PriorProject

@PriorProject@lemmy.world

This is a remote user, information on this page may be incomplete. View at Source ↗

Just an explorer in the threadiverse.

⁨Comment⁩ on ⁨List of defederated Instances⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Every server publishes this info at /instances. lemmy.world/instances
⁨Comment⁩ on ⁨c/technology mods are inactive⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
1. If there are clear spam posts, report them. Save their links so you can track whether the mods respond. You may find here that they’re not inactive after all, in which case the problem is solved.
2. Reach out to the mods, in a post asking to be added to the mod team. Again, save the url to track whether the mods respond. You may find here that they’re willing to accept help and add you as a mod, again problem solved.
3. If reaching out to the mods as described above fails, you need admin help. Post in !moderators@lemmy world or email admin@lemmy.world with the results of 1 and 2, along with any violations of the moderators guide pinned in the moderators community.
The admins generally won’t intervene until you’ve made a good faith attempt to coordinate directly with the mods and documented a clear case that they’re unresponsive or malicious.
⁨Comment⁩ on ⁨c/kfc mod banned⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
If no one responds here, post in !moderators@lemmy.world or email info@lemmy.world. You need the help of an admin to make this transition, but if the only mod is banned it should be a pretty simple request.
⁨Comment⁩ on ⁨lemm.ee plans for mitigating image upload abuse⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I replied to the parent comment here to say that governments HAVE set up CSAM detection services. I linked a review of them in my original comment.
- They’ve set them up through commercial partnerships with technology companies… but that’s no accident. CSAM fighting orgs don’t have the tech reach of a major tech company so they ask for help there.
- Those partnerships a limited to major/successful orgs… which makes it hard to participate as an OSS dev. But again, that’s on-purpose as the same access that would empower OSS devs to improve detection would enable CSAM producers to improve evasion. Secrecy is useful in this race, even if it has a high cost.
Plus with the flurry of hugely privacy-invading or anti-encryption legislation that shows up every few months under the guise of “protecting the children online”, it seems like that should be a top priority for them, right?! Right…?

This seems like inflammatory bait but I’ll bite once.
- Improving CSAM detection is absolutely a top priority of these orgs, and in the last 10y they scope and reach of the detection tools they’ve created with partners has expanded in reach from scanning zero images to scanning hundreds of millions or billions of images annually. It’s a fairly massive success story even if it’s nowhere near perfect.
- Building global internet infrastructure to scan all/most images posted to the internet is itself hugely privacy invading even if it’s for a good cause. Nothing prevents law-makers from copying such infrastructure for less noble goals once it’s been created. Lemmy is in desperate need of help here, and CSAM detection tools are necessary in some form, but they are also very much scary scary privacy invading tools that are subject to “think of the children” abuse.
⁨Comment⁩ on ⁨lemm.ee plans for mitigating image upload abuse⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I’m not sure I follow the suggestion.
- NCMEC, the US-based organization tasked with fighting CSAM, has already partnered with a list of groups to develop CSAM detection tools. I’ve already linked to an overview of the resulting toolsets in my original comment.
- The datasets used to develop these tools are private, but that’s not an oversight. The datasets are… well… full of CSAM. Distributing them openly and without restriction would be contrary to NCMEC’s mission and to US law, so they limit the downside by partnering only with serious/capable partners who are able to commit to investing significant resources to developing and long-term maintaining detection tools, and who can sign onerous legal paperwork promising to handle appropriately the access they must be given to otherwise illegal material to do so.
- CSAM detection tools are necessarily a cat and mouse game of CSAM producers attempting to evade detection vs detection experts trying to improve detection. In such a race, secrecy is a useful… if costly… tool. But as a result, NCMEC requires a certain amount of secrecy from their partners about how the detection tools work and who can run them in what circumstances. The goal of this secrecy is to prevent CSAM producers from developing test suites that allow them to repeatedly test image manipulation strategies that retain visual fidelity but thwart detection techniques.
All of which is to say…

… seems like law enforcement would have such a data set and seems they should of course allow tools to be trained on it. seems but who knows? might be worth finding out.)

