Hello everyone,

We unfortunately have to close the !lemmyshitpost community for the time being. We have been fighting the CSAM (Child Sexual Assault Material) posts all day but there is nothing we can do because they will just post from another instance since we changed our registration policy.

We keep working on a solution, we have a few things in the works but that won’t help us now.

Thank you for your understanding and apologies to our users, moderators and admins of other instances who had to deal with this.

Edit: @Striker@lemmy.world the moderator of the affected community made a post apologizing for what happened. But this could not be stopped even with 10 moderators. And if it wasn’t his community it would have been another one. And it is clear this could happen on any instance.

But we will not give up. We are lucky to have a very dedicated team and we can hopefully make an announcement about what’s next very soon.

Edit 2: removed that bit about the moderator tools. That came out a bit harsher than how we meant it. It’s been a long day and having to deal with this kind of stuff got some of us a bit salty to say the least. Remember we also had to deal with people posting scat not too long ago so this isn’t the first time we felt helpless. Anyway, I hope we can announce something more positive soon.

  • Pat12@lemmy.world
    link
    fedilink
    arrow-up
    148
    ·
    1 year ago

    There are just two full-time developers on this project and they seem to have other priorities. No offense to them but it doesn’t inspire much faith for the future of Lemmy.

    this doesn’t seem like a respectful comment to make. People have responsibilities; they aren’t paid for this. It doesn’t seem to fair to make criticisms of something when we aren’t doing anything to provide a solution. A better comment would be “there are just 2 full time developers on this project and they have other priorities. we are working on increasing the number of full time developers.”

    • TsarVul@lemmy.world
      link
      fedilink
      arrow-up
      95
      ·
      1 year ago

      Imagine if you were the owner of a really large computer with CSAM in it. And there is in fact no good way to prevent creeps from putting more into it. And when police come to have a look at your CSAM, you are liable for legal bullshit. Now imagine you had dependents. You would also be well past the point of being respectful.

      On that note, the captain db0 has raised an issue on the github repository of LemmyNet, requesting essentially the ability to add middleware that checks the nature of uploaded images (issue #3920 if anyone wants to check). Point being, the ball is squarely in their court now.

      • postmateDumbass@lemmy.world
        link
        fedilink
        arrow-up
        16
        ·
        1 year ago

        I think the FBI or eqivilant keeps a record of hashes for a known CASM and middleware should be able to compare to that. Hopefully, if a match is found, kill the post and forward all info on to LE.

        • malloc@lemmy.world
          link
          fedilink
          English
          arrow-up
          14
          ·
          1 year ago

          Interesting. But aren’t hashes unique to a specific photo? Just a single change to the photo would inevitably change its hash.

          I think Apple was going to implement a similar system and deploy to all iPhones/Macs in some iOS/macOS update. However was eventually 86’d due to privacy concerns from many people and the possible for abuse and/or false positives.

          A system like this might work on a small scale though as part of moderating tools. Not sure where you would get a constantly updated database of CSAM hashes though.

          • AeonFelis@lemmy.world
            link
            fedilink
            arrow-up
            12
            ·
            1 year ago

            Interesting. But aren’t hashes unique to a specific photo? Just a single change to the photo would inevitably change its hash.

            Most people are lazy and stupid, so maybe hash checking is enough to catch a huge portion (probably more than 50%, maybe even 80% or 90%?) of the CSAM that doesn’t bother (or know how) to do that?

            • TechnoBabble@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              I’m almost positive they’ve been developing an image recognition AI that will make slightly altering csam photos obsolete.

              Here’s hoping.

            • A hash would change if even one bit changed in that file. This could be from corruption, automated resizing by any photo processing tools (i.e., most sites will resize photos if you give them one too big), saving a lossy file time again (adding more jpg), etc… This is why there aren’t many automated tools for this detection. Sites that have tried by using skin tones in a photo have failed spectacularly.

