Digitaler Omnibus:
„Größter Rückschritt für digitale Grundrechte in der Geschichte der EU“
#digitalomnibus #GDPR #AIAct
https://netzpolitik.org/2025/digitaler-omnibus-groesster-rueckschritt-fuer-digitale-grundrechte-in-der-geschichte-der-eu/
Am kommenden Montag, 17. 11. 2025, 16 Uhr c. t., gehe ich in Münster mal wieder meinem #Metadaten Hobby nach; dieses Mal mit etwas weiterem Blick - es gibt viele Bilder!
https://www.uni-muenster.de/de/veranstaltungskalender/prod/ausgabe/termine.php?layout=toptermin-detail&id=40902&einrichtungsid=245 Und ein wenig geht es auch immer noch um #emdfl @scdh
HEY LA: Join the protest at Spotify HQ in the LA Arts District at 12p PT.
Spotify is doubling down on its decision to help recruit for ICE, so we're turning up the volume on our Cancel Spotify campaign until they stop running ICE ads: https://www.mobilize.us/indivisible/event/869765/?utm_source=mastodon
South Africa's finance minister slams Trump's genocide claims ahead of G20 http://newsfeed.facilit8.network/TPFMMg #SouthAfrica #FinanceMinister #Trump #G20 #Misinformation
Teil 3 vom #BauWochenende in unserem #Pfadi #Stammeshaus der #Georgsburg. Schlussendlich wurden noch die neuen Dielen eingebaut.
Einen #Bericht gibt es jetzt auf unserer #Internetseite auch: https://pfadfinder-erfurt.de/2025/11/13/bauwochenende-in-der-georgsburg-im-november-2025/
Pepper & Carrot, Episode 39: "The Tavern" is finally out!
This 11-page webcomic is a standalone episode that you can read in five minutes. It's about courage and an experiment with sound in the comic medium. Translations are already available. We've got English, Français, Deutsch, Español, 中文, Nynorsk, and Toki Pona, thanks to some great contributors. And a big thank you to my 1106 supporters for giving me the time to create this one.
https://www.peppercarrot.com/en/webcomic/ep39_The-Tavern.html
@davidrevoy These are for one thing great tidings. But I do have a small, insignificant issue with the message. Because do you know who the supporters are, who are giving you the time to create this? It is us 108 people on Liberapay, who don’t pay you like 2€ per comic, but a weekly amount, not tied to any delivery of content. Who are paying you an average total of maye 90€ per week. For the time since the last release you should have gotten some around 10000€ from liberapay supporters. I myself (as your highest weekly public supporter on Liberapay) have been supporting you with 816€ (minus 5.95€ in bank fees) since the last chapter. And even the ones who don’t support you with 8€ a week, but maybe just 25¢/week have in this time supported you with some ~33€.
But we don’t get mentioned in the credits lists or anything (at least I don’t, cannot talk about the others). And that is fine. We are not doing this for acknowledgement. We are doing this because we want to support the idea. But it also feels a bit weird that even someone who gives you 1€ for over 2 years of work is mentioned by the name after the chapter, while those of us, who actually supported you for the time you needed, are not really mentioned anywhere. So while we are not doing it for acknowledgement — if you are already take the effort to acknowledge your Patreon supporters, why not also acknowledge **our** support while you’re at it?
Now on Codeberg: https://codeberg.org/hpj/chafa
EMERGENCY, BLACK FAMILY NEEDS YOUR HELP🚨🚨🚨🚨🚨
$753/$1,500
ALMOST HALFWAY TO THE GOAL!!!
My Dad recently lost his job and we're hit with bills and a car note. We do not have enough to pay for all of it, so we only need around $1,500 ASAP!!! Please!
#mutualaid #emergency #blackmastodon #mutual_aid #fundraiser @mutualaid #crowdfund #kofi #actuallyautistic #artistsonmastodon #crowdfunding #blackcrowdfund #kofigoal #blackartist #BlackFedi #blackfediverse #pleaseboost
@actuallyautistic @blackfedi @blackmastodon@a.gup.pe @BlackMastodon@chirp.social
Was ich mir hier bei Mastodon weiterhin immer noch wünsche:
Ein Bewusstsein von allen
dafür, dass sich hier auch Menschen befinden,
die anderen Informationszugang haben, andere Wahrnehmung, anderen (Sinn-)Fokus, anderen Alltag aus den verschiedensten Gründen uvm.
#Hörbehinderung
#Sehbehinderung #Taub #Blind #Neurodiversity #AuDHS #ALTText #Untertitel #Transkription #BildBeschreibung #Diversity im Fediverse
#Barrierefreiheit
Reserved Words Resources
Lists of words considered rude, obscene, inappropriate. These lists could be used by client applications to either restrict or flag content for human review. Account creation workflows could choose to prohibit these usernames, or limit these usernames from interacting publicly until the account has been approved.
Resources
Github repositories tagged “profanity filter”
IFTAS Reserved Words List
badwords.json (Darius Kazemi)
Bluesky slurs list
Shutterstock List of Dirty, Naughty, […]
Table of Contents
Lists of words considered rude, obscene, inappropriate. These lists could be used by client applications to either restrict or flag content for human review. Account creation workflows could choose to prohibit these usernames, or limit these usernames from interacting publicly until the account has been approved.
Resources
- Github repositories tagged “profanity filter”
- IFTAS Reserved Words List
- badwords.json (Darius Kazemi)
- Bluesky slurs list
- Shutterstock List of Dirty, Naughty, Obscene, and Otherwise Bad Words (over 25 languages)
- Public attitudes towards offensive language on TV and Radio: Quick Reference Guide (Ofcom)
- Words That Google Instant Doesn’t Like (2600)
Unintended Consequences
Be cautious when using word filters in any language. Known issues include:
- the Scunthorpe Problem, which describes the unintentional blocking or false positives where acceptable words contain unacceptable text strings e.g. assistance should not become ***istance;
- context concerns, especially where lived experience is being discussed, e.g. compare “you are a Slur” with “I was walking down the street and someone called me a Slur”;
- reappropriation, the cultural process by which a group reclaims words that were previously used to disparage of that group.
