RedWizard [he/him]

2026-01-28 20:03:38

There are all kinds of fun stuff in the Piefed code. Allow me to dredge up a comment I made recently:

@edie@lemmy.encryptionin.space was looking at PieFed code the other week, and I ended up taking a look at it too. Its great fun to sneak a peak at.

For example, you cannot cast a vote on PieFed if you've made 0 replies, 0 posts, AND your username is 8 characters long:

    def cannot_vote(self):
        if self.is_local():
            return False
        return self.post_count == 0 and self.post_reply_count == 0 and len(
            self.user_name) == 8  # most vote manipulation bots have 8 character user names and never post any content

If a reply is created, from anywhere, that only contains the word "this", the comment is dropped (CW: ableism in the function name):

def reply_is_stupid(body) -> bool:
    lower_body = body.lower().strip()
    if lower_body == 'this' or lower_body == 'this.' or lower_body == 'this!':
        return True
    return False

Every user (remote or local) has an "attitude" which is calculated as follows: (upvotes cast - downvotes cast) / (upvotes + downvotes). If your "attitude" is < 0.0 you can't downvote.

Every account has a Social Credit Score, aka your Reputation. If your account has less than 100 reputation and is newly created, you are not considered "trustworthy" and there are limitations placed on what your account can do. Your reputation is calculated as upvotes earned - downvotes earned aka Reddit Karma. If your reputation is at -10 you also cannot downvote, and you can't create new DMs. It also flags your account automatically if your reputation is to low:

PieFed boasts that it has "4chan image detection". Let's see how that works in practice:

            if site.enable_chan_image_filter:
                # Do not allow fascist meme content
                try:
                    if '.avif' in uploaded_file.filename:
                        import pillow_avif  # NOQA
                    image_text = pytesseract.image_to_string(Image.open(BytesIO(uploaded_file.read())).convert('L'))
                except FileNotFoundError:
                    image_text = ''
                except UnidentifiedImageError:
                    image_text = ''

                if 'Anonymous' in image_text and (
                        'No.' in image_text or ' N0' in image_text):  # chan posts usually contain the text 'Anonymous' and ' No.12345'
                    self.image_file.errors.append(
                        "This image is an invalid file type.")  # deliberately misleading error message
                    current_user.reputation -= 1
                    db.session.commit()
                    return False

Yup. If your image contains the word Anonymous, and contains the text No. or N0 it will reject the image with a fake error message. Not only does it give you a fake error, but it also will dock your Social Credit Score. Take note of the current_user.reputation -= 1

PieFed also boasts that it has AI generated text detection. Let's see how that also works in practice:

# LLM Detection
        if reply.body and '—' in reply.body and user.created_very_recently():
            # usage of em-dash is highly suspect.
            from app.utils import notify_admin
            # notify admin

This is the default detection, apparently you can use an API endpoint for that detection as well apparently, but it's not documented anywhere but within the code.

Do you want to leave a comment that is just a funny gif? No you don't. Not on PieFed, that will get your comment dropped and lower your Social Credit Score!

        if reply_is_just_link_to_gif_reaction(reply.body) and site.enable_gif_reply_rep_decrease:
            user.reputation -= 1
            raise PostReplyValidationError(_('Gif comment ignored'))

How does it know its just a gif though?

def reply_is_just_link_to_gif_reaction(body) -> bool:
    tmp_body = body.strip()
    if tmp_body.startswith('https://media.tenor.com/') or \
            tmp_body.startswith('https://media1.tenor.com/') or \
            tmp_body.startswith('https://media2.tenor.com/') or \
            tmp_body.startswith('https://media3.tenor.com/') or \
            tmp_body.startswith('https://i.giphy.com/') or \
            tmp_body.startswith('https://i.imgflip.com/') or \
            tmp_body.startswith('https://media1.giphy.com/') or \
            tmp_body.startswith('https://media2.giphy.com/') or \
            tmp_body.startswith('https://media3.giphy.com/') or \
            tmp_body.startswith('https://media4.giphy.com/'):
        return True
    else:
        return False

I'm not even sure someone would actually drop a link like this directly into a comment. It's not even taking into consideration whether those URLs are part of a markdown image tag.

As Edie mentioned, if someone has a user blocked, and that user replies to someone, their comment is dropped:

if parent_comment.author.has_blocked_user(user.id) or parent_comment.author.has_blocked_instance(user.instance_id):
    log_incoming_ap(id, APLOG_CREATE, APLOG_FAILURE, saved_json, 'Parent comment author blocked replier')
    return None

For Example:

• Cowbees comment on lemmy.ml: lemmy.ml/post/41587312/2328877…
• Non-existent on piefed.social: piefed.social/comment/9647830

(see Edies original comment here)

More from Edie:

Also add if the poster has blocked you! It is exactly as nonsense as you think.

Example:

I made a post in testing@piefed.social from my account testingpiefed@piefed.social, replied to it from my other testingpiefed@piefed.zip account. Since the .social account has blocked the .zip, it doesn't show up on .social, nor on e.g. piefed.europe.pub.

I then made a comment from my lemmy.ml account, and replied to it from my piefed.zip account, and neither .social, nor europe.pub can see my .zip reply, but can see my lemmy.ml comment!

[ Let me add more clarity here: what this feature does is two things. On a local instance, if you block someone who is on your instance, they cannot reply to you. However, this condition is not federated (yet, it would seem), and so, to get around this "issue", the system will drop comments from being stored in the PieFed database IF the blocked user is remote. This means you end up with "ghost comment chains" on remote instances. There is NEW code as of a few weeks ago, that will send an AUTOMATED mod action against blocked remote users to remove the comment. So long as the community is a local PieFed community, it will federate that mod action to the remote server, removing the comment automatically. For PieFed servers, eventually, they would rather federate the users block list (that's fair), but it would seem this code to send automated mod actions to remove comments due to user blocks is going to stay just for the Lemmy Piefed interaction. I don't really understand why the system simply doesn't prevent the rendering of the comment, instead of stopping it from being stored. It knows the user is blocked, it already checks it, it should then just stop rendering the chain of comments for the given user, prevent notifications from those users, etc. ]

But wait! There's More!

• PieFed defederates from Hexbear.net, Lemmygrad.ml, and Lemmy.ml out of the box.
• The "rational discourse" sidebar that you see on the main instance is hard coded into the system.
• ~~Moderators of a community can kick you from a community, which unsubscribes you from it, and does not notify you.~~ This has been removed actually, the API endpoint is still there.
• I was going to say that Admins had the ability to add a weight to votes coming from other instances, but the videos that showed this are now gone, and as of v1.5.0 they have removed the instance vote weight feature, claiming it was "unused".

All this to say. Piefed is a silly place, and no one should bother using its software.

pyfedi/app/community/forms.py at main

pyfedi - Project background: https://join.piefed.social. Flagship instance: https://piefed.social

^Codeberg.org