Law enforcement DOES have datasets, and DO allow tools to be trained on them… I’ve linked the resulting tools. They do NOT allow randos direct access to the data or tools, which is a necessary precaution to prevent attackers from winning the circumvention race. A Red Hat or Mozilla scale organization might be able to partner with NCMEC or another organization to become a detection tooling partner, but db0, sunaurus, or the Lemmy devs likely cannot without the support of a large technology org with a proven track record or delivering and maintaining successful/impactful technology products. This has the big downside of making a true open-source detection tool more or less impossible… but that’s a well-understood tradeoff that CSAM-fighting orgs are not likely to change as the same access that would empower OSS devs would empower CSAM producers. I’m not sure there’s anything more to find out in this regard.
⁨Comment⁩ on ⁨Question about ban⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I haven’t been moderated a lot, but I believe the user gets no indication they’ve been moderated unless the mod replies to them or DMs them to tell them.

I agree that auto-notificiation would be beneficial. Despite the easy availability of the modlog, this kind of question is pretty common. Not everyone knows it exists or how to search it.
⁨Comment⁩ on ⁨lemm.ee plans for mitigating image upload abuse⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
It’s worth calling considering some commercially developed options as well: prostasia.org/…/csam-filtering-options-compared/

The Cloudflare tool in particular is freely and widely available: blog.cloudflare.com/the-csam-scanning-tool/

I am no expert, but I’m quite skeptical of db0’s tool:
- It repurposes a library designed for preventing synthetic CSAM using stable diffusion. This library is typically used in conjunction with prompt scanning and other inputs into the generation process. When run outside it’s normal context on non-ai images, it will lack all this input context which I speculate reduces its effectiveness relative to the conditions under which it’s tested and developed.
- AI techniques live and die by the quality of the dataset used to train them. There is not and cannot be an open-source test dataset of CSAM upon which to train such a tool. One can attempt workarounds like extracting features classified and extracted separately like trying to detect coexisting features related to youth (trained from dataset A using non sexualized images including children) and sexuality (trained separately from dataset B using images containing only adult performers)… but the efficacy of open source solutions is going to be hamstrung by train, test, and assess effectiveness. Developers of major commercial CSAM scanners are better able to partner with NCMEC and other groups fighting CSAM to assess the effectiveness of their tools.
I’m no expert, but my belief is that open tools are likely to be hamstrung permanently compared to the tools developed by big companies and the most effective solutions for Lemmy must integrate big company tools (or gov/nonprofit tools if they exist).

PS: Really impressed by your response plan. I hope the Lemmy world admins are watching this post, I know you all communicate and collaborate. Disabling image uploads is I think I very effective temporary response until detection and response tooling can be improved.
⁨Comment⁩ on ⁨Question about ban⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Mod actions are public on Lemmy, here’s the modlog of actions related to your account: lemmy.world/modlog?page=1&userId=1589367

The comment on these actions is:

reason: Please stop calling people pedophiles

The ban will expire in 3 days.
⁨Comment⁩ on ⁨Community Name Squatter⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
1. …create a sidebar with some contents… At least some of these communities have empty sidebars.
2. Every community needs enough moderators. A single-mod community is not “enough” for a healthy community because things can blow up when you’re asleep or away, even in a community that was previously inactive. If a community member reaches out to offer to join a single-mod team… that contact warrants a response from the existing mod. Not necessarily to immediately accept the offer, but at least to discuss the possibility of extra mod coverage.
3. It’s just not at all true that if others aren’t posting there’s no moderation work that could be done. Mods of inactive communities can jumpstart them by soliciting feedback on proposed rules, advertising them elsewhere, making scheduled discussion posts, and more. Some of these things can be done by a “regular” community member as well, but if community members try to include mods in discussions about how best to promote the community and the mods ignore them… that’s a sign that the community is abandoned.
4. If a mod is notified that they’re their community is about to get reassigned and they don’t respond… the community is definitely abandoned.
All of which is to say, there are lots of way to detect abandoned communities when post volume is low, and the process I highlighted is the standard way to request a takeover.
⁨Comment⁩ on ⁨Community Name Squatter⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
The more normal transfer path is to offer to take over a specific community or communities by:
1. Reaching out to the existing mod and asking to be added to the mod team.
2. Documenting their lack of response after a few days or a week.
3. Documenting the failure to abide by Lemmy world moderation guidelines: lemmy.world/post/424735 by linking spam or off-topic posts and to communities that lack rules/useful-sidebar-content, etc.
4. Posting this info in !moderators@lemmy.world and offering to takeover moderation.
This is better than mass deletion because it keeps whatever small list of existing subscribers and post content intact across the transition. For moderation, Lemmy world admins will get notified of reports and can address anything that violates instance rules.
⁨Comment⁩ on ⁨Privacy statement⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
blog.mastodon.world posts monthly-ish finance updates. I’ve never heard about formalizing as a non-profit, and their choice to do so or not is not something I’m concerned about given their track record with masotodon world and their voluntary transparency.
⁨Comment⁩ on ⁨Privacy statement⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
There’s lemmy.world/legal for a variety of instance policy things, but it doesn’t cover privacy and I don’t believe there is an official statement on that.

