Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts.

We know this is a major step to take, but we believe that it’s the right one for both us and our community right now.

We’re working on a better long-term technical solution to these bots, but that will take time to create, test, and verify that it doesn’t cause any problems with federation and how our users use our site, and we’d rather make sure we get it right than have a site that’s broken.

We’re making this change on 28 Aug 2023, and don’t have a specific timeline for how long registrations will require an application, but we will post an update once our new anti-abuse measures are in place and working.

Take care, LW Team

  • @devious
    link
    fedilink
    26725 days ago

    You gotta do, what you gotta do!

    Thanks as always for the hard work and transparency.

      • GONADS125
        link
        fedilink
        32
        edit-2
        24 days ago

        I hope you guys are doing okay having to see all that shit… No shame in reaching out to mental health professionals. Makes me sad imagining you guys picking up emotional baggage and trauma having to see all that to protect the community.

        I appreciate you guys looking out for us, but I hope you all have proper support yourselves.

  • Flying Squid
    link
    fedilink
    17924 days ago

    Whew, I’m glad I got in before this or my fellow homo sapiens might not have noticed I was also a fellow homo sapiens like them and definitely not a robot.

  • kadu
    link
    fedilink
    145
    edit-2
    24 days ago

    No place is safe from this, unfortunately. I moderated 2 big brazilian subreddits, and then decided to volunteer to help a smaller one. I had a day (and to be honest, an entire week) absolutely ruined when somebody did indeed set a bot to post large amounts of CSAM to the subreddit. Luckily I was online to quickly purge it all, and Reddit’s admins did remove the accounts pretty much instantly, but I feel for every Lemmy admin that even caught a glimpse of this material and now have to purge their computers and honestly, their minds, from that. Sorry to hear it happened.

      • @not_that_guy05
        link
        fedilink
        1824 days ago

        Same but not sorry. I always called it CP but I guess this is more of a straight forward name.

        • @[email protected]
          link
          fedilink
          English
          2324 days ago

          Yeah, the term CP (Child Porn) has always been a terrible name for it. It sounds weird, but “Child Porn” sounds much less dramatic than it is, like some sort of fringe porn. Meanwhile CSAM (Child Sexual Abuse Material) make it a lot more clear that there is a child being abused.

        • eric
          link
          fedilink
          1524 days ago

          Same, and to make sure no one else has to have it in their search history, CSAM stands for “Child Sexual Abuse Material.”

    • Ab_intra
      link
      fedilink
      1324 days ago

      I saw one of these videos in my feed last night and it was very obvious to me what it was. Thankfully it wasn’t anything that was to bad, but It still gives me the creep that something like that was in my feed.

  • @input
    link
    fedilink
    13025 days ago

    Hope it restricts the attack surface, why do people have to be such knobs

    • @pretzelz
      link
      fedilink
      118
      edit-2
      25 days ago

      Not wanting to be too conspiratorial, but it isn’t necessarily people simply doing this out of the badness of their hearts. The fediverse is a disruptive platform and there are many parties with deep pockets that might happily funnel a little bit of cash to certain consultancies in certain countries to stop things and add friction to this platform before it really takes off. Nothing like a little bit of corporate sabotage!

      • @Pregnenolone
        link
        fedilink
        English
        5924 days ago

        That sounds exactly like the badness in people’s hearts though.

          • @foggy
            link
            fedilink
            -224 days ago

            Dehumanization is how we got here.

            Not a great way back? Unless you’re looking to go in circles.

            • El Barto
              link
              fedilink
              1624 days ago

              Oh stop. That’s like that discussion about not dehumanizing neonazis.

              And the answer here is the same: the corporate types don’t see us common folks as human. They see us as a product at best, and disposable resources at worst. It took a lot of effort to get to the point in which the rights of workers, the rights of consumers and the rights of people in other roles, to be recognized. Real sacrifice, even.

              So we gotta do what it takes to keep those rights, because, again, those corporate types don’t see us as people. So, fuck them. They aren’t people either.

              • @foggy
                link
                fedilink
                -8
                edit-2
                24 days ago

                Humans are humans, whether you like them or not.

                The bad thing about Nazis is they disagree. Feel free to be more like Nazis? I’d prefer to be different. Still human, but you know, acknowledging my fellow humans as such.

                To ignore this fact is to lay claim to the idea that you could never end up in a situation where you’re treating people as subhumans. To call any human as subhuman is obviously antithetical to making that claim.

                • @Ensign_Crab
                  link
                  fedilink
                  English
                  824 days ago

                  Clearly the only response to people who want to treat you as subhuman is to treat them with love and kindness so they can take advantage of the situation.

                  This is how every “civility” rule on the internet eventually becomes a “don’t sass the nazis” rule.

