The RFC PR is here: https://github.com/LemmyNet/rfcs/pull/6

Reposting RFC contents below:

• Feature Name: report-inboxes
• Start Date: 2024-02-20
• RFC PR: LemmyNet/rfcs#0000
• Lemmy Issue: LemmyNet/lemmy#0000

Summary

Rather than combining all reports into a single report inbox, we should allow users to select whether they are reporting to mods or admins, and we should split reports into different inboxes based on that selection.

Motivation

The current approach has some shortcomings:

• Users are not currently able to bypass mods and report directly to admins - this may allow mods to conceal instance rule breaking in specific communities
• Admins are not aware of community rules, so they may wish to take no action for most community rule breaking reports. However, if an admin resolves such a report, the relevant community mods most likely never see it.
• Different instances may have different rules, but somebody resolving a report on one instance will resolve it for other instances as well, thus potentially resulting in missed reports.
• Mods might take local action on a report and mark it as resolved even in cases where a user should be banned from the entire instance. In this case, admins are very unlikely to see the report.

Guide-level explanation

When creating reports, users will be able to select if it's a mod report, or an admin report (or both)

Note: labels on the sreenshot are illustrative, actual labels can be more user-friendy. Maybe something like:

• Breaks community rules (report sent to moderators)
• Breaks instance rules (report sent to admins)

Instead of the current single report inbox, there will be three different kinds of inboxes

• Admin reports - show all reports sent to admins (only visible to admins)
• Mod reports - show all reports sent to mods for any communities the user moderates (visible to admins in case they are explicit mods in any communities)
  • This is equivalent to the report view that mods currently have in Lemmy already
• All reports - Shows a view of all (admin and mod) reports, only visible to admins
  • This is akin to the current 0.19.3 admin report view, and would allow admins to still keep an eye on mod actions on their instance if they wish

The UI wouldn't need to change for mods, but for admins, there would be a new selection at the top of the reports page (the "mod reports" tab would only be visible if the admin is also a mod in any community):

Resolving reports should be more granular

• Reports in the "admin reports" tab can only be manually resolved for admins of the local instance
  • To reduce overhead, banning the reported user on the user's home instance + removing reported content should automatically resolve reports for remote admins as well.
• Reports in the "mod reports" tab should be manually resolved by relevant mods (including admins, if they are explicit mods in the relevant community).
  • To reduce overhead, admins banning the reported user on the community instance OR the user's home instance + removing reported content should automatically resolve reports for mods as well
• Admins could still resolve reports in the "all reports" tab
  • If it's not an admin report, and not a mod report from a community the admin explicitly moderates, then there should be an additional warning/confirmation when resolving a report here. This is to prevent cases of admins accidentally preventing mods from moderating according to their own community rules.

To further clarify automatic resolution of reports: in any case where there is no further action possible, the report should be automatically resolved.

Mods should be able to escalate reports to admins

This would generate a corresponding report in the admin inbox.

Reference-level explanation

• In the UI, changes are needed for both reporting as well as the reports inbox views
• In the database and API, we should split reports by intended audience
• Federation needs to be changed as well in order to allow distinguishing the report target audience

Drawbacks

It might make reporting slightly more confusing for end users - the mod/admin distinction might not be fully clear to all.

Rationale and alternatives

Alternatively, we could make reporting even more granular. It would be possible to allow users to select only a specific instances admins as the intended report audience, for example. However, I think this has several downsides:

• Makes the report UI even more confusing
• Potentially takes away valuable information from other admins (imagine a user only reports CSAM to their own instances admins, while leaving the offending post authors home admins in the dark)

Prior art

Most other social networks allow users to select whether they are reporting a violation of community rules, or site rules as whole.

Unresolved questions

Does ActivityPub properly support splitting up reports like this?

Future possibilities

In the future, it might be a nice addition to have some automation to always escalate to admins, even if they're submitted as mod reports, based on report keywords. For example, "CSAM", "Spam", etc.

