Lemmyshitpost community closed until further notice
Hello everyone,
We unfortunately have to close the !lemmyshitpost community for the time being. We have been fighting the CSAM (Child Sexual Assault Material) posts all day but there is nothing we can do because they will just post from another instance since we changed our registration policy.
We keep working on a solution, we have a few things in the works but that won't help us now.
Thank you for your understanding and apologies to our users, moderators and admins of other instances who had to deal with this.
Edit: @[email protected] the moderator of the affected community made a post apologizing for what happened. But this could not be stopped even with 10 moderators. And if it wasn't his community it would have been another one. And it is clear this could happen on any instance.
But we will not give up. We are lucky to have a very dedicated team and we can hopefully make an announcement about what's next very soon.
Edit 2: removed that bit about the moderator tools. That came out a bit harsher than how we meant it. It's been a long day and having to deal with this kind of stuff got some of us a bit salty to say the least. Remember we also had to deal with people posting scat not too long ago so this isn't the first time we felt helpless. Anyway, I hope we can announce something more positive soon.
Fuck these trolls
troll is too mild of an adjective for these people
How about "pedophile"? I mean, they had to have the images to post them.
"Terrorist". Having the images doesn't mean they liked them, they used them to terrorize a whole community though.
"Petophilile enabled Terrorist" or "petophilic terrorist" depending on the person
It still means they can tolerate CSAM or are normalized to it enough that they can feel anything other than discust during "shipping and handling".
All of your comments have "banned" next to them for me (logged in via lemmy.world using Liftoff) - any idea why?
I assume you're not actually banned...?
They were banned because they were defending pedophilia (advocating for them to be able to get off to what turns them on) and also trolling very aggressively. You can look at them in the Modlog on the Website, not sure if Apps implement the modlog yet though.
Ah thanks, I've seen it a few times but thought it was a bug. Why are people like this!
I have not clue, people can be quite toxic and horrible. Also noticed that they reduced his ban, not sure why, defending pedophilia is pretty bad and definitely carries legal risk but it's not my call to make.
Yeah, got banned for forgetting that some axioms give people free pass to say whatever they want, no matter how they say it... and replying in kind is forbidden. My bad.
You were banned because you were arguing for why people shouldn't be arrested for possession of CSAM material, trolling and straw-manning in the replies, and on top of that attempting to seriously and honestly advocate for pedophiles on another community, which is at best borderline illegal (anyone can check the modlog on that one if they don't believe me, I wouldn't make such claims if they weren't true).
So to summerize you were banned for
Yeah, this isn’t just joking or shitposting. This is the kind of shit that gets people locked up in federal pound-you-in-the-ass prison for decades. The feds don’t care if you sought out the CSAM, because it still exists on your device regardless of intent.
The laws about possessing CSAM are written in a way that any plausible deniability is removed, specifically to prevent pedophiles from being able to go “oh lol a buddy sent that to me as a joke” and getting acquitted. The courts don’t care why you have CSAM on your server. All they care about is the fact that you do. And since you own the server, you own the CSAM and they’ll prosecute you for it.
Sounds like a digital form of SWATing.
And not just the instance admins would be at risk as well. Any time you view an image your device is making a local copy of it. Meaning every person who viewed the image even accidentally is at risk as well.
Yeah honestly report all of those accounts to law enforcement. It’s unlikely they’d be able to do much, I assume, but these people are literally distributing CSAM.
That's not a troll, CSAM goes well beyond trolling, pedophile would be a more accurate term for them.
Yeah. A troll might post something like a ton of oversized images of pig buttholes. Who the fuck even has access to CSAM to post? That's something you only have on hand if you're a predator already. Nor is it something you can shrug off like "lol I was only trolling". It's a crime that will send you to jail for years. It's a major crime that gets entire police units dedicated to it. It's a huuuuge deal and I cannot even fathom what kind of person would risk years in prison to sabotage an internet forum.
My thoughts exactly, like if they were just spamming goatsee or something, that would be one thing....
But this raises several questions, and they can only have grimdark answers.
Dont forget they are doing this to harm others, they deserve the name "e-terrorist" or simmlar. hey are still absolutely pedophiles. Their bombing out a space, not trying to set up shop.
I would definately agree that this would very likely count as cyber terrorism, and if it doesn't it should.
Simply having it to post makes you culpable. It's way beyond trolling.
What he's saying is FBI CHECK THAT GUY'S HARD DRIVE!
Do you know why we have possession laws against CSAM in the first place? It's because people buy and sell abuse material in underground markets, it's another way they profit off the abuse of children. This is nothing like drug possession laws (which are stupid) because the product is literally a direct product of the abuse of children that many of the people in possession likely helped the criminals in order to obtain it (either directly or by paying them for it).
So yes in this case it does make sense to criminally charge people for possession of something like this considering the direct connection CSAM has to child trafficking and child sexual abuse and when you defend it by going against possession laws it makes it seem like you support these criminals.
Oh by the way, MAP stuff really doesn't look good on you (that's in your comment history). Yeah maybe you think I'm a terrible person because I think drugs should be treated less harshly but you have literally said in other comments that Pedophiles should be allowed to get off on what turns them on (which I remind you is exploitation of Minors). That is a very different stance than people shouldn't be beaten and arrested for snorting coke, you're literally advocating for people to be allowed to produce and consume abuse material and claiming that it's acceptable for people to be pedophiles, and pursue their attractions instead of getting help. I don't know how you don't see what is wrong with that. Like seriously this is either really bad trolling (way too far) or, you're one of them.
I think I now know which one it is if that statement from the horse's mouth is to be believed...
