Sorry for the short post, I’m not able to make it nice with full context at the moment, but I want to quickly get this announcement out to prevent confusion:

Unfortunately, people are uploading child sexual abuse images on some instances (apparently as a form of attack against Lemmy). I am taking some steps to prevent such content from making it onto lemm.ee servers. As one preventative measure, I am disabling all image uploads on lemm.ee until further notice - this is to ensure that lemm.ee can not be used as gateway to spread CSAM into the network.

It will not possible to upload any new avatars or banners while this limit is in effect.

I’m really sorry for the disruption, it’s a necessary trade-off for now until we figure out the way forward.

  • ScrollinMyDayAway@lemm.ee
    link
    fedilink
    English
    arrow-up
    188
    arrow-down
    1
    ·
    1 year ago

    This is sick. Kudos to mods for dealing with this garbage. I hope the posters are all hunted down and punished.

    • DudePluto@lemm.ee
      link
      fedilink
      arrow-up
      62
      ·
      1 year ago

      Yeah, the admins deserve all our support on this. Not only to protect themselves as server owners, but to stop the spread. Hopefully a longterm solution will be found soon

      • AeroLemming@lemm.ee
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        I didn’t like Apple’s idea of scanning private images for such imagery, but I think it would be a fantastic technology to use for social media. If they open sourced it, it could help Lemmy a lot.

  • TheAndrewBrown@lemm.ee
    link
    fedilink
    English
    arrow-up
    100
    ·
    1 year ago

    I think this is a great move until we have something rock solid to prevent this. There are tons of image hosting sites you can use (most of which have the resources to already try to prevent this stuff) so it shouldn’t really cause much inconvenience.

  • GarbageShoot [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    80
    arrow-down
    3
    ·
    1 year ago

    I’m sorry that you and the people on this instance are being subjected to that shit. It’s always despicable but on top of that it just seems absurd to target lemm.ee – a deliberately unprofitable platform – with such illegal means.

    • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
      link
      fedilink
      arrow-up
      51
      arrow-down
      5
      ·
      edit-2
      1 year ago

      And I’m honestly sorry that people are blaming & attacking you and various other Hexbear users for no tangible reason.

      I’m surprised people have forgotten already about the attacks against lemmy.world, assumedly executed by a disgruntled ex-moderator long before we ever knew Hexbear existed.

      Instead people are jumping to “OhH it’s ThE HexBeArS” when they have not been able to freely browse HB discussions or even talk with you, they’re just shown the worst take from a minority (although tbf HB does the same on c/cth, so it’s kinda funny seeing both sides with one not realising the other is also just a human too, just with differing culture and political stance)

      Edit: replaced “guys” with a more neutral term

      • GarbageShoot [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        29
        arrow-down
        4
        ·
        1 year ago

        Thankfully I haven’t seen the takes accusing HB of the recent attacks, though being accused of the attacks on .world was a little annoying. I appreciate the solidarity.

        I genuinely have no idea where this recent attack is coming from. The most fried part of my brain says “One of the big companies trying to absorb the fediverse is doing this to undermine their competition,” but I have zero evidence, it’s just the only motive I can even think of beyond it being a rogue crank.

        It’s totally conceivable that HB people would spam an instance they don’t like – though this would be against the wishes of the mods and admins – but our site culture is completely antithetical to spamming CSAM and things like that, so I don’t think even a rogue group of users would do it “on our behalf”.

        Oh, I just realized it could be one of those fash instances like exploding heads. If any were defeded relatively recently, that would make sense.

        Instead people are jumping to “OhH it’s ThE HexBeArS” when they have not been able to freely browse you guys’ discussions or even talk with you, they’re just shown the worst take from a minority (although tbf you guys do the same on c/cth, so it’s kinda funny seeing both sides with one not realising the other is also just a human too, just with differing culture and political stance)

        I don’t think I have much to contribute to the “both sides” thing that is useful, but I’m going to talk anyway because I’m thinking about it now.

        off-topic

        I think if you asked a hexbear user to seriously answer how representative those screenshots are of lemm.ee, they’d probably say that lemm.ee is much more ideologically disjointed on a handful of issues, especially regarding history and geopolitics, and the screenshots are only representative of some of the more annoying tendencies among the neoliberals and poorly-educated “anarchists” (like that dude who decried “tankies” and used Sankara as a counterexample, when we all like Sankara). I also think they would be correct in saying this. I don’t know what the anti-HB people who don’t comment on our instance think, I hardly ever see it, but I can at least tell you that we know much more about neoliberal ideology than they do ML, because we almost all started out as de facto neoliberals and nearly none of them have even a basic understanding of ML theory (which is not really their fault, to be clear).

        Anyone on any instance federated with hexbear is welcome to post questions to c/askchapo. If they are relatively polite and not presumptuous, we’ll be happy to answer. If people are still mean, report it. You can let me know and I will personally nag the mods to address the matter properly. Just recently we had a thread from a .ml user who wanted us to state our opinion on Trump for the record for the hundredth time, so about a hundred users chimed in that they all hate his guts (I also made a comment to that effect). We’re happy to discuss things openly and it would be good for us to improve community relations to avoid things like one group accusing the other of doing something as heinous as what the OP describes.

        • HelloHotel@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago
          CSAM sourcing?

          Where do these people get that much CSAM. somebody once said that to the best of their understanding, it was new CSAM images each time, meaning not many repeats. My collection of reddit memes costs me ~15-30GB, all of sbubby costs ~5GB. where is it pooled from?

