text, even then it can easily be gamed.
Even lemmyworld has had other troll account issues. Ban a person, they signup again with another random email account and start spamming again. The features for anti-spam are not built into Lemmy like they are with Reddit. It's only been 90days since I bought reddthat.com and less than 60 since we had a huge influx.What the other server admins have done will not change the fact that out of the 1000 servers with open signups, federation of posts is still an issue and actually won't "save" them from having to deal with it. Sure it won't be because of a user on their instance, it will just be a user from another instance posting content to their instance.
The only way to combat this problem with a 100% success is to federate with known good instances via a whitelist instead of only blocking instances.
Which then breeds silos, with not many ways for any new instance to join the big closed off federated ones. This I'm not a fan of.
It ends up being we are all behest to the lowest common denominator of instance and their "security" for lack of a better word.In saying all this, I will gladly disable signups if it takes anymore time out of my day than what it is currently taking. My family comes first. (Even writing this post took too long π )
Thank you for the insights and your opinion / decisions on this topic. Very much appreciated, especially by being so detailed.
I particularly looked for an instance which is open and doesn't start restricting users (e.g. disabling image uploads) if anything happens, instead trust all moderators which invest a huge lot of time to keep communities safe and a nice place, even if not on this instance and only act when actually needed.
I agree with most you wrote about, sadly though such reports usually end up with no outcome since those (truly awful) trolls use TOR, VPN or any other available tool to hide their identity / IP from the public. Being an admin and moderator of several communities myself, I know this struggle. Luckily, on Lemmy there's way more freedom / possibilities than on other managed platforms like Reddit or Discord.
Do you believe it might make sense to consider disabling local image caching (e.g. thumbnails coming from other instances) on your server or use any of the available tools to scan images for possible CSAM content and delete such cached content if this gets worse?
Out of interest, slightly related to this topic, how will you handle other instances possibly blocking Reddthat if ever any spambot attacks happen? Is there a strategy behind this, or will you simply act case by case if such ever happens?
My family comes first.
Absolutely, family and friends come first, especially for projects like this which isn't your job / main income (if any ever from this project).
Thanks for your explanation and nice words for Reddthat.
Disabling local image cache results in a terrible experience especially with super big instances who are overloaded. While we may end up storing content from other services there is a timed purge feature where images are removed after x days. So I'm not worried about that.
Because once we remove the reported post we would no longer be serving the images because no-one would get the images.
We will take reasonable steps to ensure that all illegal content is removed from the platform in a timely manner. Such as actioning reports from users as soon as possible. There isn't really any other way.
I doubt it will get worse as they have already got what they wanted. A huge reaction.
On the lighter note of us blocking instances we've already covered that here: https://reddthat.com/comment/371578
Basically if other instances block us for a reason I'm sure after reaching out and talking about it those instances will unblock us. Once we have sorted out the reason. No one wants to block other instances and it usually comes as a last resort. It amounts to we will deal with it when it comes to it.Monetary wise I want to eventually get some money from reddthat but currently we are just above breaking even with donations and hosting costs but I don't want to just start taking money from the hard won donations.
Cheers!
TiffPermanently Deleted
You can donate to Reddthat via our open collective here: https://opencollective.com/reddthat
Currently I'm not taking non-reddthat (personal) donations. I may in the future but I do not want to confuse the two. Even having a "support Lemmy" link I'm pretty sure has lost Reddthat donations. But I haven't gone out of my way to fix it because it ends up helping all of Lemmy instances.
Thanks for even considering it.
PS. Make sure you read the sidebar on the homepage. It also links to our funding post where I outline what the money is for.
Iβll be going straight to reporting to the authorities. https://www.accce.gov.au/report . With all logs, ips, user agents, usernames & emails.
Such a brave Aussie keyboard warrior wow! I'm impressed, @ticoombs@reddthat.com.
As an European citizen protected by the GDPR, I formally request a copy of all my data that reddthat.com stores. I want to see all the logs you keep on me, including but not just the "ips, user agents, usernames & emails". You have 30 days. Good luck!
Hi there,
I do not believe you are acting in good faith and I do not believe you are a European citizen.
Please provide your identification so I can verify the validity of your GDPR request.
As such any delay in providing verification will extend the timeframe in response.
Cheers.
Edit: Also, why are you insulting me as well? Do you have something against me? Or so you believe that I have some deep seated grudge against you? A person with 2 comments.
I outlined my concerns and what I would do if we were attacked with csam. To be attacked because I outline a plan doesn't seem like a nice thing to do.
If this turns out to a legal gdpr request you will probably end up hurting Reddthat more than helping. As most likely I will have to be contacting a lawyer and as such our current funding will be reduced to next to nothing as lawyers are not cheap.
For a person who has 2 comments, with the second being the antagonist gdpr request...
Either way I look forward to your identity proof so that I can ensure I give the right information to the right person.
I do not believe you are a European citizen
What you believe is irelevant, my citizenship is not based on your beliefs but rather on the country that gives me a national ID.
Please provide your identification so I can verify the validity of your GDPR request.
You have the IP address from which I'm connecting to reddthat.com, right? It's in the logs that you would send to da police if I post kiddy porn. Check it, and you'll see I'm from Europe - that's all the information you need. In my country it's also illegal to require a national ID unless you're part of the police force, which I doubt you are - should I make a complaint to my local guys in blue, and then they'll forward the complaint to your local guys that will check if you're part of their team?
A person with 2 comments.
Well then fucking read them if there are only 2. Maybe that would refresh your memory on who I am.
I outlined my concerns and what I would do if we were attacked with csam. To be attacked because I outline a plan doesnβt seem like a nice thing to do.
I'm not attacking you for having a plan, I'm attacking you for having an unrealistic fantasy.
https://github.com/LemmyNet/lemmy/issues/3920#issuecomment-1701275085
https://github.com/LemmyNet/lemmy/issues/2977#issuecomment-1587108533
There are more of these gems spread out over Github and AMAs from the 2 blessed Lemmy devs. The point is they don't give a fuck about helping admins with real world issues. You're not active on Matrix on all the Lemmy related rooms; I suggest you join them now and go through all history, at least 2 months back. You're in for a rude awakening, and the realization that there is no plan.
If this turns out to a legal gdpr request you will probably end up hurting Reddthat more than helping. As most likely I will have to be contacting a lawyer and as such our current funding will be reduced to next to nothing as lawyers are not cheap.
That's the point, kiwi. Lemmy devs give 0 resources for this kind of actual, real world issues. If you're going in the red by one person asking for GDPR data, you're going bankrupt when someone will post pizza on reddthat. What do you think, that if you notify the police, they will clap, pat you on your shoulder and put a picture of you on their wall of most awesome citizens?
Either way I look forward to your identity proof so that I can ensure I give the right information to the right person.
Oh boy, so you want to store information that would identify me in real world? Are you REALLY sure you want to go that route?