There’s another round of CSAM attacks and it’s really disturbing to see those images. It was really bothering to see those and they weren’t taken down immediately. There was even a disgusting shithead in the comments who thought it was funny?? the fuck
It’s gone now but it was up for like an hour?? This really ruined my day and now I’m figuring out how to download tetris. It’s really sickening.
AI generated CSAM will be (or already is) the next big DoS/troll tool, all you can really do is delete/block
im giving up on the internet
I mean if it has the potential to kill the value of real CSAM that’s kinda a win though… Sure, it’s disturbing, but I’d rather people don’t actually get abused in order to create such content - which will inevitably happen anyway.
AFAIK, it all falls down on moderators’ shoulders. I don’t envy their jobs one bit :(
How was it handled on Reddit? Did the moderators have to handle it there as well, or did Reddit filter it out beforehand?
Reddit uses a CSAM scanning tool to identify and block the content before it hits the site.
https://protectingchildren.google/#introduction is the one Reddit uses.
https://blog.cloudflare.com/the-csam-scanning-tool/ is another such tool.
Are any of the examples that your provided libre/free and open-source? I wasn’t able to find any info for Google’s, and Cloudflare seems to only offer theirs for free if you are already using Cloudflare’s services. If not the examples that you provided, does there exist any tools that are libre/free and open-source?
No.
The nature of the checksums and perceptual hashing is kept in confidence between the National Center for Missing and Exploited Children (NCMEC) and the provider. If the “is this classified as CSAM?” service was available as an open source project those attempting to circumvent the tool would be able to test it until the modifications were sufficient to get a false negative.
There are attempts to do “scan and delete” but this may add legal jeopardy to server admins even more than not scanning as server admins are required by law to report and preserve the images and log files associated with CSAM.
I’d strongly suggest anyone hosting a Lemmy instance to read https://www.eff.org/deeplinks/2022/12/user-generated-content-and-fediverse-legal-primer
The requirements for hosting providers are https://www.law.cornell.edu/uscode/text/18/2258A
(a) Duty To Report.—
(1) In general.—
(A) Duty.—In order to reduce the proliferation of online child sexual exploitation and to prevent the online sexual exploitation of children, a provider—
(i) shall, as soon as reasonably possible after obtaining actual knowledge of any facts or circumstances described in paragraph (2)(A), take the actions described in subparagraph (B); and
(ii) may, after obtaining actual knowledge of any facts or circumstances described in paragraph (2)(B), take the actions described in subparagraph (B).
(B) Actions described.—The actions described in this subparagraph are—
(i) providing to the CyberTipline of NCMEC, or any successor to the CyberTipline operated by NCMEC, the mailing address, telephone number, facsimile number, electronic mailing address of, and individual point of contact for, such provider; and
(ii) making a report of such facts or circumstances to the CyberTipline, or any successor to the CyberTipline operated by NCMEC.…
(e) Failure To Report.—A provider that knowingly and willfully fails to make a report required under subsection (a)(1) shall be fined—
(1) in the case of an initial knowing and willful failure to make a report, not more than $150,000; and
(2) in the case of any second or subsequent knowing and willful failure to make a report, not more than $300,000.
Set up CloudFlare’s CSAM scanning tool. It’s completely free. It’s not on lemmy devs to secure your instance. Lemmy devs could add better admin and moderating tools, but it’s better to stop it before it even makes it to your server.
Imo, lemmy shouldn’t allow image uploads at all. All images should be hosted elsewhere on services that can handle scanning content. This would also drastically cut down on hosting costs for lemmy instances.
If lemmy is to host images, it should merely be as a backup. But since lemmy content isn’t easy to search as is anyway, that’s not a short term concern. And those images should be archived via mod action imo, not user action.
can’t you already run Lemmy without image hosting if you just disable the pictrs service?
there’s also a new config option to disable caching of remote images
I think the Lemmy dev team could use some help pushing out more moderation controls if there are any devs out there who want to make the world a little bit better place.
For starters it would be nice to be able to set up rules like:
You can’t comment for 1 day, you can’t comment links for 1 week, you can’t post until you have X comment karma, and you can’t post images / links to non-whitelisted sites until you have mod approval/Y karma/whatever. Toss in a rate limit on posting, and it’s not perfect but it may give mods a little more breathing room. Without adequate tools I understand why certain instances choose to go with the walled garden approach.