A lot of stuff the government bans doesnt align with morrality. In this instance it fucken does
Yes getting someone to drop this on your hard drive even if its explicitly labeled "cache" is equivilant to evidence planting. It puts you in danger of our laws falsely finding you guilty (misunderstandings are a thing, i dont know the level of risk). The advice by our governments is "delete it emedately". Follow it as completely as you can. Most devices dont broadcast your harddrive contents without warning, giving you time to delete it. For this being false for iphones, Its a risk to ones personal freedom to go on lemmy on an iphone until we can get this CSAM issue resolved.
Yes, its a virus, the FBI will target anyone who is a host. anyone Who has it on their drive, (edit: intent may be relivant, im no expert). The only way to stay safe is to rid yourself of it. Delete it.
::: spoiler Lemmy mods, keep yourself safe please dont use an iphone to moderate, if your on linux (i think windows too) use bleachbit on your browser cache and do the "vaccuum" operation.
On android
to clear cache or better written instructions here
To manually vaccum, vant find better instructions
clearand hit enter,Your phone and the program
catwill complain About being out of storage, ifrmgets run, it will be fixed again. If it still complains or termux crashes, uninstall and reinstall termux, the vaccum process is finishedSome people know at a glance wether these steps are safe or not, others do not. never follow instructions you dont understand, verify that i havent led you do somthing dumb. :::
I'd say the proper word is 'criminal.'
A person who is attracted to children is an evil and disgusting person, someone being a pedophile isn't just "liking something", they are a monster.
People spreading CSAM are beyond terrible, but I don't agree with this generalization. Pedophiles don't choose to be pedophiles, so as long as they control themselves and avoid harming anyone, I don't like labelling them as evil monsters.
Okay, fair enough. I wasn't considering those people since they'll never really be labelled pedophiles due to hiding their mental illness from the world (only really disclosing it to mental health professionals if ever) and never acting on it. It's the actions committed or fantasies endorsed that differentiate someone from merely being mentally ill or a monster.
Disclaimer: Would like to say, it is valid for me or anyone else to say pedophiles are mentally ill but it is not valid to say that gay people are mentally ill, homosexuality is a legitimate sexual orientation because people pursuing homosexual attractions with other consenting adults does not harm others, (this is not debatable and I WILL report any homophobic arguments I see popping up as a result here) however pedophilia is not like this at all because anyone who pursues it will cause harm because children cannot consent and therefore these interactions are harmful to them and anyone involved, which is why it is a mental illness (again this is also not debatable, anything that causes harm to others by acting on it is not a valid orientation but a mental illness, same thing goes for rapists).
I guess this is also the difference between getting caught or not. To me, rapist that is never caught is still a rapist even if they are never labelled as such, so a pedophile that hides it forever successfully is still a pedophile.
Yes agreed.
Agreed. If they did it but hid it and never were publicly labeled as a pedophile they are still a pedophile because of their actions and intentions, even if they were never caught and/or cancelled/convicted for it.
This is a serious problem we are discussing, please don't use this as an opportunity to inject bad-faith arguments.
Edit: Wow your post history is a lot of the same garbage, there is no point in attempting to reason with you, you seem to be defending the act of CSAM or just trolling (really awful and severe trolling I might add, CSAM isn't something to joke or troll about).
Ah I see what's going on, you're salty that they closed the shitposting community so you're trolling here, going so far as to compare gays and jews to pedophillia (which is extremely bigoted and incorrect) or downplay the horrific acts that led to the closing of that community and registrations to protect the rest of the Instance's well being.
Also I'd appreciate it if you didn't edit what I said when quoting me, thanks.
Criminals.
Trolls? In most regions of the planet, I am fairly certain their actions would be considered criminal.
The Internet is essentially a small microbiome of beautiful flora and fauna that grew on top of a lake of sewage.
The Internet is a reflection of humanity, minus some of the fear of getting punched in the face.
Yeah, back in the Limewire/Napster/etc days, it wasn’t unheard of for people to troll by relabeling CSAM as a popular movie or TV show. Oh, you wanted to download the latest Friends episode? Congrats, now you have CSAM because a troll uploaded it with the title “Friends S10E7.mov”
I would like to extend my sincerest apologies to all of the users here who liked lemmy shit posting. I feel like I let the situation grow too out of control before getting help. Don't worry I am not quitting. I fully intend on staying around. The other two deserted the community but I won't. Dm me If you wish to apply for mod.
Sincerest thanks to the admin team for dealing with this situation. I wish I linked in with you all earlier.
@[email protected] this is not your fault. You stepped up when we asked you to and actively reached out for help getting the community moderated. But even with extra moderators this can not be stopped. Lemmy needs better moderation tools.
Hopefully the devs will take the lesson from this incident and put some better tools together.
There's a Matrix Room for building mod tools here maybe we might want to bring up this issue there, just in case they aren't already aware.
Or we'll finally accept that the core Lemmy devs aren't capable of producing a functioning piece of software and fork it.
Its not easy to build a social media app, forking it won't make it any easier to solve this particular problem. Joining forces to tackle an inevitable problem is the only solution. The Lemmy devs are more than willing to accept pull requests for software improvements.
And who's gonna maintain the fork? Even less developers from a split community? You have absolutely no idea what you're talking about.
Please, please, please do not blame yourself for this. This is not your fault. You did what you were supposed to do as a mod and stepped up and asked for help when you needed to, lemmy just needs better tools. Please take care of yourself.
This isn't your fault. Thank you for all you have done in regards to this situation thus far.
It's not your fault, thank you for your job!
It's not your fault, these people attacked and we don't have the proper moderation tools to defend ourselves yet. Hopefully in the future this will change though. As it stands you did the best that you could.
I love your community and I know it is hard for you to handle this but it isn't your fault! I hope no one here blames you because it's 100% the fault of these sick freaks posting CSAM.
Thanks for your work. The community was appreciated.