          The most fried part of my brain says “One of the big companies trying to absorb the fediverse is doing this to undermine their competition,” but I have zero evidence

          Most companies that build CSAM detectors, by nature of their work, have a lot of it. likely thousands of photos and videos were willingly handed over to put into some vault to fight against it’s existance. If its a large corperation attacking is, it nesisarly means a leak from a CSAM vault wether it was intentional (an authorized attack) or not (opsec mistakes or insiders). Or it means there was no vault (negligence) or it wasnt tranfered securely (opsec mistakes).

          it’s just the only motive I can even think of beyond it being a rogue crank.

          Its not hard to build a bot that scrapes a webpage of its images, they can easly aggrogate that much content over decades.

        • tsonfeir@lemm.ee
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          trump

          To be fair, some of the rhetoric you all use makes your political compass difficult to navigate.

      • usa_suxxx [they/them]@hexbear.net
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        1
        ·
        1 year ago

        Yeah, it’s kind of weird. Doesn’t whatever gets posted eventually get sent over to the other federated servers? Like every server saves a copy? Like the dumbest attack on another server would be this.

      • We doubled the amount of mods, and banned anything remotely resembling the things on-site. Sadly many times it had to be a brave lemmygrad to check it first and take the bullet for us to report it. I was one of those people on several occasions. I still cringe at the memories. It lasted a few months iirc.I haven’t seen whatever is hitting you guys, but our bots had some recognizable features, usually hiding their spam behind spoilers or links.

        It really was just a mobilization, lockdown, and purging everything that was suspicious until it stopped. That or they found a way to block those bots. I wasn’t in the command center by any means so the internal decisions I don’t know too much about.

  • Cris@lemm.ee
    link
    fedilink
    arrow-up
    40
    ·
    1 year ago

    I know there are automated tools that exist for detection CSAM- given the challenges the fediverse has had with this issue it really feels like it’d be worthwhile for the folks developing platforms like lemmy and mastodon to start thinking about how to integrate those tools with their platforms to better support moderators and folks running instances.

  • Io Sapsai 🌱@lemm.ee
    link
    fedilink
    arrow-up
    32
    ·
    1 year ago

    This is really sad and disgusting. It affects the whole platform but especially smaller instances that can’t keep up. Despite being a lemm.ee user, I was particularly upset about thegarden.land shutting down because of that spam. It had my favourite gardening community on here.

    I really hope this gets sorted out, and the spammers end up where they belong.

  • randint@lemm.ee
    link
    fedilink
    arrow-up
    26
    arrow-down
    2
    ·
    1 year ago

    It’s honestly sad that some well-intentioned laws can be used to attack online platforms.

      • randint@lemm.ee
        link
        fedilink
        arrow-up
        11
        ·
        1 year ago

        that shit just shouldn’t be here

        Yes, I agree. Maybe my wording suggested otherwise. But my point was that it wouldn’t be the uploader that’s punished but the instance itself. That’s kinda weird.

    • Throwaway@lemm.ee
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      1 year ago

      I kinda wonder though, how would go about making a law against cp but doesn’t hurt small sites like lemm.ee?

      • PM_Your_Nudes_Please@lemmy.world
        link
        fedilink
        arrow-up
        19
        ·
        edit-2
        1 year ago

        The issue is that you really can’t. The laws are written specifically to prevent plausible deniability. Because pedos would be able to go “lol a troll sent it to me” and create some doubt in a jury. Remember that (at least in America) the threshold for conviction is supposed to be “beyond a reasonable doubt.” So if laws were focused on intent, all the pedos would need to do is create reasonable doubt, by arguing that they never intended to view/own the CSAM.

        This was particularly popular in the Napster/Limewire days, when trolls would upload CSAM under innocuous titles, so people looking for the newest episode of their favorite show would find CSAM instead. You could literally find CSAM titled things like “Friends S10E9” because trolls were going for the shock factor of an innocent person opening a video only for it to end up being hardcore CSAM. Lots of actual pedos tried using the “I downloaded it by accident” defense.

        So instead, the laws are written to close that loophole. It doesn’t matter why you have the CSAM. All that matters is you have it. The feds/courts won’t give a fuck if it was due to you seeking it out or if it was due to a bad actor sending it to you.

        • AeroLemming@lemm.ee
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          How is that not extremely problematic? What stops someone from using Tor and a bunch of dummy accounts to send CSAM to someone else and get them arrested?

          • PM_Your_Nudes_Please@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            And that’s pretty much where we are now. Bad actors creating bot accounts on multiple instances, to spam the larger (most popular) instances with CSAM.

          • ZodiacSF1969@sh.itjust.works
            link
            fedilink
            arrow-up
            5
            arrow-down
            1
            ·
            edit-2
            1 year ago

            I think they have oversimplified the situation to the point that it is wrong.

            1. Arguably, Lemmy instance providers (depending on where they live) are protected in the same way Facebook or other content hosts are. So long as you are acting in good faith you are protected against any illegal content your users upload. This does mean you need to remove illegal content as you become aware of it, you can’t just ignore what your users are doing.

            2. There have been cases where although a user technically ‘possessed’ CSAM, it was shown that they did so unknowingly via thumbnails or it being cached. The police do investigate where it came from. It’s not as simple as just sending it to someone and you can have them convicted.

            • AeroLemming@lemm.ee
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Oh okay, that’s good. So if you could show that you were trying to block it, you’d be safe.

              • ZodiacSF1969@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                Yes, you’d just need to show that you actively moderate/apply content policies.

                This will vary by jurusduction, but most of the West has laws similar to this I believe.

        • ZodiacSF1969@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          Lemmy instances are likely already protected in many countries legally so long as they act in good faith, ie actively moderate.

    • hemko@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Fuck the legal part, I wouldn’t want to stay on platform infested with cp. Thank you so much for all the awesome people combating this <3