For a website, forum, blog, etc, at least the damage caused by poor security would be limited to just that platform. Unfortunate, but contained. With federation, that poor security becomes everyone else’s problem as well. Hence my gripe lol.

It’s been so long since I setup my instance, I honestly don’t recall what the default “Registration mode” is.

I’m but a small drop in the larger fediverse, but I do develop a frontend for Lemmy. I actually coded the “Registration” section in the admin panel to nag you if the config is insecure. lol

It will still let you do it, just with a persistent nag message on that page.

Basically, yeah. Not all admins would defederate, so they probably wouldn’t be completely isolated off, but they would definitely have a very reduced audience for their, uh, antics.

Yup, and I’ve probably still got a lot of those instances on my federation blocklist.

One of my ongoing gripes with the fediverse is that people run instances with little/no oversight and leave registrations wide open. It’s just irresponsible to have open registrations when you don’t have an admin available 24/7.

So let’s say instance A and B are defederated from each other, but both are federated with instance C. After a user from A posts something on C does every user from B get to downvote everything?

Yes. Instance A will not see the downvotes from instance B, but instance C would. Also, anyone federated with all 3 would see the downvotes from B for content posted by someone on A.

The only defense is that mods and admins can see the votes and, if something like that is suspected, they can take action (ban the accounts, mods report the behavior to admins, consider defederating from instance B, etc). Seeing a pattern of mass-downvotes only from a particular instance would be considered a red flag for most admins.

This scenario is less likely than what we see in practice, though, since the overhead to create an instance and the “eggs all in one basket” make it easy to take action against (admins would quickly coordinate to block that instance). Tools like Fediseer would also be used to censure that instance and bring its behavior to light.

In the wild, it’s far more common for them to just spin up a bunch of accounts across “good” instances (particularly those without registration applications) and coordinate.

One example of that: https://dubvee.org/post/1878799

1. Have an actual mission statement beyond just being a general purpose instance (e.g Beehaw, my instance, most of the topic-based ones, etc)
2. Replace the default frontend with anything better than Lemmy-UI
3. Building on #1, try to curate the experience into something positive.
4. Block the toxic aspects as best you can by default. Don’t make new users discover and deal with the toxicity on their own. There’s plenty of other general purpose instances that will let people rawdog everything (and everyone) on the Fediverse if that’s what someone wants.
5. Focus on “quality over quantity” and block all the content repost bots / defed from the instances that do nothing but repost Reddit content. Disallow AI slop in all its forms and focus on human interactions.
6. Consider hiding/disallowing Politics communities and don’t allow accounts who post with an obvious agenda.
7. Systematically Identify and ban accounts that do nothing but downvote (if everything here displeases them so much, perhaps they should go elsewhere, ya know?)
8. Clean up duplicate posts; even if they’re slightly different, seeing the same story posted 10 times gets old for users.

Interesting. One of my instance’s guiding philosophies is “Quality over Quantity”. I’ve taken different steps toward achieving that (defederate from the Reddit repost instances, disallow pretty much all content bots, manually/locally mod duplicate posts, etc).

Do you plan to publish your algorithm/filter? Would be interested in seeing if it could be tuned and possibly reduce some of the workload for me.

Already working on plans to attempt to migrate my instance to a Piefed backend. Gonna take some doing/experimentation, but hopefully will be able to share the knowledge learned (and, ideally, a migration script).

Yeah, I’m actually planning to see about trying to migrate from Lemmy to Piefed (as an instance). Rimu said it’s technically possible but will need some manual work to ETL the data over. Hoping to start poking around and making some attempts soon-ish. Right now, still just doing my homework and familiarizing myself with Piefed.

It’s a long history of Github, Lemmy, and admin chat interactions that culminate in my desire to never willingly interact with them again. It’s just too much and too off-topic to post here.

I have absolutely no desire to use or learn Rust and even less desire to deal with those devs.

It’s been a long-running thing for blogspam to appear here. Usually admins will step in at some point and squash the accounts, but any time I see anything.blogspot.com as a post URL, I look at the account history and see if that’s all they’re posting. 9.9 times out of 10, that’s all they’re posting, and I ban them with content removal. Same for other sites that pop up out of nowhere that get spread from a brand new account.

I have no idea what the objective is (SEO, ad views, etc), but it’s been a thing as long as I’ve been on Lemmy.

Thanks for the list: some of those I had yet to ban.

Not to be snarky (ok, a little snarky lol), but I don’t see the Lemmy devs stepping up to do anything about this. Still can’t even delete DMs.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I’m all ears.

Tesseract dev here.

For what it’s worth, I went back through and checked my DMs from “Nicole” and they’re all uploads directly to the home instance the DM came from (e.g. they went through pict-rs, and only the instance admins would be able to see the client IPs in their access logs). So, this doesn’t seem like a de-anonymization attack, though all it would take is “Nicole” to start hosting the images somewhere they control to achieve that effect.

Safety Precautions Available in Tesseract

Use Tesseract’s Image Proxy

It has the ability to proxy images (separately / better than the Lemmy built-in method) both local and remote (e.g. to outside image hosts). The hosted instance (tesseract.dubvee.org) has that enabled but each user must enable it in settings (Settings --> Media -> Proxy Images).

For Tesseract installs run by other instances, it would need the server-side component enabled by the instance admins before the user setting will show up to be enabled by the user.

If you see the “Proxy Images” options in Settings -> Media, then the admins have enabled the server-side component. If not, you’ll need to ask the admins to configure/enable media proxying. If you’re self-hosting it, then it may not provide any additional privacy unless you’re running it in a cloud server or somewhere other than where you’re accessing it.

Disable Inline Images

It also has the option to disable inline images (Settings -> Post and Comments -> Inline Images). I’ve confirmed this also works for DMs. With inline images disabled, instead of the image, the alt text, if available, will be linked to the image. If no alt text, then the image URL will be a clickable link. In either case, clicking the image link will load it in a modal on-demand.

Coming Soon (Released Just Now in 1.4.32)

After reading this post, as a precaution, I’m going to push out a hotfix (hopefully this evening) that will disable inline images in DMs by default. If someone you trust DMs you, you can just click on the image link to view it in a modal (like any other link preview).

Testing this feature now and should have it released this evening. Works like email clients when you disable inline images; a button/switch will appear at the top if it detects there are images / media embedded which will allow you to show the images; defaults to off.

Excellent. I just use the CLI executable directly and update it as it breaks. Wasn’t even aware there were Docker versions of it lol.

Weird. I did a test download before replying, and it worked. Though I’m just using vanilla yt-dlp and am unfamiliar with the other two variants you listed.

Try updating. I got that a few days ago using an old version, and updating fixed it.

Any idea if he’s referring to a turnkey “run a script” / “push a button” type solution that’s not (yet) available?

If all other aspects of it are technically possible, I’d be more than willing to manually muck around in the database to move things ove and take what was learned from that and hopefully make a DB migration script.

Lol, that sounds like a Randall Munroe unit of measurement, and I love it. If there’s not already an xkcd for that, there should be.

I hope this post doesn’t tank the monthly active users stats lol. Mostly that’s me hoping this problem isn’t as big as I fear.