After someone mentioned me without tagging me on the Return2Ozma thread drama, I decided to Lemmy search my name to see what else I was missing out on. I didn’t realize I was so popular with the “People who defend tankies” demographic of Lemmy! Apparently, I’m a brainrotted liberal debate lord (simultanously, without any...
Because someone, eventually, is going to make this post anyway, we might as well get it over with. I know someone posted something a week ago, but I feel something a little more neutral would be useful....
At minimum the .ml admins have shown a desire and willingness to keep their finger on the scale of the broader fediverse, which makes them a clear existential threat and possibly even a cyber security risk. In addition, they protect hexbear and lemmygrad, which openly state that their intention is to wage information warfare on the fediverse. We also see some evidence that they are running their own modified version of the code which seems to give them some special tools to do things like instant mass bans and selective federation of content. This alone is extremely concerning. The idea that we can individually block their instance does nothing to mitigate the ideological or security concerns I have.
My personal experience is that they protect propagandists and do not enforce their own rules evenly at all. My bans have been for me extremely petty things, and even for thing I have said on other instances. Meanwhile I have been called names, told that my family deserves to be tortured and that my country deserves to be nuked by .ml users (or hexbear proxies). I also find their defense of Russian and Chinese autocracy personally offensive, as I have family who have been directly impacted by both. It would be one thing if this was happening in a forum where these issues could be debated, or defenses mounted against misinformation and historical revisionism, but that is simply not the case. Even the most modest pushback against these ideas results in quick bans. This is not something we should associate with.
This was my exact experience. I was pretty excited for a community well to the left of reddit, only to discover that they had no knowledge or interest in leftist theory beyond Lenin and Mao. Then I got run out of town for basically challenging this orthodoxy.
My concern is that the devs have shown a willingness to keep their finger on the scale and use .ml as a tool for this ideological end in any way possible. If, eg, there is a way for a malicious instance to modify federated content from other instances and republish it, I would confidently say that the .ml devs certainly have the ability, and have shown a willingness to engage in that kind of agitprop. At the very least I think we have to take this threat seriously.
Furthermore, If .ml were to be treated as a state espionage actor, federating with them is exposing your users to very significant risks, as it would be trivial for them to collect identifying information via federation, and to promote malicious or compromised websites by modifying their feeds, or even the feeds of individual users. They could very easily collect identifying information from a target, and then modify a web application to serve malware to that specific user, which they push to the top of that users feed in various ways.
This is an aspect of the fediverse which generally makes me uncomfortable. Even if the core code is safe and audited, there is nothing stopping a malicious admin from running modified versions of the front end or forum code. Again, it would even be possible to only serve such malicious content to individual targets, and federating content with them provides an incredibly convenient threat surface for performing this kind of targeted analysis.
The biggest thing stopping this kind of behavior would be “who the fuck would bother?” And the scale needed to provide cover for the operation. Who? Well, an admin who openly admits they are waging information warfare in the fediverse, that’s who. Or perhaps a dev who appropriates the name of an infamous murdering zealot as a symbol for his “cause.” How? Maybe via one of the largest and most visible instances on the fediverse?
Of course, I have no evidence that this actually happens. It would be incredibly difficult to detect such targeted threats. But the whole combination of the way the admin and devs handle themselves, and the adversarial way they interact with the rest of the fediverse, just triggers all sorts of red flags in the secOps part of my lizard brain, and it bothers me that people don’t seem to be taking these threats seriously.
Federation exposes potentially quite a bit of user telemetry data through a few different vectors. For example, simply loading a thumbnail from another instance exposes a user’s IP to that host instance. The exact ability for a third instance to tie a specific web request or usage pattern to a specific user is unclear, but is not a large leap. I am working through some specific exploit ideas on a test server I run, but I don’t have a ton of time these days, and it’s difficult to model some of these vectors without real traffic. I can say that so far, if a user interacts with a post soon after making the content request, it’s pretty easy to grab their IP, especially on low traffic content. So if I can see that a user interacts with a niche community (because votes are federated for some strange reason), I can target them that way. I should also be able to set a cookie via the content request, as well as do all the typical browser fingerprinting tricks. Once that association happens, it becomes trivial to serve malicious content to an individual user. This is a very serious threat vector specifically because it’s easy to hide what you are doing from the rest of the world, so it requires vigilance by the target to uncover. If it is done rarely it would be all but impossible to spot.
