Sorry for the short post, I’m not able to make it nice with full context at the moment, but I want to quickly get this announcement out to prevent confusion:

Unfortunately, people are uploading child sexual abuse images on some instances (apparently as a form of attack against Lemmy). I am taking some steps to prevent such content from making it onto lemm.ee servers. As one preventative measure, I am disabling all image uploads on lemm.ee until further notice - this is to ensure that lemm.ee can not be used as gateway to spread CSAM into the network.

It will not possible to upload any new avatars or banners while this limit is in effect.

I’m really sorry for the disruption, it’s a necessary trade-off for now until we figure out the way forward.

  • ScrollinMyDayAway@lemm.eeEnglish
    10·
    1 year ago

    This is sick. Kudos to mods for dealing with this garbage. I hope the posters are all hunted down and punished.

    • DudePluto@lemm.ee
      4·
      1 year ago

      Yeah, the admins deserve all our support on this. Not only to protect themselves as server owners, but to stop the spread. Hopefully a longterm solution will be found soon

      • AeroLemming@lemm.eeEnglish
        1·
        1 year ago

        I didn’t like Apple’s idea of scanning private images for such imagery, but I think it would be a fantastic technology to use for social media. If they open sourced it, it could help Lemmy a lot.

  • TheAndrewBrown@lemm.eeEnglish
    3·
    1 year ago

    I think this is a great move until we have something rock solid to prevent this. There are tons of image hosting sites you can use (most of which have the resources to already try to prevent this stuff) so it shouldn’t really cause much inconvenience.

      • Catradora_Stalinism [she/her, comrade/them]@hexbear.netEnglish
        2·
        1 year ago

        We doubled the amount of mods, and banned anything remotely resembling the things on-site. Sadly many times it had to be a brave lemmygrad to check it first and take the bullet for us to report it. I was one of those people on several occasions. I still cringe at the memories. It lasted a few months iirc.I haven’t seen whatever is hitting you guys, but our bots had some recognizable features, usually hiding their spam behind spoilers or links.

        It really was just a mobilization, lockdown, and purging everything that was suspicious until it stopped. That or they found a way to block those bots. I wasn’t in the command center by any means so the internal decisions I don’t know too much about.

  • Cris@lemm.ee
    3·
    1 year ago

    I know there are automated tools that exist for detection CSAM- given the challenges the fediverse has had with this issue it really feels like it’d be worthwhile for the folks developing platforms like lemmy and mastodon to start thinking about how to integrate those tools with their platforms to better support moderators and folks running instances.

  • Io Sapsai 🌱@lemm.ee
    2·
    1 year ago

    This is really sad and disgusting. It affects the whole platform but especially smaller instances that can’t keep up. Despite being a lemm.ee user, I was particularly upset about thegarden.land shutting down because of that spam. It had my favourite gardening community on here.

    I really hope this gets sorted out, and the spammers end up where they belong.

  • iByteABit [he/him]@lemm.ee
    2·
    1 year ago

    This is a very good decision, I worried about this problem from the very beginning that I learned about the Fediverse. Research must definitely be done to find CSAM detection tools that integrate into Lemmy, perhaps we could make a separate bridge repo that integrates a tool like that easily into the codebase.

    I hope every disgusting creature that uploads that shit gets locked up

  • Awoo [she/her]@hexbear.netEnglish
    2·
    1 year ago

    If you’re concerned about legal liability I think it’s worth noting that there is some protection for websites in this matter. For the most part as long as you’re taking “reasonable action” against it you’re not liable, and that most laws take into consideration the resources of the site dealing with the uploads.

    Not pleasant for users though of course. And the speed at which its handled is obviously a concern.

  • Stamets [Mirror]@startrek.website
    2·
    1 year ago

    I’m genuinely confused on why it’s even happening in the first place but I can’t say conspiracies aren’t spinning in my head. Stuff like Russia having troll attacks to try and stifle a new Internet trend. Or companies like Facebook and Twitter paying people to do this to instill a boogeyman like fear of federated Internet.

    I’m not suggesting they’re true, but they’re one of many confused thoughts as to what’s goin on.

    • UnicodeHamSic [he/him]@hexbear.netEnglish
      2·
      1 year ago

      It is an old 4chan thing. They have it around and they know it freaks out the normies so why not have some fun with it? So any kinda shit head chud or skrpit kiddie can do it for a little hit of fun vandalism. Being kicked off reddit for being too comunist does make us a likely target for all this.

    • redballooon@lemm.ee
      1·
      1 year ago

      There’s no need to invoke conspiracy. This is entirely possible for a single person to do, and motivations for single people may be very pity even if the consequences are widely visible.

      One misguided teenager on a power trip who enjoys how much disruption he can cause is enough for such an effect.

    • lagomorphlecture@lemm.ee
      2·
      1 year ago

      I’m going to go out on a limb and say they and all the other instances that were hit with this attack probably did. Which authorities, I don’t know. If this instance is hosted in Estonia then probably Estonian authorities, but it’s probably being hosted on the cloud so is it REALLY hosted in Estonia? There are a ton of American and EU users so hopefully the FBI and whatever the EU equivalent is. But honestly cybercrimes can get confusing because of the nature of people and hosting being spread out all over the world and it can be hard to even figure out who to report to.

