Codeberg is currently suffering from hate campaigns due to far-right forces, and so are our users. First and foremost, we apologize for everyone who has recently received a notification email from our system containing offending and potentially traumatizing content. We are working hard on containing the effects on our users and systems.

Most importantly, your private data was not leaked. All emails have been generated through Codeberg's servers using the notification feature and the abusers had no access to your email address directly.

Fighting hate and far-right forces is important to us. Read to the end of this article to learn why.

What has happened?

In the past days, several projects advocating tolerance and equal rights on Codeberg have been subject to hate attacks, such as massive spam of abusive messages in their issue trackers. We have been monitoring the situation closely and have tried to clean up the content as quickly as possible.

Often, content remained available only for a few and up to 30 minutes. Due to constrained personal capacities, some rare cases have remained online for longer. We appreciate all your reports to abuse@codeberg.org that help us identify abuse quickly.

On 12 February 2025, an abuser has escalated the attacks to a next level. Instead of targetting individual projects, they have started to create abusive content and mentioned Codeberg users in chunks of 100 each. Depending on the notification settings of users (if you are a user on Codeberg, you can modify it in your settings), these generate notification emails that contain a copy of the post that includes the mention - and thus the abusive content via email.

Although our staff reacted quickly, blocked access to the used functionality and deleted the user accounts, they managed to generate a large amount of notification emails already.

Since this attack is not only harming Codeberg users but the platform itself, both via technical means (we had brief downtime of our systems and our mail server was suffering a lot), as well as by harming the reputation of our platform and trust users have shown us. We expect this incident to be in response to our swift moderation of the previous campaigns that targeted only individual projects.

How could this happen?

Please understand that Codeberg.org is driven by volunteers mostly. We have sufficient capacity to run the platform under normal conditions, and normal conditions also include some headway to deal with abuse campaigns that come and go. We suppose that most readers did not notice the spam campaigns of the past days, and we are happy that we managed to contain them quickly. We are fighting with advertisement spam, phishing and malware week to week.

However, our capacity was obviously exhausted this time, when it comes to attacks that target us specifically. And we apologize for this.

You might wonder why there are not more technical countermeasures in place to prevent this type of abuse. Technical measures evolve over time, and we have implemented several protections on multiple levels that are trying to contain the amount of abuse you see day to day.

However, doing proper rate-limiting is hard. We need to ensure that legitimate usage of our API and interface is possible, including custom scripts that import or synchronize massive amounts of issues from projects on other platforms. There are some rate-limits tailored to the previous abuse vectors we have seen, which was mostly aggressive advertizing, and so it would not have been possible to create these massive postings if they would have contained a hyperlink to another website, for example.

However, just spamming notification emails to users is a new abuse vector to us, and we did not sufficiently prepare for this. For that, we are sorry.

What will Codeberg do?

Currently, we are investigating the details of the attack and we have implemented short-term countermeasures and monitor activity on the platform closely. Further, we are responding to hundreds of emails from our users that ask about the incident. Some request the deletion of their data in response.

Next up, we will make plans on how to improve our protection against this and future kinds of abuse attacks on Codeberg itself to reduce the likelihood of similar things from ever happening again.

If you want to help with development work on Forgejo, the free/libre and open source software that powers Codeberg, please reach out. Go developers who can commit some time and patience to implement one our more technical measures in the codebase are much appreciated.

Unrelated to the current incident, we have worked with NLnet in the past weeks and secured funding for some moderation tools. A meeting was scheduled for later today at 20.00 CET to talk about technical architecture for a feature that allows reporting abuse directly in the app and the goal is to implement it for the next release of Forgejo.

Far-right forces endanger free/libre software projects

We will not be discouraged in our fight against far-right ideologies. They are currently on the rise in many parts of the world, and we believe it is important to protect all kinds of marginalized groups. However, if you believe this does not affect your project, you are wrong. Far-right forces pose a threat to all of us.

Extreme right forces actively target members of our communities and discriminate based on ethnicity and gender, political background, sexual orientation, disabilities, nationality and faith. However diversity is an important asset in free/libre software communities and it is what makes our software great and development productive.

By targetting some of our most active translators, nicest designers, best developers and all other motivated contributors, they are hurting the free/libre software ecosystem as a whole.

Don't be fooled if right-wing forces promise to "promote open source" in their political agenda. This has nothing to do with the values of our movement! This is about national patriotism and protectionism, and they will happily accept splitting our community on their way.

We all know that the free/libre software ecosystem won't work this way. Every human is an integral and equally important part of it, and targetting some of our community members threatens the ecosystem as a whole.

Let's together stay strong and united against the emerging threats. We stay strong against discrimination of all kind, including but not limited to sexism, transphobia, homophobia, racism, antisemitism and ableism. And we hope that you all join us for this mission.

A big shout-out to all the projects that collect facts and resources against hate and discrimination and that have been the primary goal of these attacks. Support them if you can.

If you ever considered supporting the fight against right-wing forces, for example by joining political movements and parties, organizing protests or getting involved in online communities with this goal - now might be the best time to move ahead.

Again, we apologize for the disruption of your work and the abusive content delivered to your mailboxes. We are doing our best to contain the situation.

We'd like to thank everyone who signaled their support in the current situation, via e-mail, Mastodon and in Matrix chats. This means a lot to us.

Thank you for your trust and support!
Your Codeberg Public Relations team

Okay, friends. Here’s what we’re going to do. It’s not going to take long.

Let’s install Signal.

Signal is an open-source, end-to-end encrypted instant messaging app. When you message someone with Signal, nobody can intercept your conversation to learn what you’re saying. It’s very easy to use and completely free.

