this post was submitted on 19 Mar 2024
566 points (96.4% liked)

Fediverse

28544 readers
601 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 

This has happened once before and they reversed it. But they said this last time too:

The discussions that have happened in various threads on Lemmy make it very clear that removing the communites before we announced our intent to remove them is not the level of transparency the community expects, and that as stewards of this community we need to be extremely transparent before we do this again in the future as well as make sure that we get feedback around what the planned changes are, because lemmy.world is yours as much as it is ours.

https://lemmy.world/post/3234363

you are viewing a single comment's thread
view the rest of the comments
[–] Adanisi@lemmy.zip 11 points 8 months ago (2 children)

I mean, it's not on their server. It's hosted on dbzer0.

[–] skullgiver@popplesburger.hilciferous.nl 38 points 8 months ago (5 children)

Lemmy makes local copies of everything when federation occurs. It's 100% on their server. The only exceptions are images posted as part of the comments, those are loaded directly. Then again, that adds the ability to add tracking pixels, so that's not exactly great for a piracy community either.

Image loading example

I turned off all the logging for this proof of concept but this could've been a transparent PNG pixel that tracks every bit of information your browser will give it.

[–] rimu@piefed.social 17 points 8 months ago

Oof, yeah that's bad...

[–] can@sh.itjust.works 13 points 8 months ago (2 children)

Neat. Has anyone brought this up to the devs here or on github before?

I'm not sure, but anything doing Markdown parsing and allowing images to be embedded is vulnerable to this. I kind of doubt that the devs don't know about this.

The alternative would be to download every image on the server and cache it until users start requesting the image files, rewriting the Markdown to link to the new image location. I can think of a few reasons why that's not implemented.

Proxying all comments was implemented in the backend at some point, I'm not sure why this feature was removed again. I can't find much in the repo history, you could ask the devs why the feature got removed if you're curious.

[–] nutsack@lemmy.world 2 points 8 months ago* (last edited 8 months ago)

you could safeguard against this on the client side by not loading images from untrusted sources. irc clients did this

[–] recklessengagement@lemmy.world 13 points 8 months ago (1 children)

Ayo what the fuck how'd you do that

Your client asks my server for the image, my server does a basic IP location lookup based on a free internet database I downloaded last year and turns it into an image on the fly.

[–] DAMunzy@lemmy.dbzer0.com 3 points 8 months ago

Got the state correct 👍

[–] nutsack@lemmy.world 2 points 8 months ago* (last edited 8 months ago) (1 children)

i really wish there were a way to disable images with some of these fancy lemmy clients for android. I'm not interested in any of them

[–] skullgiver@popplesburger.hilciferous.nl 3 points 8 months ago (1 children)

If you use Sync, there's this setting you can toggle to disable embedded images. I'm not sure if this protects against network requests, but I think it should? If you disable the, images are represented as links instead.

[–] nutsack@lemmy.world 2 points 8 months ago

nice. yea it replaces your image with a link.

[–] can@sh.itjust.works 10 points 8 months ago (2 children)

But of they federated they'll be hosting a copy.

[–] Couldbealeotard@lemmy.world 3 points 8 months ago (3 children)

I guess the question is: if you host a public forum, are you liable for things posted on it, or on separate but linked forums?

[–] Socsa@sh.itjust.works 7 points 8 months ago (2 children)

It doesn't matter if you don't have limitless money to pay lawyers

[–] CosmicCleric@lemmy.world 1 points 8 months ago

It doesn’t matter if you don’t have limitless money to pay lawyers

Since anyone can spin up a Lemmy server, at some point a rich person/persons will do so, which makes this a relevant question to ask.

[–] Couldbealeotard@lemmy.world 1 points 8 months ago

Comments like this sound like the "they write it off on tax" comments, where there's this assumption about how complex things must work, but it can't work exactly that way otherwise we would see it happening all the time.

[–] castlebravo404@lemmynsfw.com 3 points 8 months ago (1 children)

You might not have to pay damages. But you're probably going to have to pay a hefty legal fee not to pay damages.

[–] Couldbealeotard@lemmy.world 4 points 8 months ago (1 children)

Copyright laws are actually very difficult to enforce when it comes to digital piracy. You have to prove loss of profit among other things.

Then, who do you sue? The person downloading the product? The person hosting the product? The person providing a link to the hosted data? The person providing a platform for people to link things? The person who allows their platform to federate with another platform that does?

If we're talking about P2P sharing, then in a way no one is hosting the data.

In Australia when the Dallas Buyers Club case was being looked at, the studio was asking for a lot of money. Basically a big fat fine to be paid. The judge threw it out saying that the only reasonable damages for one person to pay would be the cost of the DVD because that was the value of the "theft".

[–] A_Random_Idiot@lemmy.world 10 points 8 months ago (2 children)

You dont have to enforce it.

You just have to drown people in legal bills and force them into compliance with risk of bankruptcy.

[–] Couldbealeotard@lemmy.world 3 points 8 months ago (1 children)

I don't know enough about law to know how that does or does not work, but it that's possible then any entity with enough money can actively bankrupt anyone they want, and it won't have anything to do with why. If that's true could you not just sue someone by making stuff up and force them to prove you made it up?

[–] Draconic_NEO@lemmy.world 1 points 8 months ago

Yup corrupt companies likely do it all the time. Technically it's perjury to lie in a court but outside of being caught or going to hell it's not much of a deterrent.

There isn't much recourse against that other than trying to skirt detection by these companies (not possible or feasible in the long term) or to be in a country that is strongly against or an enemy of the one(s) those companies are in or allied with.

[–] anarchy79@lemmy.world -2 points 8 months ago* (last edited 8 months ago) (1 children)

thepiratebay.org is still up

they did go to prison tho

their apartment in Malmö looked and smelled like a triceratops hibernated in there, by the way

[–] A_Random_Idiot@lemmy.world 3 points 8 months ago* (last edited 8 months ago)

Ah yes, the pirate bay, the first stop for anyone wanting to download a file thats probably a virus.

Also they have lost lawsuits in the past and had fines levied against them and had property seized, so they arent as immune as you think.

[–] CosmicCleric@lemmy.world 1 points 8 months ago* (last edited 8 months ago)

I guess the question is: if you host a public forum, are you liable for things posted on it, or on separate but linked forums?

I was thinking the same thing, as a legal question.

In the Fediverse, who's the source/target for the law to look at, the originator, or all the cached copies on other servers?

Edit: Basically, what this comment describes...

Then, who do you sue? The person downloading the product? The person hosting the product? The person providing a link to the hosted data? The person providing a platform for people to link things? The person who allows their platform to federate with another platform that does?

If we’re talking about P2P sharing, then in a way no one is hosting the data.