sublinks / sublinks-api

MIT License
74 stars 18 forks source link

Mastodon Style Reporting options #269

Open DraconicNEO opened 8 months ago

DraconicNEO commented 8 months ago

Hello I think it would be a good idea for us to implement a multi-option type reporting menu similar to what you have on Mastodon, where the reports can be chosen either to forward or not to both external instances but also community moderators. One very big problem on Lemmy is that community moderators are able to resolve reports and essentially hide them from admins. This can lead to malicious communities skirting the rules of the instance for a long time because the mods keep shooting down reports.

If we had a system that allowed people to choose where to send reports it could fix a lot of these problems by allowing users to bypass community mods or the admins of specific reported instances.

I made a mockup of the idea in Lemmy-ui to give an example of what this feature could look like image

gaviscapes commented 8 months ago

Agreed. This is a threat vector I've seen exploited heavily on lemmy. Having at least a way to escalate reports directly to admins is needed.

Pdzly commented 7 months ago

I would see abuse potential there too,if you dont like community mods => spam the admins full.

I would say, it will be ALWAYS be "sent" to the local admins, then those can send it to the remote admin

And a way to ban escalation on specific users is needed too, otherwise trolls will only send it to admins ( where admins are less than community mods )

DraconicNEO commented 7 months ago

I would see abuse potential there too,if you dont like community mods => spam the admins full.

I would say, it will be ALWAYS be "sent" to the local admins, then those can send it to the remote admin

And a way to ban escalation on specific users is needed too, otherwise trolls will only send it to admins ( where admins are less than community mods )

I can see how that would be an issue. Though I also know that report abuse will always be a problem, so I'm not too keen on crippling the system to favor moderators more just because a few bad actors might abuse it.

IMO the best way to deal with report abuse isn't to limit how people can report content, but to simply punish people who make bad-faith false reports. Doing so naturally biases the population towards making correct and meaningful reports as trolls and spammers are banned from the platform.

jgrim commented 7 months ago

Perhaps another option is for instances to register if they want reports sent to their admins. For example, I can set a default setting for reporting back. I can also edit the instance in the admin and enable/disable notifications. The setting is federated to other instances and they know if to send it back or not. Default to true if not setting is set.

What do you think of this @lazyguru ?

lazyguru commented 7 months ago

I'm not sure I understand the problem? Even if a mod resolves a report, the instance admin can still see the report (you just switch to the "all" view instead of the default "unread")

lazyguru commented 7 months ago

Additionally, I would be opposed to the excluding moderators from getting reports. The whole point of a moderator is to take work off the hands of the instance admin. If there is a problem with a moderator, that's when the user should be DMing an instance admin (I guess I could be in favor of functionality to allow for reporting a moderator to "all admins of the instance the community/moderator is on" so that you don't have to lookup and then DM a specific one)

lionirdeadman commented 7 months ago

I think this is important. There are a couple of reasons that I can think of.

As a side note, a "message all mods of x community" or "message all instance admins of x instance" feature could indeed be nice for non-reporting things. Otherwise, information tends to get split up when people try contacting mods/instance admins. (A seperate issue should be made for this)

lazyguru commented 7 months ago

This (potentially) will only work for communities hosted on Sublinks. If a community is hosted on Lemmy, all reports are visible in the modlog (eg, you can see everything one of the users on the Discuss Online instance reported against a community hosted there OR on another instance as well as any report from a user on another instance about something in a community hosted on Discuss Online https://discuss.online/modlog. WARNING: clicking that link will show you content that might be triggering). I think this feature is going to require some careful planning to try to account for different scenarios.

DraconicNEO commented 7 months ago

I'm not sure I understand the problem? Even if a mod resolves a report, the instance admin can still see the report (you just switch to the "all" view instead of the default "unread")

That is true but also makes it much more likely that the reports won't be seen at all, considering that instances will receive many hundreds if not thousands of reports a day that all get legitimately resolved most admins and indeed mods won't be scrolling through the read/resolved reports feed unless they're killing time. So for all intents and purposes resolved reports are dead reports and won't ever be seen again.

