Hello world,

as many of you may already be aware, there is an ongoing spam attack by a person claiming to be Nicole.

It is very likely that these images are part of a larger scale harassment campaign against the person depicted in the images shared as part of this spam.

Although the spammer claims to be the person in the picture, we strongly believe that this is not the case and that they’re only trying to frame them.

Starting immediately, we will remove any images depicting “Nicole” and information that may lead to identifying the real person depicted in those images to prevent any possible harassment.
This includes older posts and comments once identified.

We also expect moderators to take action if such content is reported.

While we do not intend to punish people posting this once, not being aware of the context, we may take additional actions if they continue to post this content, as we consider this to be supporting the harassment campaign.

Discussion that does not include the images themselves or references that may lead to identifying the real person behind the image will continue to be allowed.

If you receive spam PMs please continue reporting them and we’ll continue working on our spam detections to attempt to identify them early before they reach many users.

  • @Mpatch@lemmy.world
    2771 month ago

    I gotta give it to you guys. The foresight to prevent a disaster is 10/10. Top tier. Well done.

      • @finitebanjo@lemmy.world
        71 month ago

        I saw a theory a while back that the IPs which receive the various images get logged allowing the recipients accounts to be tied to an IP and possibly even a physical address based on the timeframe it was sent. Is that a real concern or just conspiracy, do you think?

        • @MrKaplan@lemmy.worldEnglish
          201 month ago

          That appears to be a baseless conspiracy theory.

          Except for the gore pms, I believe all the images have been uploaded to Lemmy instances or Imgur, which means that the uploader has no way to track IPs accessing those images. The gore images were uploaded to another service that at least on the surface appears to be another regular image hoster that wouldn’t expose IP access logs to uploaders.

          • @Aphelion@lemm.ee
            51 month ago

            I don’t think its baseless given that anyone can set up their own Lemmy instance to host the PM’d images.

            • @MrKaplan@lemmy.worldEnglish
              51 month ago

              The instance domains I’ve seen involved so far at least weren’t set up specifically for this purpose at least. Most of the URLs were pointing to established services and not different per recipient.

              While I can’t rule out that individual users may have received a different URL in an attempt to extract their IP and information about their browser, this at least does not appear to have been done in a larger scale.

              • Captain AggravatedEnglish
                31 month ago

                A day or two ago, someone spammed out a picture of a murdered body with the standard Fediverse Chick copypasta. That seemed to freak people out; the nicoled community locked down, this thread happened, etc.

                The gore photo seems to be a second actor/copycat. The Nicole spammer either came from their own instances or opened accounts very shortly before spamming, the gore photo, and a following anime style picture done in red-on-white saying “Do you like insanity?” seem to come from accounts that were made 2 years ago.

        • Ricky Rigatoni
          31 month ago

          I find it difficult to believe there are enough fediverse users not using a VPN at all times to make that effort worthwhile.

    • @givesomefucks@lemmy.worldEnglish
      371 month ago

      It’s pretty obvious …

      What’s scary is how many people just accepted that some woman wanted to randomly spam thousands of pictures with her smoking weed.

    • Dojan
      61 month ago

      Foresight? This has been going on for several months.

  • @CarbonatedPastaSauce@lemmy.worldEnglish
    2111 month ago

    Yeah it seemed funny at first but the longer this went on the creepier it got as we all realized this isn’t just a catfish.

    Whoever is doing this to the actual person in the photos is a terrible human being and should go climb under a rock for the rest of their lives.

  • @Squorlple@lemmy.worldEnglish
    881 month ago

    This is a copy+paste of a comment I left on the !Nicole@feddit.org mod post after the recent incident with the gruesome picture(s?):

    “I think if Lemmy doesn’t have the infrastructure to defend against attacks like these which are presumptively conducted by one bad actor, then it doesn’t have the infrastructure to defend against wealthy organizations when our communities do get big enough to be noticed by them.

    [!Nicole@feddit.org]’s history underscores how the messaging system in particular needs a massive overhaul; using image recognition as a filter for messages like Lemmy.World does for image posts (with options for NSFW that isn’t NSFL?), preventing images (and URLs? or only allowing white-listed sites?) from being sent within the first message sent between users (unless a box is ticked?), not showing message recipients images until they are directly opened, and preventing the de-anonymizing of message recipients should be made first priority for the next patch.”

