I have just logged in on my own Lemmy instance, and I see a list of banned users in the administrative area, from other instances. I have not banned anyone myself.
How does it work? If you’re banned from an instance, you’re banned from the whole federation?
Yes, instance bans propagate out to the federation. But if user@a.com gets banned, they can just go sign up as user@b.com.
Thank you, it appears to be this way.
When you say “my own instance” do you mean an instance you set up yourself and are the administrator? If so how and where did you set it up?
Yes. I have a VPS and I am using their Docker files: https://join-lemmy.org/docs/en/administration/install_docker.html
There should be a public modlog which should tell you when and why someone was banned. I haven’t set up my lemmy instance yet, did you maybe leave your instance unprotected for long enough so some could add bans? Or did you use an old database with data from a previous instance? Did you pull the wrong docker image?
Everything is running fine. It is as @jon@jon@lemmy.tf and @neoney@lemmy.neoney.dev write.
If I am server A, and I federate with B. If user@B is banned by B, this is propagated to me, so that A does not see content from B that comes from user@B. It makes sense.
What I don’t understand is why does server B have to tell server A that user@B is banned on B, instead of just not letting user@B login anymore and thus disallowing the creation of further content by user@B?
And maybe A wants the content by user@B, so why can server B dictate bans that server A has to enforce?
What happens if server A ignores them?
As an instance would I be able to flood another instance’s ban list by just pretending to have trillions of users that are all banned?
Given that I asked the question in the first place, here is how I make sense of it after some answers and looking at the modlog.
What I don’t understand is why does server B have to tell server A that user@B is banned on B, instead of just not letting user@B login anymore and thus disallowing the creation of further content by user@B?
Because A sees B’s content, but on A server. user@B is banned on B, hence, A keeps seeing B content, but not user@B content on B. user@B can still register on A and post there.
And maybe A wants the content by user@B, so why can server B dictate bans that server A has to enforce?
Because user@B’s content, while copied and displayed on A, is still B’s content. B bans the user and their content everywhere. Again, user@B can register elsewhere and start posting.
What happens if server A ignores them?
From what I can see, if I am A, I cannot unban user@B in any way. user@B can register in my instance, though. I can ban user@A afterwards (or not).
As an instance would I be able to flood another instance’s ban list by just pretending to have trillions of users that are all banned?
I think so. I federate with Beehaw. If Beehaw bans everyone, my banned user list will get quite long.
Are those instances you federate with?
Yes, they all are only from instances I federate with.
Same question.
My theory is:
When the instance admins ban one of the users off of their instance, the ban event gets transmitted to everyone that’s federated, so that other instances can stop seeing posts from that user too.I can’t test it but it seems that I cannot unban them from my instance. Meaning that a ban is at federation level.
They’re banned on their instance, so their instance wouldn’t even attempt to federate their content.
My question is why would another instance need to know which local user accounts of an instance have been “banned” by the instance they’re registered at?
No clue. Maybe it just needs to work that way in the current implementation
That would imply that any instance admin, even those that created theirs for themself only, can just ban users on other instance. That would be a major attack vector and it kind of defeats the purpose of the autonomy each instance is supposed to have…
I assume it only gets shared when the admin of the instance where the user is registered bans them, but again, that’s only a guess.
Go to the modlog of your instance and you can see they were banned of the mod of the original instance.
I assume it only gets shared when the admin of the instance bans a user that’s registered on the other instance, but again, that’s only a guess.
And that would mean I can set up my own instance, ban e.g. you, and you’d get banned on other instances as well. That doesn’t sound like a well thought out design choice.
You can only globally ban people who have accounts on your instance. Cause that’s how banning works, I don’t really see a problem here.
You said “when the admin of the instance bans a user that’s registered on the other instance” the other instance. Make up your mind.
You also said that ban gets distributed. It shouldn’t and it probably doesn’t because if it would as I said I could ban you on my instance and distribute that ban to other instances and just lock you out of the Fediverse.
“when the admin of the instance bans a user that’s registered on the other instance” - I meant an admin banning a user on the instance that they administer. “The other instance” here referred to an instance that isn’t the one you host, but the one where the admin is.
So you’re saying the instance mentioned in “admin of the instance” and the instance mentioned in “the other instance” are meant to be the same instance, although it specifically says “other instance”?
Maybe you could reword all of that because what you’ve written until now is just extremely convoluted.