← Back to context

Comment by alwa

7 months ago

Yes, but it sounds like part of the point is that you want to put the fear of the Lord into small-fry operators.

They mention especially in their CSAM discussion that, in practice, a lot of that stuff ends up being distributed by smallish operators, by intention or by negligence—so if your policy goal is to deter it, you have to be able to spank those operators too. [0]

> In response to feedback, we have expanded the scope of our CSAM hash-matching measure to capture smaller file hosting and file storage services, which are at particularly high risk of being used to distribute CSAM.

Surely we can all think of web properties that have gone to seed (and spam) after they outlive their usefulness to their creators.

I wonder how much actual “turnover” something like 4chan turns over, and how they would respond to the threat of a 10% fine vs an £18mm one…

[0] https://www.ofcom.org.uk/online-safety/illegal-and-harmful-c...

2 comments

alwa

Reply
cameronh90  7 months ago

It's worth noting that integrating a CSAM hash scanner is easy to do. It took me a few hours to do the work, including testing and automatic database updates.

HOWEVER: I'm not sure how you would get access to the CSAM hash database if you're were starting a new online image hosting service.

The requirements to sign up for IWF (the defacto UK CSAM database) membership are:

- be legally registered organisations trading for more than 12 months;

- be publicly listed on their country registration database;

- have more than 2 full-time unrelated employees;

- and demonstrate they have appropriate data security systems and processes in place.

Cloudflare have a free[1] one but you have to be a Cloudflare customer.

Am I missing something, or does this make it very difficult to start up a public facing service from scratch?

[0] https://www.iwf.org.uk/membership/how-to-join/

[1] https://blog.cloudflare.com/the-csam-scanning-tool/

  • jillyboel  7 months ago

    > Am I missing something, or does this make it very difficult to start up a public facing service from scratch?

    It's by design. Politicians have fallen for big tech lobbyists once again.

    Also who says that the hashes provided by your CSAM database of choice are actually flagging illegal data and not also data that whoever runs the database wants to track down? You have no idea. You are just complicit in the surveillance state, really.