Mastodon, an alternative social network to Twitter, has a serious problem with child sexual abuse material according to researchers from Stanford University. In just two days, researchers found over 100 instances of known CSAM across over 325,000 posts on Mastodon. The researchers found hundreds of posts containing CSAM related hashtags and links pointing to CSAM trading and grooming of minors. One Mastodon server was even taken down for a period of time due to CSAM being posted. The researchers suggest that decentralized networks like Mastodon need to implement more robust moderation tools and reporting mechanisms to address the prevalence of CSAM.

    • @[email protected]
      link
      fedilink
      English
      71 year ago

      So the standard approach to this is so-called “perceptual hashing.” Effectively, using cryptographic hashes (sha256, etc.) doesn’t really work well in this case. Given a piece of illegal content, that content is likely to still be just as illegal with a single pixel changed – however, it’ll have a completely different cryptographic hash. So instead, a hash function that determines how “similar-looking” two images are, ignoring things like dimensions, color palette, JPEG compression artifacts, etc. This is obviously way fuzzier, and is prone to both false positives and negatives.

      Because all this is inherently kinda fuzzy, the exact database of hashes is usually “secret sauce” if you will. If it were public, it would be super easy to circumvent. As an example, given an illegal image:

      1. Is the image’s hash in the DB?
      2. No? All done, you can post it with impunity.
      3. Yes? Change one random pixel, GOTO 1.

      As a result even “public” databases are distributed with NDAs etc. This obviously does not jive well with an open source, federated network like Mastodon, and I have my doubts as to how willing the relevant agencies would be to give their databases to every rando with $5 to spin up a Pleroma instance on a VPS. A public DB might help in some cases, but unfortunately more illegal content is produced every day, and so it would be extremely hard to keep up with the bad actors.

    • BarbecueCowboy
      link
      fedilink
      61 year ago

      This is kind of problematic… By creating a community driven hashlist that is freely shared, you’ve also kind of created an index of CSAM content that could easily be extrapolated for people actively looking to find/share that content.

        • @[email protected]
          link
          fedilink
          3
          edit-2
          1 year ago

          only if they are crypto hashes (hash functions that back btc, ltc, other cryptos) as they are irreversible*

          *i wont explain, use your internet in the pocket

        • BarbecueCowboy
          link
          fedilink
          2
          edit-2
          1 year ago

          Super useful, it’s very similar to how magnet links for torrenting works. I know of a few less popular file sharing services that can act and search for files based on hash alone.

          A lot of other areas online make use of hashes as identifiers already too. If you search for a hash of a file you’ve downloaded, just the hash and nothing else, there’s a very good chance you’ll get multiple results.