I feel like we need to talk about Lemmy's massive tankie censorship problem. A lot of popular lemmy communities are hosted on lemmy.ml. It's been well known for a while that the admins/mods of that instance have, let's say, rather extremist and onesided political views. In short, they're what's colloquially referred to as tankies. This wouldn't be much of an issue if they didn't regularly abuse their admin/mod status to censor and silence people who dissent with their political beliefs and for example, post things critical of China, Russia, the USSR, socialism, ...
As an example, there was a thread today about the anniversary of the Tiananmen Massacre. When I was reading it, there were mostly posts critical of China in the thread and some whataboutist/denialist replies critical of the USA and the west. In terms of votes, the posts critical of China were definitely getting the most support.
I posted a comment in this thread linking to "https://archive.ph/2020.07.12-074312/https://imgur.com/a/AIIbbPs" (WARNING: graphical content), which describes aspects of the atrocities that aren't widely known even in the West, and supporting evidence. My comment was promptly removed for violating the "Be nice and civil" rule. When I looked back at the thread, I noticed that all posts critical of China had been removed while the whataboutist and denialist comments were left in place.
This is what the modlog of the instance looks like:
Definitely a trend there wouldn't you say?
When I called them out on their one sided censorship, with a screenshot of the modlog above, I promptly received a community ban on all communities on lemmy.ml that I had ever participated in.
Proof:
So many of you will now probably think something like: "So what, it's the fediverse, you can use another instance."
The problem with this reasoning is that many of the popular communities are actually on lemmy.ml, and they're not so easy to replace. I mean, in terms of content and engagement lemmy is already a pretty small place as it is. So it's rather pointless sitting for example in /c/[email protected] where there's nobody to discuss anything with.
I'm not sure if there's a solution here, but I'd like to urge people to avoid lemmy.ml hosted communities in favor of communities on more reasonable instances.
As you say OP, the solution here is to use the fediverse model as intended and use different instances/communities. It sucks because it fragments the community, but that’s the way it is. I’ve long held the opinion that I’m grateful to the lemmy developers for building this whole thing that we all get to enjoy, but their approach to administering an instance is reprehensible and actively damaging to the relatively free and open exchange of ideas that should happen on the fediverse.
The threat is bigger than that though. These people control the code base and can easily just start running modified code to fuck with various aspects of federation to generally keep their finger on the scale of any instance which federates with them. At best they have shown they have no shame and cannot be trusted. If there is any means of abusing their power, it must be assumed that they will embrace it.
Sure, to an extent. ActivityPub is an independent protocol not controlled by lemmy or any lemmy devs, so there’s a layer of protection there. This is also a trick that can only be pulled once, because any other instances would likely defederate in response and ML would render itself irreparably untrustworthy. I don’t mean to downplay your concerns as they are valid, but I also don’t think it’s an existential threat.
People are working on alternatives - Ernst started Kbin and then kinda got stuck in it but refused to allow others to help so a community fork Mbin was created, and sublinks will eventually exist as well. However, this stuff takes time. You can help by contributing code or funds or activity to one of those if you like.
I don’t agree with the “hiding the problem” notion because different instances are independently operated, and defederation is the by-design way to “fix” malignant instances (see the LW defed of hexbear and lemmygrad for exactly this kind of behavior).
As for the whole system not being safe, I’d also disagree on that point as the entire lemmy server code is licensed under a copyleft license which allows anyone with a copy of the code to modify and distribute it. Ergo, hard forking lemmy is possible. Based on the github page, over 800 individuals already have forks of the server code. Any one of them, group of them, or some other individuals entirely, could pick up lemmy development and run with it if need be.
You... should probably pay more attention to the news.
It is very possible for bad actors to inject malicious code into an open source project. And it is very probable for people to not notice because the vast majority of developers never read a single line of the open source code they claim to value so much.
"Any bad code will be detected by the armies of people who do rigorous code analysis of every single pull request" was always nonsense.
Are you referring to any news stories in particular? Because the only big one I recall recently was the xz backdoor which took three years of social engineering to get in and was detected and patched within a couple of weeks!
There have been a number of articles (pop and scholarly) about malicious code being social engineered into codebases over the past few years. And, in this case, the malice is "expected" from one of the long time developers to begin with.
Also: We got INCREDIBLY lucky that Andres Freund detected it when he did. Because that was hitting right around the time a lot of the major distros were preparing their major releases (Fedora basically escaped by the skin of their teeth).
Malicious manipulation of open source projects has always been a concern. And the vast majority of us do the equivalent of signing whatever form we are given because "oh it just looks like a standard contract".