This should help us cut down on the trolls. We recommend other instances do the same, because they will likely be targeted also.
I apologize for all their gore-posts as well, no one should have to see that. We’ll try to look for more admins from different time-zones as well to get them faster.
The two other possibilities we have currently as options, are turning on required email verification, and as a last resort, closing signups. I personally would rather not do either, but they are options.
Many thanks to @k_o_t@lemmy.ml and @AgreeableLandscape@lemmy.ml for banning those trolls.
Lemmy Announcements
Feel free to announce new communities here.
Other than that, this is reserved for admin use only.
Can you set it up so that we can invite friends with referral links (a la mastodon style) and it bypasses the application requirement? Maybe we have to apply to get the referral link activated.
Invite only instances would be also nice for self-hosting.
Not opposed as long as someone else codes it lol. I’m a bit swamped.
Fantastic idea! I actually never thought about this, this could probably be done fediverse-wide.
Thank you for all the work you do!
No probs!
Perhaps to avoid this type of user, a pre-school intelligence test would suffice.
I disagree. The far right users that chose to brigade Lemmy are not dumb, instead their moral compass is screwed up. Trolling requires smartness, even if the bait content itself is not a proof of intelligence.
I’m not talking about trolls, I’m talking about Nazis and these guys with fixed ideas, by definition, are never luminaries, less if they are simple guys and not rich people, the latter almost always only sympathize with fascism, because it is the political orientation that most favors the savage capitalism that favors them.
For the rest, the waving flags with the svastica tattooed can be seen as follows https://i.imgur.com/kqHNjpv.gif
You did not need that GIF to tell me the nature of so many people. They are easily identifiable for the most part, so it is not that big of a deal. What we simply need is vigilant and educated users, and Lemmy does have that. Think of the audiences that will never come here permanently – Reddit NSFW users, Gab/Dissenter users, Kik/Omegle/Chaturbate users, /pol/ users (and typical chan users in general).
The majority of users in any herd are followers, that is how the leader concept works. So them having fixed ideas is again not the main concern. It just creates a sheep army, and they can all be defused in the same capacity they come. You find the origin and understand that so more future shepherds get discouraged, and therefore less sheeps mobilise.
Agree with this, naturally requires vigilance. But these, trolls, spamers and similar fauna, cannot be avoided by adding an email to the registry. Spammers can perhaps be avoided by simply waiting an hour before sending the registration confirmation, since spammers often use temporary emails that expire earlier.
Now is not the time for it. Probably after Reddit goes public and crashes into an endless void, when the influx of users come here, after that phase things might change a lot. Lemmy needs to grow and become more significant in the mainstream.
A platform that forcibly asks for emails or other identifiers is suicide at this stage for a platform that also advocates FOSS, federation, modlog transparency and great civillity. Reddit does not do it, and there is still a lot of meaning to the anonymity they provide, despite being a giant platform.
Reddit and anonymity? 🤣 Reddit even pass user data to Facebook and worse, TowerData, the last even uses keylogger.
https://themarkup.org/blacklight?url=reddit.com
Data to
https://themarkup.org/blacklight?url=Neustar.com
and
https://themarkup.org/blacklight?url=TowerData.com
This mean, all big tech nows the data from reddit users
I have not needed to allow Facebook or other 3rd party domains with Reddit, so I am unsure. Same goes with keyloggers. Keylogging and 3rd party tracking is a problem for people who use Chrome without ad blockers. Anyone who uses any half decent adblocker (even ABP) or Firefox does not have these issues.
I use Vivaldi (Chromium) and also don’t have problems with this. But this has nothing to do with the joke that Reddit is anonymous, it’s less anonymous than FB, they are sites which I avoid out of principle and mental hygiene.
Reddit is less anonymous than Facebook? U WOT M8? I have not seen that being true at all.
Reddit does not mandate email, government IDs, phone numbers for account creation, usernames are all anonymous, no photo posting, also allows 3rd party FOSS clients liberally. See what Instagram did to Barinsta.
They don’t need your name to track and identify you. Se tracking tecnics used in Big Tech sites. Only TowerData log everything you post there, using it to profile you,
Aso MS, FB uses pixelAPIs, Google geolocations and compare datas from other sites you visit which use Google APIs and analytics, also from Alphabet and NEST, also Google companies. Reddit is the oposit of Lemmy in anonymity. Instagram and WhatsApp naturally have nothing to do with anonymity or privacy, none of the Zuckerbot sites respect this.
