This is something we as mods for communities can combat.
It's a rule I enforce across my communities, posters who engage in hostility and attack people have their comments removed. Simple as.
People can discuss things, that's fine but the second conversations devolve into personal attacks that is not okay.
We have the power to decide how we want the communities we have to grow and what behaviour we want to discourage. Sometimes people just need a little push in the right direction.
We can also all do our parts without mod intervention by being just decent and not engaging in the same toxic behaviour.
You can also report comments to mods. It really helps us out to get reports in for comments/posts that break the rule as we may not always see it due to our instances etc...
There were cases of them deleting posts that critisced certain governments.
Hence why I am on Lemmy.World and not that instance.
There are good reasons not to like/trust them outside of a "flood of content" those kinds of users don't go on ml they are on Lemmygrad and they are equally awful, which is why I am not on that instance.
Clicking the image isn't the issue, scrolling by it will nab your Auth tokens. Resetting your password will reset the Auth tokens protecting your account.
A sign out everywhere button would fix it but that isn't an option yet. It really needs to be.
I used Firefox... So I definitely reset my password. Thing is I do not see an option for Lemmy where you can "sign out everywhere" which is the counter to Auth token stealing.
So I had to change it so that the Auth token would expire.
Whilst I am not an admin I won't take the chance. It could compromise other users and I do not want to take that risk.
That's even worse, if Lemmy has a vulnerability like that it needs to get fixed ASAP... Also if that code actually works, I am going to have to secure my account.
The attack involved a redirect that only affected pages that were freshly opened.
If you had tabs that were opened before the attack no redirects happened, no malicious URLs of the sort.
It showed the website as it was normal.
That statement was in fact true.
The attack only happened when you opened a new tab of Lemmy.World
I am a moderator of this community, not an admin of Lemmy.World
I know about as much as you. The difference is I have been spending time researching and discussing findings with other mods rather than sleeping which is what I should be doing.
I found critical information that I thought important to share. That is all there is to it.
If you do not feel safe using Lemmy.World you should login to another instance.
The owners of Lemmy.World are also in the EU so are likely still asleep or awake and trying to figure this shit out.
And inside hidden is JavaScript code that when executed can take cookie information and send it to a URL address.
Among other things. At this time if you see an image please click the icon circled before clicking the link. DO NOT CLICK THE IMAGE. If you see anything suspicious, please report it immediately.
It is better a false report than a missed one.
I have seen multiple posts by these people during the attack. It is most certainly related to JS.
It is concerning as I have received a message from a compromised admin 1 hour ago telling me that an app developer wanted me to help them with mod tools.
Hard to know if this is genuine or not, but given what has happened I am going with an attempt at breaching my account.
Things are slowly getting restored, the mod that was compromised has been removed.
Hopefully nothing more happens. I'll unpin this post as soon as I am 100% sure on that though.
AITA quality went down hill because they removed the no-validation rule.
What you got was poor-faithed questions of people looking for validation about a situation where they clearly weren't going to be the asshole.
Then as it grew in popularity appealing to the general populace it encouraged people to use it for the purpose of farming karma.
They would post low effort, baits. You would get astroturfing or people subtly posting their fetishes.
The only community I miss is AmITheAngel where people just laughed at some of the more extreme examples of the above mentioned problems.
Not anymore