Image uploads are now disabled on lemm.ee due to malicious users

zquestz, 7 months ago

Any chance that gravatar support could be implemented? This would allow some basic functionality without hosting content on lemm.ee servers.

perishthethought, 8 months ago

Just checking – Is this still in effect?

I assume this is why I can’t change the banner on the community I moderate (on lemm.ee).

I totally understand why this had to happen. I’m just looking for a status update.

stavrosD, 8 months ago

Yes it is

Flinch, 8 months ago

Thank you for your vigilance and action! 🫡

ryannathans, 8 months ago

Better shut the internet down then. This will only continue to worsen now that anybody can generate whatever images they want with AI assistance. Such image hashes will not be in CSAM databases (if AI generated imagery is even CSAM)

Boi, 8 months ago

Well, that sucks i wanted to share some cute pics i took of my cats

zoe, 8 months ago

use imgur or imgbb. outsource image hosting.

HelloHotel, 8 months ago

I wouldve recommended catbox.moe but I have FUD about it now. I assume they are have themselves together, but I cant know for shure.

zoe, 8 months ago

also ur fears are justified, but just checked: ghostery doesn’t show any trackers on catbox’s part, so its safe to use…for now…but one has to stay vigilant and make regular checks to see what will happen about them

zoe, 8 months ago

well we could always use any other suggestions: imgur is a spyware in itself, but what can we do (i put it in the freezer app so i dont get wiretapped, suddenly my videos started to be uploaded in gif form by them to save on bandwidth lol 😭 )

HawlSera, 8 months ago

This sucks, but given the circumstances it’s sadly an understandable and necessary course of action.

Awoo, 8 months ago

If you’re concerned about legal liability I think it’s worth noting that there is some protection for websites in this matter. For the most part as long as you’re taking “reasonable action” against it you’re not liable, and that most laws take into consideration the resources of the site dealing with the uploads.

Not pleasant for users though of course. And the speed at which its handled is obviously a concern.

GivingEuropeASpook, 8 months ago

It’s also still something that might need to be litigated in courts, which in and of itself is also a danger for people who can’t afford it.

rambos, 8 months ago

Thanks for taking care about that.

Honestly, Im bit confused, I can still see image uploads posts like: lemm.ee/post/5858721

I guess I was lucky I didnt see morbid posts, just want to be sure Im safe now. Is it safe enough to just browse lemm.ee local?

Masimatutu, 8 months ago

Honestly, Im bit confused, I can still see image uploads posts like: lemm.ee/post/5858721

That is because that image is hosted on another website, in this case roncobb.net.

rambos, 8 months ago

Ah thx for explaining

iesou, 8 months ago

This is why we can’t have nice things.

infinipurple, 8 months ago

Honestly, some people are just the worst. Why on earth anyone would waste their time doing something so vile is absolutely beyond me…

HelloHotel, 8 months ago

If one enjoys the twisted pain inflicted on children, then inflicting pain that makes most adults want to use eye-bleach by showing off their plunders is to them well executed revenge on the people they dont like.

BelieveRevolt, 8 months ago

I honestly think this is the reason why message boards generally don’t have the feature to attach images to posts anymore.

pomodoro_longbreak, 8 months ago

Large public message boards, anyway

ulu_mulu, 8 months ago

That’s disgusting! You made the right thing, sorry you admins and mods have to put up with that shit, I hope instance owners that are being attacked are reporting it to local authorities.

redballooon, 8 months ago

Did you alert authorities?

coffee, 8 months ago

I don’t think they made it onto this server, with the 100kb upload limit in place, that was already a rather low risk. It’s a preventive measure. So far lemmy.world was the one deliberately targeted.

lagomorphlecture, 8 months ago

I’m going to go out on a limb and say they and all the other instances that were hit with this attack probably did. Which authorities, I don’t know. If this instance is hosted in Estonia then probably Estonian authorities, but it’s probably being hosted on the cloud so is it REALLY hosted in Estonia? There are a ton of American and EU users so hopefully the FBI and whatever the EU equivalent is. But honestly cybercrimes can get confusing because of the nature of people and hosting being spread out all over the world and it can be hard to even figure out who to report to.

infinipurple, 8 months ago

Europol in Europe. But you can report it to your national cybercrime division and they can refer it to the appropriate authority if necessary.

iByteABit, 8 months ago

This is a very good decision, I worried about this problem from the very beginning that I learned about the Fediverse. Research must definitely be done to find CSAM detection tools that integrate into Lemmy, perhaps we could make a separate bridge repo that integrates a tool like that easily into the codebase.

I hope every disgusting creature that uploads that shit gets locked up

OverfedRaccoon, 8 months ago

There was a user that posted a tool they had already been working on, that worked in Python, to go through and automate detection/deletion of potential CSAM on Lemmy servers that admins could implement until better tools come along. Unfortunately, I don’t remember who posted it or where I saw it in my travels yesterday.

quinacridone, 8 months ago

Was it this post by db0?

lemmy.ml/post/4027478

OverfedRaccoon, 8 months ago

Yep, that’s the one. Thanks!

quinacridone, 8 months ago

You’re welcome

wintermute_oregon, 8 months ago

Google has an API for it. While I am not a fan of google, it is a widely used API.

HelloHotel, 8 months ago

Sounds like a useful back-pocket fallback/emergency tool. A thing for when your primary is failing or need more help.

Anonymousllama, 8 months ago

Perfectly fine. People can upload images elsewhere and then just link to them. Most image upload sites will have all those protections in place already. A good stopgap until Lemmy gets those mod tools

Stamets, 8 months ago

I’m genuinely confused on why it’s even happening in the first place but I can’t say conspiracies aren’t spinning in my head. Stuff like Russia having troll attacks to try and stifle a new Internet trend. Or companies like Facebook and Twitter paying people to do this to instill a boogeyman like fear of federated Internet.

I’m not suggesting they’re true, but they’re one of many confused thoughts as to what’s goin on.

UnicodeHamSic, 8 months ago (edited 8 months ago)

It is an old 4chan thing. They have it around and they know it freaks out the normies so why not have some fun with it? So any kinda shit head chud or skrpit kiddie can do it for a little hit of fun vandalism. Being kicked off reddit for being too comunist does make us a likely target for all this.

pleasemakesense, 8 months ago

I’m like 80% sure this isn’t coming from the outside but from people on Lemmy from malicious instances

redballooon, 8 months ago

There’s no need to invoke conspiracy. This is entirely possible for a single person to do, and motivations for single people may be very pity even if the consequences are widely visible.

One misguided teenager on a power trip who enjoys how much disruption he can cause is enough for such an effect.

buffalobuffalo, 8 months ago

yeah bitches be spending actual money to destroy a fifteen year old game with bots. it doesn’t need to have political motivation.