You don't have to apologize for having done your job. You did everything right and we appreciate it a lot. I've spent the whole day trying to remove this shit from my own instance and understanding how purges, removals and pictrs work. I feel you, my man. The only ones at fault here are the sickos who shared that stuff, you keep holding on.
You didn't do anything wrong, this isn't your fault and we're grateful for the effort. These monsters will be slain, and we will get our community back.
Thank you for your help. It is appreciated.
Really feel for you having to deal with this.
You do a great job. I've reported quite a few shit heads there and it gets handled well and quickly. You have no way of knowing if some roach is gonna die after getting squashed or if they are going to keep coming back
You've already had to take all that on, don't add self-blame on top of it. This wasn't your fault and no reasonable person would blame you. I really feel for what you and the admins have had to endure.
Don't hesitate to reach out to supports or speak to a mental health professional if you've picked up trauma from the shit you've had to see. There's no shame in getting help.
As so many others have said, there's no need for an apology. Thank you for all of the work that you have been doing!
The fact that you are staying on as mod speaks to your character and commitment to the community.
Contact the FBI
This isn't as crazy as it may sound either. I saw a similar situation, contacted them with the information I had, and the field agent was super nice/helpful and followed up multiple times with calls/updates.
This doesn't sound crazy in the least. It sounds like exactly what should be done.
yha, what do people think the FBI is for... this isn't crazy. They can get access to ISP logs, VPN provider logs, etc.
I think what they're saying is that contacting the FBI may seem daunting to someone who has never dealt with something like this before, but that they don't need to worry about it. Just contact them.
Under US jurisdiction, yeah. Could be slightly more difficult depending on the country, LEGAT can't conduct unilateral operations so they'll have to cooperate with foreign authorities. These assholes can get away with exploiting jurisdictional boundaries. Hopefully they will be caught, but oh well.
This is good advice; I suspect they're outside of the FBI's jurisdiction, but they could also be random idiots, in which case they're random idiots who are about to become registered sex offenders.
I'm not saying anybody takes csam less serious. But I wish the American government Went after minor csam events as much as they go after copyright/IP violations. Its not like mike pompeo flew out to other countries to strong arm them into new laws to prevent csam like they have done with pirates who threatened Hollywood profits
Easy: claim copyright/IP on the CSAM... uh, no, wait...
There is no CP and no porn in Japan... add some tiny censor bars, and it's just some wholesome family tentacle fun!
That one backfired spectacularly.
TIL. Oh well, it probably will keep backfiring as long as Japan insists on having "morality laws" instead of something more objective.
Yeah there was even that case where a citizen and resident of Mexico was arrested and detained in the US for breaking US law, even tho it technically didn't apply to them since they were under Mexican sovereignty... Borders mean little to the US
They might be, but I'd imagine most countries have laws on the books about this sort of stuff too.
And it's something that the nations usually have no issues cooperating with.
The FBI has assisted in a lot of global raids related to CSAM.
There are few situations where pretty much everyone universally agrees to work together. This is one of those situations. Across cultures and nations, pedos are seen as some of the most vile people alive.
The FBI has offices in alot of other countries and work with local law enforcement.
https://www.fbi.gov/contact-us/international-offices
Can't really hide from them unless you live in North Korea or Russia
Wait, is this like China having police offices in other countries?
I knew the US collects taxes on their citizens no matter where they live, but isn't this kind of excessive? Wasn't INTERPOL supposed to take care of international crime?
It is similar to China's international police but keep in mind quite a few other countries have a similar setup
I'm just surprised that it's FBI personnel, I thought the CIA was in charge of international affairs, with INTERPOL acting as liaison for the FBI with other countries.
IIRC in the EU we have EUROPOL acting as liaison between the national law enforcement branches, and while there is nothing stopping personnel from one country to enter another, I don't think they do. But maybe that's more like the state vs. federal jurisdictions in the US. On the other hand, it's been some time since I've looked deeper into it, and things keep changing.
I have to wonder if Interpol could help with issues like this I know there are agencies that work together globally to help protect missing and exploited children.
'Criminal activity should be reported to your local or national police. INTERPOL does not carry out investigations or arrest people; this is the responsibility of national police.'
From their website.
What the hell do they actually do then?
"Interpol provides investigative support, expertise and training to law enforcement worldwide, focusing on three major areas of transnational crime: terrorism, cybercrime and organized crime. Its broad mandate covers virtually every kind of crime, including crimes against humanity, child pornography, drug trafficking and production, political corruption, intellectual property infringement, as well as white-collar crime. The agency also facilitates cooperation among national law enforcement institutions through criminal databases and communications networks. Contrary to popular belief, Interpol is itself not a law enforcement agency."
https://en.wikipedia.org/wiki/Interpol
Huh. Thanks!
The FBI reports it to interpol I believe, interpol is more of like an international warrant system built from treaties.
FBI would be great in this case tbh. They have the resources.
Perhaps most importantly, it establishes that the mods/admins/etc of the community are not complicit in dissemination of the material. If anyone (isp, cloud provider, law enforcement, etc) tries to shut them down for it, they can point to their active and prudent engagement of proper authorities.
More importantly, and germaine to our conversation, the FBI has the contacts and motivation to work with their international partners wherever the data leads.
This is seriously sad and awful that people would go this far to derail a community. It makes me concerned for other communities as well. Since they have succeeded in having shitpost closed does this mean they will just move on to the next community? That being said here is some very useful information on the subject and what can be done to help curb CSAM.
The National Center for Missing & Exploited Children (NCMEC) CyberTipline: You can report CSAM to the CyberTipline online or by calling 1-800-843-5678. Your report will be forwarded to a law enforcement agency for investigation. The National Sexual Assault Hotline: If you or someone you know has been sexually assaulted, you can call the National Sexual Assault Hotline at 800-656-HOPE (4673) or chat online. The hotline is available 24/7 and provides free, confidential support.
