There are all kinds of fun stuff in the Piefed code. Allow me to dredge up a comment I made recently:
@[email protected] was looking at PieFed code the other week, and I ended up taking a look at it too. Its great fun to sneak a peak at.
For example, you cannot cast a vote on PieFed if you’ve made 0 replies, 0 posts, AND your username is 8 characters long:
defcannot_vote(self):
ifself.is_local():
returnFalsereturnself.post_count == 0andself.post_reply_count == 0andlen(
self.user_name) == 8# most vote manipulation bots have 8 character user names and never post any content
If a reply is created, from anywhere, that only contains the word “this”, the comment is dropped (CW: ableism in the function name):
Every user (remote or local) has an “attitude” which is calculated as follows: (upvotes cast - downvotes cast) / (upvotes + downvotes). If your “attitude” is < 0.0 you can’t downvote.
Every account has a Social Credit Score, aka your Reputation. If your account has less than 100 reputation and is newly created, you are not considered “trustworthy” and there are limitations placed on what your account can do. Your reputation is calculated as upvotes earned - downvotes earned aka Reddit Karma. If your reputation is at -10 you also cannot downvote, and you can’t create new DMs. It also flags your account automatically if your reputation is to low:
PieFed boasts that it has “4chan image detection”. Let’s see how that works in practice:
if site.enable_chan_image_filter:
# Do not allow fascist meme contenttry:
if'.avif'in uploaded_file.filename:
import pillow_avif # NOQA
image_text = pytesseract.image_to_string(Image.open(BytesIO(uploaded_file.read())).convert('L'))
except FileNotFoundError:
image_text = ''except UnidentifiedImageError:
image_text = ''if'Anonymous'in image_text and (
'No.'in image_text or' N0'in image_text): # chan posts usually contain the text 'Anonymous' and ' No.12345'self.image_file.errors.append(
"This image is an invalid file type.") # deliberately misleading error message
current_user.reputation -= 1
db.session.commit()
returnFalse
Yup. If your image contains the word Anonymous, and contains the text No. or N0 it will reject the image with a fake error message. Not only does it give you a fake error, but it also will dock your Social Credit Score. Take note of the current_user.reputation -= 1
PieFed also boasts that it has AI generated text detection. Let’s see how that also works in practice:
# LLM Detectionif reply.body and'—'in reply.body and user.created_very_recently():
# usage of em-dash is highly suspect.from app.utils import notify_admin
# notify admin
This is the default detection, apparently you can use an API endpoint for that detection as well apparently, but it’s not documented anywhere but within the code.
Do you want to leave a comment that is just a funny gif? No you don’t. Not on PieFed, that will get your comment dropped and lower your Social Credit Score!
if reply_is_just_link_to_gif_reaction(reply.body) and site.enable_gif_reply_rep_decrease:
user.reputation -= 1
raise PostReplyValidationError(_('Gif comment ignored'))
How does it know its just a gif though?
defreply_is_just_link_to_gif_reaction(body) -> bool:
tmp_body = body.strip()
if tmp_body.startswith('https://media.tenor.com/') or \
tmp_body.startswith('https://media1.tenor.com/') or \
tmp_body.startswith('https://media2.tenor.com/') or \
tmp_body.startswith('https://media3.tenor.com/') or \
tmp_body.startswith('https://i.giphy.com/') or \
tmp_body.startswith('https://i.imgflip.com/') or \
tmp_body.startswith('https://media1.giphy.com/') or \
tmp_body.startswith('https://media2.giphy.com/') or \
tmp_body.startswith('https://media3.giphy.com/') or \
tmp_body.startswith('https://media4.giphy.com/'):
returnTrueelse:
returnFalse
I’m not even sure someone would actually drop a link like this directly into a comment. It’s not even taking into consideration whether those URLs are part of a markdown image tag.
I then made a comment from my lemmy.ml account, and replied to it from my piefed.zip account, and neither .social, nor europe.pub can see my .zip reply, but can see my lemmy.ml comment!
