Hello world,
as many of you may already be aware, there is an ongoing spam attack by a person claiming to be Nicole.
It is very likely that these images are part of a larger scale harassment campaign against the person depicted in the images shared as part of this spam.
Although the spammer claims to be the person in the picture, we strongly believe that this is not the case and that they’re only trying to frame them.
Starting immediately, we will remove any images depicting “Nicole” and information that may lead to identifying the real person depicted in those images to prevent any possible harassment.
This includes older posts and comments once identified.
We also expect moderators to take action if such content is reported.
While we do not intend to punish people posting this once, not being aware of the context, we may take additional actions if they continue to post this content, as we consider this to be supporting the harassment campaign.
Discussion that does not include the images themselves or references that may lead to identifying the real person behind the image will continue to be allowed.
If you receive spam PMs please continue reporting them and we’ll continue working on our spam detections to attempt to identify them early before they reach many users.
This is a copy+paste of a comment I left on the !Nicole@feddit.org mod post after the recent incident with the gruesome picture(s?):
“I think if Lemmy doesn’t have the infrastructure to defend against attacks like these which are presumptively conducted by one bad actor, then it doesn’t have the infrastructure to defend against wealthy organizations when our communities do get big enough to be noticed by them.
[!Nicole@feddit.org]’s history underscores how the messaging system in particular needs a massive overhaul; using image recognition as a filter for messages like Lemmy.World does for image posts (with options for NSFW that isn’t NSFL?), preventing images (and URLs? or only allowing white-listed sites?) from being sent within the first message sent between users (unless a box is ticked?),
not showing message recipients images until they are directly opened, and preventing the de-anonymizing of message recipients should be made first priority for the next patch.”Edit: not sure if my comment is inciting other trolls/spammers to target me but I just got this DM several hours after commenting
https://join-lemmy.org/news/2025-04-08_-_Lemmy_Release_v0.19.11
Ah very cool. A recent update too. Thanks.
Yes. As you can see, a few large instances like lemm.ee, lemmy.ca and others have already updated: https://fedidb.org/software/lemmy?version=0.19.11
Hopefully others will follow soon
unfortunately we can’t just apply the update quickly, as this introduces sending emails on rejected applications. we already send rejection emails separately and with custom text, while the text implemented in the update is currently not configurable.
i’ll see if we can deploy updated lemmy-ui without updating lemmy already this weekend, but i need to check if there were any api changes first, as we’d then have to backport them to lemmy first.
we’ve already applied the security patch about 2 weeks ago.
Thank you!
Honestly I think the easiest thing would be to not allow images or embedding at all in PMs and perhaps display a warning message when clicking links “you are leaving [instance name]…”
Analyzing potentially lots of text and images in an effort to “guarantee” safety of users is likely a sisyphusian endeavour that is bound to fail - and furthermore also has privacy issues (namely that “private” messages aren’t private at all)
https://lemmy.world/post/28077771/16380860
I got that DM as well. And then it disappeared. I think my instance’s admins saw it spammed and mass deleted it.