      • @Aux
        link
        fedilink
        4024 days ago

        This is a very silly conspiracy theory. Big corps don’t give a shit about Lemmy, but there are plenty of script kiddies who want to hack easy targets. Contrary to your belief, there are plenty of dumb idiots with plenty of badness in their hearts.

        • 520
          link
          fedilink
          19
          edit-2
          24 days ago

          Big corps are more sociopathic than you realise. There are so many underhanded games going on at that level it will make your head spin.

          Big businesses indirectly and sometimes directly fund APT groups. They will buy things that give them anonymous access to competitor trade secrets, or fund attack campaigns against competitors. This sounds like the kind of attack campaign a competitor might launch as part of a one-two combo. This is the first part, the second part is to get editorials out there regarding how lemmy.world is full of CSAM.

          • pjhenry1216
            link
            fedilink
            1824 days ago

            Nah. The risk greatly outweighs the reward. Even if this hits the news, I doubt it’d affect numbers on here that much, especially since it’s not that big. It’s not even big enough to cause issues for “competitors” (and I use the term lightly). The fediverse is simply not really ready to compete with established actors. So the “benefit” is quite small. The risk if they’re caught includes executives getting jail time and likely irreversible harm to their brand.

            • 520
              link
              fedilink
              3
              edit-2
              24 days ago

              Nah. The risk greatly outweighs the reward.

              Does it? Standard dark web precautions are more than enough to throw any investigation into a dead end, especially for a one-off transaction with the buyer having little to no other activity.

              The fediverse is simply not really ready to compete with established actors.

              Yet. The Fediverse isn’t ready to compete yet. Business people aren’t looking purely at the present, they’ve got a keen eye on the foreseeable future too. If there is a growing momentum towards the fediverse, that can spell trouble for Reddit in 5 years time. The entire point of such an attack is to derail momentum on the platforms. By the time they are ready to compete, it’s much too late for this kind of attack to have any reasonable effect.

              • pjhenry1216
                link
                fedilink
                -124 days ago

                The more intelligent solution is what Meta is doing with Threads. Not something like this. There’d be a lot more money blackmailing the company than to mess with CSAM.

                Big corps are a lot sneakier than something so blunt.

                • 520
                  link
                  fedilink
                  324 days ago

                  There’d be a lot more money blackmailing the company than to mess with CSAM.

                  There isn’t a company to blackmail. You can’t treat the Fediverse as a competing company because it isn’t one. You have to treat it more like a movement, like Occupy Wall Street

                  How do you derail a movement? You make sure the participants are slandered to the point that your accusations are the main things people on the outside remember of it. Mainstream Media did this with Occupy successfully.

                  However this doesn’t work if your opponent is too big, too established or too well funded. Microsoft tried to do this with the Open Source Movement, but the latter was too well established and funded for it to work.

                  Big corps are a lot sneakier than something so blunt.

                  That’s the thing, they’re not being blunt at all. Literally anybody can pay for this kind of attack to happen and not even the service provider needs to know who the buyer is.

                  The only thing that is needed now are media hitpieces about how federated services spread CSAM and you’ve got damage that could make the YouTube adpocalypse look small.

          • @bemenaker
            link
            fedilink
            English
            524 days ago

            No way would a company risk being caught being responsible for CP. That would cause a massive backlash in the US socially, and the legal troubles would be huge. And the stock market would also very painfully punish them.

            • 520
              link
              fedilink
              2
              edit-2
              24 days ago

              Do you really think there aren’t ways for a company to avoid having their names put against such operations? A simple anonymous darknet transaction is enough to get this done without anyone’s name being put on it or CSAM touching corporate machines.

              • @bemenaker
                link
                fedilink
                English
                324 days ago

                Risk outweighs the rewards. Especially for something as small as lemmy. Take off the tin foil hat. It doesn’t work like that. Have companies done evil things, yes, but in this case, absolutely no way.

                • 520
                  link
                  fedilink
                  -2
                  edit-2
                  24 days ago

                  Risk outweighs the rewards.

                  What risk? Keep it off the books, take standard dark web precautions when purchasing such a service and there’s no chance it’ll be traced back to you.

                  Especially for something as small as lemmy.

                  Small but growing, and steadily establishing itself. That’s a momentum certain companies will want to kill.

                  Take off the tin foil hat. It doesn’t work like that.

                  ahahahahaha.

                  My sweet summer child, I’ve seen it first-hand work EXACTLY like this. I work in the field of offensive security. On the one hand it first amazed me how much big legitimate companies play in that space but then I realised - of fucking course they do. It only takes a bit of know how to sweep most things under the rug.

            • 520
              link
              fedilink
              224 days ago

              Which is why you’re signed in on lemmy.world? Because no one cares about Lemmy?

