There have been a number of comment spam attacks in various posts in a couple of /c’s that I follow by a user/individual who uses account names like Thulean*
For example: ThuleanSneed@lemmy.tf in !coffee@lemmy.world
and ThuleanPerspective2@eviltoast.org in !anime@ani.social
edit: Also ThuleanSneed@startrek.website in !startrek@startrek.website
The posts have been removed or deleted by the respective /c’s mods, and the offending accounts banned, but you can see the traces of them in those /c’s modlogs.
The comments consist of an all-caps string of words with profanities, and Simpsons memes.
An attack on a post may consist of several repeated or similar looking comments.
This looks like a bored teenager prank, but it may also be an organization testing Lemmy’s systemic and collective defenses and ability to respond against spam and bot posts.
Image rendering attacks and download tracking are well known, so it’s not paranoid at all.
Yep.
There are two big end-user security decisions that are totally mystifying to me about Lemmy. One is automatically embedding images in comments without rehosting the images, and the other is failing to warn people that their upvotes and downvotes are not actually private.
I’m not trying to sit in judgement of someone who’s writing free software but to me those are both negligent software design from an end-user privacy perspective.