Look in the Browserleaks and see what Data can be seen by a website if they want and if you don’t use a protection more than ad/trackerblocker. (Datas shown in my case are all wrong or N/D, only true that I live in Spain (if I don’t use a VPN) and don’t use a Touchscreen. But it has needed a lot of settings which a normal user don’t do or not even knows.
Anyway it’s better to avoid this sites.
I know numerous cross site tracking techniques. This is not how tracking works. Keyloggers need to have JS scripts directly running, which uBO blocks. Same goes for cookies, which get erased upon each browser session, so this is meaningless. Cookies need to persist across sessions to do what you say.
These scripts have to run in the first place, which is largely also blocked by Firefox’s Enhanced Tracking Protection.
uBlock Origin is like a condom to use internet at this point.
In Vivaldi this is also blocked by the inbuild ad and trackerblocker (same filters as uBO and more.). But how much user know this? The most use Chrome or Edge, using FF because they think it’s the most secure, but searching with Google (default in FF, which also send data to Alphabet (Google).
Now Google try another dirty trick with the Trending API to profile the user, same as with Idle and FLoC before.
While surveillance advertising is legal to create revenue for these companies, there is not going to be a truly free internet and a permanent war between Google & co and developers who remove these attempts from the users which take privacy seriously. Cookies since time ago are not a problem, tracking and profiling the user are much more sofisticated, there are pixel tracking, fingerprint, CSS exfill, CDN, among others, even scripts to access cam, mic, keyboard and mouse. Worse in mobile.
I think working against the Chromium/Blink monopoly is very important. Outside of Firefox, browsers with a configurable user.js and userchrome.css does not exist in Chromium land.
Chromium is also not a base for Tor Browser or TailsOS browser and is too leaky. Also gorhill, uBO and uMatrix maker, recommends Firefox over Chromium/Blink browsers.
It isn’t so, we need to work against surveillance advertising, this is the underlying problem, not the browser engine, apart uservivaldi.css is full configurable, it’s not a simple Chromium like others.
Also Firefox, although in some points more private than Vivaldi and in others less, creates income with surveillance advertising, that is, in collaboration with Google (Alphabet INC and NEST), APIs that in Vivaldi are optional and can be deactivated in the configuration or already they are removed by the devs, but not so in Firefox. What is missing I can put with a catalog of extensions that is ten times that of Gecko.
I also use Firefox for some things, but I don’t really see it as better or more private. But much more basic. Regarding TOR, it is a browser capable of accessing .onion networks, but apart from this, using it without VPN leaves you much more exposed there than with FF or Vivaldi on the normal network, this is not its function. That is to say, using it in the normal network, it is only slower, but it does not protect one iota more, it is a common mistake to believe it. You can check it on Browseleaks.
Nobody cares about catalog of extensions, even though Firefox has larger addon base. What is cared about is how well extensions are allowed to function, and Chromium browsers with complete Manifest V3 implementation has killed ad blockers in its fullest state.
As for surveillance advertising, that will only be killed when capitalism dies, or when the ad blocking users increase so much, the paywalling and privacy invading sites start to further paywall and self kill their websites.
Vivaldi is also closed source, and their reasoning for justifying the closed source code is too shady. https://vivaldi.com/blog/vivaldi-browser-open-source/
There is nothing like partly open source. What decides open source? 1% closed? 2%? 5%? 10%?
“human rights” “some security-relevant code in the UI” “only 5% is our UI closed-source code” “to improve performance”
I have rarely seen such weasel reasoning. Brave is worse despite open sourcing because of BAT, but they still do not do such PR talk.
The Vivaldi code is 100% accessible by the user and auditable, it is even taught in the community how to modify it, naturally at your own risk. Both Edge and Chrome itself try to mimic Vivaldi’s functions, but not being allowed to fork it (that’s the meaning of ClosedSource in Vivaldi), with a pretty poor result. Releasing these codes, BigTech would have forked Vivaldi, which would have been the end for a small cooperative with a different concept in a market full of abandoned and discontinued projects, which everyone believed that setting their browser as FOSS, simply putting their logo on the Chromium or Gecko would be enough (already more than 70 browsers that ended up like this)
Perhaps the definition of OpenSource requires a review, giving importance in the areas where it makes sense, in the more than 100 different browsers that circulate on the network, it is already irrelevant, especially if then they fall equally into the traffic model with the data of users, because they see that a browser requires an infrastructure, money and maintenance to continue it, apart of a good community.
