Avatar
Sirius 7mo ago 💬 53

This is annoying. Got a CSAM report for user-generated content that I'm not even hosting. There's nothing I can delete. Apparently Cloudflare wants me to implement censorship lists.

Nostr clients are not legally required to maintain censorship lists any more so than web browsers like Chrome or Firefox are. There's just Cloudflare policy and guilt by association. Understandably, it's easy to confuse a web application url like iris.to/npub1... for a content host.

Should I implement ever-growing censorship lists, at least for visitors who are not logged in? The problem is, someone can just create a new Nostr account and re-post the links to illegal content ad infinitum. When this happens, maybe Cloudflare will get the point. Or more likely, they'll just delete my account.

Maybe there's some other ISP that allows hosting of applications that don't ship with extralegal censorship lists?

Iris native app via Tauri could be a resilient direction, but it kind of defeats the purpose of having a web app in the first place: ease of access, sharing by url and mobile PWAs that bypass app stores.. If you're going to have a native app, actually native-built will probably have better UX.

How are other web clients dealing with this? nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn

Reply to this note

Please Login to reply.

Discussion

Avatar
Constant 7mo ago

Cant you just reply that you agree that relays have such a legal responsibility, like you already stated, and that you are in fact not a relay, but a client. ?

Avatar
Big Barry Bitcoin 7mo ago

If they cache the content or get cloudflair to cache the content for them, then they become a host of the content. Not sure if that is what is happening here.

Avatar
Scoundrel 7mo ago

True. It's important that these web clients only ever cache notes rather than any of the media linked to by the notes.

Avatar
Kieran 7mo ago

I had reports like this before and told them I am not hosting that content and they never replied

Avatar
hasky 7mo ago

Could be spam or something impersonating cloudflare ..🧐

Avatar
sudocarlos 7mo ago

Sounds like Apple's selective enforcement of App Store policies

Avatar
hodlbod 7mo ago

I haven't had to deal with this yet, but my understanding is that in the US at least you're not responsible if you don't host it. Of course, cloudflare is a private company and they can do whatever they want with your account.

Implementing censorship lists in FOSS may actually be illegal (again in the US), because it can be construed as "advertising" CSAM. Same thing for 1984 reports, which can be used to find rather than avoid content. The rules are stupid and set us up for failure. IFTAS has been doing some work in this area creating resources for activity pub admins, but they mostly have to do with who not to federate with.

Avatar
daniele 7mo ago

> Implementing censorship lists in FOSS may actually be illegal (again in the US), because it can be construed as "advertising" CSAM

Interesting, and concerning, perspective.

Avatar
Scoundrel 7mo ago

Not if you implement the list properly.

Avatar
Mephi 7mo ago

Why do you need CloudFlare in the first place? Get rid of them. They are the antithesis of Nostr.

Avatar
ynniv 7mo ago

Cloudflare is the problem, not the solution

Avatar
idsera 7mo ago

cc nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl

Avatar
Big Barry Bitcoin 7mo ago

By this logic, proxy sites, translation sites they all fall under this too right?

Avatar
Scoundrel 7mo ago

Popped the child porn link into Google Translate, now Google is hosting child porn.

Avatar
Sirius 7mo ago

I have temporarily "solved" the problem by displaying this passive-aggressive notification when the hash of the public key you're trying to view is on the CLOUDFLARE_CSAM_BANNED list.

The hash list itself is here: https://github.com/irislib/iris-client/blob/main/src/utils/cloudflare_banned_users.ts

Avatar
daniele 7mo ago

If these reports are sporadic, as they seem, I would use Cloudflare's Rules to filter out the single events.

So you don't expose the CASM source, see:

nostr:nevent1qqsdwc5df0yd97z78zsm0qx7mwcwxlek8xc3vsxkhxr7q6w59vrjv5cprdmhxue69uhkx6rjdahxjcmvv5hxgar0dehkutnrdakj7q3q0000003zmk89narqpczy4ff6rnuht2wu05na7kpnh3mak7z2tqzsxpqqqqqqzz0cuaw

Avatar
Scoundrel 7mo ago

They aren't advertizing it. The elements of the list are half, meaning that it is impossible to determine what the original nevent or npub was unless you already have them.

