New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hashes of CSAM content
Hi,
I’ve been running my own free filehosting service (filehaus.top) for a little while now. Recently I’ve been receiving an uptick of CSAM reports from sites like cybertip.ca, and I want to make the process of preventing CSAM from getting uploaded easier. Problem is, I don’t have a database of CSAM hashes to implement.
What I’m requesting is for the following, if possible:
- MD5 and SHA256 hashes
- their respective filesizes
This is in order to prevent hash collisions so that non-CSAM can still be uploaded.
Thanks for the help,
Phin
Comments
3 minutes of Google.
You need to contact NCMEC for such list according to CloudFlare and Google.
https://blog.cloudflare.com/the-csam-scanning-tool/
https://safety.google/stories/hash-matching-to-help-ncmec/
Theres also ProjectVIC but you need to be Law Enforcement Agency to qualify for that.
Theres also IWF Hash List.
edit: I checked your site, you are being sponsored by breachforums.cx
Why bother asking this? You are being funded by a breach site. I highly doubt that any of those organizations would risk working with you and having the hash list made public by some leak from untrustworthy site owner.
Hi,
I’ll try contacting the NCMEC.
I’ve had bad experiences with IWF in the past so I would rather not use their hash lists.
I bother asking this because I don’t want people uploading CSAM. As I said, I am working on an automated system to prevent CSAM from being uploaded.
filehaus is used by security researchers, journalists, etc.
How can you have bad experiences with IWF lol.
The IWF tends to group images that aren’t CSAM with images of actual CSAM.
https://infrablog.lain.la/fighting-csam
As a security researcher, no we just use AWS buckets or selfhost.
Please don't group us with the script kiddies on breachforums thanks.
>
We've seen IWF report old URL's (literally year old URL's) demanding an IP get taken down, only for that IP to have been reassigned to a new user with a clean service.
If I was to rate based on accuracy, i'd likely go:
Cybertip > NCMEC >>>>>>>> IWF
Cybertip's basically perfect since i'm assuming they re-test before sending out alerts. NCMEC's better after we kept complaining on their email formatting.
Francisco
Not to mention the IWF asking to take down content that isn't even CSAM...that's how my file.haus domain name got suspended was due to the IWF trying to report something to Identity Digital for something that wasn't CSAM and Identity Digital complied
As I said I much prefer dealing with the other groups.
It wouldn't the first time I relay a IWF complaint to cybertip/NCMEC to have them verify the content/request.
Francisco
You can try to apply for PhotoDNA: https://www.microsoft.com/en-us/photodna
PhotoDNA is proprietary. I don't use proprietary software in any of my projects.
Cybertip is a fraud just like the others. We have made a special investigation onto them after we shed the light on how their business works, and that they attempted to trick us and then involve the police in retaliation.
We have a total disdain for this type of scammers that siphon public money in the name of protecting children.
Tell us more Mr. Revenge Porn..
I love incels such as yourself who go by the retarded incel logic like "if she looks like she's 18, it's not CP!"
Tell it to the judge
???
Obviously. Security researchers...