Mozilla shares data with Coogle, which finances them, Vivaldi has another business model that does not compromise user privacy and also works, in a small company owned by its employees, strictly subject to and exceeding EU privacy regulations that in US companies do not exist.
Who is more capitalist and who is more ethical in their approach? Vivaldi, as the only browser company, is active in campaigns against surveillance advertising and active against Google’s tracking tricks. FOSS FF is conspicuous by its absence there, how strange. Check out Jon’s interview with Linux reps and why Manjaro and FerenOS use the ‘ClosedSource’ Vivaldi currently as the default Browser, other distros will surely follow. https://lemmy.ml/post/80937
The privacy and security of users is more important than defending one’s own interests by putting users at risk with closed source internet interfacing code. Vivaldi does not prioritise users, but their own benefits.
Or perhaps… only 100% open source software should be regarded as open source software? Even 1% closed source code means it is not FOSS. You can argue with any FOSS advocate (not grifters like GrapheneOS community) over this and get an answer. The famous Underhanded C Contest tells us about possibilities with obfuscation of code, hence closed source internet interfacing code is far more dangerous.
If Lemmy had 1% closed source code, would it be called FOSS? No. Apple’s OSes have few open sourced components. Nobody calls it FOSS. Signal’s code is not fully FOSS anymore, even though they made clear it is only the spam number database, and there is ample debate on whether to call it FOSS or not.
This is inherently false, unless you want to mention the optional Google SafeBrowsing list which is built into all Chromium browsers. Having Google search engine as default is not the same as “shares data with Coogle”.
A closed source browser cannot be a FOSS advocate. That is called grifting.
Distributions that care about reputation and privacy do not switch their default shipped browser to closed source or Chromium based ones (except Ungoogled Chromium). Many Manjaro users changed their distros over the Vivaldi move, or removed Vivaldi altogether. It is not accepted in the FOSS community, especially amongst Arch users (which Manjaro is based on).
You are free to use FOSS and continue to be driven by Big Tech to finance it, if you think this is better. I care more about the ethics towards the user and TOS/PP of the product I use, worse in Mozilla than in Vivaldi. Worse in American products than in European, much worse. All the tracking APIs of Google, FB and others are FOSS, the worst malware is too, Google and MS itself have the most extensive catalog of FOSS and there are still those who believe that FOSS is a guarantee of freedom, privacy, security and ethics. No, it is not at all, perhaps it is for some individual apps or to share new products and developments, which is in browsers, in a market saturated with them completely irrelevant, in these other factors count.
Cheers
Well, that logic also leads to Tor network being DARPA funded, and Mozilla being Google funded, and Tor Browser being Mozilla Firefox based. Do you not use Tor for communications at all?
Likewise, Vivaldi uses Chromium code, made by Google. Does that not make it unethical, since Google serves as the AI of US military drones that bomb people?
Likewise, the food that is produced has plenty closed source machinery and software involved, and not 100% processes are ethical. Why not grow your own food entirely? Oh wait, the fertilisers you want to buy may also not be 100% ethically produced or shipped.
Idealism debates go in more directions than you think. Eventually, you and I have to work with realism in mind, and that is the only thing that matters at the end of the day. Virtue signalling, even for oneself, does not work that well when you get into more nuances than you calculate for.
No, I don’t use TOR, it’s not really more anonym in the ordinary web than other browsers, it’s only slower and less secure. Certainly Chromium is made by Google, but as OpenSource, the script can be modified, well as degoogled Chromium or let the user decide which Google APIs need and which not in the settings, as Vivaldi do, because there are also users which need some services for their work. A lot of online services and profesional sites need services que offers Google and which don’t have valid alternatives. Because of this, also Gecko use them, but you have to modify the script to eliminate it, in Vivaldi you can do it in the settings or at least in flags. As you can see, FOSS have advantages for devs, but not so much for a normal user who need certain features for his work, study or activities. Privacy and security has nothing to do if te product is FOSS or not. The normal user need a good tecnical support and devs which respects the need of the user (most features are added by request made by the users in the community of Vivaldi where the devs and even von Tetzchner itself particpate). Nothing to do with the habits of Big Tech and prefab FAQ pages as support, or implement or rest functions, without consens of the users, as FF do… Where are here the advantage of FOSS over a product OpenSource who use 5% auditable and customizable by the user but proprietary code?