              I’ve never heard of this FBI middleware. Does anyone have the link to this? I’d like to understand what tools are available to combat this as I’ve been considering starting my own instance for some time now.

          • postmateDumbass@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            In my utopia world, the FBI has a team updating the DB.

            The utopia algorithim would do multiple subsets of the picture so cropping or watermarking wouldn’t break the test (assume the ‘crux’ of the CSAM would be most likely unaltered?) , maybe handle simple image transformations (color, tint, gamma, etc.) with a formula.

          • MsPenguinette@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            IMO scanning images before posting them to a forum is a distinct and utterly completely different world than having your photo collection scanned. Especially in context and scale

      • snowe@programming.dev
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        You can already protect your instance using CloudFlare’s CSAM protection, and sorry to say it, but I would not use db0’s solution. It is more likely to get you in trouble than help you out. I posted about it in their initial thread, but they are not warning people about actual legal requirements that are required in many places and their script can get you put in jail (yes, put in jail for deleting CSAM).

        • TsarVul@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          The developers of LemmyNet are being asked for the ability to define a subroutine by which uploaded images are to be preprocessed and denied or passed thereafter. There is no such feature right now. Even if they wanted to use CloudFlare CSAM protection, they couldn’t. That’s the entire problem. This preprocessing routine could use Microsoft PhotoDNA and Google CSAI, it could use a self-hosted alternative as db0 desires or it could even be your own custom solution that doesn’t destroy, but stores CSAM on a computer you own and stops it from being posted.

          • snowe@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Even if they wanted to use CloudFlare CSAM protection, they couldn’t.

            ? CF’s solution happens at the DNS level. It has absolutely nothing to do with lemmy and there’s nothing the devs could do to change that.

            • TsarVul@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Yeah I just looked it up. Serving stuff through CF does a check for illicit material. Pretty neat. Be that as it may, the original complaint is that Lemmy is lacking moderation tools. Such a moderation tool would be something that disallows CSAM even being stored in the server in the first place.

    • khannie@lemmy.world
      link
      fedilink
      English
      arrow-up
      55
      ·
      1 year ago

      I agree with you, I’d just gently suggest that it’s borne of what is probably significant upset at having to deal with what they’re having to deal with.

    • Blaze@discuss.tchncs.de
      link
      fedilink
      arrow-up
      34
      ·
      1 year ago

      we are working on increasing the number of full time developers.

      I see where you are coming from, but who is supposed to make this statement, LW admins? Because it’s not their role. And if it’s Lemmy devs, then it shouldn’t be we.

      • Pat12@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        I see where you are coming from, but who is supposed to make this statement, LW admins? Because it’s not their role. And if it’s Lemmy devs, then it shouldn’t be we.

        whoever came up with “we should have full time developers” and is managing that team should be the person thinking of how to help the full time developers given the increased responsibilities/work load

        • ToxicWaste@lemm.ee
          link
          fedilink
          arrow-up
          18
          ·
          1 year ago

          Lemmy is developed open source and the people operating the servers are not the same people writing the source code.

          While I do not agree with the salty comment made about an amazing open source project, they corrected it. Maybe this is a great opportunity for people to contribute. Not everyone needs to be a programmer to provide value to a project like this. Sources can be found here: https://github.com/LemmyNet

    • Graphine@lemmy.world
      link
      fedilink
      arrow-up
      29
      ·
      1 year ago

      I mean, the “other priorities” comment does seem to be in bad taste. But as for the comment on the future of Lemmy, I dunno. I feel like they’re just being realistic. I think the majority of us understand the devs have lives but if things don’t get sorted out soon enough it could impact the future of Lemmy.

    • HobbitFoot @thelemmy.club
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      No one is paid for this, but moderation is going to become a problem for Lemmy and the volunteers who are admins are going to need support.

