A script that goes through a lemmy pict-rs object storage and tries to prevent illegal or unethical content - GitHub - db0/lemmy-safety: A script that goes through a lemmy pict-rs object storage an...
I posted the other day that you can clean up your object storage from CSAM using my AI-based tool. Many people expressed the wish to use it on their local file storage-based pict-rs. So I've just extended its functionality to allow exactly that.
The new lemmy_safety_local_storage.py will go through your pict-rs volume in the filesystem and scan each image for CSAM, and delete it. The requirements are
A linux account with read-write access to the volume files
A private key authentication for that account
As my main instance is using object storage, my testing is limited to my dev instance, and there it all looks OK to me. But do run it with --dry_run if you're worried. You can delete lemmy_safety.db and rerun to enforce the delete after (method to utilize the --dry_run results coming soon)
PS: if you were using the object storage cleanup, that script has been renamed to lemmy_safety_object_storage.py
I hope people share the positive hits of CSAM and see how widespread the problem is...
DRAMTIC EDIT: the records lemmy_safety_local_storage.py identifies, not the images! @bamboo@lemmy.blahaj.zone
seems to think it "sounds like" I am ACTIVELY encouraging the spreading of child pornography images... NO! I mean audit files, such as timestamps, the account that uploaded, etc. Once you have the timestamp, the nginx logs from a lemmy server should help identify the IP address.
I hope people share the positive hits of CSAM and see how widespread the problem is…
It sounds like you're encouraging people to share CSAM images found, which is obviously not the intent of this tool. There's probably a better way to phrase what you were trying to say.
It sounds like you’re encouraging people to share CSAM images found, which is obviously not the intent of this tool.
Yes, that is in fact the context.
Context: "which is obviously not the intent of this tool. "
it is not my intent to share the images, nor is it the context of the tool.. Sharing details about the users, timestamps - would be the obvious context.
While it's not the case for this project I'm sure there's some poor researcher our there who trained a model on actual confiscated CSAM. Or most likely overworked traumatized thirld world content moderators employed by the likes of Meta.
This is fantastic work to an immediate problem. Thank you.
There is something amazing about someone just sharing a solution like this without expectation of anything back, and even if this isn't the best right solution, it contributes to the global commons, and improves society.
It's great that there's now a tool, but this kind of issue is why I'm not considering self-hosting a fediverse service: due to the nature of the beast even a single-user instance effectively becomes a publicly accessible distributor of content that others created/uploaded. I'm sure this could be restricted somewhat (by making the web UI inaccessible for the public), but the federation means that other instances need to be able to get content from the server. That's way to much legal risk for me.
Actually the other instances don't pull content. You push it out instead. Basically if you don't run pict-rs and you don't allow user registreations, you're safe for everything except potential copyright infringement from some text someone might post. If you make your webui inaccessible to anyone but your IP, you protect against even that.
You don't need to move pict-rs to a GPU server. In fact that would be prohibitedly expensive long-term. I suggest you just use your PC to run this against your current pict-rs server, or just rent a GPU server for this time.
Something that might be useful long term is trying to train an AI and release weights to identify CSAM that admins can use to check images. The main problem is finding a way to do this without storing those kinds of images or video :/
My understanding is that right now, the main mechanisms involved use several central databases which use perceptual hashes of known CSAM material. The problem is that this ends up being a whackamole solution, and at least in theory governments could use these databases to censor copyrighted or more general "unapproved" content, though i imagine such a db would lose trust quickly and I'm not aware of this being an issue in practise.
One potential solution is "opportunistic training" where, when new CSAM material gets identified and submitted to the FBI or these databases by various server admins, a small amount of training is done on the AI weights before the image or video is deleted and only a perceptual hash remains. Furthermore, if a picture is reported as "known CSAM" by these dbs, then you do the same thing with that image before it gets deleted.
To avoid false positives, you also train the AI on general non-CSAM content.
Ideally this process would be fully automated so no-one has to look at that shit - over time, ypu'd theoretically get a neural net capable of identifying CSAM reliably with few or no false positives or false negatives .. Admins could also try for some kind of distributed training, where each contributes weight deltas from local training, or each builds up LoRA-style improvement modules and people combine them to reduce bandwidth for modification sharing.