RFC to split reports into admin and mod reports
sunaurus @ sunaurus @lemm.ee Posts 49Comments 331Joined 2 yr. ago
sunaurus @ sunaurus @lemm.ee
Posts
49
Comments
331
Joined
2 yr. ago
That particular instance was very recently the source of a lot of CSAM and spam, so that’d be why. A lot of instances recently upped their security to combat that.
Just to add some more context, there was an attacker recently who created accounts on several Lemmy instances and used those accounts to spread CSAM. On lemm.ee, this attacker created 4 accounts over a 24h period, but was not able to upload any CSAM to our servers due to our stricter upload rules (we require 4 week old accounts to upload any images at all), and all of the 4 accounts were removed very shortly after creation (most of them within an hour of signing up). The attacker gave up trying to use lemm.ee very quickly, and moved on to other instances.
I just wanted to share this context to illustrate that while indeed the different measures we implement to protect the instance can have a negative impact on legitimate users, I really believe that overall, they have a net positive effect. In addition to Cloudflare DDoS protection and image upload restrictions, we also have a separate content-based alerting layer on top of Lemmy, which allows our admins to quickly notice when something suspicious is going on. As another example, this alerting has allowed us to extremely efficiently deal with a current ongoing spam attack on the Fediverse, and I bet many lemm.ee users aren't even aware of this attack due to the quick content removal. We will continue to improve our defenses, and hopefully try to limit the impact on real users as much as possible, but some trade-offs are necessary here in order to protect the overall userbase.
The nice thing about Lemmy is that you can always host your own instance, even if it's only for your own individual use. You can basically use your own instance as a proxy - other instances will not see how or from where you are connecting to your instance.
Large instances are being attacked almost constantly at this point in smaller and bigger ways. Almost all measures we implement to combat these attacks come with some trade-offs for the rest of the userbase.
Or do you mean reports on content now go to the user’s home instance as well?
Yes, exactly.
Also, there’s no way to report a user to their home instance so long as they don’t post anything in a community on their home instance.
This has been fixed in 0.19 thankfully. But for instances running older versions, what you said is still true.
Important note, this feature is only available for US customers.
Image uploads are currently disabled only for users with accounts younger than 4 weeks. For others, uploads are currently limited to 500kb. The announcement post about this change was here: https://lemm.ee/post/19843583
Good luck with the update! One great thing about 0.19 is that it allows users to check federation status between instances, will be awesome to get that for lemmy.world as well.
I kind of get where you're coming from, but to me it sounds like you're looking for a different experience than what Lemmy is designed for. It seems you are more interested in aggergating all posts about specific topics (like "books"), and strongly limiting the effect of moderation (as nobody would have final say about how to moderate an entire topic). If I correctly understood the experience you're interested in, then for sure the design of Lemmy will not match that.
I don't think it's fair to describe this as a fatal flaw, though. Lemmy is not built around the idea of generic, "ownerless" topics, instead, it's built around communities with clear owners. We have decentralization at the admin and infrastructure level (as in, a single admin does not control the entire network), but this does not really mean we also need to have it at individual community level.
IMO it's totally fine that different people create different communities with extremely similar purposes. The entire internet as a whole also works like this - the internet itself is decentralized, but at the same time people can create different websites with very similar purposes (and even domains!), and it works out fine. For example, it's totally possible for there to exist a news.com, news.co.uk, news.ee, news.fi, etc. Imagine if whenever you navigated to news.fi with your browser, it would also automatically insert content from all the other news websites of all possible domains - it doesn't really seem like a useful feature, but that's kind of analogous to what you're suggesting for Lemmy at the moment.
It's OK to post questions here:
Feel free to post and upvote questions beforehand in this post, as it will turn into the AMA tomorrow.
Do you think Lemmy is decentralized enough right now, or are you worried about some of the bigger instances growing too much?
