this post was submitted on 24 Jul 2023
230 points (100.0% liked)

Technology

37602 readers
354 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
230
Stanford researchers find Mastodon has a massive child abuse material problem (www.theverge.com)
submitted 1 year ago by trashhalo@beehaw.org to c/technology@beehaw.org
126 comments fedilink hide all child comments
 

Mastodon, an alternative social network to Twitter, has a serious problem with child sexual abuse material according to researchers from Stanford University. In just two days, researchers found over 100 instances of known CSAM across over 325,000 posts on Mastodon. The researchers found hundreds of posts containing CSAM related hashtags and links pointing to CSAM trading and grooming of minors. One Mastodon server was even taken down for a period of time due to CSAM being posted. The researchers suggest that decentralized networks like Mastodon need to implement more robust moderation tools and reporting mechanisms to address the prevalence of CSAM.

you are viewing a single comment's thread
view the rest of the comments
[–] Cylinsier@beehaw.org 32 points 1 year ago (17 children)

The researchers suggest that decentralized networks like Mastodon need to implement more robust moderation tools and reporting mechanisms to address the prevalence of CSAM.

I agree, but who's going to pay for it? Those aren't just freely available additions to any application that you only need to toggle on.

[–] pineapplelover@infosec.pub 12 points 1 year ago (9 children)

One way to do this is to block hashes. This is a slippery slope though because it could be used maliciously. Only way to do this and protect freedom of information is to make this fully open source.

[–] scrubbles@poptalk.scrubbles.tech 8 points 1 year ago (7 children)

Block hash lists then? Something like a community driven hashlist for CSAM would work, of the majority of federated instances report it as that type then it would get added to the list. Instances could then choose what lists they wanted to block.

...instances could also show what lists they subscribe to so they users could see what sort of moderation they choose

[–] glorbo@lemmy.one 7 points 1 year ago

So the standard approach to this is so-called "perceptual hashing." Effectively, using cryptographic hashes (sha256, etc.) doesn't really work well in this case. Given a piece of illegal content, that content is likely to still be just as illegal with a single pixel changed -- however, it'll have a completely different cryptographic hash. So instead, a hash function that determines how "similar-looking" two images are, ignoring things like dimensions, color palette, JPEG compression artifacts, etc. This is obviously way fuzzier, and is prone to both false positives and negatives.

Because all this is inherently kinda fuzzy, the exact database of hashes is usually "secret sauce" if you will. If it were public, it would be super easy to circumvent. As an example, given an illegal image:

  1. Is the image's hash in the DB?
  2. No? All done, you can post it with impunity.
  3. Yes? Change one random pixel, GOTO 1.

As a result even "public" databases are distributed with NDAs etc. This obviously does not jive well with an open source, federated network like Mastodon, and I have my doubts as to how willing the relevant agencies would be to give their databases to every rando with $5 to spin up a Pleroma instance on a VPS. A public DB might help in some cases, but unfortunately more illegal content is produced every day, and so it would be extremely hard to keep up with the bad actors.

load more comments (6 replies)
load more comments (7 replies)
load more comments (14 replies)