I often use a commercial VPN service, which I suspect is not rare among Lemmy users. Most of the time, I’m able to post to lemmy.world, but on occasion I am not. The default web UI provides zero feedback, just a spinning submit button forever, but if I look in the browser dev tools, I can see it’s being blocked.
I understand that some limitations are necessary to prevent spam and other abuse, however this is a very blunt instrument. The fact that I have a 10 month old account with consistent activity should outweigh any IP address reputation issues.
Perhaps the VPN limitations could be narrowed in scope to cover only account creation and posts from young accounts.
Hello @[email protected] ,
we understand your frustration, but lemmy doesnt give us any alternative to that, as we cant block posts/comments from younger accounts easily.
The issues with the UI, that it doesnt give any real feedback is, sadly an issue with the LemmyUI, but it will be probably improved in the future.
We are looking into better alternatives to that, but until then we sadly have to stay on our current path.
We will be of course announcing if we found an alternative to that.
Thanks for the explanation. It seems I should be proposing improvements to the Lemmy software since the software doesn’t currently support the policy I’m suggesting.
Removed by mod
We activated that rule after the acute CSAM attacks, and many used vpns, and after we did this the CSAM posts dropped.
Everybody in vpn is blocked to post comments or create posts. Not depending on account age.
We are NOT a dark web service where everyone needs to be under tor, vpn, proxy, and back again. We are an public service.
Please, imagine you are a instance hoster, you have either to choose csam ( and legal issues ) or users cant use VPNs.
ISPs in some parts of the world spy on users to, for example sell their browsing habits to advertisers and data brokers. That’s a good motivation for some people to browse via VPN by default, not to enable it only when accessing specific sites.
Most people dont understand that vpn providers can and will do that too ( even paid ones ) track you, log you and sell that. So yeah both sides track you.
That’s definitely a concern. I selected my provider (Mullvad) because I know someone who worked there, and I have fairly high confidence they don’t do that.
Instance admins chose to block vpns simply because of mullvad and then increased liability, because if there is comming a malicious actor through mulvad and they dont have any logs all liability goes to the instance admin, and then gets questions “Why didnt you just blocked vpns?” etc. etc.
I think this is a misunderstanding of the legal situation at least for the US and EU. Platform immunity and safe harbor provisions are pretty strong in those jurisdictions, and the fact that the trail goes cold with the IP address (because it’s a non-logging VPN) does not shift liability back to the platform operator.
But then still the questions comes up “Why didnt you blocked vpns? or TOR?” we will be not the main liability holder, but we will be accountable for those accidents.
Removed by mod
Its the curso of a big instance, we announce stuff gets shit on, doesnt announce it gets shit on, makes a vote gets shit on, makes a friendly survey gets shit on.
We are still trying to announce most of the stuff we do but, some things would have been announcement back and forth because we activated and deactivated one of our harder rules.
Removed by mod
Aren’t there alternatives that could be as effective especially when stacked together? dbzer0 requires users to fill out an application with the following
and have a verified email address before it’s processed.
I think the instance owner has also been developing something to prevent CSAM attacks.
I get Lemmy.world is massive and verifying accounts might be a struggle but I feel like the initial hurdle for new users might be worth it. Even if they are forced to wait a bit.
We get a little bit more registrations in an hour than db0 has in a day, thats the reason why we dont do manual registrations.
Yes he does, and we are using it already, but its just his one is for after incident cleanup ( ALREADY BAD ) and the vpn is to stop/reduce that even happen.
But thanks for your suggestions, we sadly cant apply them fully.