Comment by rgj
15 hours ago
But apparently there was actual CSAM there, since the article mentioned that archive.is removed it within a few hours. So the claim was real. Why did they make up such a story around it?
15 hours ago
But apparently there was actual CSAM there, since the article mentioned that archive.is removed it within a few hours. So the claim was real. Why did they make up such a story around it?
>They replied within a few hours. The response was straightforward: the illegal content would be removed (and we verified that it was), and they had never received any previous notifications about those URLs.
They never notified archive.today of the illegal material, instead they chose to demand blocking actions of archive.today from a DNS provider. I would be interested to know whether any other DNS service providers have received similar such demands.
I would assume (like any normal individual), that you would notify the service first (archive.today) and if they've proven to be a non-responder to CSAM material then escalate to legal action.
If archive.today is honest about never receiving a prior notification, then the way in which they've decided to go about removing the illegal material is very suspicious.
Generally if you encounter CSAM you should report to your countries appropriate organisation. Skip the police and go straight there to save everyone some time and avoid confusion. This agency will handle notifications etc to the site.
USA - https://report.cybertip.org/reporting
UK - https://report.iwf.org.uk/org/ (technically the NCA, but they are a catch all reporting target. As a private individual IWF will handle the onward report for you).
If you are in a country without such an agency, the above agencies are good to inform, as they will both handle international reports.
These organisations will ensure the material is taken down, and will capture and analyse it. CSAM can be compared against hash databases (https://www.thorn.org/) to determine whether there it is as yet unknown material or reshared known material. This can help lead to the identification, arrest, and conviction of material creators as well as the identification and support of victims.
If you tell the site administrator directly there is a good chance they will remove the material and not report it; this is a huge problem in this space at the moment.
In the UK and the USA (and many other places) operators are obligated to report the material; in fact the controversial Online Safety Act puts actual teeth around this very obligation in the UK.
The explanation seems a bit incoherent for this case of a french entity.
Assuming the complainant has some genuine tip,
Which court would actually determine it to be illegal conclusively? (It can’t be a uk or us court, could it?)
And who issues the binding order to take it down from the known sites?
One might even go so far to insinuate that they were the party responsible for the CSAM being there to begin with. Wouldn't be the first time someone weaponized such content. I remember at least one case were a steamer was "digitally" swatted using a Dropbox upload link.
The fake abuse reports coming to IP addresses hosting TOR relays (not exits) might be same group trying to pollute the commons.
If the world ran by conspiracy theories, the goal would be to normalize censorship at DNS level. Sony has tried (>2 years ago) by taking Quad9 to court over a copyright matter. There are too many parties involved for whom this practice would be a useful tool to have.
Uploading illegal material of some sort to a site with user-contributed content, and then immediately reporting it, is a common abuse tactic.
Since archive.is doesn’t scan the internet and only archives content on demand, those might as well have been planted exactly for this purpose - which would put another crime onto the accuser.
[flagged]
It’s a reasonable possibility to consider given the evidence of bad faith, the factually incorrect claims, the apparent impersonation of a lawyer, and the apparent history of targeting using similar claims but “different” claimants.
False flag attacks are a thing that wannabe censors do.
They post CSAM to some service/site, then immediately report it to every possible contact of the site's hosting provider, DNS provider, DDoS protection provider, etc. But not the site itself.
Before they do that, they spend weeks probing the site's moderation response, to work out the best time to evade detection on the site itself.
Then they do it again, and again, and again. They fight against the site's attempt to block them.
Their intent is to _deliberately_ get the site into trouble, and ultimately get the site's hosting, DNS, peering, etc. to abandon it.
The same sort of shitstains also persistently DDoS the site.
Why do they do it? Usually minor and petty internet squabbles, the instigator hates the site and wants to destroy the site, and uses these underhand tactics to do it.
They have no legal way to get what they want -- destroy someone else's site for their own pleasure -- so they use illegal ways. https://protectthestack.org/
I don’t understand this attack, are these reports anonymous or something?
In order to pull off this attack the attacker would have to have a collection of CSAM to upload. What if the site being attacked logged the uploader’s IP and went above-and-beyond complying with authorities and provided the source of the upload.
Well, I guess some people doing this sort of thing would try to hide their identity while doing the upload. Honestly, in that case… it might be reasonable for sites to not accept uploads via things like TOR, right? (Or however else these people hide their tracks).
I assume people who do this also do other illegal things and know how to anonymize themselves.
People who have money to rent DDoS services from criminals also have money to rent VPNs that use US residential IP addresses (usually from home computers infected with malware under the control of criminals)
Because they went to the unrelated DNS provider and not the archive itself.
Per the OP:
"... the illegal content would be removed (and we verified that it was)"
That doesn't mean it was CSAM, though obviously it's a serious possibility.