this post was submitted on 11 Apr 2025

1254 points (97.9% liked)

Lemmy.World Announcements

30099 readers

139 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

DM https://lemmy.world/u/lwreport
Email report@lemmy.world (PGP Supported)

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Join the team

founded 2 years ago

MODERATORS

ruud@lemmy.world

lwadmin@lemmy.world

lwCET@lemmy.world

jelloeater85@lemmy.world

Serinus@lemmy.world

lw_mod_notification@lemmy.world

Thekingoflorda@lemmy.world

1254

Ban of "Nicole" images and potential doxing (lemmy.world)

submitted 5 days ago* (last edited 5 days ago) by lwadmin@lemmy.world to c/lemmyworld@lemmy.world

285 comments fedilink hide all child comments

Hello world,

as many of you may already be aware, there is an ongoing spam attack by a person claiming to be Nicole.

It is very likely that these images are part of a larger scale harassment campaign against the person depicted in the images shared as part of this spam.

Although the spammer claims to be the person in the picture, we strongly believe that this is not the case and that they're only trying to frame them.

Starting immediately, we will remove any images depicting "Nicole" and information that may lead to identifying the real person depicted in those images to prevent any possible harassment.
This includes older posts and comments once identified.

We also expect moderators to take action if such content is reported.

While we do not intend to punish people posting this once, not being aware of the context, we may take additional actions if they continue to post this content, as we consider this to be supporting the harassment campaign.

Discussion that does not include the images themselves or references that may lead to identifying the real person behind the image will continue to be allowed.

If you receive spam PMs please continue reporting them and we'll continue working on our spam detections to attempt to identify them early before they reach many users.

you are viewing a single comment's thread
view the rest of the comments

[–] Iceblade02@lemmy.world 30 points 4 days ago (2 children)

Honestly I think the easiest thing would be to not allow images or embedding at all in PMs and perhaps display a warning message when clicking links "you are leaving [instance name]..."

Analyzing potentially lots of text and images in an effort to "guarantee" safety of users is likely a sisyphusian endeavour that is bound to fail - and furthermore also has privacy issues (namely that "private" messages aren't private at all)

[–] tal@lemmy.today 6 points 4 days ago* (last edited 3 days ago) (2 children)

not allow images or embedding at all in PMs

I'd add

as someone who was concerned about and posted on the possibility that the aim of the spammer was exposing the IP address associated with the receivers's username

that even if this wasn't the aim from this event, it could be in some future event.

I don't think that disallowing inline images in direct messages will eliminate spam problems, even efforts of this sort, as it'd still be possible for a spammer to spam messages with indirect links to images hosted elsewhere. But it would help avoid leaking IP addresses of the receiving user.

Or at least disallowing inline images in direct messages by default. I can imagine maybe someone enabling them on some kind of a private, decoupled-from-the-wider-Fediverse instance on an intranet or whatnot, but I really don't think that this is something that nearly any instance should actually permit.

[–] tal@lemmy.today 4 points 4 days ago* (last edited 4 days ago)

For anti-spam efforts, I think that there are a variety of potential partial solutions. No complete fixes, but some:

Rate-limiting the comment frequency on new accounts. IIRC, Reddit used this tactic. It does create some issues for (legitimate) use of throwaway accounts in anonymous posts, but there's no legitimate reason for a new account to blast hundreds of messages an hour, I think. This might already be present, but if not, it'd be a good start. This can be defeated by generating new accounts for each new message or batch of.
Rate-limiting new account creation from a given IP address, if not already present. An attacker could defeat this via use of a commercial VPN, and if too low, it could create issues for some commercial VPNs.
Hashing of messages to red-flag identical messages being posted en masse. As best I could tell, the spammer here was posting many identical messages. This can be defeated by a spammer having software slightly modify each message.
Fuzzy-hashing of messages to red-flag almost identical messages being posted en masse. This can be defeated via text generation methods that are carefully tailored to the fuzzy hashing mechanism to modify messages such that each fuzzy-hashes to a different value.
A mechanism to permit an account to share blacklists of IP or message hashes and trigger removal of messages on other instances, preferably associated with a specific identifier or account. This permits any other instances to leverage antispam work by one instance; if I want to trust a given antispam admin or bot on lemmy.world, I can. Let an instance admin review and override such removals, maybe. It creates abuse potential for malicious use or inadvertent false positives spanning instances, but I think that it's necessary to avoid having each instance fight its own lonely antispam battles. Otherwise, new and personal instances risk being buried by a deluge of direct message spam. The same mechanism, if exposed to users and not just instance admins, would also permit for subscribable content filters for people who don't want to see content of a given sort (e.g. profanity or pornographic content of a particular sort or whatever, not just spam), which is another issue.

Fortunately, as far as I see as a user, we're not yet at the point that there is much spam on here yet, so this isn't yet a serious problem. Maybe it'll never happen, if the userbase never grows much. But if the userbase gets considerably bigger, increasingly-problematic spam will inevitably follow.

[–] Blaze@lemmy.dbzer0.com 0 points 4 days ago

https://lemmy.today/post/27248848/15501047

[–] Blaze@lemmy.dbzer0.com 4 points 4 days ago (1 children)

https://lemmy.world/post/28077771/16380860

[–] MrShankles@reddthat.com 16 points 4 days ago

For anyone not clicking the link, but wondering what this reply means... it's a link to the user's comment (right below, within this comment chain) about a lemmy update

I was confused for a sec and probably would've skipped over all of the context because I didn't continue reading first (and I hesitate to click links randomly), so maybe someone else with no attention span will benefit as well

"Lemmy update v0.19.11 provides 'Dont render images in private message'

Not every instance is updated to this version, but it should stop the current method of spam (if updated). I'm wordy, I know; but maybe it'll help someone