Hey folks!

Just a quick update: we now have a dedicated status page for lemm.ee.

You can find it at status.lemm.ee. It currently contains three sections:

1. A web status section, which I will update manually to communicate issues about lemm.ee
2. A financial status section, which I will update monthly to give an overview of how we're doing financially
3. A federation section, which automatically checks the current federation status, both incoming and outgoing, between lemm.ee and other instances. By default it shows 3 large instances, but you can also search for any specific instance you are interested in.

This status page is hosted completely separately from our main servers, so if there is any trouble with our servers, you can expect the status page to still be available!

If you have any issues with this page, or any other thoughts, feel free to comment.

Hey folks

This is a heads up that I will be performing some maintenance and hardware upgrades on our database this Saturday.

We are currently experiencing several spikes throughout the day which cause our database to become overloaded - this results in degraded performance for many users. The spikes are happening due to a combination of continued growth of the database, some expensive periodic scheduled tasks which Lemmy runs, and fluctuating traffic patterns. Some of this can be optimized on the code level in the future, but it seems that the best way to deal with it right now is to add some additional resources to our database server.

I am intending to switch to slightly different hardware in this upgrade, and will be unable to make this switch without downtime, so unfortunately lemm.ee will be unavailable for the duration.

As our database has grown quite a bit, cloning it will most likely take a few hours, so I expect the downtime to last 2-3 hours. Sorry for the inconvenience, I am hopeful that it will be worth it and that this upgrade will significantly reduce some of our recent long page load times!

Edit: upgrade complete!

I have now migrated the lemm.ee database from the original DigitalOcean managed database service to a dedicated server on Hetzner.

As part of this migration, I have also moved all of our Lemmy servers from the DigitalOcean cloud to Hetzner's Cloud. I always want the servers to be as close as possible to the database, in order to keep latencies low. At the same time, I am very interested in having the ability to dynamically spin up and down servers as needed, so a cloud-type solution is really ideal for that. Fortunately, Hetzner allows connecting cloud servers to their dedicated servers through a private network, so we are able to take advantage of a powerful dedicated server for the database, while retaining the flexibility of the cloud approach for the rest of our servers. I'm really happy with the solution now.

In terms of results, I am already seeing far better page load times and far less resource use on the new hardware, so I think the migration has been a success. I will keep monitoring things and tuning as necessary.

Hey folks!

Lemmy 0.19 was released this week! It brings a bunch of awesome new features, so I hope you are all willing to forgive some downtime in order to upgrade to this latest version.

Unfortunately some migration will be necessary as part of this upgrade, so it might take a while, but I will try to keep it as short as possible.

I hope you are all having a great holiday period, and I will see you soon in 0.19!

Edit: Update complete!

Welcome to 0.19! Unfortunately, the upgrade took somewhat longer than usual, but I believe everything is in order now. As always, please let me know if you notice anything strange, and have fun!

Hey folks!

I made a short post last night explaining why image uploads had been disabled. This was in the middle of the night for me, so I did not have time to go into a lot of detail, but I'm writing a more detailed post now to clear up where we are now and where we plan to go.

What's the problem?

As shared by the lemmy.world team, over the past few days, some people have been spamming one of their communities with CSAM images. Lemmy has been attacked in various ways before, but this is clearly on a whole new level of depravity, as it's first and foremost an attack on actual victims of child abuse, in addition to being an attack on the users and admins on Lemmy.

What's the solution?

I am putting together a plan, both for the short term and for the longer term, to combat and prevent such content from ever reaching lemm.ee servers.

For the immediate future, I am taking the following steps:

1) Image uploads are completely disabled for all users

This is a drastic measure, and I am aware that it's the opposite of what many of our users have been hoping, but at the moment, we simply don't have the necessary tools to safely handle uploaded images.

2) All images which have federated in from other instances will be deleted from our servers, without any exception

At this point, we have millions of such images, and I am planning to just indiscriminately purge all of them. Posts from other instances will not be broken after the deletion, the deleted images will simply be loaded directly from other instances.

3) I will apply a small patch to the Lemmy backend running on lemm.ee to prevent images from other instances from being downloaded to our servers

Lemmy has always loaded some images directly from other servers, while saving other images locally to serve directly. I am eliminating the second option for the time being, forcing all images uploaded on external instances to always be loaded from those servers. This will somewhat increase the amount of servers which users will fetch images from when opening lemm.ee, which certainly has downsides, but I believe this is preferable to opening up our servers to potentially illegal content.