Reappropriation
- A Former Slur Is Reclaimed, And Listeners Have Mixed Feelings (NPR)
- The Slants on the Power of Repurposing a Slur (NY Times)
- How to stop baseballer’s name from reading like anti-Jewish slur (Times of Israel)
- Reappropriation (Wikipedia)
Information for Software Developers and Designers
If you are creating an app or a web service that enables inter-personal communications, the following resources can help you consider safeguards and approaches to responsible design principles.
User Consent
Privacy and Consent for Fediverse Developers: A Guide
Eight tips about consent for fediverse developers
User Safety
Prosocial Design: The Prosocial Design Network curates and researches evidence-based design solutions to bring out the best in human nature online.
Safety by Design: […]
Table of Contents
- User Consent
- User Safety
- Policy Design Considerations
- Accountability and Transparency
- Account and Content Reporting Workflow
If you are creating an app or a web service that enables inter-personal communications, the following resources can help you consider safeguards and approaches to responsible design principles.
User Consent
- Privacy and Consent for Fediverse Developers: A Guide
- Eight tips about consent for fediverse developers
User Safety
- Prosocial Design: The Prosocial Design Network curates and researches evidence-based design solutions to bring out the best in human nature online.
- Safety by Design: From Australia’s eSafety Commissioner, this proactive and preventative approach focuses on embedding safety into the culture and leadership of an organisation. It emphasises accountability and aims to foster more positive, civil and rewarding online experiences for everyone.
Policy Design Considerations
- Authentication Cheat Sheet (OWASP): Authentication is the process of verifying that an individual, entity, or website is who or what it claims to be by determining the validity of one or more authenticators (like passwords, fingerprints, or security tokens) that are used to back up this claim.
- The Google Play Child Safety Policy requires apps in the Play Store to have a CSAE policy, Pachli has shared their policy that was accepted by Google: Pachli CSAE Policy
- The Real Name Fallacy (J. Nathan Matias): People often say that online behavior would improve if every comment system forced people to use their real names. It sounds like it should be true – surely nobody would say mean things if they faced consequences for their actions?
Accountability and Transparency
- Santa Clara Principles 1.0: Basic requirements for apps to consider regarding moderation data collection, notices to end users, and appeals processes.
- DSA Transparency Database API Documentation: Attributes that may be required for DSA transparency reporting
Account and Content Reporting Workflow
- Content moderators commonly experience trauma similar to those suffered by first responders. Even though you may have never reviewed traumatic content, your app or service may deliver this traumatic content to users of your moderation workflow. When presenting reported content to a service provider or moderator, always:
- Show the classification clearly, so the moderator is aware of the type of content they are about to review
- Blur all media until the moderator hovers to view greyscale version (re-blur when hover not detected or mouseleave event)
- Grayscale all media until the moderator clicks to toggle greyscale (allow toggle state back to greyscale)
- Mute all audio until the moderator requests audio
- Allow the moderator to reclassify the report
- Allow the service operator to choose from a list of harms or rules they want to receive reports about
- Offer the end user a path to report an actor, behaviour, or content, e.g. “report this account” or “report this post”
- Condense the labels by type and classification, and label each report. Use standard metadata to classify and present reported content. Use standard language to describe the reporting context. Consider a multi-step report submission process that allows fine-grained reporting, or use a first-level classification system that individual moderators can later refine if needed/desired, e.g.
- 1. Report an Account
- Bullying (online-harassment)
- Brigading (brigading)
- Doxxing / PII (doxxing)
- Harassment (online-harassment)
- Imposter (impersonation)
- Account Takeover (account-takeover)
- Impersonation (impersonation)
- Sock Puppet / False Identity (sock-puppet)
- Inauthentic Engagement (cib)
- Astroturfing (astroturfing)
- Brigading (brigading)
- Catfishing (catfishing)
- Content Farming (farming)
- Service Abuse (service-abuse)
- Troll (troll)
- Dangerous Person or Organisation (content-and-conduct-related-risk)
- Bullying (online-harassment)
- 2. Report a Post
- Spam (spam)
- Deception (content-and-conduct-related-risk)
- Phishing (phishing)
- Scam / Fraud (content-and-conduct-related-risk)
- Sock Puppet / False Identity (sock-puppet)
- Sextortion (sextortion)
- Intellectual Property (copyright-infringement)
- Copyright (copyright-infringement)
- Counterfeit Goods or Services (counterfeit)
- Nudity / Sexual Activity (explicit-content)
- Explicit Content (explicit-content)
- Child Sexual Abuse (csam)
- False Information (disinformation)
- Defamation (defamation)
- Misinformation (misinformation)
- Manipulated Media / Deepfake (synthetic-media)
- Hateful Content (hate-speech)
- Hate Speech or Symbols (hate-speech)
- Dehumanisation (dehumanisation)
- Suicide or Self-harm (content-and-conduct-related-risk)
- Sale of illegal or regulated goods or services (content-and-conduct-related-risk)
- Violent Content (content-and-conduct-related-risk)
- Glorification of Violence (glorification-of-violence)
- Inciting Violence (incitement)
- Violent Threat (violent-threat)
- Terms of Service Violation / Community Guidelines Violation (service-abuse)
- Something Else / Not Listed (unclassifed)
- 1. Report an Account
CSAE Policy
Denylist Management Tools
FediBlockHole – A tool for keeping a Mastodon instance blocklist synchronised with remote lists.
FediCheck – Open source automated denylist management app from IFTAS
FediSeer – a FOSS service to help Fediverse instances detect and avoid suspicious instances.
Lemmy Defederation Sync – Using LDS, you can sync your instance’s “blocked instance” list with that of another server(s) whose admins you trust.
masto2pixel blocklist converter – Quickly convert blocklist formats […]
- FediBlockHole – A tool for keeping a Mastodon instance blocklist synchronised with remote lists.
