this post was submitted on 28 Aug 2023
1 points (100.0% liked)

Potatoe Meta

1 readers
1 users here now

Discussions of happenings in the Potatoeverse.

founded 1 year ago
MODERATORS
 

As pointed out by this post on c/selfhosted, CSAM has been appearing in c/lemmyshitpost. This has raised two serious issues with Lemmy, which is why I have disabled pictrs, the program for uploading image files and caching image files from federated posts that was designed for Lemmy.

The first issue is that if someone posts something inappropriate to a Lemmy community (as opposed to, say, a subreddit), and a mod deletes the post, instead of it being removed from the server and removed from all other servers, it's simply removed from the server and flagged that it was removed from other servers. This creates confusion for users because they can still interact with posts that users on a home instance cannot, but if someone posts CSAM to a community, that CSAM will stay on other people's computers.

The second issue is that Lemmy makes too much requests to other servers. Instead of the WebUI loading each image from wherever it was uploaded, so loading images to the user's computer on request of the user, it caches each image to the server. This results in a huge (and unnecessary) amount of storage space being used on the server, and means again that any NSFW or worse, NSFL images will be stored forever on the server along with important images, like post images created by users on the instance and the logo, and community logos. One could go further to say that Lemmy doesn't need to cache text, but I won't get into that now.

All in all, both these issues, combined with how Lemmy is such a small community it doesn't have very active mods, leaves all server owners vulnerable to targeted attacks on certain communities. Such as what happened with c/lemmyshitpost, when people started uploading CSAM material. This material was federated with all instances, meaning single-user instances like us now have to do extra work to get these images off. Luckily for me though, I was able to remove all saved images and (for now) disable pictrs. If you disable pictrs on your server, you can still upload images via sites like postimages.com (which also has the added benefit of being able to upload gifs!).

Thanks for your understanding everyone, and sorry for this wall of text!

- PastThePixels

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here