For the longer term, I have some further ideas:

4) Invite-based registrations

I believe that one of the best ways to effectively combat spam and malicious users is to implement an invite system on Lemmy. I have wanted to work on such a system ever since I first set up this instance, but real life and other things have been getting in the way, so I haven't had a chance. However, with the current situation, I believe this feature is more important then ever, and I'm very hopeful I will be able to make time to work on it very soon.

My idea would be to grant our users a few invites, which would replenish every month if used. An invite will be required to sign up on lemm.ee after that point. The system will keep track of the invite hierarchy, and in extreme cases (such as spambot sign-ups), inviters may be held responsible for rule breaking users they have invited.

While this will certainly create a barrier of entry to signing up on lemm.ee, we are already one of the biggest instances, and I think at this point, such a barrier will do more good than harm.

5) Account requirements for specific activities

This is something that many admins and mods have been discussing for a while now, and I believe it would be an important feature for lemm.ee as well. Essentially, I would like to limit certain activities to users which meet specific requirements (maybe account age, amount of comments, etc). These activities might include things like image uploads, community creation, perhaps even private messages.

This could in theory limit creation of new accounts just to break rules (or laws).

6) Automated ML based NSFW scanning for all uploaded images

I think it makes sense to apply automatic scanning on all images before we save them on our servers, and if it's flagged as NSFW, then we don't accept the upload. While machine learning is not 100% accurate and will produce false positives, I believe this is a trade-off that we simply need to accept at this point. Not only will this help against any potential CSAM, it will also help us better enforce our "no pornography" rule.

This would potentially also allow us to resume caching images from other instances, which will improve both performance and privacy on lemm.ee.

With all of the above in place, I believe we will be able to re-enable image uploads with a much higher degree of safety. Of course, most of these ideas come with some significant downsides, but please keep in mind that users posting CSAM present an existential threat to Lemmy (in addition to just being absolutely morally disgusting and actively harmful to the victims of the abuse). If the choice is between having a Lemmy instance with some restrictions, or not having a Lemmy instance at all, then I think the restrictions are the better option.

I also would appreciate your patience in this matter, as all of the long term plans require additional development, and while this is currently a high priority issue for all Lemmy admins, we are all still volunteers and do not have the freedom to dedicate huge amounts of hours to working on new features.

As always, your feedback and thoughts are appreciated, so please feel free to leave a comment if you disagree with any of the plans or if you have any suggestions on how to improve them.

Sorry for the short post, I'm not able to make it nice with full context at the moment, but I want to quickly get this announcement out to prevent confusion:

Unfortunately, people are uploading child sexual abuse images on some instances (apparently as a form of attack against Lemmy). I am taking some steps to prevent such content from making it onto lemm.ee servers. As one preventative measure, I am disabling all image uploads on lemm.ee until further notice - this is to ensure that lemm.ee can not be used as gateway to spread CSAM into the network.

It will not possible to upload any new avatars or banners while this limit is in effect.

I'm really sorry for the disruption, it's a necessary trade-off for now until we figure out the way forward.

Hey folks

I have been receiving a lot of messages every single day about federation with hexbear. Some of our users are vehemently against it, others are in full support. The conversation does not seem to be dying down, rather, the volume of messages I receive about it seems to be increasing, so I am opening this public space where we can openly discuss the topic.

I am going to write a wall of text about my own thoughts on the situation, I’m sorry, but no tl;dr this time, and I ask anybody participating in this thread to first read through this post before commenting.

Before I go any further, I want to be clear that for anybody who participates here, it is required to focus on the quality of your posts. That means:

• Be kind to each other, even if you disagree
• Use arguments rather than calling people names
• Realize that this is a divisive topic, so your comments should be even more thoughtful than usual

With that out of the way, there are a few things I want to cover.

On defederation in general

First of all, I am a firm believer that defederation must be reserved only for cases where all other methods have failed. If defederation is used liberally, then a small group of malicious users can effectively completely shut down the federated network, by simply creating the type of drama between instances which would inevitably result in defederation. In my view, federation is the biggest strength of Lemmy compared to any centralized discussion forum, so naturally I think maintaining federation by default is an important goal in general.

