MrKaplan

MrKaplan Mod , 6 days ago

it's removed from our slur filter now

MrKaplan Mod , 6 days ago

it was a significant part of the brand of a spam/advertisement campaign several months ago

MrKaplan , 6 days ago

cough

MrKaplan Mod , 6 days ago

sent a pm

MrKaplan Mod , 19 days ago (edited 19 days ago)

Hi,

there seems to be an issue with the mastodon instance requiring AUTHORIZED_FETCH.

Lemmy 0.19.3 does currently not have a working implementation of authorized fetch, this should get fixed in 0.19.4 when that is released.

For now, the only workaround is to disable secure mode on mastodon.

edit: see also https://github.com/LemmyNet/lemmy/issues/4451

MrKaplan Mod , 20 days ago

Keep in mind that this is the Lemmy.World support community, not Lemmy in general, so this post may not be seen by Lemmy devs.

If this was implemented, I doubt it would make it as a core Lemmy feature. This would like have to be built into either clients/interfaces (obviously each one would have to do this one their own), or it would probably have to be built on top of the planned upcoming plugin system.

MrKaplan Mod , 26 days ago

other instances will need to have at least one subscriber to the community to be sent votes and new content

MrKaplan Mod , 27 days ago

This is addressed in the upcoming Lemmy release 0.19.4 where contents will no longer be included in API responses. Until then it's up to clients to actually hide it. Content is kept for a few days to allow you to undo deletion, but you can also edit your content before deleting it to remove that. There is also a scheduled task running once a week I believe that will replace contents of deleted comments with something like PERMANENTLY DELETED.

Regardless, as Lemmy is a public platform, you should be aware that people may be storing this information on linked platforms regardless and may not respect the edits/deletions at all.

MrKaplan Mod , 29 days ago

Hi,

is this consistently happening with the same posts?
Do you see comments when you try the same post again later?
You mentioned this happens with both the default front end and also with Alexandrite, does it happen with the same posts on both of them?
Can you reproduce this in a private browser window?
If you can, would you mind sharing a post that this is happening with so we can take a look?
It would also be useful to see the associated error message.

MrKaplan Mod , 27 days ago

ah, annoying that that seems to be happening accidentally so easily :/

MrKaplan Mod , 30 days ago

you can't report users yet.

there's an email address for our ticket system in the sidebar of this community.
it's either that or trying your luck by sending a private message to a random admin. tickets are often a better option.

MrKaplan Mod , 30 days ago

the reporting endpoint is the same, doesn't matter where you report from.

MrKaplan Mod , 30 days ago

https://lemmy.today/ maps to this IP.

It doesn't look like any scanners currently flag this domain: https://www.virustotal.com/gui/url/a47dfe5f17250f4fe029556c3f71672f6d4cfbee854d74e170f9c69de14c30cb

MrKaplan Mod , 1 month ago

Hi,

which community/posts is this about?

Comparing https://lemmy.world/c/kickasswomen?dataType=Post&sort=New to https://lemmy.world/c/kickasswomen?dataType=Post&sort=Hot I can still see both posts that were posted an hour ago, they're just sorted further down currently, but still on the same page.

MrKaplan Mod , 1 month ago

Hello,

the post was removed by a Lemmy.World admin.

Since the post is not in a Lemmy.World community and your user is not on Lemmy.World either, this removal is only affecting Lemmy.World users.

Our AutoMod is only notifying you about this happening, but the wording should be improved to make it more clear what happened.

MrKaplan Mod , 1 month ago

if the missing NSFW mark is the only reason for removal we're generally open to restore content after that has been fixed.

we will not actively search out content that has been removed and then was updated to include the nsfw mark, but this would be doable on request.

MrKaplan , 2 months ago

except it doesn't work well for the rest of lemmy/the fediverse.

many other instances seem to be getting hit by this, but they don't have as many activities generated locally for this to become much of a problem. additionally, this is mostly affecting instances with high latency to the instance that is being flooded by kbin, as lemmy currently has an issue where activity throughput between instances with high latency can't keep up with too many activities being sent. the impact of this is can be a bit less on smaller instances with smaller communities often not having as many subscribers on remote instances, although we've seen problems reported by some other admins as well. this includes e.g. kbin.earth, which i suspect to have been hit by responses from a lemmy instance, while the lemmy instance was actually only answering the requests sent from that kbin instance.

during the last peak, when we decided to pull the plug for now, kbin.social was sending us more than 20 activities per second for 7 hours straight. lemmy.world can easily handle this amount of activities, but the problem arises when this impacts our federation towards other (lemmy) instances, as e.g. votes will get relayed by the community (magazine) instance, which means, depending on the type of activity being sent, we might have to be sending out the same 20 requests per second to up to 4,000+ other fediverse instances that are subscribed/following the community this is happening in. trying to send 20 requests per second, which lemmy does not do in parallel, requires us to use at most 50ms per activity total sending time to avoid creating lag. when the instance is in australia, with 200ms+ latency, this is simply not possible.

looking at the activity generation rates of some popular lemmy instances, anything that is significantly above lemmy.world is likely not just sending legitimate activities.

ps: if you're wondering how i'm seeing this post, you can search for a post url and comment urls on lemmy to make lemmy fetch them, even if they haven't been directly submitted through normal federation processes. this requires a logged in user on lemmy's end.

