lemmy
lemmy copied to clipboard
LemmyNet
Moderation tooling
This is a meta-issue to keep track of moderation tooling which at present is severely lacking in Lemmy. This does not only spoil the experience for people using lemmy but can and will be actively harmful to individuals and create legal hazards for instance admins. As such, the issues described below should be prioritized.
-
As an admin or moderator it is not possible to delete users, remote or local. It is possible to "ban" (personally or as admin) but that leaves their profiles intact on the instance and federating to other instances. It is impossible to remove / delete avatars or profile banners.
-
It is impossible to delete images once uploaded
- This is not only a moderation issue but a GDPR violation also (it is not possible to remove my personal data).
- It is not possible to see all media associated with a user account
- Media can be uploaded silently by creating an image post, then deleting the post. The media remains hosted and can then be used. This entire process is invisible to admins.
-
It is impossible to have more fine-grained image uploading permissions. For example for admins to upload site banners, but to disallow user accounts from uploading images. Currently it is all or nothing. (See: https://github.com/LemmyNet/lemmy/issues/1118 )
-
It is impossible to get an overview of users that have registered on your instance. It also impossible to get an overview of remote users that your instance knows about. (See: https://github.com/LemmyNet/lemmy/issues/1627)
-
All images that are federated are loaded from the remote domain rather than locally cached. This not only allows for attacks where the original content is swapped out for something harmful (see domainsquatting) but also local posts can be broken if remote hosts go down.
-
The
modlogkeeps a public history of moderation actions. However this also becomes a list where:- slurs and hateful comments remain publicly visible in the log even when "removed"
- abusive usernames and avatars remain publicly visible
- "removed" posts are listed in the modlog and can be retrieved
It is currently not possible to remove or partially obscure these entries from the list (https://github.com/LemmyNet/lemmy/issues/904)
All of the above can be combined (and are actively being combined) to facilitate and amplify online harassment.
To provide you an illustration:
Content warning Nazi iconography, homophobic and transphobic slurs https://slrpnk.net/u/[email protected]
A user from instance A, visible on Instance B, with remote media hosted on instances B and C. None of the instance owners are able to delete any of the media. Nor will they know that this user is visible on their instance and they are essentially hosting this material.
Note that, when I say it is not possible to delete something, I am not referring to having to SSH in to the server and then dive in to the database to remove things. This functionality should be in the UI.
As it stands now lemmy software is a vector and amplifier for abuse and federation carries huge risks for instance owners.
We do have an issue for LemmyNet/lemmy#1331 , which is definitely a problem.
I'm thinking also that any user site ban should probably purge their banner, icon, and post images, even tho it won't be possible to resurrect them. Thoughts @Nutomic ?
If "delete content" is checked, then it makes sense to wipe those things. It should probably also delete the profile text, and maybe displayname. Just to be safe, i would release it in a major version, and explain the change in the release announcement.
About the mod log, we could change it so that it can only be accessed by logged in users. Caching of remote images could certainly be implemented. If there are no issues for these two yet, please open them.
slurs and hateful comments remain publicly visible in the log even when "removed"
We need transparency in our moderator actions, otherwise having a modlog at all is moot. People need to see what content got removed, and why. Its unavoidable that it will have some offensive text... after all that's the reason its getting moderated.
Once we get LemmyNet/lemmy#904 going, we should be able to remove the offensive avatars and icons. I'll add that as part of the "delete content" portion of site bans as @Nutomic suggested.
LemmyNet/lemmy#904 should address super-heinous things that need to be database deleted, in which case there'll be an entry like "Mod removed Comment X" without showing that content.
We need transparency in our moderator actions, otherwise having a modlog at all is moot. People need to see what content got removed, and why. Its unavoidable that it will have some offensive text... after all that's the reason its getting moderated.
Well, it is possible to provide transparency while at the same time not perpetuating particular language. Inspiration could be taken from the list of banned servers (a modlog of sorts) on mastodon.social: https://mastodon.social/about/more Or you could consider something similar to content warnings that can be made for posts on mastodon.
Sticking with Mastodon for inspiration on moderation tooling, not necessarily because it solves things the best, but because that is the fediverse software I am most familiar with. There are views in the moderator pages which allow you to see local accounts and their associated details (first screenshot). It contains options to delete avatars, suspend accounts etc. Clicking on the Posts or Media Attachment buttons allows one to see associated uploads. However, and this is important for federated environments, similar functionality exists for the remote accounts as well.
One thing that might be important is to allow for a variety of actions in between doing nothing and banning from site. For example someone might upload something offensive out of ignorance rather than malice etc.
@Nutomic @dessalines Any news/progress/updates to share regarding all these moderation issues? I'm part of a group considering deploying a lemmy instance and we are concerned that moderation is not a priority of this project.
@320x200 Functionality for admins to purge any content including images is now implemented. It will be released soon in Lemmy 0.17. Other things mentioned here are not implemented yet, is there something specific you are missing? In any case, contributions are more than welcome!
@320x200 moderation is and has been a priority for lemmy, we probably have more moderation abilities than most platforms currently. I suggest spinning up a lemmy instance, and seeing what moderation abilities its lacking so we can add them as issues.
This still needs to be exposed in the UI? 0.17 has been released but I can't find an option to purge such content.
I realize this is a federation issue to some extend (user from lemmy.ml and image from community.xmpp.net), but I am an admin on slrpnk.net and there is no apparent option on the originally linked example to remove, hide or purge this stuff from being displayed as part of the slrpnk.net domain.
I believe most of these are done except for LemmyNet/lemmy#1118 . Please open any other ones as individual specific issues, and we can add the moderation tag to it.
This issue should be reopened because a host of new issues discuss the same problems in this one.
- https://github.com/LemmyNet/lemmy/issues/4500
- https://github.com/LemmyNet/lemmy-ui/issues/2384
There is a good rundown of some of the issues here: https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/
At the same time, the issues described are not or insufficiently addressed. For instance, the example user in the initial issue still shows homophobic slurs despite being banned.