I just developed and deployed the first real-time protection for lemmy against CSAM!
I just developed and deployed the first real-time protection for lemmy against CSAM!
In the past months, there's a been a issue in various instances where accounts would start uploading blatant CSAM to popular communities. First of all this traumatizes anyone who gets to see it before the admins get to it, including the admins who have to review to take it down. Second of all, even if the content is a link to an external site, lemmy sill caches the thumbnail and stores it in the local pict-rs, causing headaches for the admins who have to somehow clear that out. Finally, both image posts and problematic thumbnails are federated to other lemmy instances, and then likewise stored in their pict-rs, causing such content to be stored in their image storage.
This has caused multiple instances to take radical measures, from defederating liberaly, to stopping image uploads to even shutting down.
Today I'm happy to announce that I've spend multiple days developing a tool you can plug into your instance to stop this at the source: pictrs-safety
Using a new feature from pictr-rs 0.4.3 we can now cause pictrs to call an arbitary endpoint to validate the content of an image before uploading it. pictrs-safety builds that endpoint which uses an asynchronous approach to validate such images.
I had already developed fedi-safety which could be used to regularly go through your image storage and delete all potential CSAM. I have now extended fedi-safety to plug into pict-rs safety and scan images sent by pict-rs.
The end effect is that any images uploaded or federated into your instance will be scanned in advance and if fedi-safety thinks they're potential CSAM, they will not be uploaded to your image storage at all!
This covers three important vectors for abuse:
- Malicious users cannot upload CSAM to for trolling communities. Even novel GenerativeAI CSAM.
- Users cannot upload CSAM images and never submit a post or comment (making them invisible to admins). The images will be automatically rejected during upload
- Deferated images and thumbnails of CSAM will be rejected by your pict-rs.
Now, that said, this tool is AI-driven and thus, not perfect. There will be false positives, especially around lewd images and images which contain children or child-topics (even if not lewd). This is the bargain we have to take to prevent the bigger problem above.
By my napkin calculations, false positive rates are below 1%, but certainly someone's innocent meme will eventually be affected. If this happen, I request to just move on as currently we don't have a way to whitelist specific images. Don't try to resize or modify the images to pass the filter. It won't help you.
For lemmy admins:
- pictrs-safety contains a docker-compose sample you can add to your lemmy's docker-compose. You will need to your put the .env in the same folder, or adjust the provided variables. (All kudos to @Penguincoder@beehaw.org for the docker support).
- You need to adjust your pict-rs ENVIRONMENT as well. Check the readme.
- fedi-safety must run on a system with GPU. The reason for this is that lemmy provides just a 10-seconds grace period for each upload before it times out the upload regardless of the results. A CPU scan will not be fast enough. However my architecture allows the fedi-safety to run on a different place than pictrs-safety. I am currently running it from my desktop. In fact, if you have a lot of images to scan, you can connect multiple scanning workers to pictrs-safety!
- For those who don't have access to a GPU, I am working on a NSFW-scanner which will use the AI-Horde directly instead and won't require using fedi-safety at all. Stay tuned.
For other fediverse software admins
fedi-safety can already be used to scan your image storage for CSAM, so you can also protect yourself and your users, even on mastodon or firefish or whatever.
I will try to provide real-time scanning in the future for each software as well and PRs are welcome.
Divisions by zero
This tool is already active now on divisions by zero. It's usage should be transparent to you, but do let me know if you notice anything wrong.
Support
If you appreciate the priority work that I've put in this tool, please consider supporting this and future development work on liberapay:
All my work is and will always be FOSS and available for all who need it most.
Db0 the fuckin hero 🙏
Well done!
Just want to add - i've been using this (via my desktop!) for my instance for a little while now and its great - While the evidence shows there are false positives, i've yet to see it affect anything in real time.
Beware your B2 transaction costs though! 😭 I'm sure there is a cheaper way to do it but backblaze costs went up quite a bit.
Great work, this is the biggest issue that Lemmy has a the moment, I hope the admins will be able to set this up easily and start to take back all the preventative measures.
holy hell this is massive
thank you for your work db0
I think people are going to be much more concerned about the false negative rate than the false positive rate.
https://blog.cloudflare.com/the-csam-scanning-tool/
Does this not work?
Have you considered federating hashes of positive matches and working with the Lemmy team to not outward federate on a local positive match (and potentially have the hash go instead)?
The former can reduce overhead and electricity use, and the latter will stop more distribution and aid those sans-GPU who can't run it.
Over time, the hash DB will grow and get better. In addition, perhaps there is metadata that can be used to track image similarity to positive matches to reduce false-positives, but I imagine that algorithm would be much more complicated.
False positive rate ~1 % False negative rate?
Sent you a little bit of money, @db0@lemmy.dbzer0.com - it sucks that this is necessary, but thanks for doing the good work <3
👏well done.
thank you for making the fediverse a safer place to be
Great job! 👍
Fantastic work
Invaluble work man, thanks!
Great scott, you've done it!
@db0@lemmy.dbzer0.com@div0@lemmy.dbzer0.com@undefined@www.w3.org ok im gomna check this for wafrn because this was one of my initial fears when creating this
I think this post my interest you regarding https://github.com/mastodon/mastodon/issues/21027 this could be a privacy-compliant alternative to PhotoDNA
AI based with high false positive rate. Fantastic. These tools are great but impacting regular use of the platform is going to drive people away. Lemmy is at a critical state of needing to onboard users to plateau or grow, I feel this will not be good despite the good intentions.
It's not like you can just re-post what gets taken down. The magic box's response is final
Sounds like progress, but please consider using a term other than "whitelist" when describing a list of allowed values. While the use of blacklist predates references to black as a race, allowlist is a reasonable alternative that doesn't reinforce viewing black as less than or unwanted and white as allowed.
Sounds like progress, but please consider using a term other than "whitelist" when describing a list of allowed values. While the use of blacklist predates references to black as a race, allowlist is a reasonable alternative that doesn't reinforce viewing black as less than or unwanted and white as allowed.