The National Child Abuse Hotline: If you suspect child abuse, you can call the National Child Abuse Hotline at 800-4-A-CHILD (422-4453). The hotline is available 24/7 and provides free, confidential support. Thorn: Thorn is a non-profit organization that works to fight child sexual abuse. They provide resources on how to prevent CSAM and how to report it.
Stop It Now!: Stop It Now! is an organization that works to prevent child sexual abuse. They provide resources on how to talk to children about sexual abuse and how to report it.
Childhelp USA: Childhelp USA is a non-profit organization that provides crisis intervention and prevention services to children and families. They have a 24/7 hotline at 1-800-422-4453. Here are some tips to prevent CSAM:
Talk to your children about online safety and the dangers of CSAM.
Teach your children about the importance of keeping their personal information private. Monitor your children's online activity.
Be aware of the signs of CSAM, such as children being secretive or withdrawn, or having changes in their behavior. Report any suspected CSAM to the authorities immediately.
So far I have not seen such disgusting material, but I'm saving this comment in case I ever need the information.
Are there any other numbers or sites people can contact in countries other than the USA?
It's probably going to be country dependent
Of course yes. But I've discovered that cell phones are programmed to translate emergency numbers even.
In the USA, our main emergency number is 911, but I found out (quite by accident), that dialing 08 brings you to emergency services.
https://en.wikipedia.org/wiki/List_of_emergency_telephone_numbers
Not that I'm familiar with Rust at all, but... perhaps we need to talk about this.
Lets be productive. What exactly are the moderation features needed, and what would be easiest to implement into the Lemmy source code? Are you talking about a mass-ban of users from specific instances? A ban of new accounts from instances? Like, what moderation tool exactly is needed here?
Speculating:
Restricting posting from accounts that don't meet some adjustable criteria. Like account age, comment count, prior moderation action, average comment length (upvote quota maybe not, because not all instances use it)
Automatic hash comparison of uploaded images with database of registered illegal content.
I guess it'd be a matter of incorporating something that hashes whatever it is that's being uploaded. One takes that hash and checks it against a database of known CSAM. If match, stop upload, ban user and complain to closest officer of the law. Reddit uses PhotoDNA and CSAI-Match. This is not a simple task.
None of that really works anymore in the age of AI inpainting. Hashes / Perceptual worked well before but the people doing this are specifically interested in causing destruction and chaos with this content. they don’t need it to be authentic to do that.
It’s a problem that requires AI on the defensive side but even that is just going to be eternal arms race. This problem cannot be solved with technology, only mitigated.
The ability to exchange hashes on moderation actions against content may offer a way out, but it will change the decentralized nature of everything - basically bringing us back to the early days of the usenet, Usenet Death Penaty, etc.
Couldn't one small change in the picture change the whole hash?
Good question. Yes. Also artefacts from compression can fuck it up. However hash comparison returns percentage of match. If match is good enough, it is CSAM. Davai ban. There is bigger issue however for developers of Lemmy, I assume. It is a philosophical pizdec. It is that if we elect to use PhotoDNA and CSAI Match, Lemmy is now at the whims of Microsoft and Google respectively.
Honestly I'd rather that than see shit like this any day.
The bigger thing is that hash detection tools don't want to give access to just anyone, and just anyone can run a Lemmy instance. The concern is that you're effectively giving the CSAM people a way to know if they'll be detected.
Perhaps they can allow some of the biggest Lemmy instances to use the tech, but I wouldn't expect it to be available to everyone.
Mod tools are not Lemmy. Give admins and mods an option. Even a paid one. Hell. Admins of Lemmy.world could have us donate extra to cover costs of api services.
I agree. Perhaps what Lemmy developers can do is they can put slot for generic middleware before whatever the POST request is in Lemmy API for uploading content? This way, owner of instance can choose to put whatever middleware for CSAM they want. This way, we are not dependent on developers of Lemmy for solution to pedo problem.
If they hash the file binary data, like CRC32 or SHA, yes. But there are other hash types out there, which are more like "fingerprints" of an image. Think of how Shazam or Sound Hound can recognize a song playing, despite the extra wind, static, etc that's present. There are similar algorithms for images/videos.
No idea how difficult those are to implement, though.
There are FOSS applications that can do that (czkawka for example). What I'm not sure it's if the specific algorithm used is available and, more importantly, if the csam hashes are available for general audiences. I would assume if they are any attacker could check first and get the right amount of changes.
One bit, in fact. Luckily there are other ways of comparing images without actually showing them to human eyes that allow you to calculate a percentage of similarity.
Reddit had automod which was highly configurable.
The best feature the current Lemmy devs could work on is making the process to onboard new devs smoother. We shouldn't expect anything more than that for the near future.
I haven't actually tried cloning and compiling, so if anyone has comments here they're more than welcome.
I think having a means of viewing uploaded images as an admin would be helpful, as well disabling external image caching. Like an "uploaded" gallery for admins to view that can potentially hook into Photodna/CSAI-Match or whatever.
I think it would be an AI autoscan that flags some posts for mod approval before they show up to the public and perhaps more fine-grained controls for how media is posted like for instance only allowing certain image hosting sites and no directly uploaded images.
I was just discussing this under another post and turns out that the Germans have already developed a rule-based auto moderator that they use on their instance:
https://github.com/Dakkaron/SquareModBot
This could be adopted by
lemmy.worldby simply modifying the config fileThat statement is just outright wrong though. They could easily use CloudFlares CSAM monitoring and it never would have been a problem. A lot of people in these threads, including admins, have absolutely no idea what they’re talking about.