[ Let me add more clarity here: what this feature does is two things. On a local instance, if you block someone who is on your instance, they cannot reply to you. However, this condition is not federated (yet, it would seem), and so, to get around this “issue”, the system will drop comments from being stored in the PieFed database IF the blocked user is remote. This means you end up with “ghost comment chains” on remote instances. There is NEW code as of a few weeks ago, that will send an AUTOMATED mod action against blocked remote users to remove the comment. So long as the community is a local PieFed community, it will federate that mod action to the remote server, removing the comment automatically. For PieFed servers, eventually, they would rather federate the users block list (that’s fair), but it would seem this code to send automated mod actions to remove comments due to user blocks is going to stay just for the Lemmy Piefed interaction. I don’t really understand why the system simply doesn’t prevent the rendering of the comment, instead of stopping it from being stored. It knows the user is blocked, it already checks it, it should then just stop rendering the chain of comments for the given user, prevent notifications from those users, etc. ]
Moderators of a community can kick you from a community, which unsubscribes you from it, and does not notify you. This has been removed actually, the API endpoint is still there.
I was going to say that Admins had the ability to add a weight to votes coming from other instances, but the videos that showed this are now gone, and as of v1.5.0 they have removed the instance vote weight feature, claiming it was “unused”.
All this to say. Piefed is a silly place, and no one should bother using its software.
Can you tell me why you keep claiming this when I’ve specifically said this is not the case here?
"And no, it does not defederate from lemmy.ml out of the box. You are completely misunderstanding that code. I have already addressed this here.
“Alright, it doesn’t do any defederation, this function just controls what the api reports. It will list which of those four instances the instance is defederated from but that doesn’t look like it is actually used anywhere to do something…let me grab you links here is where piefed digests this api endpoint to populate the instance_chooser table, and the defed_list field isn’t actually used at all”
In the admin back end video produced to show the features of the software, these sites were said to be “defaults” by the software creator, and they are prefilled in. You can change them after the fact, this is true, but if you simply spin up the instance and never touch those settings they are defederated. I know this is true, because I am in contact with an admin who manages a PieFed instance that is federated with Hexbear, they had to remove the Hexbear defederation after initial setup.
Dude, I specifically spoke to wjs (one of the main contributors to this project) about this claim - and he examined the code. It doesn’t do what you claim it does. That quote is directly from him. Hexbear and Lemmygrad are automatically defederated but if you remove them and them remove all the defederations entirely, it won’t just repopulate them with those instances and automatically add lemmy.ml.
Lemmy.ml was never a default in the first place when it comes to defederation. Piefed.social doesn’t even defederate lemmy.ml.
I’m telling you that Hexbear.net is on by default, and so is lemmygrad.ml. They both need to be removed from your settings before you can federate with them. There shouldn’t be any default instances period.
Hexbear and Lemmygrad aren’t Lemmy.ml. I never claimed that hexbear and lemmygrad aren’t defederated by default.
The claim you’re linking to though also alleges that lemmy.ml is automatically defederated, and that if you wipe all defederations entirely it will repopulate them back.
Ok, you have this completely off base about it “not doing anything”. While I might be wrong about it defederating, what this code ACTUALLY does is rate other instances defederation lists based on this hard coded list. Let me explain:
The site_instance_chooser_view() function in /app/api/alpha/views.py provides a JSON representation of the current site’s metadata for the instance chooser feature. This feature allows users to browse and compare different Fediverse instances before choosing one to join.
Within site_instance_chooser_view(), the defed_list variable is defined as follows (lines 1148‑1151):
This query retrieves only four specific domains from the BannedInstances table:
hexbear.net
lemmygrad.ml
hilariouschaos.com
lemmy.ml
The resulting list is used to populate the defederation field in the returned JSON (line 1187):
'defederation': list(set([instance.domain for instance in defed_list])),
The defederation field is part of the site metadata returned by the API endpoint /api/alpha/site/instance_chooser. This endpoint is called by the instance‑chooser UI (/auth/instance_chooser) when a user clicks “More” on an instance card.