I am also a believer in the value of deplatforming hateful content, but I think defederation is not the best way to do this. Banning individual users, banning communities and establishing a culture of mutual support between mods and admins of different instances should be the first line of defense against such content. There are some further steps that can be taken before defederation as well, but these are not really documented anywhere (in order to prevent circumvention). The point is: for myself, defederation is the absolute last resort, only to be used when it is completely clear that other methods are ineffective.

Finally, I am wary of creating a false expectation among lemm.ee users that lemm.ee admins endorse all users and communities and content on instances we are federated with. Here at lemm.ee, we use a blocklist for federation, which means our default apporach is to federate with all new instances. We do not have the resources (manpower, skills and knowledge) necessary to pass judgement on all instances which exist out there, as a result, users on lemm.ee are expected to curate their own content to quite a high degree. In addition to downvoting and/or reporting as necessary, individual lemm.ee users are also able to block specific users and communities, and the ability to block entire instances is coming very soon as well.

Having said all that, in a situation where all other methods do indeed fail, defederation is not out of the question. Making such a call is up to the discretion of lemm.ee admins, and doing it as a last resort is completely in line with our federation policy.

Regarding hexbear

Hexbear is an established Lemmy instance, focused on many flavors of leftism. They have quite a large userbase who are very active on Lemmy (often so active that they leave the impression brigading all popular Lemmy posts). One important thing to note is that while some forms of bigotry seem to be quite accepted by many hexbear users (but seemingly not by mods - more on that below), they at least are very protective of LGBT rights (and yes, I am quite certain that they are not just pretending to do this, as many users seem to believe). Additionally, while I have noticed quite high quality posts from hexbear users, there are also several users there who seem to really enjoy trolling and baiting (very reminiscent of 4chan-type “for the lulz” posting), and it’s important to note that this kind of posting is in general allowed on hexbear itself.

The reason this whole topic is important to so many people right now (despite hexbear being a relatively old instance), is that hexbear only recently enabled federation. A combination of their volume of posts, their strong convictions, the excitement about federation, and the aforementioned trolling has made them very visible to almost all Lemmy users, and this has sparked discussions about the value of federation with hexbear on a lot of Lemmy instances.

My own experience with hexbear

I want to write down my own experience with interacting with hexbear users, mods, and admins over the past few days. I believe this experience will highlight why I am hesitant to advocate for immediate full defederation from hexbear at this point in time, and am for now still more in favor of taking action on a more individual user basis. Please read and see how you feel about the situation afterwards.

Background

My first real contact with hexbear users was in the comments section of a post in this meta community requesting defederation from hexbear by @[email protected]. That post is now locked, because several hexbear users very quickly started doing the aforementioned “for the lulz” type spamming of meme images in the comments (these are actually just emojis, but they are rendered as full-size images on all instances other than the source instance, due to a current Lemmy bug).

I did not want to take further actions in that thread in general (for archival purposes), but I did take one action, which in retrospect was a mistake: I removed a comment which contained the hammer and sickle symbol. I ignorantly associated this symbolism with Kremlin propaganda, and the atrocities my own people suffered at the hands of the soviet union during the previous century. Many users (including hexbear users) correctly (and politely) pointed out to me in DMs that the symbol has a much broader use than just as the symbol of the USSR, and people elsewhere in the world may not associate it with the USSR at all. I am grateful for users who pointed this out to me without resorting to personal attacks.

Let me be clear here: while I do not have anything against leftism or communist ideas in general (in fact in today’s world, I think discussion of such ideas is quite necessary), Kremlin propaganda has no place on lemm.ee. Any dehumanizing talking points of the Kremlin on lemm.ee are treated as any other bigotry, and if communist symbolism is used in context of Kremlin propaganda (that is the context in which I have been exposed to it throughout my whole life), then it will still be removed. But there is no blanket ban on communist symbolism in general on lemm.ee, and discussing and advocating for leftist and communist topics (as distinct from the imperialist and dehumanizing policies of the Kremlin) is certainly allowed on lemm.ee.

