this post was submitted on 23 Mar 2025
7 points (88.9% liked)

Pawb.Social Feedback

348 readers
16 users here now

An official community for users of Pawb.Social services (furry.engineer, pawb.fun, and pawb.social) to provide feedback and suggestions.

founded 2 years ago
MODERATORS
[email protected]
7
Tackling "Nicole" Spam (pawb.social)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
3 comments fedilink hide all child comments
 

So I'm sure some of you have also gotten the spam DMs supposedly from "Nicole, the fediverse chick". She is notorious enough across Lemmy to even have her own community now. I think I've gotten like 6 Nicole DMs. While those may seem amusing on their own, there is the worrying suggestion that they might actually be a deanonymization attack. In light of that possibility, are there any measures the admins here could consider to prevent this kind of attack from happening? Other instances' solutions include for example rehosting external embedded images, filtering out external images from DMs entirely or trying to implement filters for preventing spam DMs from being sent. Especially one of the former two solutions would in my opinion be quite good options to protect the privacy of pawb.social users.

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 week ago (1 children)

I don't think this is for de-anon, there's no evidence of that. All the spam is identical between large groups of users, and it's hosted on locations the sender wouldn't be able to see access logs.

If an instance admin would like a copy of lemmy.ca's current spam filter code I'm happy to share, just PM me.

[–] [email protected] 5 points 1 week ago (1 children)

That may well be true. This method certainly could be used for deanonymization though, so I think preventing it would be a good idea. If this kind of attack hasn't happened yet, even better, as we can stop it before there was any harm done.

[–] [email protected] 8 points 1 week ago

Agreed 100%. Lemmy probably shouldn't auto-load images in DMs, especially if image proxying isn't enabled (still buggy last time I tried it).