this post was submitted on 16 Feb 2024
53 points (90.8% liked)
Privacy
31931 readers
675 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That particular instance was very recently the source of a lot of CSAM and spam, so that'd be why. A lot of instances recently upped their security to combat that.
There's nothing forcing anyone to use those services, but the reality is that instances that aren't quick to respond to those kinds of incidents will get defederated.
Cloudflare is a lazy but very effective and economical solution to this. The alternative is staff to monitor everything that goes through 24/7 which for most instances isn't easy or possible. Many can barely afford the infrastructure costs.
It's concerning regardless of the whole proxy banning debacle. A healthy fediverse is a well spread out fediverse.
But I doubt all instances will ever be that way. You don't need a lemmy.world account to use lemmy.world's communities, any instance would do.
My instance for example doesn't use Cloudflare or any CDN, although it is invite only because I really don't have time to deal with moderation. But I can access it over Tor if I want, and you can access it over Tor and browse it (read-only) just fine.
Reddit on the other hand wants to keep the data for themselves. Their VPN, Tor and proxy block isn't just for posting, it's for reading too and that is a much worse problem. They want to hoard the data so they can train their own Reddit AI on it. On lemmy you'll always have at least read access to the platform through Tor and VPNs through random instances.
At least on Lemmy, a fully featured Tor hidden service instance is entirely possible, if someone is willing to vet the account getting registered and potentially malicious uploads. And anyone can make it happen.
Just to add some more context, there was an attacker recently who created accounts on several Lemmy instances and used those accounts to spread CSAM. On lemm.ee, this attacker created 4 accounts over a 24h period, but was not able to upload any CSAM to our servers due to our stricter upload rules (we require 4 week old accounts to upload any images at all), and all of the 4 accounts were removed very shortly after creation (most of them within an hour of signing up). The attacker gave up trying to use lemm.ee very quickly, and moved on to other instances.
I just wanted to share this context to illustrate that while indeed the different measures we implement to protect the instance can have a negative impact on legitimate users, I really believe that overall, they have a net positive effect. In addition to Cloudflare DDoS protection and image upload restrictions, we also have a separate content-based alerting layer on top of Lemmy, which allows our admins to quickly notice when something suspicious is going on. As another example, this alerting has allowed us to extremely efficiently deal with a current ongoing spam attack on the Fediverse, and I bet many lemm.ee users aren't even aware of this attack due to the quick content removal. We will continue to improve our defenses, and hopefully try to limit the impact on real users as much as possible, but some trade-offs are necessary here in order to protect the overall userbase.