              • pjhenry1216
                link
                fedilink
                6
                edit-2
                24 days ago

                Lemmy is nowhere near big enough to cause any of the competitors any consternation.

                Edit: to be more clear, the fediverse as a whole isn’t big enough. It’s like believing XMPP is going to cause Apple to worry about iMessage.

              • @Aux
                link
                fedilink
                -124 days ago

                I’m not an evil corporation. Do you even read the thread?

              • @[email protected]
                link
                fedilink
                -424 days ago

                Obviously their comment was hyperbole, and the literal interpretation is based on the context of the conversation. Do a bit of critical thinking.

      • @givesomefucks
        link
        fedilink
        English
        3524 days ago

        The alt right instance has been fucking with world since they were defederated…

        This is something right up their alley, so the simplest solution is they’re doing it.

      • @[email protected]
        link
        fedilink
        2524 days ago

        Come on people, Lemmy’s user base is what, a few hundred thousand? A million tops? Which “parties with deep pockets” is this disrupting? The Lemmy userbase is a rounding error on the number of users of other popular social medias.

        “Don’t want to be too conspiratorial, but let me continue to drop a ridiculous conspiracy with no evidence”

        • @Grabbels
          link
          fedilink
          12
          edit-2
          24 days ago

          And big corp wants to smother it before it’s bigger. It perfectly makes sense. It’s so much more difficult to kill a service/movement when it’s already widely adopted and popular. Identifying small, new players in the field and disrupting those takes very few resources for them, a rounding error, if you will.

          The fediverse has the potential to be a threat to some big corps out there, and Lemmy is just one speck in a sea of a lot of specks. Together those specks are growing the fediverse, and the only way to disrupt it is to get rid of those specks.

          • @[email protected]
            link
            fedilink
            724 days ago

            You’re delusional if you think the Fediverse, a totally open protocol that “competitors” can (and plan to) join instead of having to “defeat”, poses a threat big enough to corporations with hundreds of millions or even billions of users to warrant the spamming of child porn.

        • @Ensign_Crab
          link
          fedilink
          English
          724 days ago

          Not from a big corporation, no. It’s probably 4chan types. They tend to get deeply offended when people don’t want nazis around.

        • PP_BOY_
          link
          fedilink
          224 days ago

          IIRC there was a post a few weeks ago that had the total number of active accounts somewhere around 60,000. Yeah, we’re definitely not big enough to attract that kind of directed attack

      • @[email protected]
        link
        fedilink
        English
        1624 days ago

        I like conspiracy theories as much as the next person. But let’s be real for a moment … this is shitty people doing shitty things. In part because Lemmy is a vulnerable and maybe relatively easy target by being indie software with indie instance management and relatively young. They might have a general purpose, such as being alt-right and defederated. But at it’s core, I think it’s gotta be just the “pleasure” they get out of breaking someone else’s shit … these people exist, we know they exist.

      • @[email protected]
        link
        fedilink
        525 days ago

        Eh. It’s a new platform with new instances and a lot of potential attack vectors. With new users it’s becoming a valid target for them.

      • @T156
        link
        fedilink
        English
        524 days ago

        No, Lemmy is nowhere near big enough for that. If it was, it would be simply bought out by one of those companies, and then shut it down, like with XMPP. They have no rhyme or reason to skulk around in the shadows.

        In its current state, it is still very much in its infancy. A company would see more threat in the competing social networks trying to copy their model, or people just leaving outright than Lemmy for the time being. Mastodon would be more of a threat by comparison.

      • BitOneZero @ .world
        link
        fedilink
        324 days ago

        Nothing like a little bit of corporate sabotage!

        The software developers who created Lemmy openly criticize systems of government and economics. These are nation-state battlegrounds too. The barrier to entrance is very low, as Lemmy doesn’t even do routine tracking of account creation, rate-limiting alone isn’t really defensive. 15 years ago sites like Reddit had major vote manipulation detection logic behind the scenes. This is pretty much unleashed playground for a lot of known tactics.

      • ekZepp
        link
        fedilink
        English
        225 days ago

        With the American election next year and all the chaos on sXitter, no unlikely.

    • NPC
      link
      fedilink
      8624 days ago

      I’m so glad I somehow have completely avoided that so far. I’ve heard about, sure but that’s it

    • @[email protected]
      link
      fedilink
      6024 days ago

      Oh Christ, really? That’s just sickening. I often sort by new, sounds like I’ve been very lucky to miss it entirely…

        • @SupraMario
          link
          fedilink
          1324 days ago

          I’m guessing they’re not even flagging that shit as NSFW? I’ve been using liftoff and have the NSFW stuff hidden. I haven’t run into of it yet but that’s fucked up, hopefully it gets under control with this.

          Maybe mods of each section can turn on manual approvals of submissions?