    Edit: not sure if my comment is inciting other trolls/spammers to target me but I just got this DM several hours after commenting

  • SkaveRat
    651 month ago

    Wait, there are people who genuinely believe she’s the one behind it?

    I thought it was pretty obvious that she’s the target of harassment. Some people must be new to the Internet

    • @ilinamorato@lemmy.world
      331 month ago

      Yeah, I’ve been targeted by enough romance spam that I just assume any photo of a woman I don’t know was probably stolen from some random Tumblr or Instagram.

    • EdgarallenpwnEnglish
      131 month ago

      Everyone is 1 of the 10000. Even the people who have to look up what being 1 of the 10000 means

      • @whatwhatwhatwhat@lemmy.world
        31 month ago

        I had to look it up, and after reading a lengthily Wikipedia page on Greek mercenaries, I tried the second result: an XKCD comic I’ve seen before but had forgotten. So today, I’m one of the lucky 10,000 again.

    • Captain AggravatedEnglish
      01 month ago

      I’ve seen internet harassment campaigns, none have looked like this. She doesn’t feel like the target here. If you wanted to use the internet to harass a girl, is this how you would implement it?

    • @Cryophilia@lemmy.world
      -11 month ago

      Speaking of new to the internet, it’s clearly not a harassment campaign against her. This is waaaay too much effort. There’s only 3 things that would engender this level of effort. Money, government spying, or mental illness.

      • @MrKaplan@lemmy.worldEnglish
        151 month ago

        mentally ill people can have plenty of time on their hands to invest this much effort in harassing others. people claiming that this can’t be harassment are effectively supporting the harassment, as that tries to further blame the likely victim of this. obviously this is just speculation, as we don’t know the full truth.

        • @Cryophilia@lemmy.world
          51 month ago

          people claiming that this can’t be harassment are effectively supporting the harassment, as that tries to further blame the likely victim of this

          I don’t think anyone seriously thinks the woman in the pictures is behind this.

          • @MrKaplan@lemmy.worldEnglish
            51 month ago

            I’m sorry, sometimes it’s hard to tell whether people actually mean it. I can totally see people commenting that and being serious.

  • mechoman444
    581 month ago

    About damn time. The joke has run it’s course a long time a ago and if these posts are victimizing an individual they most definitely need to be stopped.

    • @paultimate14@lemmy.world
      191 month ago

      I always thought it was weird how much attention people were paying to span messages. Giving them that much attention only serves whatever purpose they have.

      • @RememberTheApollo_@lemmy.world
        171 month ago

        We don’t get many on this platform. It’s the only spam I’ve received here. So getting spam we all shared is something that generates discussion. I don’t think anyone took it seriously. It was mildly humorous at first, but now that knowledge is spreading that this likely isn’t some generic spammer we can deal with it differently.

  • .DonutsEnglish
    411 month ago

    What of the recent NSFW/gore images that were shared? Has that been reported to authorities?

    Not expecting police to solve it, but at least it would be on their radar.

    • @MrKaplan@lemmy.worldEnglish
      431 month ago

      we looked into it, we currently believe that to be a copycat not related to the other pms.

      the lemmy.world account involved in that was most certainly compromised from an unrelated data breach and all connections originated from IPs linked to an anonymization service, so there’s also not much to follow up on.

      we will reconsider this if it happens again.

  • @Buffalox@lemmy.world
    321 month ago

    part of a larger scale harassment campaign against the person depicted

    Oh boy that’s horrible, if true I hope she has reported it to police, and they can help her.

  • @DonutsRMeh@lemmy.world
    281 month ago

    Damn, I never thought about it this way. Wow. I always took it as a funny thing not thinking of the person in the photo being an actual person who could very well be harassed. Thank you for bringing this to light. Whoever thought of this is a good human being. <3

  • @null_dot@lemmy.dbzer0.comEnglish
    281 month ago

    Sorry if this isn’t the right place to ask, but are you able to confirm whether admins have reported this to the police?

    Even if violence hasn’t been perpetrated, the harassment is still a crime surely.

    • @MrKaplan@lemmy.worldEnglish
      391 month ago

      I don’t know if others have, I only know that we (Lemmy.World, Fedihosting Foundation) have not reported it to the police.

