So I’m sure some of you have also gotten the spam DMs supposedly from “Nicole, the fediverse chick”. She is notorious enough across Lemmy to even have her own community now. I think I’ve gotten like 6 Nicole DMs. While those may seem amusing on their own, there is the worrying suggestion that they might actually be a deanonymization attack. In light of that possibility, are there any measures the admins here could consider to prevent this kind of attack from happening? Other instances’ solutions include for example rehosting external embedded images, filtering out external images from DMs entirely or trying to implement filters for preventing spam DMs from being sent. Especially one of the former two solutions would in my opinion be quite good options to protect the privacy of pawb.social users.
I don’t think this is for de-anon, there’s no evidence of that. All the spam is identical between large groups of users, and it’s hosted on locations the sender wouldn’t be able to see access logs.
If an instance admin would like a copy of lemmy.ca’s current spam filter code I’m happy to share, just PM me.
That may well be true. This method certainly could be used for deanonymization though, so I think preventing it would be a good idea. If this kind of attack hasn’t happened yet, even better, as we can stop it before there was any harm done.
Agreed 100%. Lemmy probably shouldn’t auto-load images in DMs, especially if image proxying isn’t enabled (still buggy last time I tried it).
