Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts.
We know this is a major step to take, but we believe that it’s the right one for both us and our community right now.
We’re working on a better long-term technical solution to these bots, but that will take time to create, test, and verify that it doesn’t cause any problems with federation and how our users use our site, and we’d rather make sure we get it right than have a site that’s broken.
We’re making this change on 28 Aug 2023, and don’t have a specific timeline for how long registrations will require an application, but we will post an update once our new anti-abuse measures are in place and working.
Take care, LW Team
You gotta do, what you gotta do!
Thanks as always for the hard work and transparency.
I am loving the transparency.
Thank you for the kindness!
I hope you guys are doing okay having to see all that shit… No shame in reaching out to mental health professionals. Makes me sad imagining you guys picking up emotional baggage and trauma having to see all that to protect the community.
I appreciate you guys looking out for us, but I hope you all have proper support yourselves.
That’s a good point. Jesus.
No place is safe from this, unfortunately. I moderated 2 big brazilian subreddits, and then decided to volunteer to help a smaller one. I had a day (and to be honest, an entire week) absolutely ruined when somebody did indeed set a bot to post large amounts of CSAM to the subreddit. Luckily I was online to quickly purge it all, and Reddit’s admins did remove the accounts pretty much instantly, but I feel for every Lemmy admin that even caught a glimpse of this material and now have to purge their computers and honestly, their minds, from that. Sorry to hear it happened.
I saw one of these videos in my feed last night and it was very obvious to me what it was. Thankfully it wasn’t anything that was to bad, but It still gives me the creep that something like that was in my feed.
CSAM
I just looked up this acronym and am sorry I did.
Same but not sorry. I always called it CP but I guess this is more of a straight forward name.
Same, and to make sure no one else has to have it in their search history, CSAM stands for “Child Sexual Abuse Material.”
Yeah, the term CP (Child Porn) has always been a terrible name for it. It sounds weird, but “Child Porn” sounds much less dramatic than it is, like some sort of fringe porn. Meanwhile CSAM (Child Sexual Abuse Material) make it a lot more clear that there is a child being abused.
Two brazilian sounds like a lot.
If you could give me the numbers of new accounts monthly I would look into CloudFlare. If I can afford it I will even pay for it.
Update: we opened registrations again but temporary email addresses will still be banned.
Bummer, but I hope you can find a solution soon! What a PITA for you all.
I guess I’m out of the loop, perhaps because I mostly browse communities I subscribed to, but…
What happened? Lots of spammy bots signing up and spamming the site? I guess I didn’t notice where I was looking
Also, what does application based sign up mean?
Anyhow, Lemmy.World and Lemmy (in general) are growing nicely, so what’s needed to defend them is cool.
Edit: fixed grammar
Troll / spam accounts posted CSAM in !lemmyshitpost@lemmy.world. That spread with federation and every admin ended up involuntarily hosting such content.
Application based sign up means that if a user wants to subscribe they have to fill out a form and a .world admin gets to review it and approve or reject their sign up. It’s a measure of controlling who gets in and limiting the amount of bots and possibly troll that join an instance.
To make it clear, the form is virtually the same as before with one additional question. It just asks you to state you read the note that is the same as the note in the post above. The application is virtually identical beyond that. But, the biggest difference, is like you said, an admin needs to approve it.
Good hope the child porn posting stops with that.
Oh Christ, really? That’s just sickening. I often sort by new, sounds like I’ve been very lucky to miss it entirely…
Yeah i had the unpleasant encounter several times by now…
I’m guessing they’re not even flagging that shit as NSFW? I’ve been using liftoff and have the NSFW stuff hidden. I haven’t run into of it yet but that’s fucked up, hopefully it gets under control with this.
Maybe mods of each section can turn on manual approvals of submissions?
Manually approving submissions would be even more work. And shits being posted everywhere.
And no, the ones i had a unpleasant encounter with weren’t flaired nsfw.
To combat this until there is something in place to automate blocking it. Manually approval might just be the only way to deal with it for now. Places can add more moderators.
Manual approval would mean that mods have to see all that shit to block it… That’s not the right solution imo
They’ll end up having to see it anyways to remove it, and by that point more than just the mods would have seen it…
Isn’t there a tool (possible free) by Google I think that detects abusive material like this?
Eh… I don’t think we should give up our privacy because one or two bastards are doing that shit…
deleted by creator
Are you serious? Holy shit. I haven’t seen any at all. But just the thought that someone is posting it. I hate people sometimes.