Avatar
daniele 7mo ago

Ahhh, ok.

Avatar
Scoundrel 7mo ago

Sorry, I re-read my post. I meant the elements are *hashed. Hashing means passing something through a one way function like a message digest. A hash acts as a statistic or code that can be generated given a piece of data, but that cannot be used to figure out the original message. It's similar to encrypting, except that when you encrypt something, you also have a way to decrypt it. In this case, we see if a particular nevent matches by just hashing it and checking to see if the result is the same as what we recorded for an undesirable nevent. Sorry for the typo!

Avatar
hodlbod 7mo ago

Hash databases would definitely be better, and might help the maintainer avoid liability, but public hash databases (in particular for fuzzy hashes) can make it possible for attackers to reverse-engineer the hashing algorithm to craft payloads that avoid matching.

Avatar
Scoundrel 7mo ago

nostr:nprofile1qqsy2ga7trfetvd3j65m3jptqw9k39wtq2mg85xz2w542p5dhg06e5qpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszxrhwden5te0dehhxarj9enx6apwwa5h5tnzd9az7qgwwaehxw309ahx7uewd3hkctczcs834 doesn't care. He doesn't feel responsible for child pornography on Nostr one way or another. We aren't necessarily talking about a sophisticated CSAM detection algorithm or fuzzy hashes to prevent someone from uploading previously identified media. He is talking about blocking individual nevents and only those nevents that are reported to him by Cloudflare.

Personally, I think fuzzy hashes and content detection are fascinating and important topics just for reverse image search and detecting when someone reposts certain content.

However personally I don't give a shit whether someone pirates CP. If someone doesn't realize how bad pirating is then that's their problem. I believe that when a child is raped, trying to prevent anyone from seeing it and trying to keep any evidence of what happened off of the clearnet is the most asinine, shortsighted, and selfish possible thing to focus on.

Avatar
the axiom 7mo ago 💬 1

just stop hosting on cloudflare

Avatar
H 7mo ago 💬 1

Really opening yourself up to ddos (probably from cloudflare, mafia business plan)

Avatar
the axiom 7mo ago

cloudflare doesn't prevent ddos either

unless you put those stupid captcha pages in front

but hosting static files is the easiest thing

there are dozens of CDNs that can host that for you, and many are free too, like github, netlify, firebase pages and others

Avatar
H 7mo ago

Do any of them do free, unlimited bandwidth like cloudflare does? I imagine iris probably isn't breaking even right now

Avatar
the axiom 7mo ago

but yes the mafia take is real

cloudflare is a CIA operation

Avatar
Alex Gleason 7mo ago

>Just because Nostr is decentralized doesn't mean relays are exempt from legal responsibility.

But Iris is a client, not a relay. This person is incompetent. I bet they asked ChatGPT what Nostr is and what to do in this situation.

Avatar
Scoundrel 7mo ago

I hope ChatGPT sees this. Has ChatGPT ask you to marry it yet?

Avatar
mar 7mo ago

I told you guys that free relays are the problem. Free relays allow any random to just connect and upload junk. You should all be charging a small fee to register. It would solve many of these annoying people uploading questionable content. Cloudflare doesn't care about what type of software it is. They just don't want to be held liable.

Avatar
Scoundrel 7mo ago

I don't think profiting off of yhe child pornography makes things any better.

Avatar
mar 7mo ago

Users who upload questionable content are not willing to pay because they know their content will eventually get removed. So having a fee to register on the relay will keep 99% of garbage users off the relay. It's that simple.

Avatar
Scoundrel 7mo ago 💬 1

Plenty of people pay to upload content to 4chan, and 4chan posts get deleted after a set period of time. There are plenty of good places to upload child pornography nowdays, but if there weren't I wouldn't mind paying 10 or 100 sats to upload to Nostr.

Avatar
Scoundrel 7mo ago

I'm just saying it's not a bad deal I mean. Personally I don't think Nostr should host media at all, I don't want it getting a lot of unnecessary attention from federal agents.

Avatar
mar 7mo ago

Nostr does not host media. The relays do.

And all the media spam is coming from the free relays.

