lemmy icon indicating copy to clipboard operation
lemmy copied to clipboard

Published 20 hours ago verified publisher icon LemmyNet

Allow setting for locking of edits after a predetermined amount of days.

Open db0 opened this issue 1 year ago • 9 comments

Requirements

  • [X] Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
  • [X] Did you check to see if this issue already exists?
  • [X] Is this only a feature request? Do not put multiple feature requests in one issue.
  • [X] Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Is your proposal related to a problem?

A new kind of spam tactic was brought to my attention: https://hachyderm.io/@[email protected]/111177425856737609

The idea is that spammers will post innocent posts, and then at some undetermined amount of time in the future, once the traffic to that post has stopped, will go back and edit that post to include spam links.

Describe the solution you'd like.

I have a few ideas about how to prevent or minimize the impact of this spam vector the primary is the one I posted in the subject of this post

Allow an instance-wide setting to determine after how many days posts and comments are locked from editing. This setting should be allowed to be disabled on specific posts by the admins, which might be warranted on things like megathreads.

Describe alternatives you've considered.

A few other ideas to prevent or discourage this kind of spam

  • As rel="nofollow" to all links. If not to all links, at least to all edited links after a predetermined period of time. This would give less incentive to spam for SEO.
  • Prevent editing in new links after X amount of days
  • Mark posts edited after X amount of days for moderator review. Perhaops mark them for such review only after a specific thresholds of edited old posts by the same account is reached.

Additional context

No response

db0 avatar Oct 05 '23 07:10 db0

I think it makes sense to disable edits after some time. But making this configurable is unnecessarily complicated, I think a hardcoded value of 7 days or so would be fine. And it wouldnt apply to admins/mods.

rel=nofollow would have to be added in lemmy-ui, there should be an issue.

Nutomic avatar Oct 10 '23 10:10 Nutomic

It's not really unnecessary complicated. There's plenty of variety in how things are used that a hardcoded solution is just going to cause more complaints.

db0 avatar Oct 10 '23 11:10 db0

To implement hardcoded edit limit needs:

  • Simple checks in API edit handlers
  • Simple checks in federation code
  • Same hardcoded checks in lemmy-ui and other frontends
  • Document the limit in release notes and docs

Configurable edit limit needs:

  • Same checks as above
  • Add database column and frontend edit field
  • Decide if the edit limit is configurable per instance or per community
  • Federate it in some way so that its consistent across instances
  • Frontends/clients need to read the limit from API and account for it
  • Make it clear to users which limit applies to a given post/comment

The former is a minor change that can easily be implemented within a few hours. The latter would be like a major feature and would require changes across all parts of Lemmy. It would take weeks to implement, test and merge, not to mention extra work for client devs.

Nutomic avatar Oct 11 '23 10:10 Nutomic

Yes, and the minor change hardcoded approach will cause a cascading effect of complaints and confusion by people. From my perspective, If it is a bigger feature, so be it. But I would caution very much against globally locking editing after X amount of days.

db0 avatar Oct 11 '23 10:10 db0

To me this is somewhat of a non-issue, because

  • If they do it soon after posting, its going to get reported.
  • If they do it years after posting, very few people going to see it, which goes against the point of the attack.
    • If someone does see it, then they report it, and you can ban and remove all the spammers content at the click of a button.

So reporting is a much easier way to handle these cases, rather than adding complicated rules around when you can edit a post.

dessalines avatar May 04 '24 17:05 dessalines

You don't consider thousands of spam links in the long tail to be a potential problem?

db0 avatar May 04 '24 18:05 db0

As soon as someone sees one of these cases and reports it, you can click ban and remove content, and it will delete thousands of those spam links.

I think the existing reporting framework is a better solution than locking edits.

dessalines avatar May 04 '24 19:05 dessalines

Another solution is to only prevent edits that add another URL

dullbananas avatar May 05 '24 01:05 dullbananas

I don't think locking posts or comments from edits universally is a good idea. "Megathread"-type posts aren't that uncommon, such as Lemmy Apps Directory (MEGATHREAD), and they'll typically be updated long after they've been initially posted. This also includes addition of new links. Depending on the setup, some people also use a similar pattern with comments and not only posts.

I think these cases are usually by community moderators, so some middle ground could be allowing this for community moderators but not necessarily regular users.

I've also frequently seen spam comments on old posts, where spam links were posted with spam contents right away to an old post, which was at least 3 months old at the time. These comments would stay under the radar just as much as late edits without proper interfaces for automatic moderation/detection, as the only person that would possibly see them is the person they're replying to.

How would this affect interoperability with other software? How does other fediverse software deal with edits?

Nothing4You avatar May 05 '24 01:05 Nothing4You