1y ago

Trolls are spamming CP on AskLemmy@Lemmy.world

I don't know if you need this info, but I was pretty disturbed to see unexpected child pornography on a casual community. Thankfully it didn't take place on SLRPNK.net directly, but if anyone has any advice besides leaving the community in question, let me know. And I wanted to sound an alarm to make sure we have measures in place to guard against this.

21 comments

Unfortunately I saw it as well while scrolling, and reported it. What's the motivation behind posting fucked up shit like that?
- I don't know the specifics, but trolling is trolling. It's experimenting with ways of breaking things. Not only do they probably find it funny, but if this isn't handled it can kill the platform. If they saw that Lemmy.World was defederated and shut down, that would make their day.
  The point is that we need basic security measures to keep Lemmy functioning. I don't think this is just an issue of moderator response times. We need posts like that to get deleted after 10 people downvote it, and we need limits on how easily new accounts can get into everyones' front page feeds.
  
  It should be reports and limited to users with some form of track record on the platform. So posted some time earlier, has gotten X likes, account age and similar measures to make sure it is not problematic.
  Downvotes are a bad measure. They are often just done by somebody disagreeing with a post, which often are not exactly a problem. Also 10 is really low, when something really takes off. On the c/meme half the posts have more then 10downvotes, but nothing is really all that bad.
  
  Your idea with restricting who can get into front page, is a really great idea! I will write it down for a project of ours.
  
  If the same trolls got 10 accounts, they could find some other way to exploit the security gap, and also delete any posts warning about it.
  Maybe it would help if communities could turn off image uploading? I mean asklemmy doesn't hardly ever has a reason for there to be a picture. Communities that need it of course would still need other security measures.
  
  The problem with an automatic delete is that it's just as exploitable. Anyone can set up 10 accounts on various hosts, or even on one host, and gain the power to instantly delete anything they like
  
  On top of what's been said, it should probably not delete but just hide it, so that mods could still re-approve it in case of mistakes
I reported it TWICE but the mods don't seem to care.
- Mods and admins care, but we're not all online all the time.
  
  You are right on the point! We are all do this in our free time and we are searching for admins that are free in a timezone we still dont have covered yet.
  We are open if someone is interested in assisting us, just hit us with an email with some details about you and when you can be active on lemmy.world.
- That's pretty shocking.
  What tools are available to us to manage this?
  
  The best tool that is currently available is lemmy-safty AI image scanning that can be configured to check images on upload or regularly scan the storage and remove likely csam images.
  It's a bit tricky to set up as it requires an GPU in the server and works best with object storage, but I have a plan to complete the setup of it for SLRPNK sometimes this year.
As a mod of a few communities I'd just turn off public posts and contact the admins to block any trouble accounts, luckily I haven't seen anything yet
- Can you explain? I don't know what it means to turn off public posts?
  
  As community moderator you can apply a setting that means only mods can post on that community and it's not possible for anyone to post anything.
What’s interesting about this is #LemmyWorld uses Cloudflare, and CF was involved in a CP scandal. You might be tempted to report the CP to Cloudflare, but it’s important to be aware of how CF handles that. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually doxxed the people who reported it. Cloudflare revealed the whistle blowers’ identities directly to the dubious website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers should have used fake names.

21 comments