Please read the sidebar on the front page:
- Advertising is not allowed here
- Accounts younger than 4 weeks are not allowed to upload images
I am not really interested in discussing this with you, as you already have an opinion about lemm.ee and seem intent on spreading false rumors about us. I've learned several months ago that no matter how much you give to people for free, there will always be users demanding more, so I don't think there is any chance of you being interested in what I have to say. I am just responding here, so other users who may end up reading this thread don't come away with the impression that what you are saying is true.
First of all, no user has ever been banned from lemm.ee for criticizing the admin team. Our admins have banned nearly a thousand users in the past ~7 months (just think about that for a second - that is a massive amount of bullshit our volunteer admins have had to wade through in the span of less than a year), and indeed the mod log is public, so you can easily check the ban reasons, which are consistently related to violations of our basic instance rules.
If any moderation team on any of our communities does not follow our instance rules, then such communities are closed. We have in fact had to do this several times before with some conservative-type communities, mainly because they wanted to push the ideas that some people, based on their identities, are less valuable as humans that others. The current conservative community on the other hand is consistently moderating based on our instance rules, and they have incorporated the no bigotry rule into their community rules as well. If this ever changes, then we will take action, just as we have done previously.
Regarding the allegations against one of the mods, I'm not sure if you've seen the event they were referencing, but I think it's safe to say that this event was extremely misrepresented by the accuser. In any real cases of CSAM, lemm.ee has taken drastic actions. We have purged, banned, defederated, reported to authorities, we have implemented some technical safeguards, and we will continue to take action like this in the future as well.
Let me just finish off by saying that we are a volunteer team giving up our time for free. I realize that users want admins to be perfect and moderate exactly in line with their preferences, but we are humans, we miss things, we make mistakes, and we can not possibly be available 24/7 or read every single piece of content posted by other lemm.ee users.
lemm ee: The owners don’t really moderate and its users reflect this fact. Universally unpleasant userbase.
This is categorically untrue. You can find our administration policy here, and we frequently ban users for breaking our instance rules. At most you could make the claim that we are lenient when it comes to things like heated arguments, as we often give warnings or temporary bans to users in such cases, but on the other hand, our "no bigotry" rule is very strict, and violations have consistently resulted in permanent bans.
We of course don't screen all posts and comments which our users write, so we can only respond to reports, but I assure you that our admin team is constantly going over and responding to the report queue (which is a big effort, and clearly a thankless job).
By the way, I just want to point out that we have ~3000 active monthly users on lemm.ee, I find it very unlikely that you can make an accurate universal judgement about such a huge group of people.
Nowadays it's allowed only for users with >4 week old accounts. It's not perfect, but having this barrier to entry will hopefully prevent at least some problems.
I can't thank them enough! I think each and every lemm.ee supporter is amazing, they are all having a huge impact on the long-term viability of this instance.
Should be good now, let me know if you're still seeing anything weird
Not at the moment, I would need to clean up the code a bit first 😅 If I get a chance to do that, then I will make the repo public.
It's possible that the login issue is caused by your browser settings. Are you able to stay logged in for longer on other websites?
Just in case, you could also try completely clearing all cookies for lemm.ee, and then log in directly from the front page.
These bot instances were breaking some things for us, so they were temporarily blocked for a couple of days as I worked on a solution.
We now have a solution in place where posts from communities on these instances are only visible if you're subscribed to those specific communities. Basically, they are hidden by default, but you can opt-in by subscribing.
The bots are no longer blocked, so if they send out new posts to us, they will come through.
Thanks for the comment! I think I generally agree with your points, will try to incorporate them into the RFC soon.
To be clear, admins are always able to do that anyway, I'm not proposing any changes to this. I am only proposing to limit the actual "mark as resolved" action, in order to prevent admins from accidentally hiding reports from mods. But I think it makes sense to even not limit this completely, and rather just show a warning when an admin does it - I have updated the RFC.
Btw, for this one:
I think it will mostly be OK as long as we allow mods to escalate reports to admins. But still, maybe it is indeed necessary to allow admins to directly resolve mod reports (with an extra UI confirmation step) as well.