The template app/templates/auth/instance_chooser.html uses the defederation list to compute a defederation quality rating. The rating is based on how many of the four watched domains are blocked:
≥3 blocked → “Good”
2 blocked → “Ok”
1 blocked → “Minimal”
<1 blocked → “Negligent”
This rating is displayed in the instance details modal under the “Defederation” label (line 114 of the template).
The UI also contains commented‑out code (lines 124‑130) that would show individual status indicators for each of the four domains, but this is currently disabled.
This is problematic for a number of reasons, most of all is that this rating that it generates is NOT transparent to the user. This page is used on PieFeds main page when you go to register, it’s part of the instance picker. The defederation rating under More is where this shows up. For instance, this means that instances like anarchist.nexus have a “OK” rating but instances like multiverse.soulism.net have a “GOOD” rating.
So the Defederation rating has an OBVIOUS BIAS that isn’t explained to the users at all. Not only is the bias not explained it doesn’t even contain all of the FASCIST INSTANCES IN ITS CALCULATION.
This is problematic for a number of reasons, most of all is that this rating that it generates is NOT transparent to the user. This page is used on PieFeds main page when you go to register, it’s part of the instance picker. The defederation rating under More is where this shows up. For instance, this means that instances like anarchist.nexus have a “OK” rating but instances like multiverse.soulism.net have a “GOOD” rating.
There are all kinds of fun stuff in the Piefed code. Allow me to dredge up a comment I made recently:
@[email protected] was looking at PieFed code the other week, and I ended up taking a look at it too. Its great fun to sneak a peak at.
For example, you cannot cast a vote on PieFed if you’ve made 0 replies, 0 posts, AND your username is 8 characters long:
def cannot_vote(self): if self.is_local(): return False return self.post_count == 0 and self.post_reply_count == 0 and len( self.user_name) == 8 # most vote manipulation bots have 8 character user names and never post any contentIf a reply is created, from anywhere, that only contains the word “this”, the comment is dropped (CW: ableism in the function name):
def reply_is_stupid(body) -> bool: lower_body = body.lower().strip() if lower_body == 'this' or lower_body == 'this.' or lower_body == 'this!': return True return FalseEvery user (remote or local) has an “attitude” which is calculated as follows:
(upvotes cast - downvotes cast) / (upvotes + downvotes). If your “attitude” is < 0.0 you can’t downvote.Every account has a Social Credit Score, aka your Reputation. If your account has less than 100 reputation and is newly created, you are not considered “trustworthy” and there are limitations placed on what your account can do. Your reputation is calculated as
upvotes earned - downvotes earnedaka Reddit Karma. If your reputation is at -10 you also cannot downvote, and you can’t create new DMs. It also flags your account automatically if your reputation is to low:PieFed boasts that it has “4chan image detection”. Let’s see how that works in practice:
if site.enable_chan_image_filter: # Do not allow fascist meme content try: if '.avif' in uploaded_file.filename: import pillow_avif # NOQA image_text = pytesseract.image_to_string(Image.open(BytesIO(uploaded_file.read())).convert('L')) except FileNotFoundError: image_text = '' except UnidentifiedImageError: image_text = '' if 'Anonymous' in image_text and ( 'No.' in image_text or ' N0' in image_text): # chan posts usually contain the text 'Anonymous' and ' No.12345' self.image_file.errors.append( "This image is an invalid file type.") # deliberately misleading error message current_user.reputation -= 1 db.session.commit() return FalseYup. If your image contains the word
Anonymous, and contains the textNo.orN0it will reject the image with a fake error message. Not only does it give you a fake error, but it also will dock your Social Credit Score. Take note of thecurrent_user.reputation -= 1PieFed also boasts that it has AI generated text detection. Let’s see how that also works in practice:
# LLM Detection if reply.body and '—' in reply.body and user.created_very_recently(): # usage of em-dash is highly suspect. from app.utils import notify_admin # notify adminThis is the default detection, apparently you can use an API endpoint for that detection as well apparently, but it’s not documented anywhere but within the code.
