Mastodon, an alternative social network to Twitter, has a serious problem with child sexual abuse material according to researchers from Stanford University. In just two days, researchers found over 100 instances of known CSAM across over 325,000 posts on Mastodon. The researchers found hundreds of posts containing CSAM related hashtags and links pointing to CSAM trading and grooming of minors. One Mastodon server was even taken down for a period of time due to CSAM being posted. The researchers suggest that decentralized networks like Mastodon need to implement more robust moderation tools and reporting mechanisms to address the prevalence of CSAM.
I agree, but who’s going to pay for it? Those aren’t just freely available additions to any application that you only need to toggle on.
How about police/the tax payer?
If university researchers can find the stuff, then police can find it too. There should be an established way to flag the user (or even the entire instance) so that content can be removed from the fediverse while simultaneously asking for all data that is available to try to catch the criminals.
And of course, if regular users come across anything illegal they will report it too, and it should be removed quickly (I’d hope immediately in many cases, especially if the post was by a brand new/untrusted account).
A decentralised platform like the Fediverses won’t easily work with nation states and their taxes. Even with Wikipedia today, it’s not funded directly via any government - but rather by certain universities giving some money to it + all the private doners.
And even if we get that working, power politics will mess this up like so often when things actually get troublesome.
It might be interesting to explore cryptocurrencies as for donations here though. They do have international liquidity and they can’t be misused foe power politics.
I’m not suggesting Beehaw/etc should be government funded. Rather I’m suggesting it’s already possible for basically anyone in the fediverse to report a post as needing urgent moderator attention.
I think there will be tax payer funded efforts, donation funded efforts, volunteers, etc that are unaffiliated with any specific instance but go through major instances and hit the report button where they consider it to be appropriate — not just manually with people but also with automated tools such as searching for images by a hash of their contents or maybe even running messages through a Large Language Model to check if it is, for example, a form of targeted harassment.
And yes, the report feature will be abused. That’s unavoidable and needs to be taken into account when deciding how to respond to a report. An algorithm could easily prioritise reports based on the history of past reports made by the same person / organisation.
Stack Exchange has a pretty good system - decisions by individuals are not trusted. Rather those trigger a review by a randomly selected (and trusted) individual to get a second opinion. And even after a decision has been made and an action has been taken (ban a user, etc) there’s often a third or even fourth review. And there are processes to appeal and question decisions.
It’s not an easy problem to solve, but as the creator of mastodon said - many hands make light work. The fediverse can some day have a billion people doing moderation tasks - where even simple acts like hitting the upvote button become part of the moderation system (upvote would imply that this account holder tends to make valuable contributions to the community, and should make the moderation system less likely to come down with a ban hammer).
And I also think there is scope for some communities to be entirely government funded. For example I’d love for every city in the world to run an offical community, with official local government anouncements as well as moderated discussions relevant to people who live in or are visiting the city.
I am exactly doubting your suggestion of tax paid donations. I don’t think this will happen, unless we actually come together and try to actually enforce this on the political level in various countries.
After all, open source software is an essential and critical foundation since many decades - but I’m not sure, whether there is any government that has made a pledge to donate a certain amount of money per year into the development and funding of such general purpose software. (Maybe I’m wrong though.)
Before the fediverse can get any public funding, we need to make some political efforts. the UN is the largest such institution - and it took all the fiasco with the 2 world war to get many countries pledge to donate to it every year…
Tor (The Onion Router) was invented by a United States Naval Intelligence Unit. They released the source code as open source and handed control over to the EFF but several US Government agencies continued to provide substantial funding (especially the Bureau of Democracy, Human Rights and Labor Affairs). As far as I know they continue to fund it.
There are definitely examples of Governments funding open source software, especially things that are as valuable as a social network.
I meant private donations, which are already happening.
I think tax revenue would be spent on government employees looking over content in search of evidence of crimes/etc, which I’m sure is also already happening. I hope they don’t just look - they should be reporting whatever they find.
One way to do this is to block hashes. This is a slippery slope though because it could be used maliciously. Only way to do this and protect freedom of information is to make this fully open source.
Block hash lists then? Something like a community driven hashlist for CSAM would work, of the majority of federated instances report it as that type then it would get added to the list. Instances could then choose what lists they wanted to block.
…instances could also show what lists they subscribe to so they users could see what sort of moderation they choose
So the standard approach to this is so-called “perceptual hashing.” Effectively, using cryptographic hashes (sha256, etc.) doesn’t really work well in this case. Given a piece of illegal content, that content is likely to still be just as illegal with a single pixel changed – however, it’ll have a completely different cryptographic hash. So instead, a hash function that determines how “similar-looking” two images are, ignoring things like dimensions, color palette, JPEG compression artifacts, etc. This is obviously way fuzzier, and is prone to both false positives and negatives.
Because all this is inherently kinda fuzzy, the exact database of hashes is usually “secret sauce” if you will. If it were public, it would be super easy to circumvent. As an example, given an illegal image:
As a result even “public” databases are distributed with NDAs etc. This obviously does not jive well with an open source, federated network like Mastodon, and I have my doubts as to how willing the relevant agencies would be to give their databases to every rando with $5 to spin up a Pleroma instance on a VPS. A public DB might help in some cases, but unfortunately more illegal content is produced every day, and so it would be extremely hard to keep up with the bad actors.
This is kind of problematic… By creating a community driven hashlist that is freely shared, you’ve also kind of created an index of CSAM content that could easily be extrapolated for people actively looking to find/share that content.
Surely a list of hashes wouldn’t be that useful?
only if they are crypto hashes (hash functions that back btc, ltc, other cryptos) as they are irreversible*
*i wont explain, use your internet in the pocket
deleted by creator
Super useful, it’s very similar to how magnet links for torrenting works. I know of a few less popular file sharing services that can act and search for files based on hash alone.
A lot of other areas online make use of hashes as identifiers already too. If you search for a hash of a file you’ve downloaded, just the hash and nothing else, there’s a very good chance you’ll get multiple results.
Doesn’t anyone looking for that material already know what to look for?
Image hashes? That could work. It could be a simple system like uBlock where you import filter lists to your instance and they’re easy to disable if their caretakers fill them with garbage data.
The researchers can’t be taken seriously if they don’t acknowledge that you can’t force free software to do something you don’t want it to.
Even if we started way down at the stack and we added a CSAM hash scanner to the Linux kernel, people would just fork the kernel and use their own build without it.
Same goes for nginx or any other web server or web proxy. Same goes for Tor. Same goes for Mastodon or any other Fedi/ActivityPub implementation.
It. Does. Not*. Work.
* Please, prove me wrong, I’m not all knowing, but short of total surveillance, I see no technical solution to this.
deleted by creator
The last sentences in the paper.