Conversation
Notices
-
Embed this notice
7666 (7666@comp.lain.la)'s status on Monday, 19-Aug-2024 04:02:30 JST 
7666
"yes hi i didn't respond to your request for takedown verification until two weeks later and i still didn't provide evidence in my latest email, why haven't you removed these files yet??? just trust me bro" -
Embed this notice
Sick Sun (sun@shitposter.world)'s status on Monday, 19-Aug-2024 04:02:26 JST 
Sick Sun
@7666 @sally years ago I tried to get access to CSAM detection, then years later graf tried, and they denied both of us. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Monday, 19-Aug-2024 04:02:27 JST
7666
@sally I would imagine the efficacy of the hash lists take a nosedive if the entire thing gets leaked. It's not that great of a tool to begin with for older, open hashing algorithms (MD5, SHA1).
There are also papers out there on certain newer, proprietary hash types having enough data in the hash to reconstruct CSAM to some degree (cough cough PhotoDNA) that an overzealous judge might feasibly count as distribution.
Regardless, it is not a can of worms I intend to crack open. All I can say is, if it was easy enough for me to sign up, anyone else can too. -
Embed this notice
Sally (sally@shitposter.world)'s status on Monday, 19-Aug-2024 04:02:28 JST 
Sally
@7666
> There are legally binding contracts around getting access to it that very specifically says "don't disclose"
Ever explain why? -
Embed this notice
Sally (sally@shitposter.world)'s status on Monday, 19-Aug-2024 04:02:29 JST
Sally
@7666
Hey 7666 this reminded me of something I wanted to ask you.
I asked Moon if he had a CSAM hash database and he said these shitbags refuse to distribute them publicly for some strange reason no one understands (we can all do the math).
Now's your turn, you have one of these by any chance? -
Embed this notice
7666 (7666@comp.lain.la)'s status on Monday, 19-Aug-2024 04:02:29 JST
7666
@sally I do have it but the most I can offer is the API spec now and perhaps even the program behind it at some point in the future.
There are legally binding contracts around getting access to it that very specifically says "don't disclose" but you can always get a copy yourself by registering as an ESP. -
Embed this notice
Sick Sun (sun@shitposter.world)'s status on Monday, 19-Aug-2024 04:48:32 JST
Sick Sun
@7666 @sally they must have changed their policy because that's who I talked to. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Monday, 19-Aug-2024 04:48:33 JST
7666
@sun @sally Depends on who you go through. The IWF wouldn't bother with me, but NCMEC was fine.
Here are the three docs I signed as PDFs after inquiring about becoming an ESP with them. After that they provisioned my access and provided API documentation and said have at it.
https://pomf2.lain.la/f/DSECAgreement.pdf
https://pomf2.lain.la/f/IANHSDAgreement.pdf
https://pomf2.lain.la/f/IHSDAgreement.pdf -
Embed this notice
Sally (sally@shitposter.world)'s status on Monday, 19-Aug-2024 04:58:01 JST
Sally
@7666
@sun
cc @meso @lucy you guys run instances, go for it and request it. -
Embed this notice
meso (meso@the.asbestos.cafe)'s status on Monday, 19-Aug-2024 04:58:01 JST 
meso
@sally @7666 @lucy @meso @sun i dont care there arent retards that id worry would do that on my instance -
Embed this notice
7666 (7666@comp.lain.la)'s status on Monday, 19-Aug-2024 04:58:02 JST
7666
@sun @sally This was near the end of 2021. Here's where I inquired and got a reply:
https://ghostbin.lain.la/paste/ykyed/raw
I intentionally left in the contact details of the liaison who reached out to me in the email. You can try reaching out directly.Sick Sun likes this. -
Embed this notice
Sick Sun (sun@shitposter.world)'s status on Monday, 19-Aug-2024 05:02:31 JST
Sick Sun
@7666 @sally yeah I'll talk to them. I tried in like 2016. -
Embed this notice
:blobcatflower: (methyltheobromine@netzsphaere.xyz)'s status on Monday, 19-Aug-2024 05:19:23 JST
:blobcatflower:
@7666 @meso @sally @sun we can send @georgia for that she's american georgia likes this. -
Embed this notice
7666 (7666@comp.lain.la)'s status on Monday, 19-Aug-2024 05:19:24 JST
7666
@sally @lucy @meso @sun I expect that anyone who isn't in the United States won't get very far. The NCMEC only serves the US and enforces the specific portions of US law that deals with ESP reporting (which you have to do to remain compliant with the provisions of 18 U.S.C. § 2258A).
Then there's integration into the posting mechanism of instances to hash the uploaded file and compare it, writing something that pulls data out of their API according to their spec into its own DB, doing your initial sync and subsequent deltas daily, it's not that simple. I don't run this on my instance at all, I run it only on Pomf. -
Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Monday, 19-Aug-2024 06:18:55 JST
miauz genyau
@lucy @sally @7666 @meso @sun this being either a massive hassle or involving sending every uploaded file to some third party and dealing with the legal ramifications of that (at least: GDPR, as well as then having to disclose my irl address due to german telecommunications laws) is why i decided against it for 0x0.st
simply blocking anonymizing networks and cloud/vps hosters, plus a generic neural network detector for adult content to aid moderation, so far has been enough.
hetzner apparently deems the measures i have in place sufficient, and law enforcement is happy as long as i comply with their requests, which are super rare and so far were simple takedowns that didn’t involve disclosure of user data (for which there are significant legal hurdles in this case).
i can see why a fedi instance might want to allow tor etc., but doing so without having at least a user vetting process is a very dumb idea imoHaelwenn /элвэн/ :triskell: likes this. -
Embed this notice
:blobcatflower: (methyltheobromine@netzsphaere.xyz)'s status on Monday, 19-Aug-2024 06:18:56 JST
:blobcatflower:
@sally @7666 @meso @sun there's 5 active people on this instance, all people I've met or meet regularly irl, and one of them is me
-
Embed this notice
All GNU social JP content and data are available under the