Email or username:

Password:

Forgot your password?
All posts Chris's posts Post Back to profile
Chris Messina

TIL what happens when reports of CSAM hit a federated instance of Mastodon — with implications for any platform hosted on an .xyz domain.

Here's how my Mastodon account went down along with the entire mastodon.xyz instance:

thekinrar.fr/en/posts/xyz-susp
7 Jul 2023 at 19:45 | Open on mastodon.xyz
9 comments
mofu mofu fumo
@chrismessina this is why the fediblock shit is cancer, they have destroyed the social fabric that admins had for dealing with this by shitflooding it with flipant discourse on edrama, not reports of actually illegal material, ironically enough where did most of the fediblock people lie on the grounds of sexually explicit material involving children? idk, why not ask them about that.
7 Jul 2023 at 19:59 | Open on federated.fun
Christopher Wood

@chrismessina

Thank you, an excellent writeup.

There are definitely a bunch of points here for anybody trying to keep an internet service up. The ones that jumped out at me were:

The contrast between responsiveness expectations formed in corporate life versus just how fast a hobbyist instance admin can respond.

How admin contacts on a service and admin access to the underlying mechanisms can't be dependent on that service, like how companies run shiny.example but the employees are all on shinycorp.example and the clusters are like cluster1.shineinfra.example.

The service-breaking potential of abuse reports to upstreams when your thing is hosting (which many internet presences are).

The lack of patience and rote responses from providers whose expectations have been formed by decades of abusers and bad faith interactions before they've even heard of you.

The limited number of notification options when "unexpected burst of volume from new source" and "unexpected pattern of traffic from an existing source" are lighthouse signals of spam messaging.

All the long tail stuff (monitoring!) is really difficult as a sole proprietor.

There's definitely more in there and many people should read it. Heck of a confluence of things you just had, definitely.

@chrismessina

Thank you, an excellent writeup.

There are definitely a bunch of points here for anybody trying to keep an internet service up. The ones that jumped out at me were:

The contrast between responsiveness expectations formed in corporate life versus just how fast a hobbyist instance admin can respond.

7 Jul 2023 at 22:17 | Open on octodon.social
Chris Messina

@cwood to be clear, I'm just a user of Kinrar's instance. But I'd never heard of our talked to him before! I picked that instance back in 2017, not really understanding how instances were set up. I'm glad he's been on top of things this whole time, but this was a very... surprising way to make his introduction!

8 Jul 2023 at 1:19 | Open on mastodon.xyz
Christopher Wood

@chrismessina On a minor note, the caption bot has just reminded me that your image doesn't have a description.

7 Jul 2023 at 22:18 | Open on octodon.social
Chris Messina

@cwood how does that work? I don't think I can embed the entire text shown in the image, and the text is at the URL provided. What kind of ALT tag would be useful?

8 Jul 2023 at 1:17 | Open on mastodon.xyz
Christopher Wood

@chrismessina Maybe something like:

"A flavour screenshot showing the text of an email received from the .xyz TLD registrar during this ordeal. The full text is in the linked article."

I am absolutely not the authority, but something to indicate that people don't have to miss out is what I'm pondering.

8 Jul 2023 at 1:21 | Open on octodon.social
Joseph Holsten

@chrismessina #MastoAdmin please remember: you can get CSAM from any instance you federate to, or relay with. I hope your moderation work isn’t a thankless job, but this part will never be fun.

8 Jul 2023 at 4:17 | Open on mstdn.social
Negative12DollarBill

@chrismessina
I’m amazed that a company acts as the guardian of an entire whole top-level domain and actively polices it. I thought domains were just administrative things until I read this. I own an .fyi domain so I’d better check the status of that!

8 Jul 2023 at 10:05 | Open on techhub.social
Machismo
@chrismessina Reminder that neckbeard got pulled by xyz.
You've had your warning.
8 Jul 2023 at 10:39 | Open on freespeechextremist.com
Go Up