I promised to follow up within a week on this, so here’s what’ll happen about malicious content:
tldr: I’m coding a bot to scan all content for all Lemmy communities being federated to dmv.social, I promise to limit it’s actions, to make it’s rules public, it’s source code available, and the actions it takes available for review.
Overview
Unfortunately, there have been a few bad actors posting malicious content on communities that are hosted on other instances. This impacts us because that content gets federated to this server. There is often a time gap between when the content gets posted and when moderators eventually take it down, sometimes for a couple of hours. I also don’t think it’s reasonable to expect all communities have 24/7 mod staff coverage.
As a host, I think allowing this kind of content to be shown is bad for a lot of reasons: there’s potential liability on the hosting side, there’s potential issues if you’re a user and scroll past the content or click onto it, and then there’s the issue of this making the Fediverse look bad.
Solving this Problem
Solving this problem is very hard.
I don’t want to defederate instances unless the whole instance is generally dedicated to harmful/uncivil activity. I don’t feel comfortable blocking communities either unless it could lead to potential legal issues.
This leaves me with filtering what comes in from other instances.
In the coming weeks, I’ll be coding a bot that’ll scan all links/posts coming in. I will publish the source code and rules when I get it running.
I used to moderate a decently active subreddit and have crafted all sorts of automod rules to try tampering down bad activity, so I ask that you bear with me as I figure out how to craft rules for this. It’s inevitable that I will get some wrong in the process.
As an example of some rules I’m considering:
- If a user is within a few days old, who’s home instance allows open signups, has no meaningful post history, do not show image previews from their first few posts.
- If a user has an account with no activity over the last few months but started posting, and their first few posts are image posts, do not show image previews for their first few posts.
- If a link to an image is posted to an image host that has been problematic, and appears to be primarily used for sketchy content, do not show image previews.
I’m assuming that bad actors will typically register accounts on instances with open sign-ups (even with email verification on, have no meaningful history, then suddenly starts posting images out of nowhere.
I want to limit the action to just removing image previews but want to reserve the option of fully removing the posts as an option in the future. I’ll only do this if the image preview removal works reasonably well.
In the future, I’d like to modify Lemmy so that the bot can add a local-only comment as well as a modlog entry explaining what it did/why.
You must log in or register to comment.