Instance banning a remote user should prevent them from participating in remote versions of communities

[sunaurus]

Requirements

• Is this a feature request? For questions or discussions use https://lemmy.ml/c/lemmy_support
• Did you check to see if this issue already exists?
• Is this only a feature request? Do not put multiple feature requests in one issue.
• Is this a backend issue? Use the lemmy-ui repo for UI / frontend issues.

Is your proposal related to a problem?

Problem

When a user from instanceA is banned from instanceB, they are not prevented from making posts in instanceB communities. These posts do not show up outside instanceA, but this still means that future ban-worthy content from the banned user will be shown to all other users of instanceA, and the mod teams of instanceB will be powerless to improve the content for other users from instanceA.

Additionally, it seems that under certain conditions, these local-only posts from banned users can reach out to the wider federated network, for example, when a user from another instance searches for the post's url.

Describe the solution you'd like.

Solution

Instance bans would ideally work just like community bans - they would be federated and go into a new site_person_ban table, which could be checked everywhere that currently checks community_person_ban, and if a ban exists in either table, the users action would be prevented.

Describe alternatives you've considered.

N/A

Additional context

No response

[0xAnansi]

Couldn't this be used to DoS instances by creating a huge amount of bots with the intent to get banned, getting banned and then propagate this ban to all the instances, filling up their databases?

It's already a thing Guess we should approach that the same way we approach spam posts etc.

wth 💀

[techno156]

Couldn't this be used to DoS instances by creating a huge amount of bots with the intent to get banned, getting banned and then propagate this ban to all the instances, filling up their databases?

Would that even work? I can't imagine the ban list is particularly big (since it's just text), and you'd need an unimaginably large amount of users (millions, or even billions?) to start taking up meaningful amounts of space.

It's more likely that something else in Lemmy would break before then.

At that point, it seems easier to just Federate a massive banspam list on a regular instance, without having to go to the trouble of bot accounts, and all of that.

[ghost]

Well, we are not saying we should scrap the idea due to potential abuse.

But it's definitely something we should keep in mind. Because right now, there is nothing that really prevents me from spamming millions of ban messages :P

[Nutomic]

Instance bans are federated, but its possible that they are not going through in some cases.

[sunaurus]

@Nutomic instance bans are only federeated into the modlog, they are not currently being checked when posting or commenting (unlike community bans). The point is that a user who is instance banned can freely post garbage in communities that are hosted in the instance that he is banned from, and this will ruin the experience for other users on his instance.

[sunaurus]

This is the relevant code (which currently doesn't do much) for when a remote instance ban comes in:

https://github.com/LemmyNet/lemmy/blob/main/crates/apub/src/activities/block/block_user.rs#L133

OTOH In the case of remote community bans, the bans are actually written into the local community_user_ban table (which is always checked when making posts or comments):

https://github.com/LemmyNet/lemmy/blob/main/crates/apub/src/activities/block/block_user.rs#L192

[Nutomic]

Ah you are talking about the user receives a site ban from an instance which is not their home instance. That is indeed not handled. Its a variation of #1205

[iByteABit256]

Essentially a fix to this would be iterating over the communities of instance B, and for each one to run the code from the community ban handling, right?

[Nutomic]

Yes that sounds about right. So you need to change the code inside SiteOrCommunity::Site branches.

[Nothing4You]

additional related issue:

i've noticed that unbans and restorations can federate in some cases, overriding a local removal/ban decision.
for example, if i ban a remote user, then the user gets banned and unbanned on their home instance, the user is no longer banned on my instance.
if i remove content e.g. a post in a remote community, then the community's home instance removes and restores the same post, the post will also be restored in my instance.

while this certainly isn't working as intended, i think the security impact is fairly low, as such actions coming from other instances will typically lead to defederation, and similar actions could be performed by just creating new users, but i can see this, especially for the site ban, happen easily by accident, when a user gets temp banned on their home instance at any later time for likely unrelated reasons.

[dessalines]

Seems to be a dupe of #4118 , which I have a PR out for now.

[Nothing4You]

If I understand it correctly, #4464 does not address this for communities created after a site ban was issued.

[sunaurus]

@Nothing4You you are correct - I will reopen this issue for now as I am working on a PR for the fix already