this post was submitted on 11 Jul 2023
56 points (93.8% liked)

Selfhosted

40394 readers
374 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I've been considering self-hosting for over a year now, but I'm still concerned if the feds will come knocking at my door for something someone else does.

For example, if someone on my server follows an individual or community and they posts something illegal (i.e. unauthorized sexually exploitive images) that content could be stored on my server. Wouldn't' I be legally liable for such?

I mean #fucklaws and everything, but I don't want to end up in a cage and certainly not for something someone else did.

top 31 comments
sorted by: hot top controversial new old
[–] [email protected] 31 points 1 year ago

Yes, which is why there aren't a lot of NSFW communities right now.

You can be pretty safe if you ban NSFW and have a good hand in moderation, and most of the time if the feds did come knocking it would probably be just to ask for the user who did post it and to give all information on them.

Users love to complain that there is no NSFW in most places on lemmy but then refuse to accept any of the responsibility of hosting it.

[–] [email protected] 17 points 1 year ago (1 children)

If you are US based, I think there is something like registering for DMCA take-down requests, so that they will contact you first for removal but IANAL.

But it is pretty much FUD that the Feds will come to your door on the first minor issue. If you react quickly to any complaints they will probably not bother.

[–] [email protected] 12 points 1 year ago (1 children)

Assuming USA - platform immunity (CDA 230) protects you from most liability for content originating elsewhere. There are specific requirements to maintain your immunity if you receive a DMCA takedown notice, or have actual knowledge that child pornography has been uploaded to your service.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

Related, What about a personal instance only I use? I can choose what communities I want but I can't control what is posted on those communities. Someone could post something illegal to a beehaw community (and have) and the mods remove it, but does the deletion of images and posts federate? In know matrix keeps copies of every deleted file in a room on all homeservers, what about lemmy?

[–] [email protected] 5 points 1 year ago (1 children)

If you do not download said asset you should be fine. As long as it is not CP

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

Lemmy sometimes caches remote content in pict-rs. It's a bit broken so you usually don't see it, but it does do it occasional

[–] [email protected] 7 points 1 year ago (2 children)

IIRC Lemmy preloads all thumbnails for posts in communities you subscribe to into pictrs to be cached for like a month or something. So, yeah...

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 0 points 1 year ago

Yeah, all I know is that I am definitely seeing images loaded in from domains other than that of my instance as I load/scroll pages, which I want to be loaded via my instance for privacy reasons.

[–] [email protected] 1 points 1 year ago (1 children)

It barely works on my old version of lemmy, probably fixed now then. It would be nice if there was a was to turn that off and only use pictrs only for locally uploaded images. Since I'm the only person here caching isn't too important.
I wonder if I could shut pictrs down and only use an external image hosting for images?

[–] [email protected] 1 points 1 year ago (1 children)

I believe the Pictrs is a hard dependency and Lemmy just won't work without it, and there is no way to disable the caching. You can move all of the actual images to object storage as of v0.4.0 of Pictrs if that helps.

Other fediverse servers like Mastodon actually (can be configured to) proxy all remote media (for both privacy and caching reasons), so I imagine Lemmy will move that way and probably depend even more on Pictrs.

[–] sneakyninjapants 1 points 1 year ago* (last edited 1 year ago) (1 children)

I believe the Pictrs is a hard dependency and Lemmy just won’t work without it, and there is no way to disable the caching

I'll have to double check this but I'm almost certain pictrs isn't a hard dependency. Saw either the author or one of the contributors mention a few days ago that pictrs could be discarded by editing the config.hjson to remove the pictrs block. Was playing around with deploying a test instance a few days ago and found it to be true, at least prior to finalizing the server setup. I didn't spin up the pictrs container at all, so I know that it will at least start and let me configure the server.

The one thing I'm not sure of however is if any caching data is written to the container layer in lieu of being sent to pictrs, as I didn't get that far (yet). I haven't seen any mention that the backend even does local storage, so I'm assuming that no caching is taking place when pictrs is dot being used.

Edit: Clarifications

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

It seems to work, but it keeps throwing pictrs related errors, so it's not really built for it

[–] sneakyninjapants 1 points 1 year ago

Well that's disappointing. I'll have to investigate further I guess. I was really hoping to set it up (at least initially) without any type of media storage.

[–] [email protected] 5 points 1 year ago

Might be liable, then. You can never explain technology to a bureaucrat.

