MrKaplan

already did. it's the same person running the infrastructure, although moderation of mstdn.party and mstdn.plus is handled by someone else.

we've since been in contact with the person running these services and the material has been taken down on lemmy.one, as well as lemmy.one closing down in three months.

we're still discussing in our team how we will deal with this going forward and will be posting a new announcement about this in the coming days.

you can read https://lemmy.world/post/29550945 for our previous writeup about this.

it's a combination of multiple issues.

lemmy federation has improved significantly over the past years, so if this was happening with lemmy instances today, especially online ones involved, this would be much less of an issue.

the original user posting this stuff was on a kbin instance. kbin/mbin still do not support federating bans of users. kbin is basically dead, mbin is tracking that here. when this was originally removed on kbin this never federated out to other platforms.

the next problem is that the original instance is no longer there, so attempting to address this with community bans from lemmys side is not working anymore if the user isn't known to the instance anymore, as it can't be refetched from the source. if the instances that the related communities are hosted on purged this user in the past they wouldn't be able to federate out a community ban anymore.

another problem is that lemmy is typically configured in a way where it creates a local copy of thumbnails if no thumbnail url is provided by the source, which is what lead to a local copy of this material. in the end i consider this only a secondary issue, as while most people would rather not have this stored on their servers at all, if you allow media uploads you can never be 100% sure about the content uploaded to your server. this is therefore typically something where providers are expected to take action once they become aware of it. some providers are also taking preventative measures like scanning uploads, comparing to hash databases of known csam, etc. had the original instance ban or community bans been performed properly this would at least have removed public access to the stuff, as the media filenames are randomly generated and not guessable.

it's generally not impossible to prevent stuff from returning to your instance once you have taken it down properly, but in cases where federation didn't work, which could be for a wide range of reasons, including your instance being misconfigured during maintenance, your instance being defederated from an instance involved in the removal, and others, it may require local action. if i ban a user then no new content form that user is going to come to LW until they are unbanned again. this includes manually fetching posts or other content, so if i purge an old post of theirs the post wouldn't be able to come back until the user gets unbanned.

the problem isn't being able to see them in the thread but that you can't open the user profile, so you don't see if there are any comments.

certainly not something i'm willing to risk. defederated them now.

the stuff is still up on lemmy.one, months from the original report, with zero indication that they care about it in the slightest.

i'm tempted to add their domains to our automod (only removal), but i'll discuss this in our team before doing so.

even if there are multiple people involved in the operation of this discourse forum, even this announcement is by jonah, who as far as i can tell is the head of these projects and also owner of the associated US companies. if this was something ran by a different team and they'd be able to separate themselves from jonah's (in)actions then it might be a different story, but as it is right now, it seems that all these services related to PrivacyGuides are operated by the same entity.

Now for the other weird bit. If I enable secret mode, the website works fine.

most likely the bad 404 response was also cached in your web browser. try clearing your cache or doing a reload with ctrl+f5 or cmd+shift+r.

we had an issue related to incorrectly caching 404 responses earlier but that was a few hours before your post. it should already have been resolved when you posted this.

sorry about the late response, got a lot of stuff going on currently and it seemed like you got useful replies here already anyway when i checked before.

we currently have a rule in place that blocks traffic with too high of a threat score. this rule was implemented before i joined, i'll have to check with the team about the original reason for this and if we want to relax this.

at least the error message should be improved if we can do that, i think that's just returning a static message currently.

hi,

there was a bad cloudflare block rule from back in 2023 that blocked these requests.

i had previously disabled it to see if that had any bad impact but forgot to follow up on that to fully remove it, so it got reactivated in a later configuration change. it's fully removed now.