- FediCheck – Open source automated denylist management app from IFTAS
- FediSeer – a FOSS service to help Fediverse instances detect and avoid suspicious instances.
- Lemmy Defederation Sync – Using LDS, you can sync your instance’s “blocked instance” list with that of another server(s) whose admins you trust.
- masto2pixel blocklist converter – Quickly convert blocklist formats between Mastodon and Pixelfed.
- mastodon-block-tools – An attempt to list as many different projects/tools/scripts related to Mastodon & fediverse block management as possible.
Glorification of Violence
Definition
Statements or images that celebrate past or hypothetical future acts of violence.
Background
The glorification of violence refers to content that praises, promotes, or idolises violent acts, individuals who commit such acts, or ideologies that endorse violence. This can range from explicit support for terrorist activities to the romanticising of historical violence. In online spaces, such content not only violates the terms of service of most platforms but also poses significant […]
Table of Contents
Definition
Statements or images that celebrate past or hypothetical future acts of violence.
Background
The glorification of violence refers to content that praises, promotes, or idolises violent acts, individuals who commit such acts, or ideologies that endorse violence. This can range from explicit support for terrorist activities to the romanticising of historical violence. In online spaces, such content not only violates the terms of service of most platforms but also poses significant risks by potentially inciting further violence or radicalising individuals.
Challenges
Differentiating between content that glorifies violence and that which is educational, newsworthy, or a form of artistic expression requires nuanced understanding and judgement. What constitutes the glorification of violence can vary greatly across cultures, making global moderation policies difficult to uniformly enforce. Given the potential for such content to inspire real-world violence, moderators must act quickly to identify and remove it, necessitating efficient detection and review processes.
Moderation decisions may face criticism from users who feel their freedom of expression is being infringed upon, especially in politically charged contexts.
Ethical Concerns
Moderating content that glorifies violence involves navigating the right balance between removing harmful content and preserving users’ rights to free expression while considering the potential harm to communities that may be targeted or further marginalised by content that glorifies violence.
Maintaining transparency and predictability of moderation policies and decisions to build trust among users, while being accountable for moderating can be extremely effective.
Example Rule
Content that glorifies, celebrates, or incites violence is strictly prohibited. This includes but is not limited to praising violent acts, promoting ideologies that endorse violence, or celebrating individuals known for committing violent acts.
Defamation
Definition
A legal claim based on asserting something about a person that is shared with others and which causes harm to the reputation of the statement’s subject (the legal elements and applicable defenses vary by jurisdiction).
Background
Defamation involves the act of damaging someone’s reputation through false statements or communications. Online, defamatory content can spread rapidly across social media platforms, blogs, and web sites, causing significant harm to individuals or […]
Table of Contents
Definition
A legal claim based on asserting something about a person that is shared with others and which causes harm to the reputation of the statement’s subject (the legal elements and applicable defenses vary by jurisdiction).
Background
Defamation involves the act of damaging someone’s reputation through false statements or communications. Online, defamatory content can spread rapidly across social media platforms, blogs, and web sites, causing significant harm to individuals or organisations. The distinction between expressing an opinion and making a defamatory statement lies in the assertion of false facts that can harm someone’s reputation. Legal definitions and thresholds for defamation vary by jurisdiction, complicating the moderation of such content on global platforms.
Challenges
Understanding the legal nuances of defamation, which can vary significantly across different jurisdictions, can be complicated. You may be required to distinguish between defamatory statements and legitimate criticism or opinion, which is often subjective and context-dependent. The first thing to do is compare the content to your community guidelines. If the content clearly violates stated policies, the moderator should follow the established procedures. It may be feasible to remove the content for an existing rule without having to determine defamation.
Moderators should consider whether the content is an opinion (which is generally protected) versus a statement of fact that could be defamatory. However, moderators are not judges or legal experts, and determining the truth of a statement can be complex and outside their purview.
If the content’s defamatory nature isn’t clear-cut or it doesn’t explicitly violate platform rules but the complainant insists it’s defamatory, moderators can guide the individual on how to proceed. This might include advising them to contact the poster directly to request the removal or correction of the content, if safe and appropriate to do so. Inform the complainant that the platform cannot adjudicate legal matters such as defamation, and recommend they seek legal advice. A lawyer can provide guidance on whether the content is defamatory and what legal actions can be taken. Advise the complainant to document the content and any communications or impacts related to the defamation claim, as this could be important if they decide to pursue legal action.
Ensure that all actions and communications respect the privacy and confidentiality of all parties involved.
Example Rule
Defamatory content, defined as false statements made with the intent of harming an individual’s or organisation’s reputation, is prohibited.
Counterfeit
Definition
The unauthorized manufacture or sale of merchandise or services with an inauthentic trademark, which may have the effect of deceiving consumers into believing they are authentic.
Background
Counterfeiting involves the creation and distribution of products that are made to look like genuine items, often mimicking trusted brands to mislead buyers. Online, this can manifest through the sale of goods under false trademarks, or offering services that falsely claim to be associated […]
Table of Contents
Definition
The unauthorized manufacture or sale of merchandise or services with an inauthentic trademark, which may have the effect of deceiving consumers into believing they are authentic.
Background
Counterfeiting involves the creation and distribution of products that are made to look like genuine items, often mimicking trusted brands to mislead buyers. Online, this can manifest through the sale of goods under false trademarks, or offering services that falsely claim to be associated with reputable entities. Moderators can identify potential counterfeit content by spotting offers that seem too good to be true, use of brand names in unofficial contexts, or images that seem altered or inconsistent with official branding.
However, accusations of counterfeiting should be approached with caution, as legitimate resellers or parallel imports might sometimes appear suspicious but are actually lawful.
Counterfeit items, especially in categories like pharmaceuticals, electronics, and cosmetics, may not meet safety standards and can pose serious health risks to consumers. For example, counterfeit medications may contain incorrect or harmful ingredients, and fake electronic goods could lead to malfunctions and safety hazards.
Takedown notices will be for trademark infringement, not copyright. DMCA does not cover trademark issues.
