Thanks goddamn, WTF is wrong with people?
this post was submitted on 04 Feb 2024
237 points (99.2% liked)
Ask Lemmy
27234 readers
1333 users here now
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected].
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try [email protected] or [email protected]
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
founded 2 years ago
MODERATORS
Wtf, disgusting
Most [email protected] questions are better fit for [email protected] anyways.
load more comments
(1 replies)
Thank you for your work on it
I suggest limiting new accounts from uploading photos for 3 days, to prevent abuse.
3 days should be enough to make most people think twice before doing something so stupid, harmful and illegal. Most users don't upload photos right as they sign up anyway so this effect to legitimate use should be negligible.
Sweet summer child.
that doesn't do anything, they'll just register accounts in advance and wait some days.
we've even had spam recently from accounts that had been dormant for months, although it was a different kind of spam.
load more comments
(2 replies)
Doesn't lemmy allow the communities to only allow text as posts? Could be a future feature
I feel like this is an underrated idea. Resonates with the whole thing of making a subset of the internet simpler and just like documents, as with the simpler protocols like Gemini etc.
That would still allow links to be posted. Better than allowing image posts, but not a complete solution.
It prevents concerns about hosting CSAM posted by someone else. A categorical improvement I’d say. But yes, nothing’s perfect.
load more comments
(5 replies)
CSAM? What is CSAM? Is it a rewrite of "scam"?
Googles...
Oh no. Oh no no no. Why are people so fucking shit?
You don't want to know, holy shit....
Sometimes, when it's too hard to be better and it's easier to be worse, people choose to be worse just to feel different than what they are.
load more comments
(1 replies)
Well... it seems there's some issue with post removal federation. There's still 2 posts visible from my home instance.
And now it's definitely cached on our instance. And every other instance with pict-rs enabled.
This is what makes me scared of self hosting an instance. I would basically be hosting it. And I would be responsible for such content.
Might be worth mentioning on [email protected]
Ok, this is interesting. There was one just posted to [email protected], but it got removed from my instance as well.
The account looks deleted from lemm.ee, not found on lemmy.world, banned on lemmy.ml, and empty on lemmy.dbzer0.com.
Perhaps it's account deletion that doesn't federate properly.
account deletion does not federate in general, only banning (+ content removal) does
i don't think that's going to be very effective. i havent seen any of this but it sounds like a sybil attack. asklemmy isn't the only vector. lemmy.world is going to need to do something, possibly drastic.
It's not even just lemmy.world, the same user is reposting to ask lemmy on lemmy.ml now.
Is there a way AskLemmy and other major communities could prevent new users from making posts in the future?
Like an account has to be over a month old to post for example. Maybe that could help prevent these kinds of disgusting attacks
I don't know if Lemmy has a moderator tool available that could do something like that though.
i thought dbzer0 already had a tool for this
Preventing any posting in general might be a bit too restrictive IMO. However I think new users, or users using VPNs probably should not be allowed to post images in general so freely.
I believe lemm.ee has a minimum account age limit before users can upload directly to the instance, and dbzer0 scans all user uploaded images for anything that could be questionable.
Perhaps there should be additional restrictions on stuff linking to images outside of lemmy? I blocked the domain within moments of it appearing on my feed, absolutely disgusting
You'd have to generate a blacklist and maintain it, but also avoid bad faith mods and admins
I don't quite like that idea. It's something I really hated on Reddit. It just discourages new people from joining. Besides, you could self host an instance with accounts claiming to be made in 1970.
What about new users and new instances requiring manual approval for posts?
Are new instances automatically federated? If not, then it seems like making an instance, then hosting content enough to be federated, would be an awful waste of time and money, as I'd expect an instance like that would be quickly defederated.
Somewhat. All the communities have to be looked up manually by users, and followed to continue federating the content into that instance.
But for this purpose the answer is yes. At least as far as I know, you can immediately start posting to other instances. Otherwise private instances would be of no use.
Unfortunately there aren't many great options right now. No one likes it, but people posting CSAM are the ones to blame there. They quite literally ruin it for everyone because they're butthurt about something happening they didn't like
Do we know what they are butthurt about? There is never an excuse for what they are doing, but I’m curious what happened to set it off if a reason I known
Nope, they're too cowardly to use their actual accounts and are making them anonymously. All we know is that rather than being mature about a mod action and simply leaving and creating an account elsewhere they decided to do this.
Gotcha. Thanks.
Good point. I didn't think about how easy that would be to fake.
That said I would still prefer it to some subreddit's cryptic karma requirements. If it worked I mean.
And here's the spot where I point out that using a blockchain for recording accounts would be a good technological fit for a decentralized system like the Fediverse, and then get pilloried for being a "cryptobro" or whatever.
