this post was submitted on 04 Feb 2024
70 points (98.6% liked)

Meta (slrpnk.net)

597 readers
13 users here now

Here we can discuss anything about this Lemmy instance/server itself.

Our XMPP support chat: Movim or XMPP client.

Please also refer to our Wiki

founded 2 years ago
MODERATORS
 

I don't know if you need this info, but I was pretty disturbed to see unexpected child pornography on a casual community. Thankfully it didn't take place on SLRPNK.net directly, but if anyone has any advice besides leaving the community in question, let me know. And I wanted to sound an alarm to make sure we have measures in place to guard against this.

all 22 comments
sorted by: hot top controversial new old
[–] [email protected] 18 points 9 months ago (1 children)

Unfortunately I saw it as well while scrolling, and reported it. What's the motivation behind posting fucked up shit like that?

[–] [email protected] 17 points 9 months ago (5 children)

I don't know the specifics, but trolling is trolling. It's experimenting with ways of breaking things. Not only do they probably find it funny, but if this isn't handled it can kill the platform. If they saw that Lemmy.World was defederated and shut down, that would make their day.

The point is that we need basic security measures to keep Lemmy functioning. I don't think this is just an issue of moderator response times. We need posts like that to get deleted after 10 people downvote it, and we need limits on how easily new accounts can get into everyones' front page feeds.

[–] [email protected] 11 points 9 months ago (2 children)

It should be reports and limited to users with some form of track record on the platform. So posted some time earlier, has gotten X likes, account age and similar measures to make sure it is not problematic.

Downvotes are a bad measure. They are often just done by somebody disagreeing with a post, which often are not exactly a problem. Also 10 is really low, when something really takes off. On the c/meme half the posts have more then 10downvotes, but nothing is really all that bad.

[–] [email protected] 6 points 9 months ago (1 children)

The best suggestion I have seen is to have a specific report category for CSAM. If a post is reported for CSAM x number of times, the post is hidden for moderator review. If it is a false report, the mod bans the reporting accounts.

Another issue is that post links can be edited. Trolls will definitely use this feature for abuse.

[–] [email protected] 1 points 9 months ago

Ranking algorithms need to be adjusted so that if a post is removed like this, and then restored, it gets the same number of views it otherwise would have. Without that, a user-interaction driven automatic removal will get abused at scale.

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago)

You can see below in this thread herein that someone got >10 downvotes for a perfectly reasonable and civil post by people who merely disagreed with their comment. Automatic censorship would be overly interventionalist. I would not want to participate in a forum that auto-censored like that. Downvotes did their job -- pushed the msg low on the page for reduced visibility.

[–] [email protected] 7 points 9 months ago

Your idea with restricting who can get into front page, is a really great idea! I will write it down for a project of ours.

[–] [email protected] 6 points 9 months ago* (last edited 9 months ago)

If the same trolls got 10 accounts, they could find some other way to exploit the security gap, and also delete any posts warning about it.

Maybe it would help if communities could turn off image uploading? I mean asklemmy doesn't hardly ever has a reason for there to be a picture. Communities that need it of course would still need other security measures.

[–] [email protected] 5 points 9 months ago (1 children)

The problem with an automatic delete is that it's just as exploitable. Anyone can set up 10 accounts on various hosts, or even on one host, and gain the power to instantly delete anything they like

[–] [email protected] 3 points 9 months ago

The alternative is requiring 24-hour moderation, which isn't really feasible unless moderators are paid employees, or just having to deal with posts staying up until a moderator/admin comes online and can sort them out. Communities can obviously try to have a mod team comprised of people from a range of time zones to increase coverage, but aiming for 24-hour coverage would make most mod teams far larger than is particularly necessary for the size of most communities at the moment.

Posts being removed and flagged to moderators for review if a certain report threshold is met is the best middle ground for a community-run, non-commercial forum. Sure, someone can set up 10 (or however many the threshold is set at) accounts and report a post on all of them to have it removed until a moderator is online, but is it really worth it to go through that effort just to get a post taken down for a couple of hours before it gets reinstated?

It's the best way to allow the community to self-moderate, I think, rather than requiring all the moderation power be in the hands of those with a moderator role.

[–] [email protected] 4 points 9 months ago

On top of what's been said, it should probably not delete but just hide it, so that mods could still re-approve it in case of mistakes

[–] [email protected] 5 points 9 months ago (1 children)

As a mod of a few communities I'd just turn off public posts and contact the admins to block any trouble accounts, luckily I haven't seen anything yet

[–] [email protected] 3 points 9 months ago (1 children)

Can you explain? I don't know what it means to turn off public posts?

[–] [email protected] 3 points 9 months ago

As community moderator you can apply a setting that means only mods can post on that community and it's not possible for anyone to post anything.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

What’s interesting about this is #LemmyWorld uses Cloudflare, and CF was involved in a CP scandal. You might be tempted to report the CP to Cloudflare, but it’s important to be aware of how CF handles that. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually doxxed the people who reported it. Cloudflare revealed the whistle blowers’ identities directly to the dubious website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers should have used fake names.