Codeberg is currently suffering from hate campaigns due to far-right forces, and so are our users. First and foremost, we apologize for everyone who has recently received a notification email from our system containing offending and potentially traumatizing content. We are working hard on containing the effects on our users and systems.
What has happened?
In the past days, several projects advocating tolerance and equal rights on Codeberg have been subject to hate attacks, such as massive spam of abusive messages in their issue trackers. We have been monitoring the situation closely and have tried to clean up the content as quickly as possible.
Often, content remained available only for a few and up to 30 minutes. Due to constrained personal capacities, some rare cases have remained online for longer. We appreciate all your reports to abuse@codeberg.org that help us identify abuse quickly.
On 12 February 2025, an abuser has escalated the attacks to a next level. Instead of targetting individual projects, they have started to create abusive content and mentioned Codeberg users in chunks of 100 each. Depending on the notification settings of users (if you are a user on Codeberg, you can modify it in your settings), these generate notification emails that contain a copy of the post that includes the mention - and thus the abusive content via email.
Although our staff reacted quickly, blocked access to the used functionality and deleted the user accounts, they managed to generate a large amount of notification emails already.
Since this attack is not only harming Codeberg users but the platform itself, both via technical means (we had brief downtime of our systems and our mail server was suffering a lot), as well as by harming the reputation of our platform and trust users have shown us. We expect this incident to be in response to our swift moderation of the previous campaigns that targeted only individual projects.
I just got one of the emails from the individual and codeberg myself and replied to codeberg folks with this:
Keep up the amazing work! We’re in tough times and people are scared and confused. I can’t appreciate enough all you do to keep code with power to the people!
I promise I’ll be donating soon and moving entirely off of GitHub once I get the chance. Let me know how I can help otherwise.
<3 Brian “bits”
It helps me to realize that to fight the extremist disease (be it “alt-right” extremist or “woke” censorship authoritarianism) is to just continue educating people and ignoring vitriol to the best of our ability. People are poor, scared, sick, and clinging to whatever seems like a floating device.
Getting mad or reciprocating this type of behavior is like yelling at a tornado for knocking your house down. Humans are just animals in nature, and while we need to keep ourselves safe and give ourselves space to feel upset at the state of the world just like we would if a Tornado demolished our house, try not to lose hope.
I believe continuing to educate folks on privacy, tolerance, and pluralism as the way to dig ourselves out of this mess will present better boats to get out of the storm.
This is a sad state of affairs, but we will get out of it if we learn how to align social narratives. Encourage those here in the forums and in other open communities who dedicate their time to helping who simultaneously have to deal with maladaptive behaviors.
Humans are not a means to some end, but they are the ends themselves.
Also, it may be good to consider what the defaults when someone signs up.
I don’t remember if it asked me, or if I explicitly changed it, but my profile is set to public (which I don’t mind as I intend this account to be connected to my meatspace profiles and I’m already well known there), but others may come here with questions and like to keep as little information known about them as possible.
I don’t have any Discourse admin panels available to me right now, but my user setting is under:
Preferences > Profile > “Hide my profile” checkbox
Having that as default would lower the amount of people able to see account details in general.
Just some random thoughts.
A lot of this gets blocked through trust levels as someone has to actually contribute to the community before they can spam which I love in Discourse.
On topic, how come someone targeted Codeberg in the first place? They didn’t seem like an overtly political project to me - at least until now. Because, reading the link, they go on an endless tirade (with all the usual buzzwords) about why the “far right” is le bad and “endangers free/libre projects”. This is of course not true.
Free software is not left-wing or right-wing and we should oppose anyone who tries to claim FOSS for “their side” or that the “bad guys” are not allowed to use or contribute to free software.
An interesting bit from the Free Software Foundation on the JSON license:
This license uses the Expat license as a base, but adds a clause mandating: “The Software shall be used for Good, not Evil.” This is a restriction on usage and thus conflicts with freedom 0. The restriction might be unenforcible, but we cannot presume that. Thus, the license is nonfree. Please don’t use this license, and we urge you to avoid any software that has been released under it.
It mission of codeberg is nice but it is not the first time i can’t help but notice a clear gap in security controls. But it is understandably hard to compete here with companies with more resources.
I got the email myself as a codeberg user. Even before this, I wish there was a way to use their CI tool w/o being alerted to random posts. I suppose self-hosting it is an option
To me it’s the most successful global divide-and-rule propaganda technique to push othering to avoid uprisings. I’m a cryptoanarchist which theoretically makes me “far-left” in communist socialist territory to the modern binary political spectrum. I feel like the entire categorization of the alt or far right is similar to the red scare (maybe call it the red-white-and-blue scare).
Just people who have a command of linguistics and rhetoric telling others who don’t what to say for their camps power.
I’ve been nerding out on universal pragmatics research to try and understand how we bridge these gaps in world views because I think most people want the same shit.
This is why censorship is bad. You need people to say their dumb stuff and let the majority of the public have the choice to reject hatred vs unilaterally making that choice for them for profit-incentives. Mostly meaning centralized social media…I think having smaller communities this less of an issue provided there are other places for people to say stuff you don’t agree with.
Allowing your platform to say whatever affects brand reputation. For centralized (for-profit) platforms, this is critical. For decentralized, this burden can be offset by having different instances with specific communities, or at least the notion of community in a central service (I suppose like Reddit). Even then, people may conflate a decentralized app to a single instance or here-say, like “Mastadon is left leaning”, despite individual instance being able to move away from that, but it may artificially influence the direction of the most popular instances.
EDIT: if a platform is sufficiently large enough, it’s also a medium of propaganda, which also affects censorship influence.
I am not convinced linking to examples of the offensive content contributes anything positive to the discussion.
As for modifying the repo, you can certainly consider whether removing the repo would’ve been a better course of action. Realistically, however, the outcome remains the same in terms of rule-breaking content being removed. The owners of platforms will always be entitled to enforce rules and standards as they see fit, just as users are always entitled to go elsewhere.
This post belongs on this forum because there are likely many Codeberg users here who were affected and so this serves as a useful PSA. Discussing the Codeberg incident or their response as a matter of partisan politics is however not appropriate or on-topic for this forum.