Hello world,

as many of you may already be aware, there is an ongoing spam attack by a person claiming to be Nicole.

It is very likely that these images are part of a larger scale harassment campaign against the person depicted in the images shared as part of this spam.

Although the spammer claims to be the person in the picture, we strongly believe that this is not the case and that they’re only trying to frame them.

Starting immediately, we will remove any images depicting “Nicole” and information that may lead to identifying the real person depicted in those images to prevent any possible harassment.
This includes older posts and comments once identified.

We also expect moderators to take action if such content is reported.

While we do not intend to punish people posting this once, not being aware of the context, we may take additional actions if they continue to post this content, as we consider this to be supporting the harassment campaign.

Discussion that does not include the images themselves or references that may lead to identifying the real person behind the image will continue to be allowed.

If you receive spam PMs please continue reporting them and we’ll continue working on our spam detections to attempt to identify them early before they reach many users.

  • LSNLDN@slrpnk.net
    0·
    2 months ago

    Weird, I’d assumed it was just AI generated? What makes people think it’s harassment?

    • 𞋴𝛂𝛋𝛆@lemmy.worldEnglish
      0·
      2 months ago

      Anyone that is monolithic in a space without broad scope comments and presence is fake or potentially dangerous. No one would be posting in Lemmy, in this context of supposed community building without having a presence here. There are several people that come to mind that could legitimately post that they are “the fediverse Squid Legend” but all of these have a major footprint on Lemmy.

      There is also a sketchy tracker link attached to the images, but I don’t think any of us are really able to say what exactly is happening with this. Like I finally got one of the messages a few days ago and my whitelist firewall logged the sketchy link. Someone else scanned that link in a security context which flagged it as suspicious. As far as I know, that is all that is known about what is underpinning the messages from the network side. Admins likely know more.

    • Rikudou_Sage@lemmings.world
      0·
      2 months ago

      Someone floated the idea, others liked the idea, started sharing the idea and once it made full circle, everyone was sure it’s harassment.

      • MsPenguinette@lemmy.world
        0·
        2 months ago

        I feel like I’m taking crazy pills that everyone is saying it’s obviously harassment. Doesn’t make much sense to me. I think it’s obvious she’s a victim but this would be way too niche of a form of harassment for it to be obvious

        That said, the course of action should be the same regardless

    • tal@lemmy.todayEnglish
      0·
      2 months ago

      What makes people think it’s harassment?

      It’d make a lot of sense to me.

      The image quality was poor, and there are AI models that permit one to create absolutely stunningly attractive people, moreso than real photos. Hell, I’ve written scripts myself to automatically drive Stable Diffusion to produce bulk procedural images. Anyone capable of scripting up a bot to send the message in the first place is more than capable of scripting up better generation.

      For catfishing, sending multiple duplicate messages to a user, which happened in this case, seems unlikely to be a goal.

      I assumed that it couldn’t reasonably be a scam attempt, so was guessing at it being a deanonymization effort, but harassment would make even more sense. If you’re trying to drive lots of angry people to make the victim miserable, it doesn’t matter if the images are annoying — in fact, it only makes them more effective, since hopefully you get more irate users sending material to the victim.

    • lunarul@lemmy.world
      0·
      2 months ago

      All the images look like screenshots taken during video calls. Also some people did some research and found the potential identity of the spammer (based on one of the accounts used) and maybe even the woman herself (coworker of the guy).

      • zzx@lemmy.world
        0·
        2 months ago

        Yeahhhh and see that’s when we need to stop and chill. Give this woman her privacy for the love of God

        • lunarul@lemmy.world
          0·
          2 months ago

          It’s what confirmed she’s likely the target of harassment and not a spammer herself.

          • zzx@lemmy.world
            0·
            2 months ago

            Right I understand that, but I’m saying we need to NOT be doxing either of these people. We really don’t need to stress this poor innocent woman out by getting involved

  • DonutsRMeh@lemmy.world
    0·
    2 months ago

    Damn, I never thought about it this way. Wow. I always took it as a funny thing not thinking of the person in the photo being an actual person who could very well be harassed. Thank you for bringing this to light. Whoever thought of this is a good human being. <3

    • A_Union_of_Kobolds@lemmy.world
      0·
      2 months ago

      For a long time someone has been spamming Lemmy users with a private message including a picture introducing herself as the “fediverse chick” and plugging socials

      But what if that’s not the person at all

    • helpImTrappedOnline@lemmy.world
      0·
      2 months ago

      TLDR; Scammer/creep is using a woman’s photos, possibly stolen from a webcam hack, and her social media links to privately message people.

      People were getting private messages with a few links and a picture from someone claiming to be Nicole the Fediverse Chick.

      Of course this becomes a meme and spreads as people talk about it.