Example Rule
Selling or promoting counterfeit products, including goods and services bearing unauthorised trademarks, is strictly prohibited.
Service Abuse
Definition
Use of a network, product or service in a way that violates the provider’s terms of service, community guidelines, or other rules, generally because it creates or increases the risk of harm to a person or group or tends to undermine the purpose, function or quality of the service.
Related Terms
Terms of Service Violation, Platform Abuse, Technical Abuse, Network Abuse, Malicious Bot Activity, Spamming, Data Scraping, Denial of Service (DoS/DDoS).
Background
This category […]
Table of Contents
- Definition
- Related Terms
- Background
- Spotting Service Abuse: What to Look For
- Before You Act: Common Pitfalls & Nuances
- Managing Suspected Service Abuse: Key Steps
- Example Community Guidance
Definition
Use of a network, product or service in a way that violates the provider’s terms of service, community guidelines, or other rules, generally because it creates or increases the risk of harm to a person or group or tends to undermine the purpose, function or quality of the service.
Related Terms
Terms of Service Violation, Platform Abuse, Technical Abuse, Network Abuse, Malicious Bot Activity, Spamming, Data Scraping, Denial of Service (DoS/DDoS).
Background
This category covers a range of technically abusive behaviours, including but not limited to Distributed Denial of Service (DDoS) attacks against an instance, overwhelming the service with spam (content or account creation spam), unauthorised or malicious data scraping, and the abusive use of automated accounts (bots) for disruptive purposes.
While some forms of service abuse, like spam, are visible to moderators, others, like DDoS attacks or sophisticated data scraping, are typically detected and handled by service administrator, web host, or technical staff who monitor server performance and network traffic. Preventing and mitigating service abuse is crucial for maintaining the stability, usability, and security of an instance and the wider Fediverse.
Why We Care
Service Abuse can severely impact the availability, performance, and trustworthiness of a Fediverse instance and, in some cases, the broader network. Activities like DDoS attacks can render a service unusable for all its members. Spamming degrades the user experience and can overwhelm valuable content. Malicious data scraping can violate user privacy and enable further abuse. Uncontrolled bot activity can disrupt conversations and strain server resources.
Addressing service abuse helps ensure the platform remains stable, secure, functional, and enjoyable for genuine users, and protects the resources of the service provider.
Spotting Service Abuse: What to Look For
Identification of service abuse can range from obvious (e.g., massive spam floods) to highly technical (e.g., detecting a DDoS attack’s traffic patterns or covert scraping).
Account Traits: Multiple accounts created rapidly, often with generic or nonsensical profiles or common spam usernames, posting similar or identical content. Bot accounts might exhibit unnaturally fast or repetitive posting patterns, or lack human-like interaction when engaged.
Content Characteristics: Unsolicited, repetitive, often commercial or deceptive messages posted in large volumes. Content might be off-topic, include malicious links, or aim to scam users.
Posting Patterns: High frequency of posts from specific accounts or IP ranges. Identical or near-identical messages appearing across many different threads or communities. For other abuses like DDoS or scraping, patterns are typically observed in network traffic or server logs by administrators.
Behaviour (General):
- Spamming: Persistent, high-volume posting of unsolicited content.
- Malicious Bot Activity: Automated accounts used for harassment, spreading disinformation, artificially inflating engagement, or other disruptive activities beyond benign, disclosed automation.
- Data Scraping: Accounts systematically and rapidly accessing and collecting large amounts of user profile data or posts in a way that seems automated and non-consensual (though usually a server-side detection).
- DDoS/DoS Attacks: Instance becomes very slow, unresponsive, or completely unavailable.
Key Questions for Assessment:
- “Is an account or group of accounts posting an excessive volume of unsolicited, repetitive, or off-topic content?”
- “Does an account exhibit clear signs of being an undisclosed or malicious bot, engaging in disruptive automated behaviour?”
- “Is the service experiencing significant slowdowns or outages that administrators attribute to malicious traffic?”
- “Are there reports or evidence of systematic, unauthorised scraping of user data from the platform?”
- “Does the activity clearly violate specific clauses in the Terms of Service regarding resource use, automated access, or system integrity?”
Before You Act: Common Pitfalls & Nuances
Distinguishing malicious service abuse from legitimate high activity or poorly configured benign bots is important.
- Legitimate Activity: A popular instance or a viral post can generate very high traffic and activity, distinct from a malicious DDoS attack.
- Benign Bots: Many useful bots exist on the Fediverse. Policies usually require bots to be clearly identified and to operate responsibly, respecting API limits and not spamming. Service abuse occurs when bots are malicious, undisclosed, or abusive.
- Accusations of Scraping: Not all data access is malicious scraping. Federation itself involves data exchange. Malicious scraping refers to large-scale, unauthorised collection for harmful or privacy-violating purposes. See Web Crawlers and Scrapers.
- Common Gotchas:
- Trying to personally “fight” a DDoS attack (this is for admins/ISPs).
- Banning accounts for spam one-by-one during a massive spam wave without also alerting admins who might have tools for bulk removal or IP blocking.
- Confusing a poorly written but well-intentioned script/bot with a malicious one without investigation.
Key Point: Service Abuse is about actions that technically or operationally harm the service or its users, violating ToS regarding how the platform can be used. Response often requires technical intervention by service administrators or web hosts.
Managing Suspected Service Abuse: Key Steps
Response depends heavily on the type of abuse and often involves Service Administrators.
For Spam/Malicious Bots (Moderator Actions):
- Remove Spam Content: Delete spam posts and messages.
- Ban Spam/Bot Accounts: Suspend or ban accounts clearly engaged in spamming or malicious bot activity.
- Report to Administrators: Alert Service Administrators to large-scale spam attacks or sophisticated bot activity, as they may have tools for IP blocking, rate limiting, or broader mitigation.
For DDoS Attacks (Primarily Administrator Actions):
- Service Administrators work to identify attack vectors and mitigate them, often involving upstream network providers or specialised DDoS mitigation services.
- Moderators can help by communicating service status to users (if directed) and managing community discussion around the outage.
