Lemmy’s security has more holes in it than a piece of Swiss cheese
This has very little to do with security. There’s inherently “insecure” about posting CSAM, since the accounts and images were likely posted just like any other.
What really needs to happen, is some sort of detection of that kind of content (which would likely require a large change to code) or additional moderation tools.
Software development is a balancing act. You need to pick and choose not only what features to add, but when to add them. Sometimes, mistakes are made in the planning and you get a situation like this.
What likely happened, is that these kinds of features were deemed less likely to be needed, since the majority of lemmy users will never run into the need of them and there is technically a way to handle the situation (nuking your instances image cache.) But you’ll likely see a reshuffling of priorities if these kinds of attacks become more prevalent.
This has very little to do with security. There’s inherently “insecure” about posting CSAM, since the accounts and images were likely posted just like any other.
What really needs to happen, is some sort of detection of that kind of content (which would likely require a large change to code) or additional moderation tools.
The lack of those tools is what I was talking about
Ah okay, those arent generally considered security but I can understand why you went that route I suppose.
Does anyone know why they were never put in?
Software development is a balancing act. You need to pick and choose not only what features to add, but when to add them. Sometimes, mistakes are made in the planning and you get a situation like this.
What likely happened, is that these kinds of features were deemed less likely to be needed, since the majority of lemmy users will never run into the need of them and there is technically a way to handle the situation (nuking your instances image cache.) But you’ll likely see a reshuffling of priorities if these kinds of attacks become more prevalent.