Hey folks

Some of you may have noticed comments complaining about spam and lack of moderation within the past day or so. Maybe you've even noticed a few spam posts yourself (hopefully not too much, as we have automations in place on lemm.ee to remove the spam as soon as it is posted).

I just wanted to write a quick post with some context about the attack, what we are doing about it, and how you can help.

Context

Allegedly, a group of kids in Japan have created a bot, which signs up on different Fediverse instances and posts spam into different communities. The spam generally consists of Japanese text and/or an image and/or a bunch of random @mentions into different communities. You can check a post on Mastodon with more information here: https://mastodon.de/@ErikUden/111940301222380638

What we are doing about it

Many instances are actively working to limit this spam-wave, and lemm.ee is no different. Thankfully, we have not had to deal with any bot sign-ups on our instance (potentially as a result of different protections we have implemented for sign-ups), but we still suffer the effects of the spam, even if it's posted from other instances. To help us quickly eliminate most of the spam for lemm.ee users, I am continually tuning our @adminbot to automatically detect and remove content posted in this current spam-wave.

We cannot remove content from the wider Fediverse if it's not posted there by a lemm.ee user, so our automated removals won't help users on other instances, but we are at least improving the experience for our own users. For an example, you can compare how /c/[email protected] currently looks like on lemm.ee, to how it looks like on this screenshot I took from another smaller instance:

How you can help

First and foremost, please continue reporting any spam you find, so that relevant mods and admins can deal with it. I am very grateful to users who help us identify spam through reports, and your reports are precisely what allow me to implement automated content removal for more extreme spam-waves such as this current one.

Secondly, I am seeking for a few volunteers to grow the lemm.ee admin team. I am purposely burying this at the bottom of the post, to hopefully pre-filter out some candidates who would want to join for the wrong reasons. If you have read until this point in the post, then I assume you are already quite interested in improving the experience on lemm.ee, so if you feel like you could contribute to the admin team, please read on.

First, I will say a few words about who we are looking for, then I will describe what kind of tasks you would have as an admin, and finally, I will cover some significant downsides of joining the admin team.

We are looking for folks who more or less match the following profile:

• You have already been active on the Fediverse for several months (not necessarily on lemm.ee)
• Previous mod experience would be a huge plus
• You should feel a strong agreement with our basic instance rules and our administration & federation policy
• You should be prepared to be exposed to some vile content through reports
• You are OK with using Discord as the main method of admin communication (that is what we have settled on and will continue using for the foreseeable future)

As volunteers, we don't expect admins to be available 24/7, but as our instance grows, I do think it would be quite important to achieve a state of pretty good timezone coverage with our admin team, so please only consider applying if you are already regularly active on Lemmy.

As for what tasks admins are responsible are for: it's mostly covered in the administration policy post linked above. But in short, you should be prepared to regularly check the report queue, contact users with friendly messages to de-escalate conflicts, issue bans, remove content, and monitor the activity of @adminbot. Additionally, if you're interested in taking a more hands-on approach to any kind of community-building on lemm.ee, then this would be totally welcome as well, but not strictly considered a core responsibility for admins.

Please note that the lemm.ee admin team has an absolute zero tolerance policy against any kind of abuse towards minority communities. If you do not share this mindset, then please do not consider applying.

Finally, let me share some negative aspects about joining the admin team. I think this will probably reduce the amount of any potential candidates, but I still feel it's important to be honest and upfront about this:

Through the report queue, you will regularly see absolutely vile content which you might otherwise never even notice on Lemmy. Many users come to Lemmy to spread hate, post disturbing images, etc, and in order to clean such content up for other users, mods and admins need to actually be exposed to this content in much larger amounts than regular users.

Additionally, while Lemmy is constantly being improved by the developers, the moderation tools are still quite rough around the edges. Lemmy is not at 1.0 yet, and that will most likely become even more obvious to you as you work on admin tasks.

