this post was submitted on 29 Aug 2023

8 points (100.0% liked)

Reddthat Community and Support

664 readers

3 users here now

Reddthat Community & Support

This community is for us to chat about anything and everything, including support topics!

There is no defining specific rules for this community and it can be anything from "I do not like the weather" to "I've won the jackpot and want to give all the money away to charity!" 😄

Before posting, have you read the rules?

Reddthat Rules

Introductory Required Reading

For anything else, try a search and see what turns up, if not post away!

Alternative Matrix Chatroom:

https://matrix.to/#/#reddthat-chat:mozilla.org

Alternative Support Forums:

founded 1 year ago

MODERATORS

[email protected]

Current spam/attacks of explicit, illegal images (CSAM) posted from various Lemmy instances - How does Reddthat react to it? (reddthat.com)

submitted 11 months ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

It seems like, luckily, Reddthat wasn't a victim of such (yet), but I think there should be some precaution applied here as well.

What is it about?

I am worried of such happening on our instance. Is anything planned?

all 8 comments

sorted by: hot top controversial new old

[–] [email protected] 11 points 11 months ago* (last edited 11 months ago) (2 children)

I won't be taking such drastic measures regarding the signup policy. I'll be going straight to reporting to the authorities. https://www.accce.gov.au/report . With all logs, ips, user agents, usernames & emails.

I do not tolerate child exploitation.

Reddthat is currently a one person show on the admin side of things, that doesn't mean that only I deal with content. All of the wonderful moderators also help out here dealing with reports in their own communities.

These people (the posters) have gone out of their way to cause a ruccus, and I'm sure they are feeding off all these stories. We won't be closing our user signups or moving to an application process unless it becomes completely horrendous with bot attacks.

The application processes can be "gamed". They could create an account and sit on it or even wait 30days and then flood it with csam. There is no way for me to tell if a user has good or bad intentions unless I make people write a paragraph of text, even then it can easily be gamed.
Even lemmyworld has had other troll account issues. Ban a person, they signup again with another random email account and start spamming again. The features for anti-spam are not built into Lemmy like they are with Reddit. It's only been 90days since I bought reddthat.com and less than 60 since we had a huge influx.

What the other server admins have done will not change the fact that out of the 1000 servers with open signups, federation of posts is still an issue and actually won't "save" them from having to deal with it. Sure it won't be because of a user on their instance, it will just be a user from another instance posting content to their instance.

The only way to combat this problem with a 100% success is to federate with known good instances via a whitelist instead of only blocking instances.
Which then breeds silos, with not many ways for any new instance to join the big closed off federated ones. This I'm not a fan of.
It ends up being we are all behest to the lowest common denominator of instance and their "security" for lack of a better word.

In saying all this, I will gladly disable signups if it takes anymore time out of my day than what it is currently taking. My family comes first. (Even writing this post took too long 😅 )

[–] [email protected] 2 points 11 months ago (1 children)

Thank you for the insights and your opinion / decisions on this topic. Very much appreciated, especially by being so detailed.

I particularly looked for an instance which is open and doesn't start restricting users (e.g. disabling image uploads) if anything happens, instead trust all moderators which invest a huge lot of time to keep communities safe and a nice place, even if not on this instance and only act when actually needed.

I agree with most you wrote about, sadly though such reports usually end up with no outcome since those (truly awful) trolls use TOR, VPN or any other available tool to hide their identity / IP from the public. Being an admin and moderator of several communities myself, I know this struggle. Luckily, on Lemmy there's way more freedom / possibilities than on other managed platforms like Reddit or Discord.

Do you believe it might make sense to consider disabling local image caching (e.g. thumbnails coming from other instances) on your server or use any of the available tools to scan images for possible CSAM content and delete such cached content if this gets worse?

Out of interest, slightly related to this topic, how will you handle other instances possibly blocking Reddthat if ever any spambot attacks happen? Is there a strategy behind this, or will you simply act case by case if such ever happens?

My family comes first.

Absolutely, family and friends come first, especially for projects like this which isn't your job / main income (if any ever from this project).

[–] [email protected] 2 points 11 months ago (1 children)

Thanks for your explanation and nice words for Reddthat.

Disabling local image cache results in a terrible experience especially with super big instances who are overloaded. While we may end up storing content from other services there is a timed purge feature where images are removed after x days. So I'm not worried about that.

Because once we remove the reported post we would no longer be serving the images because no-one would get the images.

We will take reasonable steps to ensure that all illegal content is removed from the platform in a timely manner. Such as actioning reports from users as soon as possible. There isn't really any other way.

I doubt it will get worse as they have already got what they wanted. A huge reaction.

On the lighter note of us blocking instances we've already covered that here: https://reddthat.com/comment/371578
Basically if other instances block us for a reason I'm sure after reaching out and talking about it those instances will unblock us. Once we have sorted out the reason. No one wants to block other instances and it usually comes as a last resort. It amounts to we will deal with it when it comes to it.

Monetary wise I want to eventually get some money from reddthat but currently we are just above breaking even with donations and hosting costs but I don't want to just start taking money from the hard won donations.

Cheers!
Tiff

[+] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

[removed by mod]

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago) (1 children)

Hi there,

I do not believe you are acting in good faith and I do not believe you are a European citizen.

Please provide your identification so I can verify the validity of your GDPR request.

As such any delay in providing verification will extend the timeframe in response.

Cheers.

Edit: Also, why are you insulting me as well? Do you have something against me? Or so you believe that I have some deep seated grudge against you? A person with 2 comments.

I outlined my concerns and what I would do if we were attacked with csam. To be attacked because I outline a plan doesn't seem like a nice thing to do.

If this turns out to a legal gdpr request you will probably end up hurting Reddthat more than helping. As most likely I will have to be contacting a lawyer and as such our current funding will be reduced to next to nothing as lawyers are not cheap.

For a person who has 2 comments, with the second being the antagonist gdpr request...

Either way I look forward to your identity proof so that I can ensure I give the right information to the right person.