      It gets weird because there’s multiple different pictures. 1 or 2 stolen pic online, that’s expected for these types of scam. But there’s a whole collection of them out there. Its suspected to be pulled from a live stream or a hacked webcam.

      Like usual, the chance that the woman in the picture is actually Nicole sending messages is pretty low. Having her image and links shared to randos online makes an easy target for a lot of people to harass her.

      .world admins are saying no more. All references to “Nicole” will be purged.

  • Mpatch@lemmy.world
    0·
    2 months ago

    I gotta give it to you guys. The foresight to prevent a disaster is 10/10. Top tier. Well done.

    • givesomefucks@lemmy.worldEnglish
      0·
      2 months ago

      It’s pretty obvious …

      What’s scary is how many people just accepted that some woman wanted to randomly spam thousands of pictures with her smoking weed.

      • finitebanjo@lemmy.world
        0·
        2 months ago

        I saw a theory a while back that the IPs which receive the various images get logged allowing the recipients accounts to be tied to an IP and possibly even a physical address based on the timeframe it was sent. Is that a real concern or just conspiracy, do you think?

        • MrKaplan@lemmy.worldEnglish
          0·
          2 months ago

          That appears to be a baseless conspiracy theory.

          Except for the gore pms, I believe all the images have been uploaded to Lemmy instances or Imgur, which means that the uploader has no way to track IPs accessing those images. The gore images were uploaded to another service that at least on the surface appears to be another regular image hoster that wouldn’t expose IP access logs to uploaders.

          • Aphelion@lemm.ee
            0·
            2 months ago

            I don’t think its baseless given that anyone can set up their own Lemmy instance to host the PM’d images.

              • Captain Aggravated@sh.itjust.worksEnglish
                0·
                2 months ago

                A day or two ago, someone spammed out a picture of a murdered body with the standard Fediverse Chick copypasta. That seemed to freak people out; the nicoled community locked down, this thread happened, etc.

                The gore photo seems to be a second actor/copycat. The Nicole spammer either came from their own instances or opened accounts very shortly before spamming, the gore photo, and a following anime style picture done in red-on-white saying “Do you like insanity?” seem to come from accounts that were made 2 years ago.

            • MrKaplan@lemmy.worldEnglish
              0·
              2 months ago

              The instance domains I’ve seen involved so far at least weren’t set up specifically for this purpose at least. Most of the URLs were pointing to established services and not different per recipient.

              While I can’t rule out that individual users may have received a different URL in an attempt to extract their IP and information about their browser, this at least does not appear to have been done in a larger scale.

        • Ricky Rigatoni@lemm.ee
          0·
          2 months ago

          I find it difficult to believe there are enough fediverse users not using a VPN at all times to make that effort worthwhile.

  • jaybone@lemmy.zipEnglish
    0·
    2 months ago

    Is this Nicole thing really still a thing? That’s so like back when I still had a 401k.

    • Senseless@feddit.org
      0·
      2 months ago

      So was it last week or the day before yesterday? It all happens so fast, I can’t - and frankly - refuse to catch up.

    • stebo@lemmy.dbzer0.com
      0·
      2 months ago

      i received another message yesterday, after my instance’s admin claimed they fixed the issue (i assume my blocking the spammer’s ip address from making new accounts)

      • MrKaplan@lemmy.worldEnglish
        0·
        2 months ago

        the problem with this spam and generally federated platforms is that you can only really try detecting it based on the content. the accounts tend to get created on another instance and then the messages federate over to you, which means you won’t see a lot of the identifying information you’d see for a local user, such as their IP address.

        • PattyMcB@lemmy.world
          0·
          2 months ago

          I just chalked it up to “a necessary evil” in order to take advantage of federated platforms. I found it funny at first, and then just ignored it. I never thought that it could’ve been some smear campaign, but rather scammers looking for easy targets.

          I’m glad mods are doing something about it, even if it’s not a perfect fix.

        • jaybone@lemmy.zipEnglish
          0·
          2 months ago

          IP bans aren’t great either. A decent spammer will just use a vpn. Then you’re just banning IPs from a service that other users might also use. An even more sophisticated bad actor would just use a bot net.

  • Buffalox@lemmy.world
    0·
    2 months ago

    part of a larger scale harassment campaign against the person depicted

    Oh boy that’s horrible, if true I hope she has reported it to police, and they can help her.

  • Squorlple@lemmy.worldEnglish
    0·
    2 months ago

    This is a copy+paste of a comment I left on the Nicole@feddit.org mod post after the recent incident with the gruesome picture(s?):

    “I think if Lemmy doesn’t have the infrastructure to defend against attacks like these which are presumptively conducted by one bad actor, then it doesn’t have the infrastructure to defend against wealthy organizations when our communities do get big enough to be noticed by them.