      I don’t have high hopes that the police would be able to do anything about this. For the harassment against the person shown in the images, that would likely have to be reported by them directly for the police to take that up.
      For random online spam, as in harassment of fediverse users receiving the PMs, that seems like it would be an extremely low priority for police. It’s also likely fairly difficult to impossible to follow up on, considering that the person sending the PMs most likely used a VPN to access these accounts.

      • @null_dot@lemmy.dbzer0.comEnglish
        131 month ago

        Hmm.

        The people receiving the spam are not being harassed, obviously.

        The woman depicted is very likely the target of harassment.

        Sharing the images depicting violence is tantamount to a threat of violence.

        As admins, you’re not just witnesses but the stewards of a community and the representatives of many thousands of people in this matter.

        Pre-empting what the police will do is not a reason not to report. You don’t know what they will do. They might do nothing at you would have wasted 15 minutes. On the other hand perhaps Nicole has been trying to get a restraining order against some creep but has been unable to due to lack of evidence.

        • @DefectiveFoundation@lemmy.world
          21 month ago

          I have spam in my email. Should I report that to the police as well?

          There just isn’t enough for regular police to go on, without even considering jurisdiction. Cooperating with authorities is fine, but there’s not really anyone to proactively reach out to about this.

          • @null_dot@lemmy.dbzer0.comEnglish
            41 month ago

            Yes. If you run an email server and one of the accounts has been used to perpetrate a harassment campaign including threats of violence then obviously you should report that.

        • @MrKaplan@lemmy.worldEnglish
          01 month ago

          The woman depicted is very likely the target of harassment.

          Agreed, but there is no proof of this. We also don’t know their true identity to check with them directly.

          Sharing the images depicting violence is tantamount to a threat of violence.

          The images did not depict violence directly, it was a gory image of a dead person. They were very likely sent by a copycat not involved in the original harassment campaign and intended to fuck up fediverse users more than anything else. They did not appear to imply any kind of threat.

          you would have wasted 15 minutes

          This would require a lot more than 15 minutes to file a proper report. First we have to collect all relevant information that we have available and compile them in a format that can be submitted. Once we have this information we have to identify a police department to report this to. We are legally based in NL, as that’s where our non-profit Fedihosting Foundation is located. I’m based in Germany, so it would also be an option to report it here. The depicted person is claimed to be in Canada, so maybe this should be reported to a police department over there. Or maybe to all of them.

          All of this would easily add up to 2 hours or more if you want to do it properly and not just look for 3 online forms to write “hey there is someone sending spam”.
          If this was a paid job and I was doing this during working hours I wouldn’t mind, but all the time I spend here is taken out of my personal time, the same as with anyone else on our team, and also the same you’ll see with most other fediverse instances.

          perhaps Nicole has been trying to get a restraining order against some creep but has been unable to due to lack of evidence.

          If we receive a request for information from (real) law enforcement we’ll be more than happy to provide relevant data, but doing this for the (perceived low) chance of that somehow being linked from a random police report is a fairly high time investment as described above.

          • dohpaz42English
            31 month ago

            This would require a lot more than 15 minutes to file a proper report…. All of this would easily add up to 2 hours or more…

            Tell you what: log the time it takes, and I will personally pay you $60/hour for your time to make a proper report.

            And no, I’m not being sarcastic.

            • @MrKaplan@lemmy.worldEnglish
              123 days ago

              I truly appreciate the offer, but my concern isn’t about money, it’s about this taking away even more of my personal time. If this was a regular day job I was doing, rather than my actual day job, which I have in addition to the time I spend on Lemmy.World related activities, then I could file this during my regular working hours. After all, it’s time I’d spend being at work anyway.

              I’ve recently been spending countless hours already dealing with other stuff that is not directly tied to Lemmy.World but came up “around” it, including sending abuse reports to various instances about CSAM that federated to them a long time ago. This includes time spent on identifying such material, then finding suitable abuse report mechanisms, providing instructions for how to deal with it. Afterwards it needs reviewing whether the content has been removed or requires further escalation steps, such as one case where I’ve filed a police report today for a case where neither the instance itself nor the hosting provider deals with abuse reports at all.