Hexbear user response

Coming back to the events of the past few days: soon after my removal of the comment containing the symbol from the meta thread, two posts popped up on hexbear. One was focused on insulting and spreading lies about me personally. Another was focused on diminishing the horrors of the soviet occupation in my country. In the comments under both of these posts (and in a few other threads on hexbear), I noticed some seriously disturbing bigotry against my people. There were comments which reflected the anti-Estonian propaganda of the current Russian state, things like:

• Suggesting that my people has no right to exist
• Stating that my people (and other Baltic nations) are subhuman
• Claiming that anybody critical of both nazi and soviet occupations is themselves a nazi and a holocaust denier

I expect to hear such statements from the Russian state - here in Estonia, we are subjected to this and other kinds of bigotry constantly from Russian media - but to see it spread openly in non-Russian channels is extremely disturbing. Such bigotry is completely against lemm.ee rules in general. Additionally, my identity is public information, because I feel it’s important for the integrity of lemm.ee that I don’t hide behind anonymity. Considering this, I’m sure you can understand why I am very worried about my own safety when people leave comments in many unrelated threads (where my original posts are not even visible), baselessly calling me a nazi and a holocaust denier.

Note that the goal of this post is not to start a new debate in the comments about the the repressions of the soviet union in Estonia or other occupied territories, but if the topic interests any users, I can recommend the 2006 documentary The Singing Revolution (imdb). The trailer is a bit cheesy, but the actual film contains lots of historical footage from the soviet occupation, and also many interviews with people who experienced it, who share stories which are deeply familiar to all Estonians. If anybody is interested in further discussion, then I suggest making a post about it in the Estonian community here: [email protected].

Hexbear admin response

After the above events had played out, I reached out to hexbear admins for clarification on their moderation policies and how they handle such cases. I was actually very happy with their response:

1. They immediately removed the personal attacks and dehumanizing comments containing Kremlin propaganda from Hexbear, and assured me that such content is always handled by mods
2. They told me that while there are all kinds of leftists on hexbear, Russian disinformation is generally either refuted in comments or removed by mods
3. They implemented some additional rules on hexbear to try and reduce the trolling experienced by many other instances, including ours: https://hexbear.net/post/352119

My personal take-aways

Let me play the devil’s advocate here and employ some “self-whataboutism”: among all users that have been banned on lemm.ee for bigotry, the majority were actually not users from other instances, and in fact people with lemm.ee accounts. If we judge any larger instance only by bigoted posts that some of its users make, then we might as well declare all instances as cesspools and close down Lemmy completely. I believe it’s far more useful to judge instances based on moderation in response to such content. Just as we remove bigoted content from lemm.ee, I have also witnessed bigoted content being removed from hexbear.

At the same time, I am aware of some internal conflict between hexbear users over the more strict moderation they are now starting to employ, and I am definitely keeping an eye on that situation and how admins handle it.

I am also still quite worried about the amount of distinct users on hexbear who have posted Kremlin propaganda. I so far don't have reason to believe that these users are employed by the Russian state, but the fact that they are spreading the same hateful content which can be seen on Russian television seems problematic to say the least, and it remains to be seen if moderators can truly keep up with such content.

Where thing stand right now

I am not convinced that we are currently at a point where the “last resort” of defederation is necessary. This is based on the presumption that our moderation workload at lemm.ee will not get out of hand just due to users from that particular instance. My current expectation is that as the excitement of federation calms down (and as new rules on hexbear go into effect), the currently relatively high volume of low effort trolling will be replaced by more thoughtful posts. If this is not the case then we will certainly need to re-evaluate things.

Additionally, nothing is changing about our own rules regarding bigotry. Especially relevant in the context of Kremlin propaganda, I want to say that dehumanizing anybody is not allowed on lemm.ee (hopefully I do not have to spell it out, but this of course includes Ukrainians, LGBT folks, and others that the Kremlin despises), and action will be taken against any users who do this, regardless of what instance they are posting from.

Finally, I am very interested to hear thoughts and responses from our own users. I am super grateful to anybody who actually took the time to read through this massive dump of my own thoughts, and I am very interested to get a proper understanding of how our users feel about what I’ve written here. Please share any thoughts in the comments.

Hey all!

I promised to write an update about our current financial situation. This post will list all the incomes and expenses for the past few months up until today. I will also try to give some estimates on future expenses.

Let's start with expenses

June

• 14.12€ - Outgoing e-mails
• 222.28€ - Cloudflare Pro (1 year subscription, paid upfront)

July

• 94.32€ - Server infrastructure for June
• 22.06€ - Outgoing e-mails

August

• 280.70€ - Server infrastructure for July
• 13.84 - Outgoing e-mails

Total expenses so far: 647.32€

Next up: income

June

• 500€ - initial contribution by myself

July

• 174.66€ - Ko-Fi donations for June

August

• 247.64€ - Ko-Fi donations for July
• 1358.95€ - GitHub sponsorships for June, July and August (pending until the 22nd)

Total income so far: 922.30€ + 1358.95€ (pending)

Current balance: 274.98€ (cleared) + 1358.95€ (pending)

One more note regarding the donations: the bulk of the donation income is actually from early July. Initially in July, the split between one time and recurring donations was roughly 50%-50%, but at this point in August, most (over 90%) of income is generated by recurring donations.

