Additional csam filtering

[Baconxrp]

Describe the problem

Additional

Allow the software to check and filter for csam on the application software by inserting an api key from non profits such as:

On the self host software allow us to insert an api key from non profits such as:

Maybe in a config file

https://projectarachnid.ca/en/

Software like fluxer already supports it.

"Project Arachnid makes an API available for companies that want to put a serious effort towards preventing this material from being posted and distributed on their systems.

Shield by Project Arachnid has been developed for use by ESPs to assist with the proactive detection of known CSAM and harmful-abusive images of children. There is no cost to using this tool, which allows either content administrators or hosting providers to proactively compare incoming or existing media on their service against Project Arachnid’s list of digital fingerprints."

Describe the solution you'd like

I dont know how it could be done. The software checks media hash uploaded.

Alternatives considered

No response

Additional context

No response

[7w1]

Software like fluxer already supports it.

Heh. I would not recommend fluxer as a reference here. For one, they uploaded files directly without hashing or respecting privacy, and secondly, they've stopped scanning due to this per this comment.

Additionally, imo this is not the job of a client. We don't host content, we don't manage content, we send a request to a homeserver—thats it. This is the job of homeserver hosts to setup and enable, not clients. A client layer of protection is meaningless because it quite simply would do nothing. You don't need a client to upload data to a homeserver and you can't lock a homeserver behind an single client (at least not easily) so a file scanning layer client-side is the wrong place for this.

[hazre]

So just so I can understand, what would be the intended use case here? Like automatic reporting? blurring/filtering content client side?

For the second option, we could use something like https://github.com/infinitered/nsfwjs for automatic blurring/collapsing down the content, which is fully local and on device.

[nushea]

Additionally, imo this is not the job of a client. We don't host content, we don't manage content, we send a request to a homeserver—thats it. This is the job of homeserver hosts to setup and enable, not clients. A client layer of protection is meaningless because it quite simply would do nothing.

While i understand the heart of this statement it misses the fact that a homeserver would not be able to scan for csam in most cases where it would be useful due to encryption so reasonably it would be good for sable to include a way to scan for it and then filter the content with a massive content warning, alongside an option to report the content to a competent authority, even though it would be hard to say who that authority would be,

And if it would be an opt-in setting it would also be privacy preserving to whoever wishes to not connect to the 3rd party hash scanner

[nushea]

ngl if it was to be added id add it alongside the telemetry question, maybe after it or sth mentioning both the advantages and the drawbacks like "Enable 3rd party CSAM filtering" with a long description like "Do you wish for the images you receive to be hashed and then scanned for csam content? This will lower your secrecy by sending the hash to a 3rd party service (--insert service--), but will not enable the service to see the actual images" yk