              As mentioned before, there also seem to have been two different people involved in sending these messages, the original person, where most of the information is/was available publicly and has been collected by various people already, who would be in a much better position to report this content to law enforcement.
              The person sending the gore images did in fact use a Lemmy.World account in one case, which we do have more information about than publicly available or available for users on other instances, so this would be the only case for which we’d be in a privileged position for reporting. This however would also most certainly not be a report that would help any sort of harassment investigation, as this copycat probably doesn’t have any ties to the original harasser.

              If we had a significantly larger amount of donations towards our foundation we’d also be able to pay someone to deal with things like this, but we’re currently just over the hosting costs with our monthly donations.

            • @MTK@lemmy.world
              11 month ago

              No need, this info isn’t hard to compile, only took a few hours. If anyone does intend to take this to law enforcement, please PM me as I have compiled what I think to be almost all of the public information available about this case.

              • @MrKaplan@lemmy.worldEnglish
                223 days ago

                you could easily report this to the police yourself then. i don’t really have anything more than what is publicly available, with the exception being one of the gore spam accounts.

                I’m not saying you have to, but given that various people already collected a lot of information related to that stuff, they would be much better suited in actually reporting this to police somewhere.

          • @null_dot@lemmy.dbzer0.comEnglish
            21 month ago

            Respectfully, I don’t share your assessment of the seriousness of the crime. You seem to be weighing the question of whether someone has been harassed or intimidated from the perspective of a “reasonable third party”. However, I suspect that the law assigns considerable weight to the question of whether the victim feels intimidated or harassed. For example, you’re correct that sharing the gore image is not a direct threat of violence, however I feel certain that the woman depicted in the earlier images taken from the live stream would feel concerned for their safety.

            I would also like to clarify one aspect of which you may not be aware. It’s very easy to confirm the woman’s place of work beyond any reasonable doubt, with images she has posted to other platforms.

            I understand that it’s unreasonable to say that you specifically or any admins of lemmy.world or any other instance should give up hours of your free time to make a police report.

            However, as others in this thread have suggested this incident underlines the limited protections lemmy has against this type of attack and it seems likely that we will see a lot more.

            I also respectfully disagree regarding the likelihood that reporting this crime could be useful. It’s not a question of “somehow being linked from a random police report”. If the victim ever does contact the police, which seems very likely to me, it’s extraordinarily likely that a report from lemmy would be identified as being related.

            It’s not my intention to berate you personally over this, and as I mentioned above I acknowledge that it’s unreasonable to expect you personally to take action in this specific case. I am however concerned that Lemmy’s federated nature is not well suited to addressing this type of risk to members of our community.

          • @MTK@lemmy.world
            11 month ago

            I have compiled what I think to be almost all of the piblic information about this case. If you do need something please PM me.

      • @CarbonatedPastaSauce@lemmy.worldEnglish
        111 month ago

        Agreed. At least here in the US, you’d have more chance of winning the lottery than getting a cop to care about this issue without the person directly involved reporting it. And even then it would be a crapshoot.

      • @ArtificialHoldings@lemmy.world
        51 month ago

        Anyone asking you to file a report with police has likely never had to file a police report. They don’t even want to file reports for things that actually happened directly to you, if they can convince you out of it lol.

      • dohpaz42English
        31 month ago

        I’m not a fan of LEO, BUT at the same time doing nothing should not be an option. What I mean by that is that Johnny Law should still be contacted and a report filed (at the very least). Even if they do not follow up on it, that’s on them and not us (the fediverse).

      • @jqubed@lemmy.world
        21 month ago

        Would it even be realistic to know the right place to report it to? Just because the messages say Toronto doesn’t necessarily mean the victim is in Toronto, and reporting it to the wrong place at most probably just means wasting resources in one location and coming no closer to stopping the harassment. Is there anything from a national group like the RCMP, FBI, or INTERPOL to help in a case like this?

      • @null_dot@lemmy.dbzer0.comEnglish
        -11 month ago

        Actually smartass, it’s called Australia. We have laws specifically to address this exact situation. I have made police reports in my time, and can assure you that the police would take a campaign of this scale very seriously.

  • FizzlePopBerryTwistEnglish
    221 month ago

    I have no context for this and thought it was an April fools joke left up but no, this is a real problem here?