Big incident last night
deleted by creator
I have not seen any of that and I sort by All.
With nsfw on? I do as well, but I usually have nsfw off
It wasn’t marked NSFW…
Oh yeah, that’d be a problem…
Child porn? Meh.
Not marking it NSFW? WHOA THERE BUB!
I sort by new in all, I guess I just got lucky I didn’t come across it.
Same, and I’m on all the time.
Not long after joining Lemmy, I was on the less fortunate side of things and ran into a troll post. I haven’t seen any of that horrid stuff on Lemmy since then, I assume the admins and mods have been dealing with it first hand… ☹️ hope they are OK, it isn’t good for anyone mentally.
IMO registration applications should have been in use right from the start. Less annoyances for admins and moderators.
Absolutely agreed. Similar to waiting periods for weapons purchases. It would be an effective filter for most people who get in the mood of making a troll post, they would get tired of it before they are approved, and many users with hateful names would be disallowed before they can start posting their hate.
Example of hateful user
@lgbtslayer@lemmy.world being the quintessential example that pushed Beehaw to defederate from LW, after that user posted anti-lgbt and misogynist stuff directly into Beehaw’s lgbtq+ community :::
Oh shut up
I wouldn’t put the manual review of thousands of application into the “less annoyances” box.
Not really, you have to manually approve all.
Indeed. This is a lot more work.
No, applications are a very degrading process for both users and admins.
I agree it’s annoying and hopefully will one day soon not be necessary, but “degrading” is something I don’t think ever occurred to me. Is there some aspect to having to get manually approved that is degrading that I’m not aware of?
I never use services which require an application. First of all, that’s a bad user experience. Second, it’s enough to write some bullshit during job applications.
The application is a question asking if you read the statement (which is the same as the post above).
The rest of the application is the same application you had to fill out when you created the account even when it was open sign ups. The only real difference is it’s not automatically accepted but manually accepted.
degrading?
Beep Beep. Thank you for the update.
Beep boop beep. Hello fellow human.
Hi humans, wich way to the likely scam victems.
I will give them head patts and a free mini fridge.
I cannot be thankful, i have not been tamed
deleted by creator
Wasn’t the argument for having open sign-ups that some Lemmy apps redirect straight to Lemmy.world for registration?
Yes but when people start creating accounts to post CSAM it doesn’t leave us much choice.
Seems like a pretty important detail. Why wasn’t it mentioned it in the post body?
Because they’re not trying to make a big deal about how easily CSAM spread throughout federated instances making all hosts possibly legally liable. Instances in the US are probably ok, due to various laws like safe harbor for platform providers but with instances all over the world, they all have their own laws to contend with and many never expected this
It’s really not that hard to connect the dots… Unless you’re trying to impose a question for the sake of
It’s about transparency for me. The admins claim to care about it and users praise them for it, but to me it seems like they’re doing the bare minimum informing us about changes we are about to notice. Reminds me of corporations writing statements trying to sweep things under the carpet. You and I might realise what it’s all about, but many users without the context won’t.
That’s not what I want Lemmy to be. I want to feel included as a part of the community. I’m doing what I think I can to help it all go in the right direction
Understand the issue with transparency. It’s just a very sensitive topic all around. And it sucks it is happening. I am not realizing as well a very important threat that exists in unmoderated federation.
Doing “the bare minimum”? We have quite a big team trying to keep the impact for our users to a minimum. We don’t claim to care. We DO care. And we try to be as transparant as possible.
We monitor the new posts, we react very quickly to reports, we make sure that even with the sign up requirements everyone can still get on board quickly and we are looking for a solution for the csam problem.
If this is not what you want Lemmy to be, there are plenty of options.
I’m only talking about transparency here, didn’t mean to undermine other moderation efforts and sorry if I phrased it ambiguously. But regarding informing users, yes, I think Lemmy.world admins do the minimum
Thank you!
Thanks for all the work you do! It isn’t unappreciated.
I think it’s the right call honestly. We’ve grown so quick that it must be hard to manage by now.
Lemmy.world users were mostly upset 2 months ago about how other Lemmy servers had application based registration and that made it bad for widespread adoption.
Incidents like this are part of why this is a bad idea. Hopefully mitigations to maliciously posted illegal content can be implemented to help Lemmy server admins big and small.
People make these applications seem like a much bigger deal than they are. You don’t need to fill out an essay or anything, just a sentence or two to reassure the server owner that you’re a normal person. I just mentioned the old Lemmy account I was moving away from. I get that it’s a barrier for some though.