For Malicious Data Scraping (Primarily Administrator Actions):
- Service Administrators may implement technical measures to detect and block scrapers (e.g., rate limiting, IP blocking, analysing access patterns).
- Policies on data access should be clear in the ToS.
General Steps:
- Consult ToS: Refer to your instance’s Terms of Service, which should outline prohibited technical abuses.
- Discuss with Team: Moderators should coordinate with each other and relevant administrators.
- Implement Preventative Measures: Service administrators should aim to implement technical measures to prevent common forms of service abuse where possible (e.g., robust registration checks, API rate limits, DDoS protection).
Example Community Guidance
Strike System: “Minor infractions related to irresponsible bot behaviour or accidental ToS violations might receive a warning. Deliberate spamming or malicious technical abuse will lead to immediate bans.”
General Prohibition (in Terms of Service): “Users must not engage in any activity that disrupts, degrades, or compromises the security or performance of the service. This includes, but is not limited to, distributing spam, participating in Denial of Service attacks, unauthorised data scraping, or operating malicious or undisclosed automated accounts (bots) that violate our bot policy.”
Strict Enforcement: “Engaging in activities such as DDoS attacks, persistent spamming, or malicious botting will result in immediate and permanent bans, and may be reported to law enforcement or relevant network abuse centres. Service Administrators reserve the right to implement technical measures to block or mitigate any perceived service abuse.”
Online Harassment
Definition
Unsolicited repeated behavior against another person, usually with the intent to intimidate or cause emotional distress. Online harassment may take the form of one abuser targeting a person or group with sustained negative contact, or it may take the form of many distinct individuals targeting an individual or group.
Related Terms
Cyberbullying, Cyberstalking, Dogpiling, Brigading, Trolling, Abuse.
Background
Harassment is repeated behaviour, and may include several other […]
Table of Contents
- Definition
- Related Terms
- Background
- Why We Care
- Spotting Online Harassment: What to Look For
- Before You Act: Common Pitfalls & Nuances
- Managing Suspected Online Harassment: Key Steps
- Example Community Guidance
Definition
Unsolicited repeated behavior against another person, usually with the intent to intimidate or cause emotional distress. Online harassment may take the form of one abuser targeting a person or group with sustained negative contact, or it may take the form of many distinct individuals targeting an individual or group.
Related Terms
Cyberbullying, Cyberstalking, Dogpiling, Brigading, Trolling, Abuse.
Background
Harassment is repeated behaviour, and may include several other harms used repeatedly to harass or initimidate a user. In general, harassment includes the following:
- Willful – The behavior has to be deliberate, not accidental.
- Repeated – Bullying reflects a pattern of behavior, not just one isolated incident.
- Harmful – The target must perceive that harm was inflicted.
- Using computers, cell phones, and other electronic devices – This differentiates cyberbullying from offline bullying
Concerned trolling involves individuals posing as supporters or fans, offering damaging critiques under the guise of helpful feedback. Instead of engaging, muting such content might be more effective to avoid unnecessary confrontation.
Cyberstalking includes persistent online behaviors meant to threaten, terrorize, or surveil someone. It’s a criminal offense in many places, prompting victims to consider legal actions such as contacting law enforcement or securing online privacy if identity theft is suspected.
Cyberbullying encompasses various forms of harassment. Resources and further information can be found on cyberbullying.org, which offer up-to-date insights on handling such issues.
Cyber-mob violence, or dogpiling, involves large groups targeting individuals with torrents of abuse, often for their political views. Tactics to manage such situations include enlisting others to monitor the abuse, temporarily stepping back from social media, or initiating a counter-speech campaign to maintain control over the narrative.
Why We Care
Harassment creates a hostile and unsafe environment for its targets and for the wider community. It can lead to severe psychological distress, anxiety, fear, and can silence individuals, forcing them to withdraw from online participation. Allowing harassment to persist normalises abusive behaviour and can make the community unattractive and dangerous for both existing and potential members.
A strong stance against online harassment is vital for fostering a respectful community where accounts feel safe to express themselves and interact without fear of targeted abuse.
Spotting Online Harassment: What to Look For
Identification of online harassment typically involves observing a pattern of unwanted, negative behaviour directed at a specific target, or a mass of such behaviour from multiple accounts.
Account Traits:
- Single Abuser: An account repeatedly sending abusive messages, @mentioning a target with insults, or consistently derailing their posts with negative commentary.
- Multiple Abusers (Dogpiling): Numerous accounts (which may or may not appear coordinated initially) suddenly directing similar negative, insulting, or threatening comments towards a single target or group. These might be a mix of established, new, or anonymous accounts.
Content Characteristics: Look for language that is insulting, demeaning, threatening, intimidating, or excessively aggressive. Content might include personal attacks, persistent mockery, offensive memes or images directed at the target, spreading of malicious rumours, or repeated unwelcome sexual advances. The key is that it is unsolicited and repeated, or part of a mass attack.
Posting Patterns:
- Sustained Contact: A single harasser might repeatedly reply to a target’s posts with abuse, @mention them in abusive contexts, or send them unwanted direct messages.
- Swarming/Dogpiling: A target’s post or profile might suddenly be flooded with negative replies or quote-posts from many different accounts in a short period.
- Campaigning: Harassers might create posts specifically to denigrate or call for negative attention towards the target.
Behaviour: The core of harassment is the repeated nature of the unwanted negative conduct from one or more persons, and the impact it has on the target (intimidation, distress). Harassers often ignore requests to stop, and may escalate their behaviour if confronted. In cases of dogpiling, while individual harassers might claim their single post isn’t “repeated,” the collective effect on the target is one of overwhelming, repeated abuse.
Key Questions for Assessment:
- “Is an individual or group receiving repeated, unwelcome negative attention or abusive comments from one or more accounts?”
- “Does the behaviour appear intended to intimidate, distress, humiliate, or silence the target?”
- “Has the target indicated that the contact is unwanted or asked for it to stop (if from a single persistent source)?”
- “In the case of multiple accounts, is the collective impact on the target one of sustained, overwhelming negativity or abuse?”
