As promised, if I brought the instance offline, I would give you a heads up in advance.
Here are the reasons for me coming to this decision-
Moderation / Administration
Lemmy has absolutely ZERO administration tools, other then the ability to create a report. This, makes it extremely difficult to properly administer anything.
As well, other then running reports and queries against the local database manually, I literally do not have insight into anything. I can’t even see a list of which users are registered on this instance, without running a query on the database.
Personal Liability
I host lemmyonline.com on some of my personal infrastructure. It shares servers, storage, etc. It is powered via my home solar setup, and actually doesn’t cost much to keep online.
However- for a project which compensates me exactly $0.00 USD (No- I still don’t take donations). It is NOT worth the additional liability I am taking on.
That liability being- currently trolls/attackers are literally uploading child-porn to lemmy. Thumbnails and content gets synced to this instance. At that point, I am on the hook for this content. This, also goes back to the problem of literally having basically no moderation capabilities either.
Once something is posted, it is sent everywhere.
Here in the US, they like to send no-knock raids out. That is no-bueno.
Project Inefficiencies
One issue I have noticed, every single image/thumbnail, appears to get cached by pictrs. This data is never cleaned up, never purged… so, it will just keep growing, and growing. The growth, isn’t drastic, around 10-30G of new data per week- however, this growth isn’t going to be sustainable, especially due to again- this project compensates me nothing. While- hosting 100G of content, isn’t going to be a problem. When we start looking 1T, 10T, etc… That costs money.
Its not as simple as tossing another disk into my cluster. The storage needs redundancy. So, you need multiple disks there.
Then, you need backups. A few more disks here.
Then, we need offsite backups. These cost $/TB stored.
I don’t mind hosting putting some resources up front to host something that takes a nominal amount of resources. However- based on my stats, its going to continue to grow forever as there is no purge/timeout/lifespan attached to these objects.
I don’t enjoy lemmy enough to want to put up with the above headaches.
Lets face it. You have already seen me complain about the general negativity around lemmy.
The quality of content here, just isn’t the same. I have posted lots of interesting content to try and get collaboration going. But, it just doesn’t happen.
I just don’t see nearly as much interesting content, as I want to interact with.
Summary-
I get no benefit from hosting lemmy online. It was a fun side project for a while. I refuse to attempt to monetize it as well.
As such, since I don’t enjoy it, and the process of keeping on top of the latest attacks for the week is time consuming, and boresome, The plan is simple.
The servers will go offline 2023-09-04.
If you wish to migrate your account to another instance-
Here is a tool recently released.
Don’t blame you, but I’m pretty sure this is the intent of the attackers. This is a takedown method.
I agree 100%.
Normally, I’d fight back on this. But, for this particular case, it’s easier to toss in the towel.
- There aren’t too many users on this instance. So, the overall impact, will be basically unnoticed from this server going offline. If say- I had hundreds or thousands of active users, I’d take a different approach.
- Eventually, SOME tooling for better administration/moderation will be added. But, it’s not here currently.
The second issue is a huge problem- because, its, actually extremely difficult to determine what your instance is hosting. Pictrs, doesn’t have an easy way of viewing the data it stores. In the past, I have ran scripts which will copy to a workstation, set the proper extensions, and make the images viewable… but, there are hundreds of thousands of them.
And, I really don’t want to take any chance of my door being busted down by the local PD.
I linked a PR in this post, regarding a feature to stop copying thumbnails locally, and that would be a huge benefit, and greatly reduce the impact of this issue. But, the issue of basically no administration tools remains.
Lemmy needs an attorney (or several) to outline what exactly is afforded by safe harbor provisions. I am not an attorney and this is not legal advice, but having fought against the application of safe harbor provisions being used as an excuse by companies worth tens to hundreds of billions of dollars as an excuse to not moderate, I know just a little about them.
When all of this had just started to really get rolling - back in the early 90s - ISPs (including institutions like universities) made the argument that they are common carriers. That is, the phone company isn’t responsible if someone makes terroristic or other criminal plans over the phone, because they are a common carrier. They simply carry communication, but disavow any ability to police it. ISPs argued for, and for the most part received, a common carrier type of status.
A couple of things have changed since then. First, in classic “you don’t fuck with the money” style, we saw DMCA and other laws come about since then. Second, services started taking more responsibility for their data - first by hosting it and then deciding what to serve to whom in what order. Both of those depart from the common carrier argument, but additional safe harbor laws were written that do a carve out for companies that perform a reasonable level of due diligence, eg by responding to takedown notices.
Lemmy is far closer to usenet or email than it is to reddit. There is no central service, but rather individual files that are synchronized between servers via an algorithm that is content-neutral.
Back in the Elder Days I was working in my university’s computer labs, and we were explicitly instructed that we could not (for instance) stop people from browsing porn in the labs because once you start policing content you could be on the hook to police all of it. I was and remain skeptical that this was a serious legal interpretation as opposed to someone who doesn’t actually understand the laws doing their best. On the other hand, common carrier principles do seem to say that if you’re just serving up a protocol, even if you’re hosting the files locally (like usenet), you don’t have the ability to detect offending content.
tl;dr - EFF or someone needs to weigh in on this question
The issue, isn’t what I could hold up in court, I am pretty sure there wouldn’t be any issues once this went to court… Except the court costs, legal fees, etc.