Having one would be nice, but my sense from how admins handle transparency in general is that the privacy practices here are best-in-clasd compared to commercial social media giants. That’s speculation of course, but semi informed by watching how the admins have handled a wide variety of issues.
⁨Comment⁩ on ⁨Is there a way to filter out a category of community?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Imgur, for instance, lets me filter in and out loads of specific tags from my feed (also specific use posts).

It’s relevant to note that Imgur doesn’t have a communities/subreddits equivalent. Images are the rough equivalent of a post, and tags are the closest they get to communities. I’m quite certain that there are tags for both Art and Drawing, and following the Art tag doesn’t mean that you won’t miss out on posts that are tagged as a Drawing and not as Art. The result is really not that different than Lemmy, you still have to discover all the different tags you want to follow.

Not to be flippant about your tag examples, but those exact communities already exist:
Now, of course… those are the only communities addressing those topics. There’s retrogaming as a subset of games, there’s photographyas a subset of art, etc. But as previously noted, that’s true of tags as well.

A whitelist based subscription method DOES work, and is implicitly what everyone uses on very large community sites like reddit and also very large tag-based sites like Twitter/imgur. Of course you miss out on some stuff, but when you find something you’re missing… you add it to your list. It’s ok not to find every last post you care about and doing so is an impossibility.
⁨Comment⁩ on ⁨Is there a way to filter out a category of community?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

I realize the alternative is to look only at the ones you subscribe to but then how do you discover other communities that were just created without flipping back to Show Me Everything?

Lemmyverse.net. Or browse all periodically but infrequently enough that you don’t mind having unwanted posts there because your main feed is your subscribed feed and you’re just cruising for 20m looking for new communities.

I realize lemmy is smaller and it’s possible to do things here that don’t work on something as big as reddit… but… the futility of trying to block every subreddit you DON’T like because you might miss some that you DO like registers right? At some point in the lemmyverse growth curve the same thing happens here irrespective of what blocking tools you have. Eventually one must overcome the fear of missing out and just sub the communities you enjoy.

All that said, lemmy communities don’t have more general topic tags. The only tag that exists at all is nsfw, so there’s no way to identify and block all sports communities as a group. You either have to play whack-a-mole or switch to browsing subscribed.
⁨Comment⁩ on ⁨See own posts when “hide read posts” is on?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
It’s a frequently requested improvement, you are not alone. But there are no workarounds that I’m aware of either. There’s enough apps out there that maybe one of them has better handling of hidden posts… but I follow a lot of lemmy app news and I haven’t noticed any reports of it being done well.
⁨Comment⁩ on ⁨Post I made shows 6 replies... but I can only see 4?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
There are some known bugs around comment counts handling deleted and edited comments. The counts aren’t exact right now, nothing you can do though.
⁨Comment⁩ on ⁨What can I do if I think someone is downvoting all of my posts?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
1. Kbin doesn’t federate downvotes from Lemmy, and I believe it has a smaller user population than Lemmy (or at least one that generates fewer total downvotes). So you’d expect downvote counts to be wildly different.
2. On upvote counts, federation is just real flaky right now. I don’t have GitHub issue links handy, but there are several major issues detailing posts, comments, and votes Federating unreliably. You can pretty easily extrapolate that to expect vote counts to vary by 20%-60% from server to server depending on how many federation messages a particular server decided to drop on the floor on any given day.
Lemmy is pretty cool, but it’s a lot rough around the edges right now. It’s improving fast, but if you break out the magnifying glass, you’re gonna find problems.
⁨Comment⁩ on ⁨What can I do if I think someone is downvoting all of my posts?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
There have been other reports of this recently:
- sh.itjust.works/post/1984538
- lemmy.world/post/2343398
Downvotes on kbin are public, but kbin doesn’t federate downvotes from Lemmy so unless the stalker(s) are on kbin you can’t see them yourself. You profile on kbin looks significantly cleaner than your Lemmy profile… so it doesn’t tell us much.