- “Does the conduct serve any legitimate purpose in the context of a reasonable discussion?”
Before You Act: Common Pitfalls & Nuances
It’s important to distinguish harassment from legitimate criticism, disagreement, or isolated incidents of rudeness.
Disagreement vs. Harassment: Robust debate and disagreement are normal. Harassment occurs when it crosses into personal attacks, repeated targeting, intimidation, or becomes a campaign of abuse rather than a discussion of ideas.
Isolated Rudeness: A single rude comment, while unwelcome, may not constitute harassment unless it’s part of a pattern or exceptionally severe.
Reporting in Bad Faith: Occasionally, individuals may report legitimate criticism as harassment if they dislike being challenged. Assess the context carefully.
“Reasonable Person” Standard: Consider whether a reasonable person, in the target’s position, would feel harassed or intimidated by the conduct.
Common Gotchas:
- Waiting too long to intervene, allowing harassment to escalate.
- Focusing only on individual harassing posts rather than the cumulative pattern and impact.
- Not taking into account the power dynamics if a more influential account is harassing a less influential one.
- Dismissing “low level” but persistent harassment that cumulatively causes significant distress.
Key Point: Harassment is about the pattern of unwelcome, repeated behaviour aimed at causing distress or intimidation, or an overwhelming volume of such behaviour from multiple sources. The intent of the abuser(s) and the impact on the victim are both important considerations.
Managing Suspected Online Harassment: Key Steps
When online harassment is reported or observed:
- Prioritise the Target’s Safety and Well-being: Offer support and reassurance. Ask them what actions they would find helpful (e.g., blocking abusers, making a report).
- Investigate Promptly: Review the reported posts, direct messages, and the interaction history to understand the pattern and context.
- Document Evidence: Take screenshots and save links to harassing content. Make a note of the accounts involved.
- Assess the Pattern and Severity: Is this a single persistent harasser or a dogpile? How severe is the abuse? Is it ongoing?
- Discuss with Team (if applicable): Share findings with fellow moderators or your service administrator, especially in complex cases or dogpiles.
- Apply Community Guidance / Sanctions:
- For the Harasser(s): Depending on severity and policy: issue warnings, remove harassing content, enforce temporary mutes/suspensions, or implement permanent bans for persistent or severe harassment. In dogpiles, action might be needed against multiple accounts.
- For the Target: Advise them on blocking features, how to report to instance admins, and potentially on making their account more private if they wish.
- Follow Up (if appropriate): Check in with the target after taking action, if they are comfortable with this.
Example Community Guidance
Strike System: “Single instances of rudeness may receive a warning. However, repeated abusive comments or clear participation in harassment or dogpiling will lead to stricter sanctions, including suspension or permanent bans.”
General Prohibition: “Engaging in online harassment is strictly prohibited. This includes, but is not limited to, making personal attacks, sending repeated unwelcome messages, threatening or intimidating others, inciting others to harass an individual (dogpiling), or any behaviour that creates a hostile environment for another member.”
Strict Enforcement: “Accounts found to be engaging in persistent harassment, severe single instances of abuse, or participating in coordinated harassment (dogpiling) will be subject to immediate sanctions, up to and including permanent bans. We are committed to maintaining a community where users feel safe from targeted abuse.”
CSEA
Definition
Child Sexual Exploitation and Abuse – A broad category that encompasses both the sharing of material depicting child sexual abuse, other sexualised content depicting children, and includes grooming.
For the guidance and requirements regarding Child Sexual Abuse Material see CSAM
The top three online CSEA harms are: producing, sharing and/or viewing CSAM, online sexual solicitation, and online grooming.
Related Terms
Online Child Grooming, Child Enticement, Predatory […]
Table of Contents
- Definition
- Related Terms
- Background
- Why We Care
- Spotting CSEA: What to Look For
- Before You Act: Common Pitfalls & Nuances
- Managing Suspected CSEA: Key Steps
- Example Community Guidance
- Further Reading
Definition
Child Sexual Exploitation and Abuse – A broad category that encompasses both the sharing of material depicting child sexual abuse, other sexualised content depicting children, and includes grooming.
For the guidance and requirements regarding Child Sexual Abuse Material see CSAM
The top three online CSEA harms are: producing, sharing and/or viewing CSAM, online sexual solicitation, and online grooming.
Related Terms
Online Child Grooming, Child Enticement, Predatory Behaviour, Online Child Endangerment, Luring, Sexual Coercion of Minors.
Background
Child Sexual Exploitation and Abuse (CSEA) for the purposes of this guidance (and distinct from the handling of CSAM), primarily encompasses predatory behaviours such as online grooming – where an adult builds a relationship with a child to gain their trust with the ultimate aim of sexual abuse or exploitation – and the creation or sharing of other forms of sexualised content depicting children that may not meet the CSEA definition but is clearly exploitative or inappropriate. This can also include attempts to coerce or entice children into sexualised conversations or activities.
Perpetrators may exploit the features such as direct messaging to identify and target children. Grooming is a process that can occur over time, making its early stages sometimes difficult for observers to detect without specific awareness. The focus of this page is on identifying these behaviours and non-CSAM exploitative content to ensure immediate safeguarding actions, including mandatory reporting to authorities.
Why We Care
Addressing all forms of CSEA is an absolute and non-negotiable priority. These behaviours cause profound, lifelong harm to children. There is a moral, ethical, and often legal imperative to protect children from sexual exploitation and abuse in all its forms. A zero-tolerance approach is the only acceptable stance.
Failure to act decisively against CSEA not only fails to protect children but also makes the community complicit in enabling harm, and can have severe legal consequences for individuals and service providers. The safety and well-being of children supersedes all other considerations.
Spotting CSEA: What to Look For
Identification of CSEA, particularly grooming, requires vigilance for patterns of inappropriate interaction and specific predatory behaviours. This section focuses on indicators other than the presence of CSAM itself.
