Success: I've managed to delay a phone call long enough that the place has shut down permanently. Call averted!
hazelnoot@enby.life
@hazelnoot@enby.life
Posts
-
Success: I've managed to delay a phone call long enough that the place has shut down permanently. -
Question from an anonymous friend, and also me because I really need to know this too:Question from an anonymous friend, and also me because I really need to know this too:
How can you manage executive dysfunction, so you can actually get work done?
#ADHD #ExecutiveDysfunction #Neurodivergent -
ok I've got to stop leaving porn in my downloads folder, I almost tapped the wrong image while sending a meme to my family group chat ok I've got to stop leaving porn in my downloads folder, I almost tapped the wrong image while sending a meme to my family group chat
-
The domain mirage.foxb612.com and IP address 65.108.53.178 have been blocked (defederated) from Enby.Life.I totally forgot to mention, this thing sends probes using a web browser user agent (
Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0) and an ActivityPub content type (application/activity+json). This will never be done by a legitimate instance, and is another way to reliably detect malicious requests. -
The domain mirage.foxb612.com and IP address 65.108.53.178 have been blocked (defederated) from Enby.Life.The domain
mirage.foxb612.comand IP address65.108.53.178have been blocked (defederated) from Enby.Life. These are part of a fediverse crawler system that indexes servers based on the country where they are physically located. This wouldn't normally be against our rules, but the crawler goes to great lengths to de-anonymize instances, including sending fake-signed ActivityPub probes to obtain the server's true IP address. Requests from the crawler use a web browser's User Agent to evade filters, and documentation on the website mentions that CloudFlare bypasses are also in use.
Given the complexity of setting up something like this, we believe that the crawler is likely operating with bad intentions. While there could be some use for an index of instances based on community region, tracking the actual physical location of the server backends is highly suspicious. I'd encourage all instance admins to consider whether something like this poses a threat, and to take appropriate action.
For anyone interested in going beyond a simple domain block, please see these log excerpts typical of being crawled via AP probes. Logs are taken from a non-standard Sharkey deployment and may not directly translate to other software, but I've tried to include as much detail as possible anyway.
Sharkey admins can check whether you've been scanned by searching for backend log patterns like this (make sure to replace your instance hostname where appropriate):Feb 17 20:10:21 campsite run-sharkey.sh[241576]: INFO * [apserv sigcheck] req-yzi /users/9fpwmts9tv (by Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0) apparently from mirage.foxb612.com: we don't know the user for keyId https://mirage.foxb612.com/kiite/key/enby.life/1739823020/NHc8pVYoNGmLk3My/main-key, trying to fetch via https://mirage.foxb612.com/kiite/key/enby.life/1739823020/NHc8pVYoNGmLk3My/main-key
Alternately, anyone with Activity Logging in place can check for AP fetch errors like this:id,at,duration,host,request_uri,object_uri,accepted,result,object,context_hash a4n23pddff,2025-02-24 20:10:24.433000 +00:00,894.86,mirage.foxb612.com,https://mirage.foxb612.com/kiite/key/enby.life/1740427823/Y93ZjgZHZlxNSuxa/main-key,,false,Error: invalid content type of AP response - content type is not application/activity+json or application/ld+json: https://mirage.foxb612.com/kiite/key/enby.life/1740427823/Y93ZjgZHZlxNSuxa/main-key,,
A final indicator is reverse-proxy logs showing this domain as part of an HTTP Signature header. Here's an example from our Caddy server:Feb 24 20:10:25 campsite caddy[916]: 2025/02/24 20:10:25.329 ERROR http.log.access.log0 handled request { "request": { "remote_ip": "65.108.53.178", "remote_port": "53964", "client_ip": "65.108.53.178", "proto": "HTTP/1.1", "method": "GET", "host": "enby.life", "uri": "/users/9fpwmts9tv", "headers": { "Accept-Encoding": [ "gzip, deflate" ], "Accept": [ "application/activity+json" ], "Connection": [ "keep-alive" ], "Content-Type": [ "application/activity+json" ], "Date": [ "Mon, 24 Feb 2025 20:10:23 GMT" ], "Signature": [ "keyId=\"https://mirage.foxb612.com/kiite/key/enby.life/1740427823/Y93ZjgZHZlxNSuxa/main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"5umGzjOXHeV8DdI4NjQqwbag6ChMKYS6\"" ], "User-Agent": [ "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" ] }, "tls": { "resumed": false, "version": 772, "cipher_suite": 4865, "proto": "http/1.1", "server_name": "enby.life" } }, "bytes_read": 0, "user_id": "", "duration": 0.901198418, "size": 254, "status": 500, "resp_headers": { "Date": [ "Mon, 24 Feb 2025 20:10:25 GMT" ], "Access-Control-Allow-Origin": [ "*" ], "Alt-Svc": [ "h3=\":443\"; ma=2592000" ], "Content-Type": [ "application/json; charset=utf-8" ], "Strict-Transport-Security": [ "max-age=15552000; preload" ], "Access-Control-Allow-Methods": [ "GET, OPTIONS" ], "Content-Length": [ "254" ], "Access-Control-Allow-Headers": [ "Accept" ], "Server": [ "Caddy" ], "Access-Control-Expose-Headers": [ "Vary" ], "Cache-Control": [ "private, max-age=0, must-revalidate" ] } }
#FediBlock #BlockRecommendation #Moderation #Crawler #Scraper
RE: https://enby.life/notes/a4vj8c2xq1 -
I love eating cheese with breadI love eating cheese with bread
-
This is a huge, huge problem in queer communities too.This is a huge, huge problem in queer communities too. Particularly online queer communities, and especially here on fedi. I really can't explain how absurdly heated and frequent the Queer Fedi version of this is. I see it all the time and it's honestly depressing to watch so many people fall for the same tricks time and again.