Probably hashing and scanning any uploaded media against some of the known DBs of CSAM hashes.
Iirc that’s how Reddit/FB/Insta/Etc. handle it
The amount of people in these comments asking the mods not to cave is bonkers.
This isn’t Reddit. These are hobbyists without legal teams to a) fend off false allegations or b) comply with laws that they don’t have any deep understanding of.
This is flat out disgusting. Extremely questionable someone having an arsenal of this crap to spread to begin with. I hope they catch charges.
this doesn't seem like a respectful comment to make. People have responsibilities; they aren't paid for this. It doesn't seem to fair to make criticisms of something when we aren't doing anything to provide a solution. A better comment would be "there are just 2 full time developers on this project and they have other priorities. we are working on increasing the number of full time developers."
Fucking bastards. I don't even know what beef they have with the community and why, but using THAT method to get them to shut down is nothing short of despicable. What absolute scum.
I hope the devs take this seriously as an existential threat to the fediverse. Lemmyshitpost was one of the largest communities on the network both in AUPH and subscribers. If taking the community down is the only option here, that's extremely insufficient and bodes death for the platform at the hands of uncontrolled spam.
Please get some legal advice, this is so fucked up.
Genuine question: won't they just move to spamming CSAM in other communities?
With how slow Lemmy moves anyways, it wouldn't be hard to make everything "mod approved" if it's a picture/video.
This, or blocking self hosting pictures
Honestly, this sounds like the best start until they develop better moderation tools.
This seems like the better approach. Let other sites who theoretically have image detection in place sort this out. We can just link to images hosted elsewhere
I generally use imgur anyway because I don't like loading my home instance with storage + bandwidth. Imgur is simply made for it.
Yes, and only whitelist trusted image hosting services (that is ones that have the resources to deal with any illegal material).
the problem is those sites can also misuse the same tools in a way that harms the privacy of it's users. We shouldn't resort to "hacks" to fix real problems, like using client scanning to break E2EE . One solution might be an open sourced and community maintained auto mod bot..
This seems like a really good solution for the time being.
Not-so-fun fact - the FBI has a hard limit on how long an individual agent can spend on CSAM related work. Any agent that does so is mandated to go to therapy afterwards.
It's not an easy task at all and does emotionally destroy you. There's a reason why you can find dozens of different tools to automate the detection and reporting.
Yep. I know someone that does related work for a living, and there are definite time limits and so on for exactly the reasons you say. This kind of stuff leaves a mark on normal people.
Or it could even just ask 50 random instance users to approve it. To escape this, >50% of accounts would have to be bots, which is unlikely.
But then people would have to see the horrible content first
That definitely is a downside
It's likely that we'll be seeing a large number of instances switch to whitelist based federation instead of the current blacklist based one, especially for niche instances that does not want to deal with this at all (and I don't blame them).
Sounds like the 4chan raids of old.
Batten down, report the offender's to the authorities, and then clean up the mess!
Good job so far ^_^
How does closing lemmyshitpost do anything to solve the issue? Isn't it a foregone conclusion that the offenders would just start targeting other communities or was there something unique about lemmyshitpost that made it more susceptible?
Is it possible to (at least temporarily):
whilst longer term solutions are sought? This would at least ensure poor mods aren't exposed to this shit and an instance could be more positive they're not inadvertently hosting CSAM.
good thing you did it the way you did nobody should have to look at awful stuff like this. keep your mind healthy nobody should have to deal with that
Thank you so much for all of the effort and time all of you are putting into this situation. Having to deal with bad actors is one thing, but you are now dealing with images that are traumatizing to view.
Please, for your sanity and overall well being, PLEASE take care of yourself. Yes, it sucks about having to close !lemmyshitpost, but self-care and support are of the utmost importance.
I'm afraid the fediverse will need a crowdsec-like decentralized banning platform. Get banned one platform for this shit, get banned everywhere.
I'm willing to participate in fleshing that out.
Edit: it's just an idea, I do not have all the answers, otherwise I'd be building it.
I assume you've contacted the FBI, but if not PLEASE DO.
Thank you for your work to keep that despicable trash out of our feeds. Sorry you have to deal with it. Fuck those losers.
Thank you for all your work. It sucks that there are people who would do shit like this. Please don't forget to take care of yourselves as well.
Who the fuck has such a problem with this instance?
Looks like Google has some tooling available that might help: https://protectingchildren.google/tools-for-partners
Probably other options too.
I’m gone for a few days and some assholes trying to fuck up this instance. Smh.
Saw that one post (unfortunately). How come people who spread content like that in the "open" internet (not darkweb) don't get arrested?
These bad actors are wierd, most who spread CSAM dont want to be known about by the masses, these posts are implied to be attempting to be visible as their posting in a well known community. It feels Sus.
Keep up the good work keeping us safe, keep your therapist and/or support network in the loop about this so they can catch you if you fall.
I've actually never seen anything of this stuff so good job!
This sucks, but we were probably due to have a Grand Registration Security Hash-Out at some point; going forward, any instance that wants others to federate with it is probably going to have to have a system in place to make it impossible for jackasses like this to create endless spam accounts.
Isn't there semi-automated tools that can detect CP?
Those might be an automated solution to at least cut down on the volume.
The same can go for banned images. These can automatically be identified with perceptual hashing, and automatically be denied when uploading.
It's one of the few things Reddit handles the situation better by being a centralized entity with a dedicated workforce filtering out these content. It's a shame it has to be this way, but I understand why it has to be done.
This is so fucked, but this brings up a question -- is this something to be concerned about for instances federated with lemmy.world? As in, if something like this is uploaded to a community that the instance federates with, their instance will now have a copy as well?
This is seriously fucked up, but won't closing lemmyshitpost just lead them to target other LW communities?