I am not going to hear opinions from a VPN seller on Tor onion network. This is just bad. Moreover, CactusVPN is nowhere near a reputed VPN provider.
Likewise Firefox has no issues, and user.js functionality does not exist in other browsers. Therefore, no hardening is possible on those, and Manifest V3 implementation ensures gorhill’s recommendation is true.
This is false. Vivaldi cannot be hardened.
This is BAD. I will prefer stopping the discussion here. This is straight up GrapheneOS community tier reasoning.
No worries. I have seen surprisingly few of these types of posts, so you’re currently doing something better then other alternatives and I appreciate your efforts to make things even better.
I downvoted and reported as many posts as I can, I don’t know how much that helped but it was good to check back a couple hours later and see that the trolls’ posts had been removed
Thank you for doing this o7
Admins could also tweak
register_per_second
andregister
paramsThanks a lot! I have implemented this in my instance too. This past week I was also saw several accounts being created to post ads.
The brigading is really unfortunate and thanks to the admins for doing all the work to contain it. As Lemmy grows in usage requiring email verification may be unavoidable, but hopefully having a registration application will do the trick in the immediate term. Something like this was bound to happen sooner or later, so at least this is a useful test case for how such brigading and spam can be addressed going forward.
Thanks for this. I’d stick to the It’s FOSS channels if I wanted to see loads of fascist crap 🤣 Love being on Lemmy!
Thanks, I’ve done the same over on lemmy.pt. Hope this helps :)
Doing registration form with manual approval is a good first step. My 2 cents is you could also implementing an invite based registration where users are allowed to invite their trusted friends.
Similar to how reputable private trackers works. There is form registration, interview, or invite from existing members. If existing member invites too many leechers, the current member will get a warning and ban eventually. This system is mostly working for private trackers so far.
Are the invite systems usually e-mail based? If so, it would be cool to be able to generate 1-time use codes to invite friends, so that providing an e-mail is not required.
Absolutely, have a code based invitation would be more privacy focused.
I think having more admins from more time zones is the best solution, then e-mail verification and then having to fill out a form because it takes time to be reviewed and it takes more time from me because i have to write shit and anyway i can lie.
You do not need to apologize for actions of others, you did your best and you found a solution for this issue which is what at the end counts.
My idea was to introduce some sort of reputation based system but the problem is, that bots maybe could abuse the system to upvote themselves to get some sort of credit or reputation, call it what you want. Most boards use captchas and eMail verification systems to workaround this. Maybe an option idea would be to enable captchas for users who have below x posts as a middle ground.
Reputation would just turn this into Reddit, where you can’t do anything or interact unless you use a single account or post what Reddit would like you to post.
Yeah I updated my statement, gave an example. Up until 5 posts. I think that is okay as a middle-way. The system is not meant as competition system or to farm something.
The Lemmy devs have already decided that karma is just a bottomless pit that just harms users mental health, so it’s highly doubtful we’d ever have a reputation system be introduced, as that’s literally the same thing.
Also, captchas can be preventative to people with certain disabilities, so introducing them (I believe it would be reintroducing, actually) would contradict Lemmy’s disability-inclusive culture. As well, email verification wouldn’t work for people who would prefer anonymity. And nefarious users could just use a spoof mail account, so the introduction of required email account verification would really only harm privacy-focused real users, and do nothing to prevent trolls. Also, while on the subject and though you didn’t mention it, we don’t ban IPs because some VPNs reuse them for multiple people. So banning the IP of a troll might also cause the ban of real users.
These are my thoughts on email too. Using throwaways is so easy for trolls, and legitimate users now have a privacy concern since a lot of the “legitimate” email services are really invasive.
I think we need a new permission-level that allows a user to delete comments and ban other non-admin users, so we can have more “site-mods”, without substantially increasing risk of someone doing something undesirable with their power.
Maybe admins need “superuser” status to see / edit the site-config?
If other lemmy sites doesn’t do the same, we should not federate with them.