Additionally, I would be opposed to the excluding moderators from getting reports. The whole point of a moderator is to take work off the hands of the instance admin. If there is a problem with a moderator, that's when the user should be DMing an instance admin (I guess I could be in favor of functionality to allow for reporting a moderator to "all admins of the instance the community/moderator is on" so that you don't have to lookup and then DM a specific one)

This line of thinking puts way too much faith in moderators, considering on most instances anyone can create a community and essentially become a moderator, no review or processing required. This means we absolutely need systems that can handle rouge or malicious moderators, same as malicious users.

This (potentially) will only work for communities hosted on Sublinks. If a community is hosted on Lemmy, all reports are visible in the modlog (eg, you can see everything one of the users on the Discuss Online instance reported against a community hosted there OR on another instance as well as any report from a user on another instance about something in a community hosted on Discuss Online https://discuss.online/modlog. WARNING: clicking that link will show you content that might be triggering). I think this feature is going to require some careful planning to try to account for different scenarios.

One thing that could be done (would be better as a different issue) would be to anonymize reports sent to other instances, similar to what mastodon does, that way locally admins and mods would see the username of the person in the report, but on the remote instances which may or may not be lemmy instances they would only see the domain of the origin of the report. It wouldn't solve the issue of mods dismissing reports maliciously on those instances but would solve the harassment issues that I and @lionirdeadman mentioned by making it so remote admins and mods can't identify reporters and harass them.

lionirdeadman commented 7 months ago

This (potentially) will only work for communities hosted on Sublinks.

Just a clarification: modlogs contain only actions made by moderators or instance admins. It does not contain information about reports. The problem vector is different.

DraconicNEO commented 7 months ago

This (potentially) will only work for communities hosted on Sublinks.

Just a clarification: modlogs contain only actions made by moderators or instance admins. It does not contain information about reports. The problem vector is different.

I think they meant to say the federated report queue, not the modlog.

gaviscapes commented 7 months ago

The way the system currently functions is at least reliant on the idea that all moderators or admins are operating in good faith. That isn't always the case. I myself have faced retaliatory action from a mod for reporting something in a lemmy community before. At least anonymizing the reports from remote instances would be helpful to remote mods to prevent retaliation or harassment for reports.

I understand transparency and its need, but the way it functions in Mastodon is still somewhat better than how lemmy does it currently. The modlog issue is a separate beast in of itself I feel.

lazyguru commented 7 months ago

This (potentially) will only work for communities hosted on Sublinks.

Just a clarification: modlogs contain only actions made by moderators or instance admins. It does not contain information about reports. The problem vector is different.

I think they meant to say the federated report queue, not the modlog.

I was referring to the modlog and was wrong on that as @lionirdeadman pointed out. However, I also had federation in the back of my mind (I just haven't investigated what, if anything, gets sent over activitypub for reports. Because if reports are sent over federation, then my previous points stand w/r/t sublinks vs Lemmy hosted communities and the feature only working for Sublinks hosted communities).

I am also still 100% of the belief that reports against a post in a community should not be hidden from a moderator of that community. If a user has a problem with a mod for a community (or even a community in general), the action is to report them to the instance admins. If you allow users to bypass community mods, you defeat the whole point of having community mods. Instance admins can't manage the instance AND moderate all of the communities on the instance unless the instance and communities on the instance are very small.

DraconicNEO commented 7 months ago

I am also still 100% of the belief that reports against a post in a community should not be hidden from a moderator of that community. If a user has a problem with a mod for a community (or even a community in general), the action is to report them to the instance admins. If you allow users to bypass community mods, you defeat the whole point of having community mods. Instance admins can't manage the instance AND moderate all of the communities on the instance unless the instance and communities on the instance are very small.