Probably unrelated but I once saw that community get attacked with scat porn, it could be the same person.
There's also another issue. If you upload an image to Lemmy but then cancel, the image is still hosted on the Lemmy instance and one can still access it if one copies the image's URL before canceling. This basically means that there might be other illegal stuff that's being hosted on Lemmy instances without anyone noticing.
Wow, this is awful. Huge cudos to y'all for holding on through this. It's obviously a deliberate attack on the fediverse by malicious actors.
Just saw this: That is fucking awful. Thank you for your service to the community and for protecting us from seeing that shit.
It is absolutely ghastly to realise that something like this was inevitable.
Thank you for being willing to deal with this. Godspeed.
Ya'll are going through one of the worst situations I could imagine, but I'm confident you will figure it out and come out better for it. Keep your heads up. (P.S. - Sorry about the scat, lol)
Lads, as a casual Lemmy user, just how much danger am I in of having my mind permanently incinerated by seeing images of children being sexually tortured? I've been using the net since the mid-90s and I have never seen a single piece of CSAM in that time, and I now realise that I've been insanely lucky in that regard. My mind is already host to all manner of unspeakable internet shit (looking at you, cartels), but I don't think I could endure seeing anything like the stuff those evil fucking degenerate nihilist cunts have on their hard drives. I would want to commit murder.
So, stay the hell off Lemmy or... ?
Anyone got any idea why they are doing this? Seems a bit extreme.
This is a very popular Lemmy.World community. This instance has been dealing with regular ddos attacks for quite a while now. Either some person or some group has an issue with this specific instance, or they picked it because it's the biggest and they're trying to take Lemmy down generally. The ddos attacks have chased away a number of people, but lots of us have dug in our heels. This is probably the newest strategy.
The admins have said, based on the ddos strategies, whoever is doing it is familiar with underlying Lemmy implementation, so my guess is it's someone from one of the instances that we defederated from, but it's just a guess.
Potential sabotage. There’s definitely a corporate interest in killing the Fediverse and getting people like you and me back to Reddit and Twitter.
Plus for outside groups with potential interest who aren’t informed of the situation, Lemmy is now branded as that CSAM site so people are not as likely to come here and or leave their established mainstream social platforms
This is sabotage on another level. The people posting this faces seriously time in jail for just having it on their PC.
Oh I agree
I think it's been the same people throughout, starting with the defacing, followed by the DDOS'es, and now this. Judging from the content of the defacing, it's bigots who don't like the idea of someplace they're not welcome.
Ah so exploding head fucktards.
The ones that care so much about “grooming” and “leave kids alone”
Who would have thought that was all projection!? Wait we all did
I was thinking like 4chan types, but your theory tracks too.
I suspect there's a lot of overlap there
Fair.
The problem with asking "who's behind this untraceable* attack?" is that you either truthful but useless answers (we don't know), or just someone speculating that their "enemy" is responsible. I wouldn't use the word projection so easily in this context, if I were you.
(* unless you consider interpol and the likes)
seriously, you’re defending…them? Also I have the right to make assumptions based on previous attacks thesee all occurred right after defederation…so yes, hate groups like them are suspect #1
Annnnd what is that supposed to imply?
I'm not defending anyone.
I didn't expect I had to spell it out for you, but here's what I'm saying: Until some kind of international investigation force comes out with clear evidence, anyone who tells you "who did it", is just projecting who they want to be the perpetrator.
My cynical mind believes this.
Is kbin having these issues?
Fuckin weirdos man.
Could be any number of reasons.
My money is on 4chan/8chan/whatever today's derivative is. I used to be super active with them back in the day when I was young, racist, and stupid.
This sort of stuff matches their target profile:
Visible - Reddit has shone a spotlight on Lemmy recently, and Lemmy.world specifically has gotten called out as the most promising of all the Lemmy instances
Vulnerable - the tooling to stop large-scale attacks doesn't exist. Users aren't "locked in" to the threadiverse yet. People generally aren't expecting it.
"Lulzy" - attacking a large Lemmy community would cause a lot of panic in the wider threadiverse community. The 4chan/8chan trolls thrive on panic; they think people freaking out is funny. The more panic they cause, the funnier it is.
The methods line up, too. I wouldn't be surprised if they were behind the DDOS as well. DDOS is the simplest tool they use, and when that stops being funny they escalate.
CSAM, gore, scat, torture are all stuff they have in their arsenal, ready to spam. They go out and look for the stuff, build up folders of it to use on their victims. That stuff causes panic, and that's what they thrive on. They want to see the biggest response they can. Scat is just gross, usually a good opener. CSAM is good because it gets operators in legal trouble. Gore and torture makes people leave a site in droves.
Channers aren't dumb, either. They know how to use technology. If something is open source, that just gives them something to study and look for attack surfaces. Someone will make a custom-built tool to exploit a vulnerability and it will run until the vulnerability is patched. I had dozens of random tools back in the day that were intended for one-off attacks, plus stuff in the toolbelt like Low Orbit Ion Cannon (DDOS) and Cain and Abel (password cracking).
I should reiterate that it has been many years since I was part of that crowd - well over a decade at this point. Things are undoubtedly different. (I refuse to call these guys "Anonymous" - that name was butchered a long time ago when people started speaking on places like Twitter "on behalf of Anonymous". I'm not using the names they call themselves either.)
When I was a channer, one of the big targets was Reddit. Channers hated Reddit, because Reddit would steal stuff from 4chan and repost it. Reddit was just an inferior version of 4chan, but they were so smug about things and they were a bunch of prudes to boot. So Reddit was a relatively popular target until finally they got better at stopping large attacks.
I have to imagine that a lot of channers dislike Reddit still. Lemmy is seen as the new Reddit - and worse, it's run by commies.
