@EU_Commission Well, the topic I disliked the most is your plan to compromise the online safety, security and privacy of all 450 million Europeans with the plans to scan their devices. In addition, you are not open and transparent enough about these plans, as most of those 450 million do not know you are working on this. You know it does not work and that is in violation with human rights, yet you keep pushing. Why? #CSAM#CSS#Encryption#Security#Privacy#GDPR
The ‘non-profit start-up’ Thorn, founded by Ashton Kutcher, is a driving force behind the EU’s campaign to scan the net for child abuse material. Newly public documents and financial information obtained by Follow the Money reveal the blurred boundaries between Thorn’s do-good public face and the powerful business behind it. #csam#thorn#chatkontrolle
This Firefish server, bostonsocial.online, and Mastodon server, hear-me.social, now has #CSAM (Child Sexual Abuse Material) scanning active.
If the hash of any image matches the hash of a known CSAM image in the NCMEC.ORG database, a report will be automatically filed, and the image will be blocked. It will soon be deleted from the bucket.
While I realize that nobody on these two servers are involved in sending or receiving CSAM images, because this server relays with over 1,500 other servers, the scans are needed as these images can easily find their way in via the relay.
For clarification, the images are not seen by anyone or any software. A mathematical hash is calculated from the image binary and is matched to a hash stored in the database.
This Mastodon server, hear-me.social, and Firefish server, bostonsocial.online, now has #CSAM (Child Sexual Abuse Material) scanning active.
If the hash of any image matches the hash of a known CSAM image in the NCMEC.ORG database, a report will be automatically filed, and the image will be blocked. It will soon be deleted from the bucket.
While I realize that nobody on these two servers are involved in sending or receiving CSAM images, because this server relays with over 1,500 other servers, the scans are needed as these offensive images can easily find their way in via the relay.
For clarification, the images are not seen by anyone or any software. A mathematical hash is calculated from the image binary and is matched to a hash stored in the database.
Dutch outgoing Minister @Dilan_Yesilgoz of Justice and Security's comparison between client-side scanning and correcting spelling errors on the end-user device is disingenuous. She deploys an irrelevant feature of on-device machine learning to argue the Dutch government's #CSAM position. Stop promoting a false narrative, please. Privacy is a fundamental right!
I noticed a bit of panic around here lately and as I have had to continuously fight against pedos for the past year, I have developed tools to help me detect and prevent this content....
Hey @db0, just so you know, this tool is most likely very illegal to use in the USA. Something that your users should be aware of. I don't really have the energy to go into it now, but I'll post what I told my users in the programming.dev discord:
that is almost definitely against the law in the USA. From what I've read, you have to follow very specific procedures to report CSAM as well as retain the evidence (yes, you actually have to keep the pictures), until the NCMEC tells you you should destroy the data. I've begun the process to sign up programming.dev (yes you actually have to register with the government as an ICS/ESP) and receive a login for reports.
If you operate a website, and knowingly destroy the evidence without reporting it, you can be jailed. It's quite strange, and it's quite a burden on websites. Funnily enough, if you completely ignore your website, so much so that you don't know that you're hosting CSAM then you are completely protected and have no obligation to report (in the USA at least)
Also, that script is likely to get you even more into trouble because you are knowingly transmitting CSAM to 'other systems', like dbzer0's aihorde cluster. that's pretty dang bad...
The following hash-based systems exist for #CSAM detection and could be things to look into for #mastodon integration. They are at varying levels of maturity and pricing.
MS's PhotoDNA Cloud Service
Google's Content Safety API
CloudFlare's CSAM Scanning Tool
Safer.io (runs on AWS)
WebIQ's Instant Image Identifier (EU, doesn't appear to be available yet)
You may be aware of the recent WaPo story referencing the Stanford Internet Observatory study that flags child abuse material found in the Fediverse. Yes, those behind the study/article may have it in for us, and this may be a "hit piece", however it is a real threat.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #26/2023 is out! It includes, but not only:
➝ 🦠 🇺🇸 Schools say US teachers’ retirement fund was breached by #MOVEit hackers
➝ 🇨🇳 🇺🇸 Chinese spy #balloon did not collect information over US, #Pentagon says
➝ 🇨🇳 🦠 #TSMC Says Supplier Hacked After #Ransomware Group Claims Attack on Chip Giant
➝ 🇷🇺 Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
➝ 🇷🇺 🛰️ Hackers attack Russian #satellite telecom provider, claim affiliation with #WagnerGroup
➝ 🇬🇧 ⚕️ More than a million #NHS patients’ details compromised after cyber attack
➝ 📊 🐛 #MITRE releases new list of top 25 most dangerous software #bugs
➝ 🇷🇺 Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
➝ 💻 🛡️ #Brave Browser boosts privacy with new local resources restrictions
➝ 🦠 🏦 Anatsa Banking #Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland
➝ 🇺🇸 💵 White House releases cybersecurity budget priorities for FY 2025
➝ 🇺🇸 🇧🇷 8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
➝ 🇬🇧 🔐 #Apple speaks out against bill that could mandate #CSAM scanning in iMessage
➝ 🇵🇭 2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in #philippines
➝ 🇩🇪 ⚡️ #Siemens Energy confirms data breach after MOVEit data-theft attack
➝ 🕵🏻♂️ 📱 #LetMeSpy, a phone tracking app spying on thousands, says it was hacked
➝ 🦠 💰 Prominent #cryptocurrency exchange infected with previously unseen Mac #malware
➝ 🤖 📝 #LLMs and #IncidentResponse? It Starts with Summarization
➝ 🇺🇸 👨🏻🎓Hackers steal data of 45,000 New York City students in MOVEit breach
➝ 🇨🇦 ⛽️ Suncor Energy cyberattack impacts Petro-Canada gas stations
➝ 🦠 🕹️ Trojanized Super Mario Game Installer Spreads SupremeBot Malware
➝ 🇩🇪 💾 SSD missing from #SAP datacenter turns up on #eBay, sparking security investigation
I just developed and published a script to clear your pict-rs object storage from potential CSAM. ( github.com )
I noticed a bit of panic around here lately and as I have had to continuously fight against pedos for the past year, I have developed tools to help me detect and prevent this content....