      • infinipurple@lemm.ee
        1·
        1 year ago

        Europol in Europe. But you can report it to your national cybercrime division and they can refer it to the appropriate authority if necessary.

    • coffee@lemm.ee
      2·
      1 year ago

      I don’t think they made it onto this server, with the 100kb upload limit in place, that was already a rather low risk. It’s a preventive measure. So far lemmy.world was the one deliberately targeted.

  • GarbageShoot [he/him]@hexbear.netEnglish
    21·
    1 year ago

    I’m sorry that you and the people on this instance are being subjected to that shit. It’s always despicable but on top of that it just seems absurd to target lemm.ee – a deliberately unprofitable platform – with such illegal means.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      11·
      1 year ago

      And I’m honestly sorry that people are blaming & attacking you and various other Hexbear users for no tangible reason.

      I’m surprised people have forgotten already about the attacks against lemmy.world, assumedly executed by a disgruntled ex-moderator long before we ever knew Hexbear existed.

      Instead people are jumping to “OhH it’s ThE HexBeArS” when they have not been able to freely browse HB discussions or even talk with you, they’re just shown the worst take from a minority (although tbf HB does the same on c/cth, so it’s kinda funny seeing both sides with one not realising the other is also just a human too, just with differing culture and political stance)

      Edit: replaced “guys” with a more neutral term

      • GarbageShoot [he/him]@hexbear.netEnglish
        0·
        1 year ago

        Thankfully I haven’t seen the takes accusing HB of the recent attacks, though being accused of the attacks on .world was a little annoying. I appreciate the solidarity.

        I genuinely have no idea where this recent attack is coming from. The most fried part of my brain says “One of the big companies trying to absorb the fediverse is doing this to undermine their competition,” but I have zero evidence, it’s just the only motive I can even think of beyond it being a rogue crank.

        It’s totally conceivable that HB people would spam an instance they don’t like – though this would be against the wishes of the mods and admins – but our site culture is completely antithetical to spamming CSAM and things like that, so I don’t think even a rogue group of users would do it “on our behalf”.

        Oh, I just realized it could be one of those fash instances like exploding heads. If any were defeded relatively recently, that would make sense.

        Instead people are jumping to “OhH it’s ThE HexBeArS” when they have not been able to freely browse you guys’ discussions or even talk with you, they’re just shown the worst take from a minority (although tbf you guys do the same on c/cth, so it’s kinda funny seeing both sides with one not realising the other is also just a human too, just with differing culture and political stance)

        I don’t think I have much to contribute to the “both sides” thing that is useful, but I’m going to talk anyway because I’m thinking about it now.

        off-topic

        I think if you asked a hexbear user to seriously answer how representative those screenshots are of lemm.ee, they’d probably say that lemm.ee is much more ideologically disjointed on a handful of issues, especially regarding history and geopolitics, and the screenshots are only representative of some of the more annoying tendencies among the neoliberals and poorly-educated “anarchists” (like that dude who decried “tankies” and used Sankara as a counterexample, when we all like Sankara). I also think they would be correct in saying this. I don’t know what the anti-HB people who don’t comment on our instance think, I hardly ever see it, but I can at least tell you that we know much more about neoliberal ideology than they do ML, because we almost all started out as de facto neoliberals and nearly none of them have even a basic understanding of ML theory (which is not really their fault, to be clear).

        Anyone on any instance federated with hexbear is welcome to post questions to c/askchapo. If they are relatively polite and not presumptuous, we’ll be happy to answer. If people are still mean, report it. You can let me know and I will personally nag the mods to address the matter properly. Just recently we had a thread from a .ml user who wanted us to state our opinion on Trump for the record for the hundredth time, so about a hundred users chimed in that they all hate his guts (I also made a comment to that effect). We’re happy to discuss things openly and it would be good for us to improve community relations to avoid things like one group accusing the other of doing something as heinous as what the OP describes.

        • HelloHotel@lemm.ee
          1·
          1 year ago
          CSAM sourcing?

          Where do these people get that much CSAM. somebody once said that to the best of their understanding, it was new CSAM images each time, meaning not many repeats. My collection of reddit memes costs me ~15-30GB, all of sbubby costs ~5GB. where is it pooled from?

          The most fried part of my brain says “One of the big companies trying to absorb the fediverse is doing this to undermine their competition,” but I have zero evidence

          Most companies that build CSAM detectors, by nature of their work, have a lot of it. likely thousands of photos and videos were willingly handed over to put into some vault to fight against it’s existance. If its a large corperation attacking is, it nesisarly means a leak from a CSAM vault wether it was intentional (an authorized attack) or not (opsec mistakes or insiders). Or it means there was no vault (negligence) or it wasnt tranfered securely (opsec mistakes).

          it’s just the only motive I can even think of beyond it being a rogue crank.

          Its not hard to build a bot that scrapes a webpage of its images, they can easly aggrogate that much content over decades.