Seriously, all that you'd need to use the blockchain for would be a basic record of "this account holder has this name on that instance" and you get all sorts of unspoofable benefits from that. No tokens, no fancy authentication if you don't want it, just a distributed database that you can trust.
Instead of preempting criticism/downvotes, perhaps it would help to more clearly describe what kind of implementation of blockchain you mean?
If it would still involve some questionable consent mechanism that either consumes a large amount of energy (Proof-of-Work) or may benefit larger stakeholders (Proof-of-Stake), then even setting aside the cryptocurrency associations, I'm not sure it's necessarily worth it. However, if I'm not mistaken, there are implementations that may not require those, but may still provide the sort of benefit you're suggesting, aren't there?
load more comments
(3 replies)
As someone (who’s not a fan of the fediverse) put it to me:
Fediverse is web2.5, worst of both web2.0 and web3.0.
I think there’s something to that. So instilled in the fediverse’s makers is web2.0 that I’m not entirely sure their solutions can be trusted in the long term.
It makes sense that down the line, when bitcoin and crypto hype finally settles into knowing what’s actually useful, some sort of cryptographic mechanisms will become normal in decentralised tech. BlueSky may make this mainstream.
That'd be nice. Personally, I think the tech is just about ready - Ethereum has solved its environmental issues with proof-of-stake, and has solved its transaction cost issues with rollup-based "layer 2" blockchains. At this point I think the main obstacle is the knee-jerk popular reaction to anything blockchain-related as being some kind of crypto scam. I'm actually quite pleasantly surprised that I haven't been downvoted through the floor for talking about this here so perhaps there's a light at the end of the tunnel.
I personally have the knee-jerk reaction. I don't understand anything you're saying about blockchain. I've heard of farcaster (if you haven't you might be interested) and nostr (ditto) but don't know how they work.
The lack of mega downvotes, I'd guess, comes from the fact that people here appreciate the value of decentralisation and also can imagine from experience that a better system is possible than the relatively clumsy "let's just send copies and requests everywhere".
In the end I don't know. But I can see the decentralised social web being where cryptographic technology finds its mainstream landing (BlueSky, like I said, being an interesting space to watch as its the middle ground on that front).
load more comments
(8 replies)
Putting aside that this use case doesn’t meet the five requisites for block chain use, the fediverse in general and Lemmy is already struggling with too much data being stored and moved.
Searching for "the five requisites for blockchain use" isn't finding anything relevant, what requisites do you mean?
This wouldn't be storing more data, it would be storing existing data. It would just be putting it somewhere that can be globally read and verified.
load more comments
(2 replies)
this account holder has this name on that instance
How would that help? A spam bot could just make lots of blockchain wallets.
you get all sorts of unspoofable benefits from that
what are the benefits? I struggle to come up with any benefits.
The issue that was being discussed was blocking accounts from posting if they were younger than a certain age. The blockchain has an unspoofable timestamp on its records.
I see. I'm not convinced that proving the account creation date makes much of a difference here. Obviously the instance records when you sign up, so you would only need this to protect against malicious instances. But if a spammer is manipulating their instance to allow them to spam more, you have a much bigger problem than reliably knowing their account creation date.
It's a matter of trust. A random instance can always lie and you can only determine "that was a malicious instance that was lying to me" in hindsight after it's broken that trust. Since a malicious instance-runner can spin up new instances almost as easily as creating new fake accounts you end up with a game of whack-a-mole where the malicious party can always get a few bad actions through before getting whacked. Whereas if user account creation was recorded on a blockchain you don't need to ever trust the instance in the first place. You can always know for sure that an account is X days old.
A malicious instance-runner could still spin up fresh instances and fake accounts ahead of time, but it forces them to do it X days in advance and now if they want to keep attacking they have a longer delay time on it. A community that's under attack could set the limit to 30 days, for example, and now the attacker is out of action for a full month until their next crop of fake instances is "ripe." As always with these sorts of decentralized systems there's tradeoffs and balances to be struck. The idea is to make things as hard for malicious users as possible without making it harder for the non-malicious ones in the process. Right now the cycle time for the whack-a-mole is "as fast as the attacker wants it to be" whereas with a trustworthy account age authentication layer the cycle time becomes "as slow as the target wants it to be."
load more comments
(2 replies)
load more comments
(2 replies)
load more comments
(4 replies)
Maybe. Some discussion going on at the moment about how to handle it.
Understood. Is that an option for moderators though?
Like I said I don't know if Lemmy gives you that option or if you'd need to setup some kind of bot or an instance level option.
That would need to be a bot. The problem is that the spammer would just move on to the next community (which they have just done by moving to [email protected] I just put a tool up that automatically notifies a bunch of admins, mods and community team members when a post get's reported more than 3 times, so please report the posts if you see them.
That's smart. Glad to hear something like that exists