this post was submitted on 28 Aug 2023
1736 points (97.9% liked)
Lemmy.World Announcements
29163 readers
58 users here now
This Community is intended for posts about the Lemmy.world server by the admins.
Follow us for server news ๐
Outages ๐ฅ
https://status.lemmy.world/
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Support e-mail
Any support requests are best sent to info@lemmy.world e-mail.
Report contact
- DM https://lemmy.world/u/lwreport
- Email report@lemmy.world (PGP Supported)
Donations ๐
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
Join the team
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Speculating:
Restricting posting from accounts that don't meet some adjustable criteria. Like account age, comment count, prior moderation action, average comment length (upvote quota maybe not, because not all instances use it)
Automatic hash comparison of uploaded images with database of registered illegal content.
On various old-school forums, there's a simple (and automated) system of trust that progresses from new users (who might be spam)... where every new user might need a manual "approve post" before it shows up. (And this existed in Reddit in some communities too).
And then full powers granted to the user eventually (or in the case of StackOverlow, automated access to the moderator queue).
What are the chances of a hash collision in this instance? I know accidental hash collisions are usually super rare, but with enough people it'd probably still happen every now and then, especially if the system is designed to detect images similar to the original illegal image (to catch any minor edits).
Is there a way to use multiple hashes from different sources to help reduce collisions? For an example, checking both the MD5 and SHA256 hashes instead of just one or the other, and then it only gets flagged if both match within a certain degree.
Traditional hash like MD5 and SHA256 are not locality-sensitive. Can't be used to detect match with certain degree. Otherwise, yes you are correct. Perceptual hashes can create false positive. Very unlikely, but yes it is possible. This is not a problem with perfect solution. Extraordinary edge cases must be resolved on a case by case basis.
And yes, simplest solution must be implemented first always. Tracking post reputation, captcha before post, wait for account to mature before can post, etc. The problem is that right now the only defense we have access to are mods. Mods are people, usually with eyeballs. Eyeballs which will be poisoned by CSAM so we can post memes and funnies without issues. This is not fair to them. We must do all we can, and if all we can includes perceptual hashing, we have moral obligation to do so.
Something I thought about that might be helpful is if mods had the ability to add a post delay on a community basis. Basically, the delay would be moderator adjustable, but only moderators and admins would be able to see the post for X number of minutes after being posted. It'd help for situations like ongoing attacks where you don't necessarily want to have to manually approve posts, but you want a chance to catch any garbage before the post goes public.
Edit: and yeah, one of the reasons I'm aware that perceptual hashes can have collisions is because a number of image viewers/cataloging tools like xnview mp or hydrus network use hash collisions to help identify duplicate images. However, I've seen collisions between unrelated images when lowering the sensitivity which is why I was wondering if there was a way to use multiple hashing algorithms to help reduce false positives without sacrificing the usefulness of it.
Or just making posts approval only with a mod queue
I'm surprised this isn't linked, there are services that does this for you.
And they are free.
https://blog.cloudflare.com/the-csam-scanning-tool/
I beleive there are several readily available databases of hashes of csam material for exactly this kind of scanning. Looks like there are some open source ones.
Some top results: https://github.com/topics/csam
This looks to be the top project: https://prostasia.org/project/csam-scanning-plugins/
Could they not just change one pixel to get another hash?