Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts.
We know this is a major step to take, but we believe that it’s the right one for both us and our community right now.
We’re working on a better long-term technical solution to these bots, but that will take time to create, test, and verify that it doesn’t cause any problems with federation and how our users use our site, and we’d rather make sure we get it right than have a site that’s broken.
We’re making this change on 28 Aug 2023, and don’t have a specific timeline for how long registrations will require an application, but we will post an update once our new anti-abuse measures are in place and working.
Take care, LW Team
Hope it restricts the attack surface, why do people have to be such knobs
Not wanting to be too conspiratorial, but it isn’t necessarily people simply doing this out of the badness of their hearts. The fediverse is a disruptive platform and there are many parties with deep pockets that might happily funnel a little bit of cash to certain consultancies in certain countries to stop things and add friction to this platform before it really takes off. Nothing like a little bit of corporate sabotage!
That sounds exactly like the badness in people’s hearts though.
The corporate types behind such actions aren’t people.
Such a Rick thing to say.
Here is an alternative Piped link(s): https://piped.video/KApaZfVQObY?si=3JnuJK9P4Kej1fWf
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
Dehumanization is how we got here.
Not a great way back? Unless you’re looking to go in circles.
Oh stop. That’s like that discussion about not dehumanizing neonazis.
And the answer here is the same: the corporate types don’t see us common folks as human. They see us as a product at best, and disposable resources at worst. It took a lot of effort to get to the point in which the rights of workers, the rights of consumers and the rights of people in other roles, to be recognized. Real sacrifice, even.
So we gotta do what it takes to keep those rights, because, again, those corporate types don’t see us as people. So, fuck them. They aren’t people either.
Humans are humans, whether you like them or not.
The bad thing about Nazis is they disagree. Feel free to be more like Nazis? I’d prefer to be different. Still human, but you know, acknowledging my fellow humans as such.
To ignore this fact is to lay claim to the idea that you could never end up in a situation where you’re treating people as subhumans. To call any human as subhuman is obviously antithetical to making that claim.
Clearly the only response to people who want to treat you as subhuman is to treat them with love and kindness so they can take advantage of the situation.
This is how every “civility” rule on the internet eventually becomes a “don’t sass the nazis” rule.
There’s a huge difference between treating someone subhuman, treating someone human, and treating someone love and kindness.
If you can’t see that, I worry for you.
This is a very silly conspiracy theory. Big corps don’t give a shit about Lemmy, but there are plenty of script kiddies who want to hack easy targets. Contrary to your belief, there are plenty of dumb idiots with plenty of badness in their hearts.
Big corps are more sociopathic than you realise. There are so many underhanded games going on at that level it will make your head spin.
Big businesses indirectly and sometimes directly fund APT groups. They will buy things that give them anonymous access to competitor trade secrets, or fund attack campaigns against competitors. This sounds like the kind of attack campaign a competitor might launch as part of a one-two combo. This is the first part, the second part is to get editorials out there regarding how lemmy.world is full of CSAM.
Nah. The risk greatly outweighs the reward. Even if this hits the news, I doubt it’d affect numbers on here that much, especially since it’s not that big. It’s not even big enough to cause issues for “competitors” (and I use the term lightly). The fediverse is simply not really ready to compete with established actors. So the “benefit” is quite small. The risk if they’re caught includes executives getting jail time and likely irreversible harm to their brand.
Does it? Standard dark web precautions are more than enough to throw any investigation into a dead end, especially for a one-off transaction with the buyer having little to no other activity.
Yet. The Fediverse isn’t ready to compete yet. Business people aren’t looking purely at the present, they’ve got a keen eye on the foreseeable future too. If there is a growing momentum towards the fediverse, that can spell trouble for Reddit in 5 years time. The entire point of such an attack is to derail momentum on the platforms. By the time they are ready to compete, it’s much too late for this kind of attack to have any reasonable effect.
The more intelligent solution is what Meta is doing with Threads. Not something like this. There’d be a lot more money blackmailing the company than to mess with CSAM.
Big corps are a lot sneakier than something so blunt.
There isn’t a company to blackmail. You can’t treat the Fediverse as a competing company because it isn’t one. You have to treat it more like a movement, like Occupy Wall Street
How do you derail a movement? You make sure the participants are slandered to the point that your accusations are the main things people on the outside remember of it. Mainstream Media did this with Occupy successfully.
However this doesn’t work if your opponent is too big, too established or too well funded. Microsoft tried to do this with the Open Source Movement, but the latter was too well established and funded for it to work.