That's why I say that instead of gating features from everyone else under the assumption that everyone is a report abuser it should be available regardless, and people who abuse it need to be punished for abusing it, rather than letting them slide and complaining about report abusers. As I have pointed out mods aren't some special entities, they are users who were first to create the community, or get added by someone else (sometimes they are alts owned by the same person). There needs to be easier ways to deal with the ones that go rouge and DMs to admins is such a user-unfriendly way of handling it.

lionirdeadman commented 7 months ago

However, I also had federation in the back of my mind (I just haven't investigated what, if anything, gets sent over activitypub for reports. Because if reports are sent over federation, then my previous points stand w/r/t sublinks vs Lemmy hosted communities and the feature only working for Sublinks hosted communities).

Sure, as any way that Sublinks improves on moderation tools, it will only be available for Sublinks. We cannot fix or be responsible for the entirety of federated software.

I am also still 100% of the belief that reports against a post in a community should not be hidden from a moderator of that community.

If someone does not want to send the message to the moderators, they would simply just never send the report at all under the current system. This is genuinely an improvement. Nothing should be lost from the point of view of moderators lest they were not trusted to begin with.

If a user has a problem with a mod for a community (or even a community in general), the action is to report them to the instance admins.

This feature does not exist. Feel free to open an issue for it.

If you allow users to bypass community mods, you defeat the whole point of having community mods. Instance admins can't manage the instance AND moderate all of the communities on the instance unless the instance and communities on the instance are very small.

Currently, any report that is not resolved by a moderator is always sent to the instance admin and they do currently resolve them. This is how we work in Beehaw - speed is important when it comes to reports.

It is also worth noting that instance admins do have community-oriented work cut out for them - they must already figure out when communities are unmoderated, figure out when to point moderators if there is no one there, resolve reports and address community requests.

Instance admins are generally not treated as system administrators - they are treated as site-wide moderators with extra powers.

DraconicNEO commented 7 months ago

However, I also had federation in the back of my mind (I just haven't investigated what, if anything, gets sent over activitypub for reports. Because if reports are sent over federation, then my previous points stand w/r/t sublinks vs Lemmy hosted communities and the feature only working for Sublinks hosted communities).

Sure, as any way that Sublinks improves on moderation tools, it will only be available for Sublinks. We cannot fix or be responsible for the entirety of federated software.

Yeah, we shouldn't be refusing to improve our software because other software isn't doing what we're planning on doing.

I am also still 100% of the belief that reports against a post in a community should not be hidden from a moderator of that community.

If someone does not want to send the message to the moderators, they would simply just never send the report at all under the current system. This is genuinely an improvement. Nothing should be lost from the point of view of moderators lest they were not trusted to begin with.

Very much agree, I really fail to understand the mentality that the moderators who are really just users in charge of a single community should always be kept in the loop even of they are the creator of a really awful community that violates the instance rules. Letting them see the report will just give them more preparation to evade the issue either by dismissing their report or deleting the community before it and them are actioned allowing them to recreate it later.

If a user has a problem with a mod for a community (or even a community in general), the action is to report them to the instance admins.

This feature does not exist. Feel free to open an issue for it.

I think he meant manually message each admin individually, which is a chore to do and also most people just aren't going to do it due to being anxious about engaging in two way messaging with the people in charge. The end result is that a malicious community or moderator usually never gets actioned until and unless the admins the admins notice. If it could be reported to admins/instance moderators that would be much better and more people would use it.

If you allow users to bypass community mods, you defeat the whole point of having community mods. Instance admins can't manage the instance AND moderate all of the communities on the instance unless the instance and communities on the instance are very small.

Currently, any report that is not resolved by a moderator is always sent to the instance admin and they do currently resolve them. This is how we work in Beehaw - speed is important when it comes to reports.

People need to realize that instances are more than just the software it is hosted on but their own larger space where the communities live, and this needs it's own enforcement or it'll become an unmoderated hellscape very much like Reddit used to be in the early days.

It is also worth noting that instance admins do have community-oriented work cut out for them - they must already figure out when communities are unmoderated, figure out when to point moderators if there is no one there, resolve reports and address community requests.

Instance admins are generally not treated as system administrators - they are treated as site-wide moderators with extra powers.