The issue is- no-knock raids, well. They are quite dangerous, for both the occupants of the house, as well as the intruders busting your door down. As… a former grunt- at which point my door is being kicked down, fight or flight response kicks in. you uh, don’t want to be on the receiving end of that.
That being said, another issue, Given I checked my instance to see if the “content” was synced there today, and was able to confirm it was… at that point, my computer also likely cached a copy of the content somewhere locally. My lemmy server had a copy of it cached locally. Regardless of the legality of this, and who is at blame- its not something you want accidentally laying around any hardware you own.
It’s not something you want to mess around with. Here in the US, the police like to shoot first, ask questions later… They don’t generally knock on your door, and say, Hey, we noticed something unusual, can we ask you a few questions? If they are knocking on your door, its likely because they already have a warrant for your arrest. And, innocent until proven guilty, means, you are going to jail, until you are proven guilty.
TLDR; not worth the risk.
I’ve also been on the receiving end of people from other cultures who misinterpreted my presence and encouraged me to pursue alternative career opportunities with weapons fire. I’m absolutely not encouraging anyone to take that kind of stance. And there is no way in hell I’d second guess you or anyone else as to what they should host, either personally or on a rented service.
What I’m saying is that, as a community, people need to know what their rights are. They can also take into account that their rights might be violated by local or federal police, and that there’s a world of difference between the rights that are legally yours and the fact that there are overenthusiastic individuals in your house pointing weapons at you and your family and having been told you’re a pedophile terrorist.
However, the phantom threat is obviously a major Achilles heel in hosting federated services. The legal question has been answered - I don’t know of any ISP getting busted over usenet - and the risks are going to be there especially in the pioneer period - but it should be assembled in a way that can be referenced by either people or lawyers in case worst comes to worst. EFF is in a position to make that happen, but so are interested people with a legal background.
I understand that stance-
But, the problem is as a resident of the US, I am guilty until I pay to prove myself innocent.
Lets say, one of those CASM images pops up on a post I am viewing. And then google chrome flags it in their database. The feds come knocking on on my door. I then have to post my own bail to get out of jail, and hire my own lawyer to prove my innocence. Meanwhile, all of my infrastructure has been compensated, and even after proving my innocence, I’d be lucky to receive all of my hardware back in once piece, in a functional state.
At least at a ISP level, they aren’t as likely to have police come and try and compensate the ISP’s entire datacenter.
Absolutely agreeing with you. I could kill my career with a pirates copy of Harry Potter, much less CSAM.
But right now we really need community legal advice on what is legally defensible, whether or not any particular individual thinks the risk of taking a legal but potentially harmful position is worth it.
I’m sending thousands per year to EFF and the ACLU, even if I disagree with them on things like giving Nazis free speech, because I think that this kind of question is vital. I hope that federated services can become prominent enough that they get the kinds of treatments we saw published for FOSS and the cypher communities back in the day. I was one of those “pgp in four lines of perl” email sig folks when fighting export restrictions on encryption, so it’s not my first rodeo. But I’m also not going to run anything but a client against federated social networks right now.
After reading that, I don’t blame you. Thanks for the explanation that anyone can understand.
Its, not something I really want to do either- but, neither is potentially being on one of the CASM lists.
If, they make some drastic improvements in lemmy in general, ie, adding proper administration tools/moderation features, and add some visibility so that I can better stop/prevent these issues, I’d be happy to continue hosting this.
But, seriously- I am not kidding when I say, The only administration/moderation tool this platform has, is the report button.
Will note, I did manage to stumble upon this PR earlier: https://github.com/LemmyNet/lemmy/pull/3897
That would mitigate a lot of the current issues with CASM materials being federated across thousands of servers. But, doesn’t address the complete lack of administration tools though.
Hey, I just wanted to say thank you. It’s been great, and look forward to bumping into you somewhere on the internet, sometime.
Anytime. There is a chance I won’t shut it down, but, that is strictly depending on if I can get the functionality for lemmy to not automatically cache images of everything.
I do enjoy some of the conversations here, but, I don’t want the risk.
Oof. I mean, I totally get it, but still, oof. Hope I can find another welcoming instance that’s away from the Defederation Wars™.
Just curious, do you plan to keep using Lemmy in any capacity after shutting down?
I, am not sure. If THIS PR gets done pretty quickly, might cancel the idea of shutting it down, as it fixes the immediate, high priority concerns.
Hi there
Hey, just wanted to provide some important info about Lemmy Handshake since it’s mentioned here. Maybe too late, but oh well, I just got the app built and ran.
So, first thing, despite the readme mentioning saved posts and blocked users, none of that’s in the app yet. It currently only syncs subscriptions
Next, it only syncs subscriptions that are already federated with both instances. You can see which instances fail while the process is going, but as soon as it finishes, that information is gone, meaning you’ll have to manually compare your sub lists in both instances.
Last, don’t bother compiling it yourself like me. There haven’t been any major updates since the last release, just some minor bugfixes. Save yourself the time.
WELL… instance is still here.
Just- going to leave pictrs disabled for the time being, as there has been some changes merged, which will allow me to disable a lot of the problems, causing child porn / CASM content to get synced into my instance.
So… gonna keep this running, with the hopes those features hit mainstream soon. Just- don’t expect images to work.
TBH, I always thought the image uploading was a bad idea, apart from avatars of course. I always use dedicated image hosts because I don’t want to contribute to eating through everyone’s space.
I don’t mind hosting images for… local communities.
But, having hundreds of gigs of cached memes, isn’t nice.
Especially when casm gets cached