Unlike WhatsApp (which is owned by Meta) and Telegram (which doesn’t encrypt messages by default), Signal is fully open-source, doesn’t store metadata, and is designed for privacy first.

Navigate to the Get Signal page on the Signal website.

Signal needs to be installed on your phone first. Choose the version that makes sense for you: iPhone or Android.

The cool part is that, once you’re logged in, Signal will tell you which of the people in your contacts are already using it, and as more sign up, they’ll just show up in your Signal contacts list over time.

I recommend also setting up a Signal username. Navigate to your Signal app’s settings pane, click on your profile, and then create a username. Then you don’t need to reveal your phone number to new contacts you want to chat with: you can just tell them your username.

Finally, Signal conversations can be set to auto-delete. I recommend that you do this. Four weeks is comfortable; one week is very safe.

My Signal username is benwerd.01. Once you’re signed up, send me a message to let me know you did it.

It’s time for a password manager.

Do you use the same password for every service? Or maybe you have an easy-to-remember formula for each one — something like the name of the service with the vowels replaced by numbers?

Those passwords are easy to guess and break into. It’s time to install a password manager.

1Password is the best-in-class password manager. You can install it on every device you own.

It’s really cheap to sign up. Set up your account, and then install the apps for your desktop, your phone, and your web browser.

Then, when you sign up for a new account, use 1Password’s suggested passwords instead of inventing your own:

When you go back to sign into a service, 1Password will show that you have a login for it, and logging in is one-click:

So not only are your credentials more secure, it’s actually easier to log in. You don’t need to struggle to remember what your password is anymore.

The passwords are encrypted, so nobody else, including 1Password itself, can ever see them.

Using a saved set of credentials is incredibly simple:

And so is creating and saving a new password:

A VPN is a great idea.

Do me a favor: whenever you’re on public wifi — that is to say, an internet connection that isn’t your home or your workplace — run your internet connection through an encrypted VPN. This will make your internet activities harder to track and harder to intercept.

A VPN encrypts your internet traffic, which protects you from eavesdropping on public WiFi and makes it harder for advertisers to track you. However, it’s worth saying that it doesn’t make you completely anonymous — your online accounts and browsing habits still matter. (We’ll get to your social media accounts next.)

Mullvad is a great VPN choice for the privacy-conscious, but can be a little harder to use. (In particular, because it doesn’t ever want to know who you are, it assigns you a numeric account ID and charges on a time-based pay as you go basis.) ExpressVPN may be easier to use if you’re less technically-inclined. In both cases, you sign up, install an app, and simply turn it on and off from the app’s UI.

Let’s make your social media more secure.

Social media is a magnet for harassment, doxing, stalkers and worse. In fact, one of the biggest vectors for attacks of all kinds on the internet is your social media accounts. If you haven’t locked them down in the right ways, you run the risk of sharing more than you intended with strangers, or even losing your account altogether to a hacker. Keeping all the settings straight is a real pain.

Block Party comes as an extension for the browser of your choice. Install it, sign up, and it’ll look at your social media accounts in turn and make informed suggestions about how you can lock them down for better privacy — and better mental wellness. Better yet, it gives you one-click options to make those settings changes itself.

One quick tune-up later, and your social media is safer and better for you. Which can’t be bad.

And that’s it for now.

I’ve given you four quick steps that dramatically improve your online security. None of these take long, but they can make a huge difference.

If you found this useful, feel free to share it with a friend who could use a digital security boost. Let’s make the internet safer — one smart step at a time.

This is based on a poem by Nikita Gill

That’s all you need to know. If you’re doing it, you’re doing it right. If you have decided to reclaim ownership of your place on the web, you’re doing it right. It doesn’t matter how you did it. It doesn’t matter if you’re self-hosting or using a SAAS. It doesn’t matter if your content lives on a database or in a TXT file. It doesn’t matter if you did everything yourself or you paid someone to do it for you. It doesn’t matter if you post once a day or once a year. What matters is that you’re doing it. Your effort is commendable. You deserve to be thanked so, thank you.

Thank you for keeping RSS alive. You're awesome.

Email me :: Sign my guestbook :: Support for 1$/month :: See my generous supporters :: Subscribe to People and Blogs

Canaries were used in mines from the late 1800s to detect gases, such as carbon monoxide. The gas is deadly to humans and canaries alike in large quantities, but canaries are much more sensitive to small amounts of the gas, and so will react more quickly than humans.

from The Science and Industry Museum

Canary bird has since become a term to signify early warning signs.

For me and my general health and well-being, writing is my canary bird.

When my mind gets all bogged down or I start to have issues with my well-being (becoming sick, not sleeping well, etc), I’ve noticed that my creativity and ability to write my notes, daily journals or these blog posts is among the first things to starts to fail.

It may have always been the case but only recently my writing habits have been such that the signs have become obvious. Before, it would have been difficult to differentiate between a slump in writing and having issues.

Since life is all ups and downs and there will never be a year without issues, to keep up with my regular blogging schedule, I aim to write into a blog buffer and distribute the planning and research over a longer period of time so I would always have material from which to write when inspiration is gone and creativity is down.

This year, I’ve had two or three moments when I’ve struggled to write (more than usual). In April, I was very sick for two weeks, in early fall I struggled after being back to unemployed and the beginning of the darkness of the winter got me down real hard.

I’ve learned to use this canary bird of mine: when I start noticing my struggles with creativity, I know I need to change something in my life because it’s not just about creativity, it’s about my well-being.