Yeah on Mastodon they split the Instance admins and Instance moderators into two tier levels, but on Lemmy they are the same level. So when people read Admin they assume system administrator but they are also instance moderators.

lazyguru commented 7 months ago

Here's the thing. I am in no way saying we shouldn't make improvements (that's literally why we are all here). I just want to ensure people have realistic expectations. There are things we can do that will work really well on single instance or even when talking between other Sublinks instances. But given the world of federation, there are some things that will have a very weird user experience when they happen in mixed Lemmy/Sublinks, Mastodon/Sublinks, etc... and we should be mindful of what that experience will be (as much as we can anyway).

Regarding "hiding reports from mods". This seems to be arguing for the feature I have already suggested (a way to report a mod to the instance admins - and I mean without DMing them). Trying to skip over mods to report to instance admins is a bad idea. It defeats the purpose of having community moderators. Yes, instance admins own some moderation responsibilities, but those are at the instance level (except for the cases where they are active in a community and choose to act as a community moderator). If you disagree with the way a community is moderated (and it violates the instance rules), you should report it to the instance admins. If it doesn't violate the instance rules, trying to bypass the community mods is only going to annoy the instance admins.

If you yourself are an instance admin and are worried about your mods, the best thing you can do is try to create an environment where people on the instance feel safe coming to you and/or have the "report mod to admin" feature.

As for the argument of "anyone can create a community and become a mod", that's only true of instances that enable it. Lemmy itself already supports (or at least I could swear I saw the setting) limiting community creation to instance admins.

lionirdeadman commented 7 months ago

But given the world of federation, there are some things that will have a very weird user experience when they happen in mixed Lemmy/Sublinks, Mastodon/Sublinks, etc... and we should be mindful of what that experience will be (as much as we can anyway).

I mean, yes but also - currently Mastodon reports don't work with Lemmy (or vice-versa) AFAIK. As for Sublinks/Lemmy, I'm not sure what would happen - maybe this feature should warn in cases where a Lemmy instance is involved in the report process.

If it doesn't violate the instance rules, trying to bypass the community mods is only going to annoy the instance admins.

As an instance admin, I would not be annoyed. We regularly resolve reports before community moderators get to it.

It is also worth mentioning that receiving and resolving reports is entirely expected because instance admins are already the only one who receive things-that-happen-out-of-instance reports.

As for the argument of "anyone can create a community and become a mod", that's only true of instances that enable it. Lemmy itself already supports (or at least I could swear I saw the setting) limiting community creation to instance admins.

While this is true, most instances do not make use of that feature and it is not the default as far as I'm aware.

DraconicNEO commented 7 months ago

As for the argument of "anyone can create a community and become a mod", that's only true of instances that enable it. Lemmy itself already supports (or at least I could swear I saw the setting) limiting community creation to instance admins.

While this is true, most instances do not make use of that feature and it is not the default as far as I'm aware.

Not to mention that enabling it makes it so no communities can be manually created which squashes all potential for users making and starting their own communities on the instance. Sure you can get around that with bots and asking users to message the admins to create a community, but that is clunky and annoying and will impact the use of legitimate users, a lot of the instances I've seen using it basically stopped using it and switch to it being open because having it closed severely limits the instance.

I'm really not a proponent of of using this situation to preemptively prevent what is ultimately a small number of incidents in the grand scene, just to avoid implementing features to deal with them under the pretense that everyone will abuse them, or some bad faith argument about it removing the purpose of having moderators.

Also I should mention that even with community creation locked that situation can still very much happen through moderator takeover, people can seem squeaky clean at first but not be and really screw up a community, and when that happens something like this is very useful because you can get the instance moderators', the admins' attention easily without the malicous community mod being able to cover their tracks or hide the reports. So even this system isn't immune to this and honestly crippling features just to blindly trust mods is stupid and goes against the nature of a place like lemmy where users should be able to start their own niche communities, which is already hard enough and daunting task as it is, adding more hoops to jump through doesn't help.