Votes in Lemmy’s DB are also not anonymous, so instance admins (or people who run their own instance) could investigate this with direct db queries… it’s not exposed via any user-facing API. If you think you’re being stalked by a group of sock-puppeted mass-downvote accounts, you could contact the admins via one of the mechanisms listed at mastodon.world/about. The email there points to a ticketing system used by the admins I think. Of course, they may be too busy to investigate, but they also may be interested in banning sock-puppets before it gets out of hand.
⁨Comment⁩ on ⁨What can I do if I think someone is downvoting all of my posts?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

We can see downvotes on kbin, not sure lemmy is the same.

Only from kbin, or possibly even just kbin.social (or whatever one’s local instance is). If you look closely, you’ll notice that every downvote you can see on kbin is from a kbin user, which is because kbin doesn’t federate downvotes from Lemmy.

If you lookam at OP’s Lemmy profile, you can see a moderate amount of consistent downvoting: lemmy.world/u/Call_Me_Maple?page=1&sort=New&a…
⁨Comment⁩ on ⁨Deleted OP created on other instance still shows up on lemmy.world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Deletions are somewhere between flaky and plain busted right now: github.com/LemmyNet/lemmy/issues/3588
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Seems to me like you’re thinking clearly about this. Unless someone else with hands on experience jumps in with a pro-tip I suspect you may just have to pick your poison and give it a go.

Multi-lemmy isn’t a common config, though. Lemmy.world and I think lemmy.ca do it, but even lemmy.ml which was the biggest instance 2mo ago doesn’t. There might be half a dozen people in the world with hands on experience at this.
⁨Comment⁩ on ⁨[deleted]⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I’m not running my own Lemmy, but I do run non-trivial systems elsewhere. Things I’d be looking for would be:
- Are concurrent migrations actually a problem? If Lemmy does a good job of taking out an exclusive transaction that checks if the migration is needed and then does it, it might be that several containers can race safely and you don’t need to do anything. I’d want to review the schema migration code before I trusted this myself though, since few people rely on it.
- A mode in Lemmy to do nothing other than run migrations and exit. You could then execute this as a job or exit-on-terminate container during the upgrade while other Lemmy’s are down.
- Create my own DB migration script based on the Lemmy schema diffs from release tag to release tag.
- Is there a config-flag on Lemmy to enable/disable db migrations? I don’t have a link handy but I feel like I heard about lemmy.world having a Lemmy container separate from the pool of containers doing async jobs. If would be nice if one could run this single separate container and let it handle the migrations… but the other Lemmy’s would have to be clever enough to wait until the migration is complete.
- As you note, run just one Lemmy container for “a while” when upgrading. The issue here is knowing when the migrations are complete, which feels finicky to automate. Though if you do this manually as part of your upgrade process I’m sure it can work ok.
⁨Comment⁩ on ⁨Mass Organized Downvoting⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
This looks weird to me.
- Kbin downvotes are public, you can see who made them at kbin.social/u/@artifice@lemmy.world. Kbin doesn’t federate downvotes from Lemmy though, so you can only see downvotes made there. I stalked your profile a bit on kbin and there was nothing weird. Mostly no downvotes, and in the few cases there were some there was no correlation of people across threads. The worst I saw was like three people downvoting a series of comments in a single thread, which is not weird or stalky.
- Downvotes are not anonymous to Lemmy instance admins though. They are recorded in Lemmy’s DB with a link to who made them.
I would consider reporting this to info@mastodon.world. If someone is actually sockpuppeting 10-20 accounts and profile stalking, that sounds to me like bannable abuse and something the admins might be interested in looking into. Now, of course, if you’re the one who has been harassing people in old comments, moderated comments, deleted comments, or DMs… admins might decide to ban you all. Two wrongs don’t make a right, and often result in two bans. It’s also possible that admins have bigger fish to fry and won’t have time to investigate… but if I were admin I’d be interested in early instances of mass-sockpuppeting so I could think about ways to detect and react to it.
⁨Comment⁩ on ⁨Is there a problem with Lemmy.world in Android apps?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I think you probably just got unlucky with timing before. Lemmy.world had some slow/broky spots today and I’ll bet you just happened to me messing with the subscribed feed during one of them, and connect just happens to be working for you now.