Channers that do this stuff are Nazis. They just are. (Why do you think they chose the number 8 when 4chan got sick of them? It's not because it's 4 times 2.) They're extremely open about being Nazis, with jokes about gas chambers and everything. You get the hardcore tankies as well, but the tankies are generally so far gone as to be essentially indistinguishable from Nazis themselves.
The fact that Lemmy is left-leaning makes it another reasonable target. Nazis hate commies, although they will accept tankies (to an extent). This is probably why Lemmy.ml wasn't targeted despite being the historic "main" Lemmy instance (full of tankies). Lemmy.world is left-leaning but still highly visible, so it'd be a good target. If Lemm.ee keeps growing, that's probably the next target on the list.
This is all baseless speculation. Lemmygrad and Hexbear are both also reasonable sources. Hexbear is notorious for being disruptive in the same way 4chan was back in the day, but supposedly they're better nowadays (not that I necessarily believe that).
But I'm reminded of the stuff I did as a dumb kid, before I knew better. It matches with how they act. I'm not saying it's explicitly 4chan/8chan/888chan/whatever, but the way it's coordinated certainly smells familiar.
I am wondering what kind of moderation tools would be needed.
On the top of my head, I'd say a trust-level system would be great, both for instances and users. New instances and users start out on a low trust level. Posts and commemts federated by them could be set to require approval or get deranked compared to other posts and comments. In time the trust-level increases and the content is shown as usual. If an incident occurs and content is getting reported, the trust level decreases again and eventually will have to be approved first again.
You can couple that with a reporting-trust-level. If a report is legitimate, future report will hold more weight, while illegitimate reports will make future reports hold less.
Would someone be able to ELI5 why lemmyshitpost has this problem but other communities don't or at least seemingly? I would think if they can do this to one lemmy.world community, wouldn't they be able to do all?
Yeah I don't blame you for being frustrated
That is awful.
Sincerely appreciate your work to better this instance and the fediverse in it's entirely.
All I can is that I'm sorry this is happening to you guys. Are there specific ways others can help?
The only word I can think of is "disgusting", and that is far from strong enough.
Lemmy devs NEED to get mod tools out asap. Approved posts only, whitelisting users for communities, etc.
Well that's fucking horrible. Jesus christ on a bicycle.
What kind of lowlife piece of shit do you need to be to post some shit like that? Some people will stoop to the most depraved levels just to fuck with strangers, it's horrifying
What's CSAM
Child sexual assault/abuse material
Honestly why can't we just say what it is instead of giving every-fucking-thing an anagram that people have to ask what it is in the first place.
This is what it is, though. The entire point of switching to the term "CSAM" is because it more accurately describes the content as abusive.
I think they're asking people to type out child sex abuse materials instead of CSAM. It's not a common enough acronym that people know what it means without explanation. As evidenced by every post using CSAM having someone ask what it means.
There are people in every thread who ask, correct, but it's pretty widely known by now. It's no different than people previously having to ask what "CP" meant. Obviously, it's not a problem and is generally considered to be worth the imperceptible amount of educating people to transition to the new term.
Personally, I don't find it annoying to have to explain things, so feel free to ignore the questions and leave it to people like me who don't struggle with the keyboard. What does it take? Seconds to type out the definition.
I know the cp command but CP? Copy Protection? That's DRM.
I think when transitioning, it's a good idea to spell the whole phrase out for your first use and then put the acronym in parentheses. And I'm pretty sure the complaint wasn't needing to explain stuff but needing to ask and then have someone explain. It's better if communication is clear from the beginning.
I think most platforms will block “CP” too and also that kinda fucks up talking about Cyberpunk
It's also weird to see so many Mario levels refer to CP (Check Point)
*acronym
*Initialism. Acronyms have to be words, like ACORN or RICE.
Thank you, sir or madam, I stand corrected.
(excellently done, sincere thanks)
I think it falls into the category of, given bad thins new lesser bad words so it doesn't sound so bad anymore. Because the old word made people fell bad. I have noticed it more and more online especially with stuff that is related to sex, it is ether new words or replace the middle with *.
You've got it backwards, it's completely the opposite. The old terminology associated it with something that is perhaps perverted but totally legal and done by consenting adults. CSAM makes it 100% clear that this is illegal behavior/activities that creates child victims.
idk why you're being downvoted. no one else seemed to want to reply. just downvote and move on. seems like reddit lives on in lemmy afterall.
That being said, this generation of people is soft. they can't even say the words.
Could not have said it better myself.
Child sex abuse materials
More accurate to what it is, CSAM describes it as what it is, abuse material.
isn't this what 8cjan is for? Seriously what the fuck is wrong with people who think that CSAM is appropriate shit post material. The Internet really is a fucked up place. is there a way to setup something to automatically remove inappropriate posts similar to YouTube's system of automatically removing inappropriate contents?
Thank you for your work.
That also means that they could post to other communities, so I guess moderators need to be vigilant
Is there an app or anything that can make a notification if anyone posts anything to a community I mod? Am I able to turn of image posts?
For image posts, ask your instance admins (as you are on LW, they are probably working on something)
For notification, not that I know off, but I guess it might be possible using RSS
Thanks so much! I appreciate the help!
is there a list somewhere including detailed descriptions of the tools needed?
My field is QA but i'm reasonably competent in a few scripting languages (mainly JS, but can also code in python and C#)
they would probably not be browser embedded, at least not at first, but i can dedicate a couple evenings a week to writing tools so long as there is a specification
My guess is butthurt trumpolinas whose memes could not gain traction and were shat upon.
Are they only posting to this one community? If so, why? Would closing this community not just make them post on a different one?