Maybe this is the most important one: no matter what you do, there will always be people unhappy with how you apply our rules. I have seen countless comments complaining about lemm.ee admins specifically. I have been told by complete strangers that they hate me. I have seen many complaints about us moderating too harshly. I have seen complaints about us not moderating enough. I have seen users on Lemmy make up wild stories about our admin team, and share them as facts. There are of course plenty of supportive users, but the negative experiences tend to leave a much more lasting impression.

If after reading all of the above, you are still motivated to help make lemm.ee a better place through offering your help in the admin team, please contact me on Discord (@sunaurus)!

That's all from me for now. Thank you very much to anybody who went through this whole wall of text, and I hope you are all having a good weekend!

Hey folks!

Just a quick update: we now have a dedicated status page for lemm.ee.

You can find it at status.lemm.ee. It currently contains three sections:

1. A web status section, which I will update manually to communicate issues about lemm.ee
2. A financial status section, which I will update monthly to give an overview of how we're doing financially
3. A federation section, which automatically checks the current federation status, both incoming and outgoing, between lemm.ee and other instances. By default it shows 3 large instances, but you can also search for any specific instance you are interested in.

This status page is hosted completely separately from our main servers, so if there is any trouble with our servers, you can expect the status page to still be available!

If you have any issues with this page, or any other thoughts, feel free to comment.

Hey folks

This is a heads up that I will be performing some maintenance and hardware upgrades on our database this Saturday.

We are currently experiencing several spikes throughout the day which cause our database to become overloaded - this results in degraded performance for many users. The spikes are happening due to a combination of continued growth of the database, some expensive periodic scheduled tasks which Lemmy runs, and fluctuating traffic patterns. Some of this can be optimized on the code level in the future, but it seems that the best way to deal with it right now is to add some additional resources to our database server.

I am intending to switch to slightly different hardware in this upgrade, and will be unable to make this switch without downtime, so unfortunately lemm.ee will be unavailable for the duration.

As our database has grown quite a bit, cloning it will most likely take a few hours, so I expect the downtime to last 2-3 hours. Sorry for the inconvenience, I am hopeful that it will be worth it and that this upgrade will significantly reduce some of our recent long page load times!

Edit: upgrade complete!

I have now migrated the lemm.ee database from the original DigitalOcean managed database service to a dedicated server on Hetzner.

As part of this migration, I have also moved all of our Lemmy servers from the DigitalOcean cloud to Hetzner's Cloud. I always want the servers to be as close as possible to the database, in order to keep latencies low. At the same time, I am very interested in having the ability to dynamically spin up and down servers as needed, so a cloud-type solution is really ideal for that. Fortunately, Hetzner allows connecting cloud servers to their dedicated servers through a private network, so we are able to take advantage of a powerful dedicated server for the database, while retaining the flexibility of the cloud approach for the rest of our servers. I'm really happy with the solution now.

In terms of results, I am already seeing far better page load times and far less resource use on the new hardware, so I think the migration has been a success. I will keep monitoring things and tuning as necessary.

Happy new year!

Hi folks! I hope everybody had a good holiday period and I wish you all the best for 2024. I have some quick updates to share about lemm.ee:

Image uploads

Image uploads are now enabled for all lemm.ee users 4 weeks after account creation. The upload size limit is currently set to 500kb.

The 4 week account age requirement is in place to discourage spam and abuse. It is of course not a fool-proof solution, but let's give it a go and see what the results are.

Please note that lemm.ee is not intended to be a image hosting service! Feel free to upload avatars and banners for your profile and communities, but please be aware that we reserve the right to modify the upload limits going forward, as well as delete old images if storage costs become too high.

For image posts and comments, it would still be preferable for you to use an external image hosting service.

Federation delays

Over the holidays, our outgoing federation workers began experiencing some significant delays. I have been working on this problem for the past few days, and after updating to 0.19.1, applying some additional patches to the code, and changing our infrastructure a bit, I believe the issue has been resolved.