Let me also try to answer a few potential questions:

Why is the GitHub sponsorship income pending?

I opened GitHub sponsorships in June. GitHub has a policy to initially hold all funds for a 60-day probation period to prevent abuse, so they have been holding all sponsorships for the past few months. As of today, we have passed the 60-day period, and I can see an update in my dashboard which says that all accumulated funds will be released on the 22nd (and any future funds will be paid out monthly after that).

Will infrastructure costs keep increasing?

I don't want to jinx it, but in fact I believe we have managed to stabilize costs for now. I expect August costs to be more or less similar to July. I don't have an exact figure here, because I am constantly scaling resources up to respond to spikes in traffic, and scaling down whenever I am able to optimize any slow parts of Lemmy. But on average I believe we won't be using more resources in August than we did in July.

By the way, quick side note here: many developers have submitted several great optimization patches to Lemmy over the summer, and without this, it would be almost impossible to run Lemmy at its current scale. I'm 100% sure that if the whole network downgraded to 0.17.4 today, the network would just collapse. Having said that, there is still a long way to go with optimizations, with many known issues that still need to be solved.

How long will our current funds last us?

Assuming we don't need to massively scale up servers any time soon, our current buffer will last us at least until the end of 2023, if not longer.

I want to give a huge thanks to all sponsors and donors - as you can see from the numbers, you are having a huge effect on the financial viability of lemm.ee!

We have certainly scaled past a point where I could financially support lemm.ee just on my own, so all lemm.ee users truly owe their gratitude to all sponsors for covering the costs of this platform.

As always, if anybody has any further questions or comments, please let me know!

Hey folks!

It's time for some lemm.ee updates! Feel free to skip ahead to whichever sections seem interesting to you.

New bot rules

The reception to my previous meta post was very positive, so we are going ahead with the new bot rules on lemm.ee. The new rules have been added to our front page sidebar and will be enforced by admins starting on the 1st of August.

The final version of the rules look like this:

• All bot accounts must be explicitly marked as bots
• Bots must not vote on any posts or comments
• Bots must disclose their specified purpose in their profile
• Bots must not be responsible for the majority of content in any community

The goal for now is to limit bots to a support role. In other words, we have nothing against bots which are used to support running a community for real people, but we do not currently want to host communities which are completely filled with bot content on lemm.ee.

It's definitely true that bot-only communities might provide valuable content, but we need to balance this value with how bots affect our feeds. If in the future the volume of organic user-created content on lemm.ee increases to a point where bots can't easily overwhelm the local feeds, then we may reconsider the last rule.

I apologize again to any bot developers who have chosen lemm.ee as the home for your bot-driven communities, I hope you can find another instance without too much trouble.

0.18.3 update

Last week, lemm.ee was updated to Lemmy version 0.18.3. We were previously already running a patched version of 0.18.2 which included many of the performance improvements that landed in .3, so the upgrade did not have as much of an effect on lemm.ee as it probably did on many other instances.

In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again.

lemm.ee stance on hosting alternate Lemmy frontends

In the past few months, a lot of alternate web UIs for Lemmy have started cropping up. I've checked out a few of these and I think a few look really cool!

While such frontends generally provide ways to use them without being directly hosted on any specific instance, some instances have begun hosting such frontends on their own servers as well. I've also received a few dozen requests to host such frontends directly on lemm.ee. I would like to address these requests directly here.

For the time being, I am not planning to host any other frontends than the default lemmy-ui on lemm.ee. There are several reasons for this.

I am personally familiar with lemmy-ui code (to a reasonable extent). I know what it's doing overall, I know several of its pitfalls and I am able to quickly react in case of issues. As just one example, lemm.ee was the first instance in the world which fixed the weak script-src CSP in lemmy-ui that enabled the recent login session breach on some other instances - this is because I deployed the code on lemm.ee before I submitted a PR to the lemmy-ui repo with the fix.