    [Nicole@feddit.org]’s history underscores how the messaging system in particular needs a massive overhaul; using image recognition as a filter for messages like Lemmy.World does for image posts (with options for NSFW that isn’t NSFL?), preventing images (and URLs? or only allowing white-listed sites?) from being sent within the first message sent between users (unless a box is ticked?), not showing message recipients images until they are directly opened, and preventing the de-anonymizing of message recipients should be made first priority for the next patch.”

    • Ice@lemmy.world
      0·
      2 months ago

      Honestly I think the easiest thing would be to not allow images or embedding at all in PMs and perhaps display a warning message when clicking links “you are leaving [instance name]…”

      Analyzing potentially lots of text and images in an effort to “guarantee” safety of users is likely a sisyphusian endeavour that is bound to fail - and furthermore also has privacy issues (namely that “private” messages aren’t private at all)

        • MrShankles@reddthat.com
          0·
          2 months ago

          For anyone not clicking the link, but wondering what this reply means… it’s a link to the user’s comment (right below, within this comment chain) about a lemmy update

          I was confused for a sec and probably would’ve skipped over all of the context because I didn’t continue reading first (and I hesitate to click links randomly), so maybe someone else with no attention span will benefit as well

          "Lemmy update v0.19.11 provides ‘Dont render images in private message’

          Not every instance is updated to this version, but it should stop the current method of spam (if updated). I’m wordy, I know; but maybe it’ll help someone

      • tal@lemmy.todayEnglish
        0·
        2 months ago

        not allow images or embedding at all in PMs

        I’d add — as someone who was concerned about and posted on the possibility that the aim of the spammer was exposing the IP address associated with the receivers’s username — that even if this wasn’t the aim from this event, it could be in some future event.

        I don’t think that disallowing inline images in direct messages will eliminate spam problems, even efforts of this sort, as it’d still be possible for a spammer to spam messages with indirect links to images hosted elsewhere. But it would help avoid leaking IP addresses of the receiving user.

        Or at least disallowing inline images in direct images by default. I can imagine maybe someone enabling them on some kind of a private, decoupled-from-the-wider-Fediverse instance on an intranet or whatnot, but I really don’t think that this is something that nearly any instance should actually permit.

        • tal@lemmy.todayEnglish
          0·
          2 months ago

          For anti-spam efforts, I think that there are a variety of potential partial solutions. No complete fixes, but some:

          • Rate-limiting the comment frequency on new accounts. IIRC, Reddit used this tactic. It does create some issues for (legitimate) use of throwaway accounts in anonymous posts, but there’s no legitimate reason for a new account to blast hundreds of messages an hour, I think. This might already be present, but if not, it’d be a good start. This can be defeated by generating new accounts for each new message or batch of.

          • Rate-limiting new account creation from a given IP address, if not already present. An attacker could defeat this via use of a commercial VPN, and if too low, it could create issues for some commercial VPNs.

          • Hashing of messages to red-flag identical messages being posted en masse. As best I could tell, the spammer here was posting many identical messages. This can be defeated by a spammer having software slightly modify each message.

          • Fuzzy-hashing of messages to red-flag almost identical messages being posted en masse. This can be defeated via text generation methods that are carefully tailed to the fuzzy hashing mechanism to modify messages such that each fuzzy-hashes to a different message.

          • A mechanism to permit an account to share blacklists of IP or message hashes and trigger removal of messages on other instances, preferably associated with a specific identifier or account. This permits any other instances to leverage antispam work by one instance; if I want to trust a given antispam admin or bot on lemmy.world, I can. Let an instance admin review and override such removals, maybe. It creates abuse potential for malicious use or inadvertent false positives spanning instances, but I think that it’s necessary to avoid having each instance fight its own lonely antispam battles. Otherwise, new and personal instances risk being buried by a deluge of direct message spam. The same mechanism, if exposed to users and not just instance admins, would also permit for subscribable content filters for people who don’t want to see content of a given sort (e.g. profanity or pornographic content of a particular sort or whatever, not just spam), which is another issue.

          Fortunately, as far as I see as a user, we’re not yet at the point that there is much spam on here yet, so this isn’t yet a serious problem. Maybe it’ll never happen, if the userbase never grows much. But if the userbase gets considerably bigger, increasingly-problematic spam will inevitably follow.

    • Rikudou_Sage@lemmings.worldEnglish
      0·
      2 months ago

      Well, I for example develop an automod (which is available to everyone) which includes advanced stuff like scanning images in the content, scanning the text itself, detecting similarity between two images etc. This all in an efficient reactive manner using database level webhooks.

      There is the infrastructure for that, it’s being developed and refined with every new kind of attack that’s happening. As every other platform does, whether they’re commercial or open.

    • socsa@piefed.socialEnglish
      0·
      2 months ago

      They are absolutely right. The quiet part of this is almost certainly that these DMs were being used to collect IPs from users using tracking links, and this is generally a big vulnerability in the fediverse many people seem unwilling to meaningfully confront.