They don't have much power to down multiple places so they targeted one to show off, watch our reaction and see how vulnerabilities get fixed. It's probably one person or a thread on some chan-board taking offense at LW\Lemmy for some reason, and c/shitposting could be taken by activity\moderators count metrics rather than for having something against it alone. They did damage and locked community, but what's next? If they are indeed like old boards' posters, methodically flooding communities one after another doesn't make sense and gets old really quick if they can't do something more atrocious, achieve new goal or find another exploit. That's done already.
I do think if the platform needs to grow more, we need more full time devs working on it and building it up to par. Good time to start funding campaign for Lemmy
I had no idea that this was going on. I expect that, like me, most people are horrified.
Have you reported this to the FBI?
That sucks! I saw one of these things and reported it. If you need moderators for when it opens I'm willing to help.
Same, there was some uncensored NSFW post that had a text portion at the end mentioning the age of the person in the clip. Reported that shit immediately
FFS this is so messed up.
What stops them from posting across other instances? I'm surprised they spam stuff in that specific instance instead of all over.
The federal governments of several nations should be in pursuit of this, and IP addresses and specific time logs shared.
IP ban + report to the ISP or VPN provider should get the ball rolling. IP blacklist for known compromised hosts. Police report in the country with jurisdiction.
To the person uploading such things, don't they ask themselves, what if that was your child?
Thank you so much for the transparency and for all your (and the teams) work to keep things running for us <3
Relevant: Excellent congressional legal memo explaining the current US law on CSAM (as of 2022) Link
For some reason I only got this on my feed now. But if you read this mods, thank you for all your hard work
I'm sorry you (and the other admins & mods of the community) have to deal with this shit, it's disgusting. Thank you for doing what you do.
Of all the lack of positive role model behaviour one could exhibit, it had to be this. Seeing that shit kind of fucked me up, NGL. Good health to the mods who are running defense for us!
That's a testament of your capacity for empathy and being a decent human being. It sucks that you saw it, but it'd be more concerning if it didn't fuck you up a little. That's trauma you've picked up from witnessing their trauma...
It's not unreasonable to talk to a mental health professional if you continue to feel troubled by this. There's no shame in getting help if you need it.
I'd like to do my part and report there are a ton of assholes on lemmy. It's REALLY bad here and I've been around a while.
I appreciate all the hard work you're doing. Not only must it be exhausting to delete all this perverse filth, but I'm guessing you have to look at it too. At least the thumbnail.
wow that's fucked, but thanks for the transparency
Even if they aren't they are providing it and weaponizing it to destroy communities this is a sad day. To think people would stoop this low is truly unhinged and unforgivable.
The difference between a pedophile and someone who uses this material to attack with is negligible. It's almost indescribable how evil these people are.
I don't know if it has been mentioned there yet but do you think it would be a good idea to post this to the lemmy incidents room on Matrix?
Thank you. I love fediverse.
What the fuck, dude? That's weird.
It's evil, disgusting, and illegal. Weird doesn't seem like a good adjective at all to describe what happened, way too tame.
How come that I never encountered any kind of this content and browse constantly Lemmy, is this one of the perks of surfing through subscribed feed?
I unsubscribed from meme communities very early on because they were spamming such a feed.
Is there a way to see all reports made by myself and see their statuses?
I understand this is a major growing problem in many parts of the tech industry right now.
Solving the problem will make us strong... I just wish it was over something like malware. Something urgent enough to make us work, but not awful enough... You know.
As someone who was a moderator on a nothorious website, it can at times feel like shoveling water out of a boat while it's still leaking. Efficient and robust tooling makes a very big difference, but it's not waterproof. Mods cannot be appreciated enough.
WTH is wrong with people?
Was wondering why I couldn't reply to a comment from earlier today when I was sure I hadn't broken any rule to get banned. Hope it's back soon, but more importantly that you can stop all the damn CP.
Thank you. Thank you. Thank you!
Thank you.
what if we use deep learning based automoderators to instantly nuke these posts as they appear? For privacy and efficiency let's make the model open source and community maintained.. maybe even start a seperate donation for maintaining this, and maybe even make it a public API!
Any news regarding the situation? (Tue 12:59)
To me this is a flaw of federation in general and I really think the solution should be to defederate yourselves from other instances until further notice, and only federate with trusted communities.
With how Lemmy (and the fediverse in general) is currently set up, what's stopping malicious actors from just creating another Lemmy instance of their own then targeting another community until you're forced to close that one like you did with Lemmyshitpost.
Sorry for my ignorance, what does CSAM mean? Thank you in advance.
Child Sexual Abuse Material
Thanks.
wtf did just happened
Thank you for editing your comment. Take care!
Thankfully, I never stray from my subscriptions feed so never have the misfortune of seeing any of this.
Wait what!?!
There was an Instance (check bottom of instances page, it's the most recent one in blocked as of writing this) that had rules allowing loli (drawn CSAM) which was defederated very recently. I originally made a post about it on support but deleted it because there was a lot of backlash (backlash against defederating a loli CSAM instance 😒) so I just messaged about it privately, not just to lw admins but to many others as well across lemmy.
There was a backlash against your post for defederating a instance that allows loli? Wtf.
Indeed there was. I don't understand why.
Neither namedropping nor virtue signalling nor spreading misinformation is okay.
What misinformation, are you trying to imply that the known instance wasn't defederated for hosting or allowing the hosting of illegal content, do you think they weren't at all or do you think loli is acceptable and not CSAM, because FYI opinions may vary but the law is clear CSAM even fictional is illegal to produce, host, or consume.
Can you please stop pinning threads globally? or maybe add toggle so people could disable it in their feed
Never been more glad that I don’t follow shitposters or shitpost communities. Can’t believe that community is as big as it is anyway considering how annoying shitposting is.
hah other instances will just recreate it