All non-profits have to sustain themselves. Talk to anyone who's worked mid-level at a park or for the city and they'll tell you about all the shady practices they use to pull in more money. NGOs tend to make up new purposes and missions when their original goals being met. I've known of a single org that dissolved once once they met their goal (forcing a swimming pool chemical manufacturer to stop dumping EPA acceptable levels of mercury in the river).

I know some organizations that have a very limited number of people blessed by the justice department to verify and report these images. Microsoft famously had one of these people sue Microsoft for PTSD over having to verify and report flagged material in e-mail:

https://www.theguardian.com/technology/2017/jan/11/microsoft-employees-child-abuse-lawsuit-ptsd

..but in this case we're just talking about hashes, and I doubt their vetting process would also require specialized clearance from law enforcement (required because possession without it is a strict liability crime).

I can see an organization with a limited budget wanting to hold the reins a little tight, but you're also entirely right in that such tight reins defeats the purpose. These orgs are backed by people who don't want small independent Internet sites. They don't want kiwifarms or Subaru forums. They only want to back things that help the big boys like Reddit.

Honestly, I get the feeling even if you get shared access for smaller independent fedi instances, the risk of using their APIs as far as data collection from individuals (even if you're just sending hashes) is probably far greater than anything you gain in content moderation. But ... who knows :blobcatshrug: