Hello everyone,

We unfortunately have to close the !lemmyshitpost community for the time being. We have been fighting the CSAM (Child Sexual Assault Material) posts all day but there is nothing we can do because they will just post from another instance since we changed our registration policy.

We keep working on a solution, we have a few things in the works but that won’t help us now.

Thank you for your understanding and apologies to our users, moderators and admins of other instances who had to deal with this.

Edit: @Striker@lemmy.world the moderator of the affected community made a post apologizing for what happened. But this could not be stopped even with 10 moderators. And if it wasn’t his community it would have been another one. And it is clear this could happen on any instance.

But we will not give up. We are lucky to have a very dedicated team and we can hopefully make an announcement about what’s next very soon.

Edit 2: removed that bit about the moderator tools. That came out a bit harsher than how we meant it. It’s been a long day and having to deal with this kind of stuff got some of us a bit salty to say the least. Remember we also had to deal with people posting scat not too long ago so this isn’t the first time we felt helpless. Anyway, I hope we can announce something more positive soon.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      In this situation I think

      • major instances define their own trust limits, or at least agree on a common variety
      • self hosted instances go through the guarantor process with dbzer0’s fediseer service
      • main instances pull data from fediseer and fediverse observer to see if an instance is malicious the first time we federate, if not percieved as such then apply the trust limits to each of the instances users in good faith that the provided data is not manipulated - we could try and cross reference activity with other instances using the activitypub API but this seems ripe for abuse as a DDoS attack vector if we’re running hundreds of user posts/comments through each of the instances it claims to exist on.

      This is still not really ideal though and adds more friction.

      I think the best compromise would be application signups + pictrs upload restrictions (at the source instance) for newly registered users, which does not exist as a feature. This would keep a human in the loop, who would likely spot opportunistic trolls, and not affect selfhosters too much if they themselves are the admin. Selfhosters who abuse can just be defedded instantly, and would need to buy another domain to continue (freenom no longer offers free domains).