* If your victims are into ABDL kink, call it “cub porn”, so as to imply that they’re all pedophiles without actually calling them pedophiles (and opening yourself up to the possibility of being sued for libel).
Yep, and here's another fun (/s) one that I often see on this network:
* If their fursonas are typically drawn on four legs, your call-out is going to be about “feral” to imply that everyone involved is a zoophile.
* If they have any kinks that fall remotely under the "non-consent" umbrella, then you'll describe them as a "rapist" and/or "groomer". It doesn't matter if they only ever role-play with consenting adults in a CNC context, just leave that part out and your readers will assume the worst.A random adult that roleplays on the Internet with other consenting adults isn’t inherently a risk to any child, anywhere–no matter how weird you may find their roleplay.
And I write this as someone who is personally severely uncomfortable with many of the kinks in question!
Just because something squicks you personally doesn’t mean it’s harmful. The people that employ the sort of playbook I sketched out above are counting on that initial emotional reaction overtaking your ability to reason.
100%. In my experience, this type of callout often inspires a sense of urgency like "I need to block / boost / get involved immediately!", but that's just another part of the trick. Before doing anything, stop and critically evaluate whether the issue is *time-sensitive*. If not, then don't do anything. Not until you've had a good night's sleep and enough time to mull it over. This gives you a window to "cool off" and think logically about the claims.
To be clear, I'm not saying that you shouldn't have an emotional response to horrible things - that would be absurd! But it's important to avoid acting on emotions alone, at least until you have a logical-based opinion to go with them. Otherwise you risk feeding into the viral effect before knowing whether the claims are even true.People that care about protecting kids from sexual predators don’t creep on strangers then drop intimate conversations into Google Docs to spread on harassment websites.
They help their communities organize resistance to the tactics employed by abusers.
They provide resources and help to people who are at risk of being victimized, or of being groomed into being an accomplice.
This is all boring, thankless, exhausting work–often done under some level of necessary anonymity.
Sure, it doesn’t get you a hundred thousand followers on your favorite social media platform. But having skin in the game and actually helping solve the problem isn’t meant to earn clout.
RE: https://furry.engineer/users/soatok/statuses/114063316917321790 -
I feel like fedi will love this I feel like fedi will love this
source: Coquette Dragoon -
Mastodon is the United States of the FediverseWhile I love the concept of interaction controls, I think quotes should be exempt.Mastodon is the United States of the Fediverse
While I love the concept of interaction controls, I think quotes should be exempt. Why? Because the stated reasons for restricting them are based on problems from commercial social media that do not exist on fedi. Limiting quotes won't measurably improve user safety, but will bring several notable downsides.
For example, dunking is only so much of a problem because commercial moderators ignore it. As long as the quote itself doesn't contain any overt harassment, the quoter can evade punishment for all the indirect harm. On fedi, however, we don't have to follow those standards. I'm not scared to take action against large accounts; in fact I quite enjoy suspending popular assholes. As long as we don't let growth-chasing lead our moderation principles, we can protect against quote-dunking like any other form of group harassment - by suspending those who engage in it, and the instances that enable them.
This same principle applies to most other forms of quote-based harassment. The idea that users are helpless against quotes without protocol-level protection implies that moderators are useless or even hostile. This is a fair assumption when looking at commercial platforms, but I'd like to think fedi is different. Compared with other social networks, we have the highest moderator density, the most diverse moderation teams, and the unique quality of having moderators who are part of their own communities. We don't need to mimic Twitter or BlueSky, because our situation isn't remotely comparable.
On the flip side, our implementation of quote post provides several positive social benefits:
1. Changing the context - Sometimes a post is relevant, but not in the author's intended context. Starting a tangential discussion in replies can be annoying and frustrating to the author and any mentioned users who don't care about the tangent. Quotes are perfect as they start a brand new thread, and the author is only notified once instead of on each following reply.
2. Challenging misinformation - This can of course be done as a reply, but like I said before - I support the addition of Reply Controls across fedi. This would allow a scammer or other adversarial user to simply disable replies, preventing anyone from challenging their misinformation. This is already common on YouTube and TikTok, where misinformation runs rampant and is difficult to counter. Quote posts - if excluded from interaction controls - allow a safe avenue for any user to warn their followers about an untruthful post.
3. Boosting with CWs or commentary - Currently, this is what most of my quote posts are. I frequently "add a CW" by making a quote post with a content warning and empty body. Sometimes I add notes, especially if I don't want to fully endorse the post. The alternative to quotes is posting a link or screenshot, which is worse for various reasons that have already been well-discussed.
TL;DR - Fedi isn't Twitter, it's not necessary to restrict quotes, and quote-posts are actually positive.