          • @[email protected]
            link
            fedilink
            1424 days ago

            Manually approving submissions would be even more work. And shits being posted everywhere.

            And no, the ones i had a unpleasant encounter with weren’t flaired nsfw.

              • @[email protected]
                link
                fedilink
                224 days ago

                Eh… I don’t think we should give up our privacy because one or two bastards are doing that shit…

                • AvaddonLFC ☄️ 🤘A
                  link
                  fedilink
                  524 days ago

                  Images posted to a public, federated platform should not count as private, in my opinion. When you upload something here, every federated server instantly gets a hold of it. What privacy is there to give up, then?

            • @SupraMario
              link
              fedilink
              324 days ago

              To combat this until there is something in place to automate blocking it. Manually approval might just be the only way to deal with it for now. Places can add more moderators.

              • ThǝLobotoʍi$T
                link
                fedilink
                224 days ago

                Manual approval would mean that mods have to see all that shit to block it… That’s not the right solution imo

                • @SupraMario
                  link
                  fedilink
                  224 days ago

                  They’ll end up having to see it anyways to remove it, and by that point more than just the mods would have seen it…

    • @Lakija
      link
      fedilink
      5524 days ago

      Are you serious? Holy shit. I haven’t seen any at all. But just the thought that someone is posting it. I hate people sometimes.

  • @Astrealix
    link
    fedilink
    8124 days ago

    Looks like even this place couldn’t keep it up. Unfortunate. Thanks admins for the transparency though.

  • @DelvianSeek
    link
    fedilink
    English
    7024 days ago

    Good call. Thank you for doing what you need to do to support the site and protect the users as necessary. And as always, the honesty and transparency is appreciated.

  • no banana
    link
    fedilink
    6324 days ago

    I think it’s the right call honestly. We’ve grown so quick that it must be hard to manage by now.

  • @007v2
    link
    fedilink
    5324 days ago

    Thanks for all the work you do! It isn’t unappreciated.

  • @scarabic
    link
    fedilink
    English
    4223 days ago

    If you could give me the numbers of new accounts monthly I would look into CloudFlare. If I can afford it I will even pay for it.

  • @pm_boobs_send_nudes
    link
    fedilink
    3825 days ago

    I don’t blame you for taking that decision. But it’s sad that this will deter legitimate users away, some of whom would’ve signed up otherwise.

    • AvaddonLFC ☄️ 🤘A
      link
      fedilink
      48
      edit-2
      25 days ago

      Most will still be able to join. It just means that account activation will take a little longer for most people.

      • @[email protected]
        link
        fedilink
        824 days ago

        For me at least, lack of open sign ups immediately makes me not join an instance. It’s why I didn’t join lemmy the first few times I saw it talked about on reddit, when the main instance was lemmy.ml.

        • pjhenry1216
          link
          fedilink
          1324 days ago

          It’s simply a delay in activation. The signups are virtually identical with one added question stating you read the note which is the same as the one above in the post.

  • @ConstipatedWatson
    link
    fedilink
    3325 days ago

    I guess I’m out of the loop, perhaps because I mostly browse communities I subscribed to, but…

    What happened? Lots of spammy bots signing up and spamming the site? I guess I didn’t notice where I was looking

    Also, what does application based sign up mean?

    Anyhow, Lemmy.World Lemmy (in general) are growing nicely, so what’s needed to defend them is cool.

    • Nerd02
      link
      fedilink
      61
      edit-2
      24 days ago

      Troll / spam accounts posted CSAM in [email protected]. That spread with federation and every admin ended up involuntarily hosting such content.

      Application based sign up means that if a user wants to subscribe they have to fill out a form and a .world admin gets to review it and approve or reject their sign up. It’s a measure of controlling who gets in and limiting the amount of bots and possibly troll that join an instance.

      • pjhenry1216
        link
        fedilink
        2824 days ago

        To make it clear, the form is virtually the same as before with one additional question. It just asks you to state you read the note that is the same as the note in the post above. The application is virtually identical beyond that. But, the biggest difference, is like you said, an admin needs to approve it.

    • @Alchemy
      link
      fedilink
      English
      223 days ago

      Im getting this same error roughly a day later from your post. On both mobile and desktop.

      • The Picard Maneuver
        link
        fedilink
        223 days ago

        Yeah, I know they’re busy trying to figure out how to deal with the attacks, so no pressure on them to restore it immediately. I just made an alt account yesterday and will post from there for a bit until this gets sorted.

        • @Alchemy
          link
          fedilink
          English
          223 days ago

          Have you seen it mentioned anywhere why lemmyshitpost was the targeted community?

          • The Picard Maneuver
            link
            fedilink
            223 days ago

            Nope, but I browse by All a lot and would guess that it was the most active comm on lemmy.world by good margin. They’re definitely targeting lemmy.world and trying to disrupt it.