As promised, if I brought the instance offline, I would give you a heads up in advance.
Here are the reasons for me coming to this decision-
Moderation / Administration
Lemmy has absolutely ZERO administration tools, other then the ability to create a report. This, makes it extremely difficult to properly administer anything.
As well, other then running reports and queries against the local database manually, I literally do not have insight into anything. I can't even see a list of which users are registered on this instance, without running a query on the database.
Personal Liability
I host lemmyonline.com on some of my personal infrastructure. It shares servers, storage, etc. It is powered via my home solar setup, and actually doesn't cost much to keep online.
However- for a project which compensates me exactly $0.00 USD (No- I still don't take donations). It is NOT worth the additional liability I am taking on.
That liability being- currently trolls/attackers are literally uploading child-porn to lemmy. Thumbnails and content gets synced to this instance. At that point, I am on the hook for this content. This, also goes back to the problem of literally having basically no moderation capabilities either.
Once something is posted, it is sent everywhere.
Here in the US, they like to send no-knock raids out. That is no-bueno.
Project Inefficiencies
One issue I have noticed, every single image/thumbnail, appears to get cached by pictrs. This data is never cleaned up, never purged.... so, it will just keep growing, and growing. The growth, isn't drastic, around 10-30G of new data per week- however, this growth isn't going to be sustainable, especially due to again- this project compensates me nothing. While- hosting 100G of content, isn't going to be a problem. When we start looking 1T, 10T, etc.... That costs money.
Its not as simple as tossing another disk into my cluster. The storage needs redundancy. So, you need multiple disks there.
Then, you need backups. A few more disks here.
Then, we need offsite backups. These cost $/TB stored.
I don't mind hosting putting some resources up front to host something that takes a nominal amount of resources. However- based on my stats, its going to continue to grow forever as there is no purge/timeout/lifespan attached to these objects.
I don't enjoy lemmy enough to want to put up with the above headaches.
Lets face it. You have already seen me complain about the general negativity around lemmy.
The quality of content here, just isn't the same. I have posted lots of interesting content to try and get collaboration going. But, it just doesn't happen.
I just don't see nearly as much interesting content, as I want to interact with.
Summary-
I get no benefit from hosting lemmy online. It was a fun side project for a while. I refuse to attempt to monetize it as well.
As such, since I don't enjoy it, and the process of keeping on top of the latest attacks for the week is time consuming, and boresome, The plan is simple.
The servers will go offline 2023-09-04.
If you wish to migrate your account to another instance-
Here is a tool recently released.
Lemmy needs an attorney (or several) to outline what exactly is afforded by safe harbor provisions. I am not an attorney and this is not legal advice, but having fought against the application of safe harbor provisions being used as an excuse by companies worth tens to hundreds of billions of dollars as an excuse to not moderate, I know just a little about them.
When all of this had just started to really get rolling - back in the early 90s - ISPs (including institutions like universities) made the argument that they are common carriers. That is, the phone company isn’t responsible if someone makes terroristic or other criminal plans over the phone, because they are a common carrier. They simply carry communication, but disavow any ability to police it. ISPs argued for, and for the most part received, a common carrier type of status.
A couple of things have changed since then. First, in classic “you don’t fuck with the money” style, we saw DMCA and other laws come about since then. Second, services started taking more responsibility for their data - first by hosting it and then deciding what to serve to whom in what order. Both of those depart from the common carrier argument, but additional safe harbor laws were written that do a carve out for companies that perform a reasonable level of due diligence, eg by responding to takedown notices.
Lemmy is far closer to usenet or email than it is to reddit. There is no central service, but rather individual files that are synchronized between servers via an algorithm that is content-neutral.
Back in the Elder Days I was working in my university’s computer labs, and we were explicitly instructed that we could not (for instance) stop people from browsing porn in the labs because once you start policing content you could be on the hook to police all of it. I was and remain skeptical that this was a serious legal interpretation as opposed to someone who doesn’t actually understand the laws doing their best. On the other hand, common carrier principles do seem to say that if you’re just serving up a protocol, even if you’re hosting the files locally (like usenet), you don’t have the ability to detect offending content.
tl;dr - EFF or someone needs to weigh in on this question
The issue, isn't what I could hold up in court, I am pretty sure there wouldn't be any issues once this went to court... Except the court costs, legal fees, etc.
The issue is- no-knock raids, well. They are quite dangerous, for both the occupants of the house, as well as the intruders busting your door down. As... a former grunt- at which point my door is being kicked down, fight or flight response kicks in. you uh, don't want to be on the receiving end of that.
That being said, another issue, Given I checked my instance to see if the "content" was synced there today, and was able to confirm it was... at that point, my computer also likely cached a copy of the content somewhere locally. My lemmy server had a copy of it cached locally. Regardless of the legality of this, and who is at blame- its not something you want accidentally laying around any hardware you own.
It's not something you want to mess around with. Here in the US, the police like to shoot first, ask questions later.... They don't generally knock on your door, and say, Hey, we noticed something unusual, can we ask you a few questions? If they are knocking on your door, its likely because they already have a warrant for your arrest. And, innocent until proven guilty, means, you are going to jail, until you are proven guilty.
TLDR; not worth the risk.
I’ve also been on the receiving end of people from other cultures who misinterpreted my presence and encouraged me to pursue alternative career opportunities with weapons fire. I’m absolutely not encouraging anyone to take that kind of stance. And there is no way in hell I’d second guess you or anyone else as to what they should host, either personally or on a rented service.
What I’m saying is that, as a community, people need to know what their rights are. They can also take into account that their rights might be violated by local or federal police, and that there’s a world of difference between the rights that are legally yours and the fact that there are overenthusiastic individuals in your house pointing weapons at you and your family and having been told you’re a pedophile terrorist.
However, the phantom threat is obviously a major Achilles heel in hosting federated services. The legal question has been answered - I don’t know of any ISP getting busted over usenet - and the risks are going to be there especially in the pioneer period - but it should be assembled in a way that can be referenced by either people or lawyers in case worst comes to worst. EFF is in a position to make that happen, but so are interested people with a legal background.
I understand that stance-
But, the problem is as a resident of the US, I am guilty until I pay to prove myself innocent.
Lets say, one of those CASM images pops up on a post I am viewing. And then google chrome flags it in their database. The feds come knocking on on my door. I then have to post my own bail to get out of jail, and hire my own lawyer to prove my innocence. Meanwhile, all of my infrastructure has been compensated, and even after proving my innocence, I'd be lucky to receive all of my hardware back in once piece, in a functional state.
At least at a ISP level, they aren't as likely to have police come and try and compensate the ISP's entire datacenter.
Absolutely agreeing with you. I could kill my career with a pirates copy of Harry Potter, much less CSAM.
But right now we really need community legal advice on what is legally defensible, whether or not any particular individual thinks the risk of taking a legal but potentially harmful position is worth it.
I’m sending thousands per year to EFF and the ACLU, even if I disagree with them on things like giving Nazis free speech, because I think that this kind of question is vital. I hope that federated services can become prominent enough that they get the kinds of treatments we saw published for FOSS and the cypher communities back in the day. I was one of those “pgp in four lines of perl” email sig folks when fighting export restrictions on encryption, so it’s not my first rodeo. But I’m also not going to run anything but a client against federated social networks right now.