Grooming Indicators:
- Inappropriate Relationship Building: An adult account attempting to establish a private, secretive, or overly familiar/personal relationship with an account known or appearing to be a child. This might include excessive flattery, gift-giving (virtual or promises of real), or sharing personal adult problems to elicit sympathy.
- Targeting Vulnerabilities: Exploiting a child’s insecurities, loneliness, or desire for attention/validation.
- Isolating the Child: Attempting to drive a wedge between the child and their parents, friends, or other trusted adults; encouraging secret-keeping; or moving communication to more private, unmoderated channels.
- Normalising Sexual Talk / Boundary Pushing: Gradually introducing sexual themes into conversations, making sexualised jokes or comments, asking intrusive questions about a child’s private life or body, or testing boundaries to see what the child will tolerate.
- Requesting Inappropriate Images/Information: Pressuring a child to send suggestive (but not necessarily explicit by local CSAM definitions) photos of themselves, or detailed personal information about their routines or location.
- Coercion or Threats: Using manipulation, emotional blackmail, or threats to get a child to comply with requests or to keep the relationship secret.
- Attempting to Meet Offline: Suggesting or arranging to meet a child in person.
Other Exploitative Content (Non-CSAM context):
- Discussions or sharing of content (e.g., drawings, fictional stories, AI-generated images that are not CSAM) that sexualise children or promote/normalise sexual attraction to children.
- Accounts seeking or offering to connect adults with children for sexual purposes.
- Content that provides instructions or encouragement for child sexual exploitation.
Key Questions for Assessment (Requiring IMMINENT ESCALATION to Service Admins & Authorities):
- “Is an adult account displaying grooming behaviours towards an account identified or suspected to be a child?”
- “Is an account attempting to sexually coerce or solicit a child?”
- “Is content being shared that, while not CSAM, clearly sexualises children in an exploitative manner or promotes harm to children?”
- “Are there any indicators suggesting a child is at immediate risk of harm?”
Before You Act: Common Pitfalls & Nuances
Do NOT Investigate Independently: Moderators should never attempt to “investigate” suspected grooming or CSEA themselves. This can alert perpetrators, destroy evidence, or re-traumatise victims. Your role is to identify red flags and immediately report to your service administrator and, through them or established channels, to law enforcement and/or specialist child protection agencies (e.g., NCMEC, Internet Watch Foundation, CEOP).
Confidentiality of Reporter/Victim: Maintain strict confidentiality if a child or concerned party reports such activity.
Preservation of Evidence is for Experts: While noting account names and relevant posts is crucial for your report to the service admin, the detailed forensic preservation of evidence is for law enforcement.
Common Gotchas (to be AVOIDED by correct procedure):
- Delaying reporting to authorities: Any credible suspicion requires immediate next steps towards official reporting.
- Confronting the suspected perpetrator: This can be dangerous and counter-productive.
- Making assumptions about a child’s age or maturity: All children are vulnerable.
Key Point: Any suspicion of grooming or CSEA involving a child requires immediate escalation through your Service Administrator to law enforcement and/or designated child protection agencies. There is no room for independent moderator action beyond this critical reporting chain.
Managing Suspected CSEA: Key Steps
The primary “management” by moderators is reporting and preserving initial information for escalation.
- IMMEDIATE REPORT TO SERVICE ADMINISTRATOR: If you encounter any account or content that raises suspicion of CSEA as defined here (grooming, non-CSAM sexualised content of children), immediately report all details to your service administrator or a designated safety officer. This is your first and most crucial step.
- Document Initial Observations: Securely and confidentially note the username(s) involved, relevant post URLs (if applicable), dates, times, and a brief description of why you are concerned. Provide this information to your administrator. Do not download or store any potentially illegal or harmful material yourself.
- Service Administrator Actions (Essential): The Service Administrator (or designated safety personnel) MUST:
- Preserve evidence according to legal best practices (often involving server-side data).
- Report the incident to the appropriate national law enforcement agency specialising in child exploitation (e.g., National Center for Missing and Exploited Children – NCMEC in the US, Internet Watch Foundation – IWF in the UK, or national police cybercrime units) and any other legally mandated bodies. This is often a legal requirement. Use the CSAM Reporting Requirements page to find the appropriate entity.
- Take steps to restrict the offending account(s) from the platform to prevent further harm, in consultation with law enforcement if an investigation is active.
- Ban Offending Accounts (Following Due Process/LE Guidance): Once confirmed by internal review and/or as guided by law enforcement, permanently ban accounts involved in CSEA.
- Cooperate Fully with Law Enforcement: Ensure all relevant information is provided to investigators.
- Support a Reporting Child (with extreme care): If a child reports directly, ensure they are listened to respectfully, assured it’s not their fault, and that steps are being taken to help. Immediately get specialist child protection services involved through your service administrator’s report to authorities. Do not try to counsel or interview the child yourself beyond initial information gathering for the report.
Example Community Guidance
Strike System: “Any activity related to Child Sexual Exploitation and Abuse, including grooming or sharing sexualised content of children, bypasses all warning or strike systems and will result in immediate, permanent bans and reporting to law enforcement.”
General Prohibition: “The safety of children is our highest priority. Any form of Child Sexual Exploitation and Abuse (CSEA), including but not limited to online grooming, attempting to solicit or coerce children into sexual activity, or the sharing of any content that sexually exploits or endangers a child, is absolutely prohibited and will be reported to law enforcement and relevant child protection agencies.”
Strict Enforcement: “We maintain a zero-tolerance policy for CSEA. Confirmed instances will result in immediate permanent bans, preservation of evidence for, and reporting to, national and international law enforcement and child protection agencies. We are legally and morally bound to take all necessary actions to protect children and cooperate with authorities.”
Further Reading
Account Takeover
Definition
Where an unauthorized user gains control of a user account, through means such as hacking, phishing or buying leaked credentials.
Related Terms
Compromised Account, Hacked Account, Unauthorized Access, Credential Stuffing, Phishing (as a common precursor), Identity Theft.