Do you want to leave a comment that is just a funny gif? No you don’t. Not on PieFed, that will get your comment dropped and lower your Social Credit Score!
if reply_is_just_link_to_gif_reaction(reply.body) and site.enable_gif_reply_rep_decrease: user.reputation -= 1 raise PostReplyValidationError(_('Gif comment ignored'))How does it know its just a gif though?
def reply_is_just_link_to_gif_reaction(body) -> bool: tmp_body = body.strip() if tmp_body.startswith('https://media.tenor.com/') or \ tmp_body.startswith('https://media1.tenor.com/') or \ tmp_body.startswith('https://media2.tenor.com/') or \ tmp_body.startswith('https://media3.tenor.com/') or \ tmp_body.startswith('https://i.giphy.com/') or \ tmp_body.startswith('https://i.imgflip.com/') or \ tmp_body.startswith('https://media1.giphy.com/') or \ tmp_body.startswith('https://media2.giphy.com/') or \ tmp_body.startswith('https://media3.giphy.com/') or \ tmp_body.startswith('https://media4.giphy.com/'): return True else: return FalseI’m not even sure someone would actually drop a link like this directly into a comment. It’s not even taking into consideration whether those URLs are part of a markdown image tag.
As Edie mentioned, if someone has a user blocked, and that user replies to someone, their comment is dropped:
if parent_comment.author.has_blocked_user(user.id) or parent_comment.author.has_blocked_instance(user.instance_id): log_incoming_ap(id, APLOG_CREATE, APLOG_FAILURE, saved_json, 'Parent comment author blocked replier') return NoneFor Example:
(see Edies original comment here)
More from Edie:
Also add if the poster has blocked you! It is exactly as nonsense as you think.
Example:
I made a post in [email protected] from my account [email protected], replied to it from my other [email protected] account. Since the .social account has blocked the .zip, it doesn’t show up on .social, nor on e.g. piefed.europe.pub.
I then made a comment from my lemmy.ml account, and replied to it from my piefed.zip account, and neither .social, nor europe.pub can see my .zip reply, but can see my lemmy.ml comment!
[ Let me add more clarity here: what this feature does is two things. On a local instance, if you block someone who is on your instance, they cannot reply to you. However, this condition is not federated (yet, it would seem), and so, to get around this “issue”, the system will drop comments from being stored in the PieFed database IF the blocked user is remote. This means you end up with “ghost comment chains” on remote instances. There is NEW code as of a few weeks ago, that will send an AUTOMATED mod action against blocked remote users to remove the comment. So long as the community is a local PieFed community, it will federate that mod action to the remote server, removing the comment automatically. For PieFed servers, eventually, they would rather federate the users block list (that’s fair), but it would seem this code to send automated mod actions to remove comments due to user blocks is going to stay just for the Lemmy Piefed interaction. I don’t really understand why the system simply doesn’t prevent the rendering of the comment, instead of stopping it from being stored. It knows the user is blocked, it already checks it, it should then just stop rendering the chain of comments for the given user, prevent notifications from those users, etc. ]
But wait! There’s More!
Lemmy.mlout of the box. I was mistaken about lemmy.ml.Moderators of a community can kick you from a community, which unsubscribes you from it, and does not notify you.This has been removed actually, the API endpoint is still there.All this to say. Piefed is a silly place, and no one should bother using its software.
The math here is hilarious.
Goddamn, I’m glad I didn’t bother creating an account there when people were singing it’s praises.
Can you tell me why you keep claiming this when I’ve specifically said this is not the case here?
"And no, it does not defederate from lemmy.ml out of the box. You are completely misunderstanding that code. I have already addressed this here.
“Alright, it doesn’t do any defederation, this function just controls what the api reports. It will list which of those four instances the instance is defederated from but that doesn’t look like it is actually used anywhere to do something…let me grab you links here is where piefed digests this api endpoint to populate the instance_chooser table, and the defed_list field isn’t actually used at all”
In the admin back end video produced to show the features of the software, these sites were said to be “defaults” by the software creator, and they are prefilled in. You can change them after the fact, this is true, but if you simply spin up the instance and never touch those settings they are defederated. I know this is true, because I am in contact with an admin who manages a PieFed instance that is federated with Hexbear, they had to remove the Hexbear defederation after initial setup.
