this post was submitted on 22 Apr 2024
70 points (100.0% liked)
traaaaaaannnnnnnnnns
1139 readers
68 users here now
Welcome to /c/traaaaaaannnnnnnnnns, an anti-capitalist meme community for transgender and gender diverse people.
-
Please follow the Hexbear Code of Conduct
-
Selfies are not permitted for the personal safety of users.
-
No personal identifying information may be posted or commented.
-
Stay on topic (trans/gender stuff).
-
Bring a trans friend!
-
Any image post that gets 200 upvotes with "banner" or "rule 6" in the title becomes the new banner.
-
Posts about dysphoria/trauma/transphobia should be NSFW tagged for community health purposes.
-
When made outside of NSFW tagged posts, comments about dysphoria/traumatic/transphobic material should be spoiler tagged.
-
Arguing in favor of transmedicalism is unacceptable. This is an inclusive and intersectional community.
-
While this is mostly a meme community, we allow most trans related posts as we grow the trans community on the fediverse.
If you need your neopronouns added to the list, please contact the site admins.
Remember to report rulebreaking posts, don't assume someone else has already done it!
Matrix Group Chat:
Suggested Matrix Client: Cinny
https://rentry.co/tracha (Includes rules and invite link)
WEBRINGS:
🏳️⚧️ Transmasculine Pride Ring 🏳️⚧️
⬅️ Left 🏳️⚧️🏳️🌈 Be Crime Do Gay Webring 🏳️⚧️🏳️🌈 Right ➡️
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
To be fair to the app dev, I'm pretty sure it was unintentional. Just pointing out it's easier then having to write up a python script and working with apis.
I completely agree with you. Most users wouldn't think that.
I think there'd be much better adherence if people understood how insanely easy it is. "hey guys, deleted comments are still readable" does that convey the same sense of urgency as "clicking this link shows you deleted comments"? I think without communicating how easy it is, people won't worry about it. I know I didn't when I thought the issue was federated servers being able to read comments, instead of literally anyone.
I don't know. I kind of see what you're saying about new attackers realizing this, but this has been a known issue for a long time. Would they really not know? If they searched Google to figure out how to see deleted comments, I imagine you could find the issue quickly. Overall I'm not really a fan of security by obscurity either 🤷. More people knowing how to properly delete stuff is a clear upside too.
And yea, this desperately needs a server side fix and I can't believe how long it's gone on without one. I'm not familiar with lemmy's code base, but a check for if the content is deleted doesn't seem like it would be hard.
its mildly annoying to figure out exactly how to implement it best (I've been looking at it all morning) but editing the ORM sql queries in https://github.com/LemmyNet/lemmy/blob/main/crates/db_views/src/comment_view.rs would be one way to do it that covers all the different api endpoints affected. The comments there indicate this was done knowingly/intentionally. The problem is if upstream lemmy says they don't want to change it we'd just be screwed. I think they'd be amenable but you never know
Edit: it's already fixed upstream I'm a doodoohead