I've mentioned this before to a similar reply. But I'll say it again: this was already publicly known months ago. People just forgot about it because they didn't think it was a big deal. Now that they realize CSAM is a real issue, I made this post to remind everyone about it again. Bad actors already know about this and really, it isn't hard to figure out how this work.
This is a nice tool but orphaned images still need to be purged. Mentioned on the other thread that bad actors can upload spam to fill up object storage space.
They are stored in the pctrs folder. They don't have file extensions but are viewable with many image programs.
Good point but also consider disabling pictrs until they fix the caching problem!
This has been known forever. Any bad actor already knows about this. There's no reason to hide this. I am reminding people so solutions can be solved sooner. I will keep reminding until the problem is solved.
Which is why we need to act now.
The issue is that you can share the image link to other people. People CAN get the content back out and admins or moderators WILL NOT KNOW about it.
So if someone uploads an illegal image in the comments, copies the link and does not post the comment, then they have a link of an illegal image hosted on someone's Lemmy instance. They can share this image to other people or report it to the FBI. Admins won't know about this UNLESS they look at their pictrs database. Nobody else can see it so nobody can report it.
Because there’s already an issue dated July 6: https://github.com/LemmyNet/lemmy/issues/3504
Like I said, people already know about this months ago.
Entitled attitude? I'm just bringing it up again. It was brought up some time ago but wasn't given attention so I'm bringing it up again after the recent CSAM attacks.
I didn't demand anything in the post. I brought up the issue, explained why it's important, and what admins could do about it.
I don't know how to code but that doesn't mean I'm not allowed to bring this issue to light...
Explain.
Appreciate your work.
Whether it's illegal content or storage-filling DoS attacks, the issue needs to be addressed.
You don't need to selfhost to reproduce this. Anyone can do this and that's the problem.
Issue has been opened two months ago: https://github.com/LemmyNet/lemmy/issues/3236 https://github.com/LemmyNet/lemmy/issues/3504
Very much needed.
Most admins aren't in the USA. But that's not really the issue here is it?
This is for public instances.
This is one way to solve it.
When did I say it was new? Maybe I'm reminding people about this issue from months ago and that it needs more attention? Maybe I want admins to know about the issue so they can do something about it?
Except admins need to go through the database to catch it. Mods can't catch it. Admins without access to the database or object storage can't catch it.
Yes - that's possible.
Doesn't change the fact that this is an issue. Besides, do you think American law applies everywhere?
Feel free to open the issue on my behalf. I am not a software developer. You seem to know more about this. I'm just reminding people something that I and many others have observed months ago.
Doesn't change the fact that this is an issue.
Yes. This is a great alternative solution.
Remove it from docker compose.
That's another issue. Also a necessary feature.
They probably have the tools to deal with it. Lemmy certainly doesn't.
Sadly not the case
Doesn't change the fact that this is an issue that needs to be resolved.
Thanks for this.
Because there's already an issue dated July 6: https://github.com/LemmyNet/lemmy/issues/3504
Like I said, people already know about this months ago.
Very easily you say? Maybe tell us what this cron job is so we can all add it?
Sadly not everyone bothered to read the post and just jumped to the comments. Again its like the Mastadon CSAM issue last month. People don't read the paper and act so defensively about it. Now Lemmy is experiencing the same problems, people suddenly act differently?? Crazy.
Who are these people that are smarter than us? Do you know them? What are their qualifications?
Did you not consider that not everyone is subject to American law and that there are other nations who have different laws? Did you not consider how diverse the Lemmy instances are and most do not fall under American law?
How come that every Lemmy admin who replied to this post expressed their concern regarding this issue? Explain to me why admins like sunasaurus and db0 are working on tools and solutions to address this problem if, according to you, this is not a concern.
Are you REALLY SURE that this is NOT a concern?
Rogues are very keen in their profession, and know already much more than we can teach them.
"Quietly delete the images periodically". If only it was made easier for admins. You can't even report these images because nobody knows it was there in the first place.
It's on the GitHub issue tracker already. Did you not read the post?
https://sh.itjust.works/pictrs/image/08ff5623-e553-4d00-a6e2-e9fb6798a972.webp
Here is another test ^ I use a different instance to better illustrate the point because it's easy to upload images in comments. Nobody in shitjustworks will see this picture in their instance so nobody can report this picture.
This picture is just Salvadaor Dali by the way.
I'm not on GitHub. Nor is a lot here. I'm wording it this way so the issue gets the attention it deserves. Anyway, everybody already knows about this but nobody understood the consequences. Same reason why there's no option to disable image caching. These issues should have been addressed the moment image uploading was made available in Lemmy. It was just overlooked because of how tiny the platform was then.
It's funny because last month Mastodon CSAM was a hot topic in the Fediverse and people were being defensive about it. Look where we are now. Has Mastodon addressed the CSAM issue? Did they follow the recommendations made by that paper? I don't think so. There wouldn't be an open GitHub issue about it. Will Lemmy be like Mastodon or will it addressed the concerns of its users?