Background
An account takeover occurs when an unauthorized individual gains control of another account’s legitimate account. This can happen through various methods, including stolen passwords from data […]
Table of Contents
- Definition
- Related Terms
- Background
- Why We Care
- Spotting Account Takeovers: What to Look For
- Before You Act: Common Pitfalls & Nuances
- Managing Suspected Account Takeover: Key Steps
- Example Community Guidance
- Further Reading
Definition
Where an unauthorized user gains control of a user account, through means such as hacking, phishing or buying leaked credentials.
Related Terms
Compromised Account, Hacked Account, Unauthorized Access, Credential Stuffing, Phishing (as a common precursor), Identity Theft.
Background
An account takeover occurs when an unauthorized individual gains control of another account’s legitimate account. This can happen through various methods, including stolen passwords from data breaches on other sites (credential stuffing), successful phishing attacks, malware, or exploiting weak security practices. Once an account is taken over, the attacker can act as the legitimate account holder, potentially causing significant harm.
Volunteer moderators typically become aware of an account takeover when the legitimate account holder reports losing access, or if the account starts exhibiting highly uncharacteristic behaviour (e.g., posting spam, phishing links, abusive content, or sending unusual direct messages) that is noticed by other community members or moderators. Investigating and confirming account takeovers often involves liaising with the Service Administrator or web host who may have access to server logs or other backend tools.
Why We Care
Dealing with Account Takeovers is critical because a compromised account can be used to harm the original account holder’s reputation, spread malware or phishing links to other community members, post abusive content, or access private information. This erodes trust within the community and can create a sense of insecurity, as accounts may fear their own accounts are vulnerable.
Prompt and effective responses are essential to minimise damage, restore access to the rightful owner if possible, and maintain the integrity and trustworthiness of the community.
Spotting Account Takeovers: What to Look For
Identification often relies on reports from the legitimate account holder or observation of sudden, anomalous behaviour from an established account.
Account Traits (Observed Behaviour): An established account suddenly changes its typical posting style, language, or the topics it engages with. The profile picture, bio, or display name might be altered in an uncharacteristic way. The account might start promoting scams or suspicious services.
Content Characteristics: Look for the account posting spam, phishing links, malicious URLs, abusive content, or messages that are completely out of character for the known account holder. This might include sending unsolicited direct messages with suspicious links or making unusual requests to other community members.
Posting Patterns: The account might suddenly become hyperactive, posting a large volume of unwanted content, or it might go silent when it’s usually active (if the attacker is only using it for private malicious activity). Activity might occur at times unusual for the legitimate account holder (e.g., if their timezone is known).
Behaviour (after takeover): The account may not respond to messages from known associates or moderators, or respond in a way that indicates an unfamiliarity with past interactions or the account holder’s known personality. The legitimate account holder might report being locked out of their account.
Key Questions for Assessment:
- “Have there been recent login attempts from unusual IP addresses or locations (information usually only available to Service Administrators)?”
- “Has the legitimate account holder reported losing access to their account or noticing unauthorized activity?”
- “Is an established account suddenly posting content or messages that are drastically out of character, such as spam, phishing, or abuse?”
- “Are there multiple reports from other community members about unusual behaviour from the account?”
Before You Act: Common Pitfalls & Nuances
It’s important to act swiftly to secure a potentially compromised account, but also to ensure it is a genuine takeover.
Legitimate Change in Behaviour: Occasionally, an account holder might genuinely change their posting habits or express new opinions. Distinguish this from clearly malicious or spammy takeover behaviour.
Shared Accounts: If an account is known to be shared (a risky practice), it can be harder to determine unauthorised use without a report from one of the legitimate users.
Misunderstanding by Reporter: Someone might misinterpret a joke or an uncharacteristic but legitimate post as a takeover. Look for stronger signals.
Common Gotchas:
- Leaving a compromised account active for too long, allowing further harm.
- Not adequately communicating with the (presumed) legitimate account holder if they report the issue.
- Failing to advise the account holder on securing their account and other online accounts after a takeover.
- Restoring access without verifying the identity of the person reclaiming the account.
Key Point: An account takeover is characterized by unauthorised control. The primary indicators are reports from the user, or sudden, drastic, and usually malicious changes in an established account’s behaviour.
Managing Suspected Account Takeover: Key Steps
When an Account Takeover is suspected:
- Temporarily Restrict the Account: To prevent further misuse, the Service Administrator should place a temporary restriction or freeze on the account to lock out the attacker and stop any ongoing harmful activity (e.g., spamming, phishing).
- Attempt to Contact the Legitimate Account Holder: If the takeover was not reported by the account holder directly, try to reach them through any known alternative contact methods if available (e.g., a previously registered email address on the platform if your Service Administrator has access and policies allow).
- Gather Information/Evidence: Note the specific uncharacteristic activity, when it started, and any reports received. This can help the legitimate owner understand what happened.
- Verify a Reclaim Attempt: If the legitimate account holder contacts you to reclaim the account, the Service Administrator will need a secure process to verify their identity before restoring access (e.g., confirming details only the real owner would know, using a recovery email).
- Advise on Security Measures: Once restored, advise the account holder to immediately change their password to a strong, unique one, enable multi-factor authentication if available, review their account for any unauthorised changes, and check their devices for malware. They should also change passwords on other sites if they reused the compromised one.
- Discuss with Team (if applicable): Moderators should inform their Service Administrator immediately if they suspect a takeover. The Administrator will typically handle the technical aspects of account recovery.
- Clean Up (if necessary): Remove any spam, phishing, or abusive content posted by the compromised account.
Example Community Guidance
Strike System: “Actions taken by a compromised account are generally not held against the legitimate account holder once an Account Takeover is confirmed and resolved, though content posted during the takeover will be removed. The focus is on account recovery and security.”
General Prohibition: “Users are responsible for maintaining the security of their accounts. Unauthorised access or use of another user’s account is a serious violation. Report suspected account takeovers immediately.”
Strict Enforcement: “If an account is confirmed to be taken over, it will be temporarily suspended to prevent abuse while attempts are made to contact and verify the legitimate owner. Malicious actors attempting account takeovers will be banned if identified.”