Dude, I specifically spoke to wjs (one of the main contributors to this project) about this claim - and he examined the code. It doesn’t do what you claim it does. That quote is directly from him. Hexbear and Lemmygrad are automatically defederated but if you remove them and them remove all the defederations entirely, it won’t just repopulate them with those instances and automatically add lemmy.ml.
Lemmy.ml was never a default in the first place when it comes to defederation. Piefed.social doesn’t even defederate lemmy.ml.
I’m telling you that Hexbear.net is on by default, and so is lemmygrad.ml. They both need to be removed from your settings before you can federate with them. There shouldn’t be any default instances period.
You should probably re-read what Skavau said. They’re talking specifically about lemmy.ml
Ah yeah I see that. It still doesn’t change my position on if the system should have defaults.
Hexbear and Lemmygrad aren’t Lemmy.ml. I never claimed that hexbear and lemmygrad aren’t defederated by default.
The claim you’re linking to though also alleges that lemmy.ml is automatically defederated, and that if you wipe all defederations entirely it will repopulate them back.
Ok, you have this completely off base about it “not doing anything”. While I might be wrong about it defederating, what this code ACTUALLY does is rate other instances defederation lists based on this hard coded list. Let me explain:
The
site_instance_chooser_view()function in/app/api/alpha/views.pyprovides a JSON representation of the current site’s metadata for the instance chooser feature. This feature allows users to browse and compare different Fediverse instances before choosing one to join.Within
site_instance_chooser_view(), thedefed_listvariable is defined as follows (lines 1148‑1151):defed_list = BannedInstances.query.filter(or_(BannedInstances.domain == 'hexbear.net', BannedInstances.domain == 'lemmygrad.ml', BannedInstances.domain == 'hilariouschaos.com', BannedInstances.domain == 'lemmy.ml')).order_by(BannedInstances.domain).all()This query retrieves only four specific domains from the
BannedInstancestable:hexbear.netlemmygrad.mlhilariouschaos.comlemmy.mlThe resulting list is used to populate the
defederationfield in the returned JSON (line 1187):'defederation': list(set([instance.domain for instance in defed_list])),The
defederationfield is part of the site metadata returned by the API endpoint/api/alpha/site/instance_chooser. This endpoint is called by the instance‑chooser UI (/auth/instance_chooser) when a user clicks “More” on an instance card.The template
app/templates/auth/instance_chooser.htmluses thedefederationlist to compute a defederation quality rating. The rating is based on how many of the four watched domains are blocked:This rating is displayed in the instance details modal under the “Defederation” label (line 114 of the template).
The UI also contains commented‑out code (lines 124‑130) that would show individual status indicators for each of the four domains, but this is currently disabled.
This is problematic for a number of reasons, most of all is that this rating that it generates is NOT transparent to the user. This page is used on PieFeds main page when you go to register, it’s part of the instance picker. The defederation rating under More is where this shows up. For instance, this means that instances like anarchist.nexus have a “OK” rating but instances like multiverse.soulism.net have a “GOOD” rating.
Anarchist.nexus has an “OK” raiding because they block Lemmygrad.ml (socialist) and hilariouschaos.com (MAGA instance)
multiverse.soulism.net has a “GOOD” rating because they block Lemmygrad.ml (socialist), Hexbear.net (socialist), lemmy.ml (operated by open communists).
So the Defederation rating has an OBVIOUS BIAS that isn’t explained to the users at all. Not only is the bias not explained it doesn’t even contain all of the FASCIST INSTANCES IN ITS CALCULATION.
https://piefed.social/auth/instance_chooser
The only measurements here seem to be stability.
“These servers are ordered by speed so it may vary depending on time of day, etc”
Click the “more” button and scroll down.