@MrKaplan@lemmy.world avatar

MrKaplan

@MrKaplan@lemmy.world

This profile is from a federated server and may be incomplete. View on remote instance

MrKaplan ,
@MrKaplan@lemmy.world avatar

so far this has been a single case with kbin.earth and lots and lots of cases with kbin.social.

no other instances have been observed behaving like this yet.

MrKaplan ,
@MrKaplan@lemmy.world avatar

feel free to reach out to me directly via matrix at @mrkaplan:lemmy.world if you want

edit: fyi, mentions of @lwadmin will usually not be seen.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Hello, disposable email addresses are not allowed.

Quick video demonstrating that lemmy.world sends every activity out twice ( i.imgur.com )

I realise this is a known issue and that lemmy.world isn't the only instance that does this. Also, I'm aware that there are other things affecting federation. But I'm seeing some things not federate, and can't help thinking that things would be going smoother if all the output from the biggest lemmy instance wasn't 50% spam....

MrKaplan ,
@MrKaplan@lemmy.world avatar

we've switched from using multiple federation sending containers (which are supposed to split receiving instances across workers) to just using a single one.

MrKaplan ,
@MrKaplan@lemmy.world avatar

see https://lemmy.world/comment/8961882 for now.

we've been spending a bunch of time already during the last days to get a solution in place on our end that will allow us to selectively reject federated activities from kbin, such as allowing comments and posts while rejecting votes, which seem to be the main issue currently, but we're seeing some stability issues with this currently.

we're planning to unban the affected users from the communities once we have this stabilized, as we currently have to pick between

  1. defederate from kbin.social (and other kbin instances when they are affected)
  2. reject all inbound activities from affected instances
  3. temporarily ban affected users in the communities associated with the issue
  4. drop all activities with certain characteristics, such as votes, when coming from a specific instance
  5. drop all activities with certain characteristics, such as votes, when coming from a specific instance and exceeding a rate limit

1-3 are all options we can do with existing tools, 4 and 5 require a custom implementation on our side. as 3. has the least overall impact of those we decided to go with 3 for now, which seems to work out rather well so far, except for the individual user experience of affected users.

4. has been our primary focus to implement currently, but it takes time to ensure this works as expected, as we're essentially building this from scratch. 5. may be implemented afterwards if we want to spend additional time on it.

MrKaplan ,
@MrKaplan@lemmy.world avatar

it is indeed mostly like related activities we're seeing

MrKaplan ,
@MrKaplan@lemmy.world avatar

for a magazine to show up on lemmy, a logged-in user needs to visit it first. afterwards, to ensure that new content is published to lemmy instances, someone from that instance needs to subscribe to the magazine. this needs to happen on every instance as far as i know. this is one of the reasons services like https://lemmy-federate.com/ or https://browse.feddit.de/ exist.

kbin.earth federation problems fixed ( kbin.earth )

Recently, I've noticed federated threads/comments/votes were lagging behind, and it turns out kbin.earth was being spammed (hundreds in a minute, leading to a couple thousand queued messages after only half an hour) by a Lemmy server with the same exact activity pub message. After blocking the server (feddit.de), federation...

/kbin logotype
ALT
MrKaplan ,
@MrKaplan@lemmy.world avatar

Hello @jwr1,

I just wanted to reach out to let you know that this may actually be a kbin issue, where your server has been spamming feddit.de and feddit.de has just been acknowledging/relaying your activities.

Since several weeks ago already we have been seeing various issues with massive amounts of activities being sent by kbin instances, primarily kbin.social. Today we (Lemmy.World) have also discovered a kbin.earth user being affected by this and have issued a community ban in one of our communities to remediate the issue and prevent thousands of activities sent from kbin.earth from being relayed through Lemmy.World.

We have so far been unable to establish any communication channel with @ernest, despite trying over multiple channels.

If you wish to perform some research about this, the user account we've seen this happen with from kbin.earth is @Oofnik, who we have banned from !world for the time being.

Feel free to reach out to me via matrix at @mrkaplan:lemmy.world directly if you're looking for more details.

MrKaplan ,
@MrKaplan@lemmy.world avatar

yes, really you.

i believe this is a bug in kbin somewhere causing (almost) endless loops for the same activities (data sent between instances to communicate your actions like votes) over and over again.

all the accounts i've looked at so far are (or at least look like) real users. we do not believe that this is a malicious action triggered intentionally by someone who has access to the account. you just happen to be one of the unlucky so far 37 users affected by this.

MrKaplan ,
@MrKaplan@lemmy.world avatar

The execution should have been better, but the decision itself was a team decision, not an individual admin decision without talking to the rest of the team.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Lemmy.World is legally primarily bound by the countries listed here.

if being gay became illegal in NL for example, and there would be laws to prevent talking about gay people, then we'd have to either no longer tolerate such content on our platform or ensure we're no longer bound by dutch laws.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Lemmy.World is legally primarily bound by the countries listed here.

If we get a request, of course we will evaluate that request.

When it comes to taking down content, such as copyright infringing content, we may err on the side of caution to reduce the legal risk we're exposing ourselves to.

When it comes to handing over data that is not already publicly accessible, such as (not-really-)private messages or IP addresses of users, we will not "err on the side of caution" and hand out data to everyone, but we must follow the laws that we're operating under. See also https://legal.lemmy.world/privacy-policy/#4-when-and-with-whom-do-we-share-your-personal-information.

MrKaplan ,
@MrKaplan@lemmy.world avatar

What would be the alternative?

Moving the instance behind Tor and hoping to never get identified?