The above would not be true for alternative frontends. I don't have the capacity to go through the implementation details of additional projects at the moment, so I have no idea what the code would be doing in any third party UI. I have no way to guarantee that it's not malicious to begin with. Even if the code is not malicious, I would not be able to quickly apply patches if problems crop up.

As a result of all this, I am not comfortable with hosting these third party frontends on lemm.ee for now. Note that this does not mean you're not able to use such frontends with lemm.ee - all the ones I've checked will work perfectly fine without being hosted on the same domain as the instance itself. But as with any 3rd party app, please be careful when using these frontends - by doing so, you are effectively sharing your username and password with anybody who is developing and hosting them.

Personal note

Some of you may have noticed that I have been a bit less active in the several Lemmy-related communication channels & GitHub for the past week or so. The reason for this is that I've had two stressful things happen: earlier this month, I found extensive water damage in my house which is not covered by insurance. Even worse, shortly after this discovery, I received news that my current place of work, a startup, is shutting down at the end of August (mostly due to changed market conditions).

As a result, I've been spending a fair bit of time trying to deal with the renovation of my house & now am also spending additional time trying to figure out where I can land in terms of employment in order to keep putting food on the table. Nevertheless, I am hoping to get back to more Lemmy contributions soon.

Sorry to use this space for selfish purposes, but I would like to take this chance to note that if anybody is looking for a remote software engineer, I am currently open to new opportunities! Just as a short overview about myself:

• I've been working as a software engineer for over a decade, about 5 years in technical leadership roles
• I have experience with end to end ownership of software platforms - everything from writing code to running it in production
• I'm based in the EU but happy to work in either EU or US timezones
• For the past few years, my main tech stack has been TypeScript (nodejs/react) + Postgres + Terraform, but I have extensive experience with a lot of other technologies and generally am quite adaptable
• I have experience running platforms at considerably bigger scale than Lemmy

I would of course happily go into much more details if you contact me directly, so if this is interesting to anybody then please feel free to reach out!

Also, please let me assure anybody who is worried: lemm.ee funding is not currently in jeopardy. For the next couple of months, lemm.ee is not even dependant on a single cent of my own financial contributions, as community support has provided enough money already to give us a nice buffer. I am planning to write a summary of our financials in the next few weeks, please keep an eye on the meta community if you're interested in seeing this!

That's all for now, thanks to anybody who has made it this far! As always, please feel free to leave comments below if you have any thoughts or questions.

Hey folks!

I think I usually write too much, so I will try to keep it short and sweet this time.

Discord

I have created an official Discord server for lemm.ee! This is mostly intended as a back-up channel to share announcements with users - for example, if there is ever an incident and lemm.ee is offline, I can send updates about the situation in Discord. But feel free to join if you just want to chat with other lemm.ee users as well!

You can join the Discord at this link: https://discord.gg/XM9nZwUn9K

New admins

Two new admins have been added to the team! @Matt_[email protected] and @[email protected] have stepped up and volunteered to help me take care of the report queue. I think having good admins is super important to ensure a pleasant experience for all users, so I'm super happy that we have users who were willing to share this responsibility with me.

My hope is that adding a few more admins has helped ensure that I am less of a single point of failure for lemm.ee now. I am still considering maybe adding one or two more admins in the near future, but in terms of actual workload, I think the current team is already a pretty good size.

Anyway, that's all I have for you for now - please join the Discord if that's something you're interested in, and please welcome our new admins!

Edit: @[email protected] has been added as an admin as well!

For now, I believe this is a good size for the team, we won't be adding any more admins in the near future. A big thanks to all who responded to the call for admins!

I think for a while leading up to the recent session stealing hack, there has been a massive amount of positivity from Lemmy users around all kinds of new Lemmy apps, frontends, and tools that have been popping up lately.

Positivity is great, but please be aware that basically all of these things work by asking for complete access to your account. When you enter your Lemmy password into any third party tool, they are not just getting access to your session (which is what was stolen from some users during the recent hack), they also get the ability to generate more sessions in the future without your knowledge. This means that even if an admin resets all sessions and kicks all users out, anybody with your password can of course still take over your account!

This isn't to say that any current Lemmy app developers are for sure out to get you, but at this point, it's quite clear that there are malicious folks out there. Creating a Lemmy app seems like a completely easy vector to attack users right now, considering how trusting everybody has been. So please be careful about what code you run on your devices, and who you trust with your credentials!