[–] [email protected] 7 points 1 year ago

Maybe. First you should check out https://en.m.wikipedia.org/wiki/Section_230 which explains websites generally aren't responsible for users posting their own content. However, that's not a clear protection from anything. If you end up with blatantly illegal material, you will be investigated and forced to turn over data, surrender equipment, etc. They would have to prove that you were aware and complicit, but it's generally not worth the trouble unless you're making money from it. That being said if you got a lawyer that is familiar with section 230 to look over a disclaimer and your intentions, you're probably fairly protected. Also, the smaller you are, generally you're much less likely of being targeted should something happen.

Disclaimer; I'm not a source of defensive legal advice.

[–] [email protected] 7 points 1 year ago (1 children)

I actually wanted to post something related some days ago. Why happen if I store pirated content inside my VPS? I think the answer is pretty obvious, in their TOS should say that if I do that they will BAN me without warning, but can they detect the files? Or worse, what if I download directly into the VPS with torrent or Jdownloader?

[–] [email protected] 16 points 1 year ago (1 children)

I think this is a different enough topic that it deserves its own post.

[–] [email protected] 1 points 1 year ago

Good idea, I'm going to post it.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

I'm sure you're liable if you don't moderate. I'm no lawyer, but it's certainly possible to host things without ending up in prison. google, reddit, etc and lots of other people and companies do it. and they had that happen.

[–] [email protected] 3 points 1 year ago

You probably would be, but that depends on the law where the server is hosted. This isn’t a good place for legal advice like that.

What kind of server do you want to host?

[–] [email protected] 3 points 1 year ago (1 children)

You haven't discussed either your jurisdiction or what you're worried about hosting. But in general, if you're hosting a service for others... yes... they can create legal liability for you. And with lemmy specifically it's not just what your users create, but what they subscribe to since subscribed content gets replicated to your instance and then served to the unauthenticated public internet.

People/companies obviously do host things safely, but you need to learn how things work in your local jurisdiction. Like on the US, you need to register as a copyright agent to get DMCA protection, failure to do so could expose you to personal liability for the copyright infringement others sub/create. For CSAM (aka child porn), you may be required not just to remove but to report it as well.

There are definitely people hosting Lemmy instances today who have no understanding of the legal implications of doing so are are not taking the necessary precautions to protect themselves. The vlemmy instance just disappeared without warning or communication, and while no one knows why, it's not out of the question that they got spooked by a child-porn situation or got their server raided by police (this is speculation, but it's possible). Other instances will disappear at some point when admin responsibilities get real.

Your most important responsibility as an admin is understanding the legal/compliance environment you operate in and doing whatever is required of you to host safely. It's not a trivial task, but people do it successfully.

[–] [email protected] 0 points 1 year ago (1 children)

#AmIBeingDetained?

Then again most nations aren't federated, as such don't have feds, so you should be able to figure that out but ;-) I'm fairly certain the legal ramifications are the same whether It's GNU Social or Kbin. Sure platforms like Mastodon & Friendica give you more options for "defederating" "bad actors" than Pleroma or a NOSTR relay, but even that only does so much.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Then again most nations aren't federated, as such don't have feds, so you should be able to figure that out...

If you want useful help, be explicit. Nobody is here to play guessing games because you can't be arsed to state your jurisdiction and the world is full of federal police forces outside the US, including AFP and BPOL.

I'm fairly certain the legal ramifications are the same whether It's GNU Social or Kbin. Sure platforms like Mastodon & Friendica give you more options for "defederating" "bad actors" than Pleroma or a NOSTR relay, but even that only does so much.

Hosting a CIFS server on a private network is on-topic for this community and has a wildly different liability profile that federated apps, which your post said nothing about.

[–] [email protected] -1 points 1 year ago

undefined> Cake day: Jun 04, 2023 damn boy, you are really too young to be this salty.

[–] [email protected] 2 points 1 year ago (1 children)

Dude. 4chan exists and continues to exist. This fact alone should allay your fears.

[–] [email protected] 1 points 1 year ago (1 children)

which particular fears are that? Do people post child porn there? I've heard that website is like where the trolls go to plan their trolling, but I realy don't know much.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago)

I made the mistake of going to their /b/ board one time. In short, yes, people do. Horrifying gore, too. Just basically don't. Like, ever.

The problem with the comparison here, however, is that that place moves incredibly fast and deletes everything automatically and permanently. Even if the feds came knocking for 4Chan, there'd probably be nothing to show. Lemmy, on the other hand, apparently caches everything locally until you manually purge it (so I've heard).

load more comments
view more: next ›