The broader point is that there is clear motive and plausible opportunity here. From a cyber security perspective, that’s enough to take preventative and protective measures.
I am not worried about propaganda. I am worried about a state actor performing pattern analysis on my user, trying it to a specific IP address, and then serving me targeted malware. The fediverse is unique in that sense because of the nature of federation exposes a significant amount of user telemetry to a huge number of different internet hosts.
At this point I am 100% convinced that if hexbears could perform cyber attacks at the behest of China, they would do it enthusiastically. And .ml Admins protect hexbears. To me, that’s motive and opportunity, and it would be naive and foolish to trust them given the adversarial nature of the way they interact with the broader fediverse.
What problems does defederation even cause? Do we have sympathy for this tumor? The very fact that they are openly willing to engage in information warfare, and are being marginalized for it only makes the threat bigger in my mind. If they feel like they are losing this war, their behavior will only grow more extreme. I would again like to reiterate that “Dessalines” is literally the historical poster child for “extreme ends justify any means.”
It’s a couple of developers who had a vision of a link aggregation platform for the people, by the people.
I would be much more sympathetic to this idea if they had not shown time and time again that it simply isn’t true.
They have shown absolutely no interest in small-d democratic ideals, and instead continuously double down on small-a authoritarian ideals.
They literally just got kicked off reddit and built a platform that they could control without any interest in higher causes, as far as I can tell. If this was not the case they would not do things like mass ban users for mild dissent, over comments made in other instances. Their interest is entirely self preservation. There is no evidence of service to any higher ideal. They are dead weight, and it’s only a matter of time before they do something which is going to harm the fediverse far more than slow growth will, if they haven’t already.
It’s not actually that rare. I mean, the death part is more unusual, but Dogs bite kids for no good reason all the damn time. Dogs should not be allowed around children unsupervised, period. It doesn’t matter how many times “it’s been fine” - all it takes is once.
I don’t even think they are accelerationists at this point. I think they are all either information warfare operatives or useful idiots. The hexbear admin has essentially admitted to this.
My guess is that they will give him a suspended sentence, but he will have to piss in a cup for the rest of the campaign, at least. It will be very interesting to see if Trump can get out of bed without his amphetamines.
I’ll share one particular experience - the weakest strength juice they sell is still very, very addictive especially if you can just vape inside. I finally quit when I started mixing the juice myself and halving the strength every two weeks. One day I forget to grab my vape on the way out for the night and that was basically the end for me. My concentration at that point was more than 10x weaker than the lowest strength I could get off the shelf. So just keep that in mind if you decide to taper.
I'm a hot commodity! (lemmy.world)
After someone mentioned me without tagging me on the Return2Ozma thread drama, I decided to Lemmy search my name to see what else I was missing out on. I didn’t realize I was so popular with the “People who defend tankies” demographic of Lemmy! Apparently, I’m a brainrotted liberal debate lord (simultanously, without any...
[Discussion] Let's talk about lemmy.ml
Because someone, eventually, is going to make this post anyway, we might as well get it over with. I know someone posted something a week ago, but I feel something a little more neutral would be useful....
Most credible PLA marksman training (sh.itjust.works)
Microsoft has blocked the bypass that allowed you to create a local account during Windows 11 setup by typing in a blocked email address (www.tomshardware.com)
GOP senators warn judge against sentencing Trump to prison (thehill.com)
You should lie out here and take a nap (lemmy.world)
Dog attack: 6-week-old Ezra Mansoor dies after Husky attacks sleeping newborn (abc7.com)
While Ezra was taking a nap in his crib, the family’s Husky that they owned for eight years attacked out of nowhere....
I am genuinely confused by hexbear's opinion on the Ukraine war (lemmygrad.ml)
What I have learned:...
Superfest glass (en.wikipedia.org)
Trump says he's "okay" with jail or house arrest (www.motherjones.com)
get off of them vapes (lemmy.world)
Just use it. Now. (lemmy.world)