Add support for CyberTipLine/PhotoDNA (Image fingerprinting for CSAM detection and reporting)

[paigeadelethompson]

Support for this should really be added to home servers. This is actually something that CloudFlare supports although Cloud Flare is unlikely to fix the problem. There needs to be something for home servers to prevent their users from uploading abhorrent material even if it's just best effort.

https://www.microsoft.com/en-us/photodna
https://blog.cloudflare.com/the-csam-scanning-tool/
https://report.cybertip.org/ws-hashsharing/v2/documentation/#overview
https://report.cybertip.org/ispws/documentation/#curl-example

[paigeadelethompson]

Another one is run by Google https://protectingchildren.google/tools-for-partners/

[S7evinK]

Is there some API a hash can be uploaded to? Couldn't find anything there.

[paigeadelethompson]

I actually found out a little more about these services and they're actually a little bit more prohibitive than I had imagined. Namely because when something is detected, the operator needs to follow up with the organization that provides the API or with proper law enforcement channels and so really using this API at all is a bit of an arrangement but it is becoming more available. They actually take it very seriously when it happens, and there's a window of like 24 hours in which case if you don't reply they reach out to law enforcement on your behalf. So the whole thing is kind of a responsibility that most normal folks aren't going to want anything to do with. But, there's still a serious problem with Matrix right now where the moderators of major Matrix Foundation channels can't do anything except delete abhorrent materials when they're posted and ban users from the channel.

I will do some more research on the topic but so far none of the programs I've reached out to have responded with any information about SDKs; also these are just simply not services that most people want the responsibility of or need, some do though but whether or not they can provide much information to help law enforcement is another problem because the protocol is federated so the most you could do is say "it came from that homeserver" and presumably block that homeserver from federating with any of your channels but it's not clear to me whether or not that is even something you can do at the moment.

[paigeadelethompson]

Ah I see. They've been known to give access to the hash databases without reporting requirements. The thing is that legally if you're in the US if you see or detect CP you have to report. It's literally the law

But if giving access to the hash database can help prevent proliferation that's what they'll do. I'm talking ncmec/cybertip here not photodna. Contact them and explain the situation

I actually have a friend who was able to provide that context, also he is going to check with his contacts to see who would should be reached out to, but said that if nothing else we could send an enquiry to [email protected]