      • Pat12@lemmy.world
        link
        fedilink
        arrow-up
        12
        ·
        1 year ago

        No one is paid for this, but moderation is going to become a problem for Lemmy and the volunteers who are admins are going to need support.

        yes, that’s what i’m saying. We should acknowledge that we are fortunate to have dedicated volunteer devs and work on helping/supporting them.

        • HobbitFoot @thelemmy.club
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          We definitely should acknowledge the volunteer devs supporting the platform, but we need to address that there may be issues with the tools for mods as is and we need the paid devs to pull back from only coding and do more design of the architecture that can be filled in by volunteer devs.

              • DogMuffins@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                Oh. Is there any indication of how much they may have actually received via these donation pages?

                The vast majority of FOSS projects receive hardly anything in donations - even those with many users.

                The term “paid dev” implies a salaried position. I would be astonished if the amount they’ve received is anything like a salary given the time requirements.

                • can@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  The do get a certain amount from a foundation each time they reach a certain milestone. Perhaps those milestones need to be adjusted.

    • GivingEuropeASpook@lemm.ee
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      Thing is, if this continues to be a problem and if the userbase/admins of instances are organised, we can shift those priorities. They may not have envisioned this being a problem with the work they decided to work on for the next several months. Truly, the solution is to get more developers involved so that more can happen at once.

        • GivingEuropeASpook@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Exactly, and Mastodon had been kinda gunning for Twitter for years before Elon went full Elon, so they were primed for the influx. Lemmy I think expected to have years to go before it’s userbase would similarly skyrocket.

          • danielton@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Yeah, Reddit was famously open to third party developers for 15 years or so, and now they and their bootlickers are claiming they didn’t know that there were third party apps using the API to browse the whole site.

            Even the Apollo dev said nothing but good things about Reddit because they were very transparent with him until they decided to paywall the API. Nobody saw this coming.

    • Sukkumadukku@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I can’t seem to find the AMA thread from the devs but I remember they said they actually are being paid by some dutch organisation

    • antonim@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      People have responsibilities

      Exactly - when you create a site, you have a responsibility to make sure it’s not used to distribute child porn.

      • Pat12@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Exactly - when you create a site, you have a responsibility to make sure it’s not used to distribute child porn.

        1 6

        Body

        Cancel Preview Reply

        That burden should not rest on 2 people.

        • antonim@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Then the logical conclusion is that the 2 people should find some other people to share the burden.

          I really don’t see how my statement is controversial. This is sadly how the internet works, regardless of how much or how little you can invest into your site - you need mechanisms to fight off against such spam and malice.

    • DEVELOPERS produce a software to help people post images and text online. Nothing bad about that.

      ADMINS install the developers software on a server and run it as an instance.

      MODS (if any exist besides the admin) moderate the instance to keep illegal content off the site.

      USERS may choose to use the software to post CSAM.

      None of these groups of people have paid for or are getting paid for their time. USERS generally don’t take much legal risk for what’s posted, as instance owners don’t ask for personally identifiable information from users.

      Sites like reddit, although we all hate it, do make a profit, and some of that profit is used to pay “trust and safety” teams who are paid (generally not very well, usually in underdeveloped or developing countries) to wade through thousands of pictures of CSAM, SA, DV/IPV and other violent material, taking it down as it gets posted to facebook, reddit, other major online properties.

      —-

      Developers, admins and mods are generally doing this in their free time. Not sure how many people realize this but developers, admins and mods are also people who need to eat - developers have a skill of developing software, so many open source devs are also employed and contribute to open source in their off time. Admins may be existing sysadmins at companies but admin lemmy instances in their off time. Mods do it to protect the community and the instance itself.

      USERS can be a bit self-important at times. We get it, you all generate the content on this site. Some content isn’t just unwanted though, it’s illegal and if not responded to quickly could mean not only a shutdown instance but also possible jailtime for admins, who ultimately will be the ones who are running a “reddit-like site” or “a haven for child porn”.