Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for CyberTipLine/PhotoDNA (Image fingerprinting for CSAM detection and reporting) #3416

Open
paigeadelethompson opened this issue Sep 10, 2024 · 4 comments
Labels
T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.

Comments

@paigeadelethompson
Copy link
Contributor

Support for this should really be added to home servers. This is actually something that CloudFlare supports although Cloud Flare is unlikely to fix the problem. There needs to be something for home servers to prevent their users from uploading abhorrent material even if it's just best effort.

https://www.microsoft.com/en-us/photodna
https://blog.cloudflare.com/the-csam-scanning-tool/
https://report.cybertip.org/ws-hashsharing/v2/documentation/#overview
https://report.cybertip.org/ispws/documentation/#curl-example

@paigeadelethompson
Copy link
Contributor Author

Another one is run by Google https://protectingchildren.google/tools-for-partners/

@S7evinK
Copy link
Contributor

S7evinK commented Sep 22, 2024

Is there some API a hash can be uploaded to? Couldn't find anything there.

@S7evinK S7evinK added the T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements. label Sep 22, 2024
@paigeadelethompson
Copy link
Contributor Author

I actually found out a little more about these services and they're actually a little bit more prohibitive than I had imagined. Namely because when something is detected, the operator needs to follow up with the organization that provides the API or with proper law enforcement channels and so really using this API at all is a bit of an arrangement but it is becoming more available. They actually take it very seriously when it happens, and there's a window of like 24 hours in which case if you don't reply they reach out to law enforcement on your behalf. So the whole thing is kind of a responsibility that most normal folks aren't going to want anything to do with. But, there's still a serious problem with Matrix right now where the moderators of major Matrix Foundation channels can't do anything except delete abhorrent materials when they're posted and ban users from the channel.

I will do some more research on the topic but so far none of the programs I've reached out to have responded with any information about SDKs; also these are just simply not services that most people want the responsibility of or need, some do though but whether or not they can provide much information to help law enforcement is another problem because the protocol is federated so the most you could do is say "it came from that homeserver" and presumably block that homeserver from federating with any of your channels but it's not clear to me whether or not that is even something you can do at the moment.

@paigeadelethompson
Copy link
Contributor Author

Ah I see. They've been known to give access to the hash databases without reporting requirements. The thing is that legally if you're in the US if you see or detect CP you have to report. It's literally the law

But if giving access to the hash database can help prevent proliferation that's what they'll do. I'm talking ncmec/cybertip here not photodna. Contact them and explain the situation

I actually have a friend who was able to provide that context, also he is going to check with his contacts to see who would should be reached out to, but said that if nothing else we could send an enquiry to TakeItDown@ncmec.org

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T-Enhancement New features, changes in functionality, improvements in performance, or user-facing enhancements.
Projects
None yet
Development

No branches or pull requests

2 participants