As long as you're operating a service on the internet you'll be bound by laws in one place or another. The only thing you can do against this is trying to avoid being identified and therefore trying to evade prosecution. This is not a legal defense.

MrKaplan ,
@MrKaplan@lemmy.world avatar

We do question the validity of claims, but when it comes to takedowns of copyright related content, we simply do not have the resources to throw money at lawyers to evaluate this in detail. We can apply common sense to determine if something appears to be a reasonable request, but we can't pay a lawyer to evaluate every single request. We also can't afford going to court over every case, even if we were to win, because those processes take large amounts of personal time and have a risk of significant penalties.

Legal advocates on Lemmy or any other platform for that matter are not a substitution for legal council.

MrKaplan ,
@MrKaplan@lemmy.world avatar

as I'm very tired right now, I only want to comment on one of the arguments/questions you brought up.

you're asking for the difference between taking down content and providing information about users.

its very simple actually. sharing non-public data is a very different story than removing access to otherwise public information, whether it's originally coming from Lemmy.World or elsewhere.

when we take down content, even if it's more than legally strictly necessary, the harm of such a takedown is at most someone no longer being able to consume other content or interact with a community. there is no irreversible harm done to anyone. if we decided to reinstate the community, then everyone would still be able to do the same thing they were able to do in the beginning. the only thing people may be missing out on would be some time and convenience.

if we were asked to provide information, such as your example of a Texas AG, this would neither be reversible nor have low impact on people's lives. in my opinion, these two cases., despite both having a legal context, couldn't be much further from each other.

MrKaplan ,
@MrKaplan@lemmy.world avatar

maybe I misunderstood your comment, I read your Texas AG example as asking for information about users. did you mean Texas AG asking for the removal of comments where people are stating they're trans?

MrKaplan ,
@MrKaplan@lemmy.world avatar

fwiw, it does not appear to be triggerable from within lemmy at this time.

I've just tried this on another instance and lemmy complains

The webfinger object did not contain any link to an activitypub item

I suspect this currently can only be triggered from threads.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Hi @zachimusprime44,

which comment are you trying to restore?

Which client are you having issues with, how are you trying to restore the comment?

MrKaplan ,
@MrKaplan@lemmy.world avatar

that's odd, i wonder if that is related to lemmy 0.18.5.

it seems to work fine for me as admin, and i can also do this just fine with a mod account on a lemmy 0.19.3 test instance, so i hope this issue goes away with the update in the next days.

i've restored @xor's comment now.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Hello @wellee,

the reports are being sent to

  1. the reporter's instance (Lemmy.World) in your case, where they can be seen by instance admins and also community mods if there are any on this instance
  2. the community's instance, where they can be seen by instance admins of the community's instance, as well as by all community mods that belong to the same instance
  3. starting with 0.19.2, reports will also be sent to the content creator's instance, meaning the person who created the post/comment.
    Lemmy.World is not yet on 0.19, so this will not happen today, but it will start being the case when we update in a few days.

Coming back to your reports, I've taken a look at your reports of posts and I can only see 2 reports there, neither one relating to content containing spousal or animal abuse.

To answer your question about reporting options for communities, there is currently no native functionality in lemmy for reporting communities. Only posts, comments and private messages can be reported.
Having said this, many instances provide contact information in the sidebar. For Lemmy.World, you can find this e.g. on https://lemmy.world/.

We absolutely do not tolerate content promoting violence. See also our terms of service about this.
If you see any such content still up at this time and accessible through Lemmy.World, please do not hesitate to report this to us, either via report, or by sending an email to info@lemmy.world if you want to report this privately.
You can also send me a private message with more details.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Hello @BitingChaos,

if you're seeing content violating our terms of service, which doesn't get taken down despite your reports, please do reach out via email to info@lemmy.world.

MrKaplan ,
@MrKaplan@lemmy.world avatar

I've just described where reports are going in another comment on this post, but to expand on that, reports on the same instance are shared between community mods on the same instance and admins, which means that even though admins may see your report, a moderator resolving the report can also do this in an attempt to avoid the report being seen by an admin.

There are already discussions about improving this experience in general, but this is probably going to take at least several months to significantly improve.

MrKaplan ,
@MrKaplan@lemmy.world avatar

it's mostly !asklemmy, !asklemmy, !opensource, and !selfhosted, though some of the latest spam also started arriving in !warframe.

MrKaplan ,
@MrKaplan@lemmy.world avatar

Most of these are unfortunately limited to local instance moderation, which means all instances that don't run these bots don't benefit from them.

The posts have already been modified in ways that they aren't as easy to reliably filter anymore, though still possible with fairly low false positive rate.

To add to this, depending on how content is removed, removal may or may not federate properly. on Lemmy.World, we've been removing content in a way that reliably federates, so while a lot of this spam does arrive in !asklemmy and !selfhosted, the removals on Lemmy.World should federate to all other instances (0.18.5+).

The other portion of the spam is mostly on Lemmy.ml, in !asklemmy and !opensource, and not all of their removals have been done in a way that federates.

MrKaplan ,
@MrKaplan@lemmy.world avatar

they appear to be advertising their "criminal organization", listing some of the illegal activities they do and where to find them.

VPN and Tor use on the lemmy verse, is it banned ?

Hi, I have noticed for three days now not being able to post comments from my Lemmy.world account while connected via Tor (I was left waiting for a spinning wheel )! I thought at first It might be a problem with LW servers but after three days, I concluded they are banning Tor and VPN users from posting, I Have found a user...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • tech
  • insurance
  • testing
  • drbboard
  • updates
  • til
  • programming
  • bitcoincash
  • marketreserach
  • wanderlust
  • Sacramento
  • All magazines