MrKaplan , 2 months ago

so far this has been a single case with kbin.earth and lots and lots of cases with kbin.social.

no other instances have been observed behaving like this yet.

MrKaplan , 2 months ago (edited 2 months ago)

feel free to reach out to me directly via matrix at @mrkaplan:lemmy.world if you want

edit: fyi, mentions of @lwadmin will usually not be seen.

MrKaplan , 2 months ago

we've switched from using multiple federation sending containers (which are supposed to split receiving instances across workers) to just using a single one.

MrKaplan , 2 months ago

it is indeed mostly like related activities we're seeing

MrKaplan , 2 months ago

for a magazine to show up on lemmy, a logged-in user needs to visit it first. afterwards, to ensure that new content is published to lemmy instances, someone from that instance needs to subscribe to the magazine. this needs to happen on every instance as far as i know. this is one of the reasons services like https://lemmy-federate.com/ or https://browse.feddit.de/ exist.

MrKaplan , 2 months ago

The execution should have been better, but the decision itself was a team decision, not an individual admin decision without talking to the rest of the team.

MrKaplan , 2 months ago

Lemmy.World is legally primarily bound by the countries listed here.

if being gay became illegal in NL for example, and there would be laws to prevent talking about gay people, then we'd have to either no longer tolerate such content on our platform or ensure we're no longer bound by dutch laws.

MrKaplan , 2 months ago

Lemmy.World is legally primarily bound by the countries listed here.

If we get a request, of course we will evaluate that request.

When it comes to taking down content, such as copyright infringing content, we may err on the side of caution to reduce the legal risk we're exposing ourselves to.

When it comes to handing over data that is not already publicly accessible, such as (not-really-)private messages or IP addresses of users, we will not "err on the side of caution" and hand out data to everyone, but we must follow the laws that we're operating under. See also https://legal.lemmy.world/privacy-policy/#4-when-and-with-whom-do-we-share-your-personal-information.

MrKaplan , 2 months ago

What would be the alternative?

Moving the instance behind Tor and hoping to never get identified?

As long as you're operating a service on the internet you'll be bound by laws in one place or another. The only thing you can do against this is trying to avoid being identified and therefore trying to evade prosecution. This is not a legal defense.

MrKaplan , 2 months ago

We do question the validity of claims, but when it comes to takedowns of copyright related content, we simply do not have the resources to throw money at lawyers to evaluate this in detail. We can apply common sense to determine if something appears to be a reasonable request, but we can't pay a lawyer to evaluate every single request. We also can't afford going to court over every case, even if we were to win, because those processes take large amounts of personal time and have a risk of significant penalties.

Legal advocates on Lemmy or any other platform for that matter are not a substitution for legal council.

MrKaplan , 2 months ago

as I'm very tired right now, I only want to comment on one of the arguments/questions you brought up.

you're asking for the difference between taking down content and providing information about users.

its very simple actually. sharing non-public data is a very different story than removing access to otherwise public information, whether it's originally coming from Lemmy.World or elsewhere.

when we take down content, even if it's more than legally strictly necessary, the harm of such a takedown is at most someone no longer being able to consume other content or interact with a community. there is no irreversible harm done to anyone. if we decided to reinstate the community, then everyone would still be able to do the same thing they were able to do in the beginning. the only thing people may be missing out on would be some time and convenience.

if we were asked to provide information, such as your example of a Texas AG, this would neither be reversible nor have low impact on people's lives. in my opinion, these two cases., despite both having a legal context, couldn't be much further from each other.

MrKaplan , 2 months ago

maybe I misunderstood your comment, I read your Texas AG example as asking for information about users. did you mean Texas AG asking for the removal of comments where people are stating they're trans?

MrKaplan , 3 months ago

FAILED

MrKaplan , 3 months ago

fwiw, it does not appear to be triggerable from within lemmy at this time.

I've just tried this on another instance and lemmy complains

The webfinger object did not contain any link to an activitypub item

I suspect this currently can only be triggered from threads.

MrKaplan , 3 months ago

posting and commenting.

voting should work: https://lemmy.world/post/11967676