The good news is that now that we are on 0.19, problems such as this do not cause Lemmy to completely drop federated activities, as we now retain a persistent queue of federation activities for all linked instances. This means that after the issue was resolved, our federation workers started going through the backlog of likes, comments, and posts which you had made over the past several days, and sending these out to other instances. Essentially, all of your activities did end up reaching their target servers, just with some additional delay.

One quick side-note here, while we are now federating your activities in real-time again to most big instances, there is still a bit of a backlog left on the lemm.ee -> lemmy.world federation (it is a few days behind). I expect this to also catch up by tomorrow.

Performance

The new persistent federation queue is still quite a new feature in Lemmy, so it's a bit rough around the edges - after resolving the federation issues, our federation workers started going through the queue at extreme speed, which caused intense additional load on our database. This was one of the reasons for some performance degradation many of you noticed over the past few days.

Additionally, since updating to 0.19, there have been regular performance issues for many users. I have managed to solve a few of these by making some changes in our infrastructure, but I am also aware of a few more issues which I will continue to monitor and hopefully improve in the near future. Sorry for the inconvenience, I hope that the changes I have made so far will help make it a bit smoother already!

That's all from me for now, as always, feel free to comment if you have any thoughts, and have a nice day!

Hey folks!

Lemmy 0.19 was released this week! It brings a bunch of awesome new features, so I hope you are all willing to forgive some downtime in order to upgrade to this latest version.

Unfortunately some migration will be necessary as part of this upgrade, so it might take a while, but I will try to keep it as short as possible.

I hope you are all having a great holiday period, and I will see you soon in 0.19!

Edit: Update complete!

Welcome to 0.19! Unfortunately, the upgrade took somewhat longer than usual, but I believe everything is in order now. As always, please let me know if you notice anything strange, and have fun!

I think for a while leading up to the recent session stealing hack, there has been a massive amount of positivity from Lemmy users around all kinds of new Lemmy apps, frontends, and tools that have been popping up lately.

Positivity is great, but please be aware that basically all of these things work by asking for complete access to your account. When you enter your Lemmy password into any third party tool, they are not just getting access to your session (which is what was stolen from some users during the recent hack), they also get the ability to generate more sessions in the future without your knowledge. This means that even if an admin resets all sessions and kicks all users out, anybody with your password can of course still take over your account!

This isn't to say that any current Lemmy app developers are for sure out to get you, but at this point, it's quite clear that there are malicious folks out there. Creating a Lemmy app seems like a completely easy vector to attack users right now, considering how trusting everybody has been. So please be careful about what code you run on your devices, and who you trust with your credentials!

Today, a bunch of new instances appeared in the top of the user count list. It appears that these instances are all being bombarded by bot sign-ups.

For now, it seems that the bots are especially targeting instances that have:

• Open sign-ups
• No captcha
• No e-mail verification

I have put together a spreadsheet of some of the most suspicious cases here.

If this is affecting you, I would highly recommend considering one of the following options:

1. Close sign-ups entirely
2. Only allow sign-ups with applications
3. Enable e-mail verification + captcha for sign-ups

Additionally, I would recommend pre-emptively banning as many bot accounts as possible, before they start posting spam!

Please comment below if you have any questions or anything useful to add.

Update: on lemm.ee, I have defederated the most suspicious spambot-infested instances.

To clarify: this means small instances with an unnaturally fast explosion in user counts over the past day and very little organic activity. I plan to federate again if any of these instances get cleaned up. I have heard that other instances are planning (or already doing) this as well.

It's not a decision I took lightly, but I think protecting users from spam is a very important task for admins. Full info here: https://lemm.ee/post/197715

If you're an admin of an instance that's defederated from lemm.ee but wish to DM me, you can find me on Matrix: @sunaurus:matrix.org

The other thread about favorite mechanics is great, so let's also do the opposite: what are some of your most hated mechanics?