It doesn’t. No network is capable of that and if they say they are you’re being lied to.
nope. You can do IP analysis to ban IP’s that belong to particular VPN but you can’t ban VPN tech. There are so many VPN services and so many proxies and so easy to setup your own VPN that even Netflix struggles with that.
How are they caught then in countries that try to restrict digital access and have criminalized them?
Reddit does have a system to fight it.
Capable or not, bad solution is better than no solution.
no it’s not better. It’s extremely invasive as you have to fingerprint and store users fingerprint on your servers indefinitely. Not only that but all of this can be avoided by anyone with half a brain cell. Lemmy should not waste their resources on something like this, it’s extremely hard to do to the point where literally nobody has a good system even giants like Linkedin. Source, I work in bot detection.
Lemmy would never get this right no matter how many people contributed and would just cause overal harm to the platform through privacy invasion and false positives.
Lemmy has quite a few unfortunately invasive qualities of its own, including generally needing an email address from you (Reddit does not), having poor privacy and data retention practices, and generally being very messy with who gets to decide what happens with your data and how easily it can be scraped.
Sure, Reddit sells it… But Lemmy gives it to any web scraper for free.
Keeping a list of “fingerprints” of users is hardly invasive, and it’s only dangerous without proper database security.
It can throw up false positives, but the key there is to make it as good at not doing that as possible, and having a reasonable means for users who feel like they were unfairly tagged as evaders to appeal the flag.
Also, don’t do it automatically, use it as a tool to identify possible cases and have a review team check for which ones need the most immediate action, with help from a separate algorithm that prioritizes user reports by how reliably a users’ reports have pinged actionable content.
That’s the entire game of security, not being perfect, but being good enough for the adversary to decide you might as well be perfect for all their efforts would be worth, and ban evasion protection and bot prevention are no different.
Lemmy isn’t unified. Each instance will have their own policies.
It doesn’t. That’s a feature, not a bug.
You can do IP bans, but only your current instance really knows your IP. You can sign up to any others and you’re just a fresh user to them.
Maybe the bigger instances share info about known CSAM uploaders between them, I dunno.
For remote actors, it seems to mostly rely on banned users not being very imaginative when it comes to naming subsequent accounts, and/or them not being able to leave a particular subject alone.
Poorly