That’s the thing, they’re not being blunt at all. Literally anybody can pay for this kind of attack to happen and not even the service provider needs to know who the buyer is.
The only thing that is needed now are media hitpieces about how federated services spread CSAM and you’ve got damage that could make the YouTube adpocalypse look small.
Didn’t say blackmail the fediverse. I’m saying blackmail the company trying to spread CSAM.
And again, you don’t derail a movement. You try to own it if you really care.
But even then, it’s not worth it. XMPP has been “competing” for far longer and likely had more success up front than Lemmy or Kbin.
You’re severely overestimating the potential here. And you’re severely overestimating how much a company would want to destroy it instead of exploiting any other success. There’s money to be lost in paying to derail it. There’s money to be made in exploiting it.
No way would a company risk being caught being responsible for CP. That would cause a massive backlash in the US socially, and the legal troubles would be huge. And the stock market would also very painfully punish them.
Do you really think there aren’t ways for a company to avoid having their names put against such operations? A simple anonymous darknet transaction is enough to get this done without anyone’s name being put on it or CSAM touching corporate machines.
Risk outweighs the rewards. Especially for something as small as lemmy. Take off the tin foil hat. It doesn’t work like that. Have companies done evil things, yes, but in this case, absolutely no way.
What risk? Keep it off the books, take standard dark web precautions when purchasing such a service and there’s no chance it’ll be traced back to you.
Small but growing, and steadily establishing itself. That’s a momentum certain companies will want to kill.
ahahahahaha.
My sweet summer child, I’ve seen it first-hand work EXACTLY like this. I work in the field of offensive security. On the one hand it first amazed me how much big legitimate companies play in that space but then I realised - of fucking course they do. It only takes a bit of know how to sweep most things under the rug.
No one cares about Lemmy. Grow up.
Which is why you’re signed in on lemmy.world? Because no one cares about Lemmy?
Lemmy is nowhere near big enough to cause any of the competitors any consternation.
Edit: to be more clear, the fediverse as a whole isn’t big enough. It’s like believing XMPP is going to cause Apple to worry about iMessage.
I’m not an evil corporation. Do you even read the thread?
deleted by creator
This is the internet, Steeve. We don’t do critical thinking here.
The alt right instance has been fucking with world since they were defederated…
This is something right up their alley, so the simplest solution is they’re doing it.
deleted by creator
And big corp wants to smother it before it’s bigger. It perfectly makes sense. It’s so much more difficult to kill a service/movement when it’s already widely adopted and popular. Identifying small, new players in the field and disrupting those takes very few resources for them, a rounding error, if you will.
The fediverse has the potential to be a threat to some big corps out there, and Lemmy is just one speck in a sea of a lot of specks. Together those specks are growing the fediverse, and the only way to disrupt it is to get rid of those specks.
deleted by creator
Not from a big corporation, no. It’s probably 4chan types. They tend to get deeply offended when people don’t want nazis around.
IIRC there was a post a few weeks ago that had the total number of active accounts somewhere around 60,000. Yeah, we’re definitely not big enough to attract that kind of directed attack
I like conspiracy theories as much as the next person. But let’s be real for a moment … this is shitty people doing shitty things. In part because Lemmy is a vulnerable and maybe relatively easy target by being indie software with indie instance management and relatively young. They might have a general purpose, such as being alt-right and defederated. But at it’s core, I think it’s gotta be just the “pleasure” they get out of breaking someone else’s shit … these people exist, we know they exist.
No, Lemmy is nowhere near big enough for that. If it was, it would be simply bought out by one of those companies, and then shut it down, like with XMPP. They have no rhyme or reason to skulk around in the shadows.
In its current state, it is still very much in its infancy. A company would see more threat in the competing social networks trying to copy their model, or people just leaving outright than Lemmy for the time being. Mastodon would be more of a threat by comparison.
Eh. It’s a new platform with new instances and a lot of potential attack vectors. With new users it’s becoming a valid target for them.
deleted by creator
The software developers who created Lemmy openly criticize systems of government and economics. These are nation-state battlegrounds too. The barrier to entrance is very low, as Lemmy doesn’t even do routine tracking of account creation, rate-limiting alone isn’t really defensive. 15 years ago sites like Reddit had major vote manipulation detection logic behind the scenes. This is pretty much unleashed playground for a lot of known tactics.
With the American election next year and all the chaos on sXitter, no unlikely.
deleted by creator