Conversation

Notices

Embed this notice
David Thiel (det@hachyderm.io)'s status on Tuesday, 25-Jul-2023 08:04:20 JST David Thiel

In what is hopefully my last child safety report for a while: a report on how our previous reports on CSAM issues intersect with the Fediverse.
https://cyber.fsi.stanford.edu/io/news/addressing-child-exploitation-federated-social-media

In conversation Tuesday, 25-Jul-2023 08:04:20 JST from hachyderm.io permalink
- Embed this notice
  David Thiel (det@hachyderm.io)'s status on Tuesday, 25-Jul-2023 08:04:15 JST David Thiel
  in reply to
  
  I have argued for a while that the Fediverse is way behind in this area; part of this lack of tooling and reliance on user reports, but part is architectural. CSAM-scanning systems work one of two ways: hosted like PhotoDNA, or privately distributed hash databases. The former is a problem because all servers hitting PhotoDNA at once for the same images doesn't scale. The latter is a problem because widely distributed hash databases allow for crafting evasions or collisions.
  
  In conversation Tuesday, 25-Jul-2023 08:04:15 JST permalink
- Embed this notice
  David Thiel (det@hachyderm.io)'s status on Tuesday, 25-Jul-2023 08:04:16 JST David Thiel
  in reply to
  
  Traditionally the solution here has been to defederate from freezepeach servers and...well, all of Japan. This is commonly framed as a feature and not a bug, but it's a blunt instrument and it allows the damage to continue. With the right tooling, it might be possible to get the large Japanese servers to at least crack down on material that's illegal there (which non-generated/illustrated CSAM is).
  
  In conversation Tuesday, 25-Jul-2023 08:04:16 JST permalink
  
  Paul Cantrell repeated this.
- Embed this notice
  David Thiel (det@hachyderm.io)'s status on Tuesday, 25-Jul-2023 08:04:17 JST David Thiel
  in reply to
  
  The Japanese server problem is often thought to mean "lolicon" or CG-CSAM, but it appears that servers that allow computer-generated imagery of kids also attracts users posting and trading "IRL" materials (their words, clear from post and match metadata), as well as grooming and swapping of CSAM chat group identifiers. This is not altogether surprising, but it is another knock against the excuses of lolicon apologists.
  
  In conversation Tuesday, 25-Jul-2023 08:04:17 JST permalink
- Embed this notice
  David Thiel (det@hachyderm.io)'s status on Tuesday, 25-Jul-2023 08:04:18 JST David Thiel
  in reply to
  
  Hits were primarily on a not-to-be-named Japanese instance, but a secondary test to see how far they propagated did show them getting federated to other servers. A number of matches were also detected in posts originating from the big mainstream servers. Some of the posts that triggered matches were removed eventually, but the origin servers did not seem to consistently send "delete" events when that happened, which I hope doesn't mean the other servers just continued to store it.
  
  In conversation Tuesday, 25-Jul-2023 08:04:18 JST permalink
- Embed this notice
  David Thiel (det@hachyderm.io)'s status on Tuesday, 25-Jul-2023 08:04:19 JST David Thiel
  in reply to
  
  Similar to how we analyzed Twitter in our self-generated CSAM report, we did a brief analysis of public timelines of prominent servers, processing media with PhotoDNA and SafeSearch. The results were legitimately jaw-dropping: our first pDNA alerts started rolling in within minutes. The true scale of the problem is much larger, as inferred by cross-referencing CSAM-related hashtags with SafeSearch level 5 nudity matches.
  
  In conversation Tuesday, 25-Jul-2023 08:04:19 JST permalink

Public

Notices

Feeds