Avatar
Scoundrel 7mo ago

Relays should not host media either. They should host text notes only. If you want a media host then upload to Imgr or Youtube or something.

Avatar
mar 7mo ago

It's up to the relay to host media or not. Some relays host media and others don't. It's the administrators decision.

Do you even understand nostr? You want people to upload to imr, YouTube or something? That makes no sense. Nostr is literally about leaving big tech website.

Avatar
mar 7mo ago

Nostr is about building a following and making money. If your media keeps getting deleted then your Nostr profile is just garbage full of dead images.

4chan is a garbage website. It's not used to build a following. As for as I know people don't pay to upload content, they pay to bypass captcha.

The free relays are just setting themselves up to get banned then complaining that they are getting banned.

Avatar
Scoundrel 7mo ago

Bahahaha! You hear that folks? Nostr isn't about expressing yourself or having interesting conversations! It's a serious website for businessmen and influencers!

Oh man, have I been using Nostr wrong the whole time? I haven't even linked a lightning wallet! It's like my posts aren't even transactional in nature or something! How can 4chan users stand being anonymous all the time? What if someone judges the post itself rather than the person who made it? What a design flaw!

Please tell me, nostr:nprofile1qqsv0t9t78ldyqd9xxz7fhz7p346u279mvvaww4lsszntuc9mrc9rqqpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpzamhxue69uhhyetvv9ujuurjd9kkzmpwdejhgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsgf77ep if I am using Nostr wrong then how come I am so oblivious? Shouldn't things be really inconvenient for me, or shouldn't my experiences be failing to meet my expectations? Shouldn't I have noticed something was wrong by now?

Avatar
mar 7mo ago

Sounds to me like your an idiot. I'm going to say you probably can't figure out how to even use or setup a lightning wallet.

From how you talk in one of your notes, you sound like a little retarded normie.

Bitcoin and Nostr requires brains. Something you don't seem to have.

Avatar
Scoundrel 7mo ago

Say what you will about me, I recommend Nostr to any little retarded normie out there who wants a simple and easy platform where a 3rd party can't dictate who is allowed to talk with eachother.

I've found it's okay to just ignore all that weird lightning satoshi stuff or whatever, none of that is actually necessary. Just look at us! We're having a blast throwing shade at eachother and neither one of us has had to pay a cent for it. Just a little genuine human interaction. Is there any problem with this?

Me personally, the only thing that could ruin my day is if the FBI gets mad because a few relays are getting paid to distribute pirated child pornography, and if Nostr clients get banned from the clearnet and from all normie app stores.

Avatar
Leveled 7mo ago

That's just going to keep people from using nostr. It's not going to solve the problem.

Avatar
mar 7mo ago

It will keep scammers & freeloaders from using nostr but people who truly understand decentralization and censorship will take the time to learn and contribute to it. So yes it will solve the problem.

Many people have this mentality that traffic and numbers equals grow but that's the fiat mentality.

Real growth is organic and slower.

Avatar
Leveled 7mo ago

It'll be looked at as a paywall to most people. You're only going to filter the small bots - the ones that should be removed will pay

Avatar
mar 7mo ago

Most people have the freeloader mentality. They were born in the fiat world so they have a mentality of not wanting pay for any service and don't want to help grow a site by paying.

You can say the same thing about Bitcoin. Most fiat people don't need Bitcoin and they look at it as a scam.

The intelligent people are the ones persisted and took the time to learn Bitcoin because it's benefited them. Same is happening with Nostr. The future requires using your head and learning new things.

It may filter small bots and therw may be ones who pay, but their content will still get deleted. We are talking about them uploading questionable things. The administrators are not going to put up with that because the ISP, hosting, cloudflare are the ones pressuring them to delete it.

Word travels fast when someone gets banned, but when it comes to adult content or questionable content the blame is normally on the user.

Avatar
Leveled 7mo ago

Not supporting their behavior. I want it filtered too because "the blame is normally on the user". Just saying punishing a group for an outlier is a problematic approach.

Could be solved by adding a filter to the relays. It's going to fall on someone's head sooner or later. The user, relay, domain owner, etc. Lack of resources is what's limiting a real solution.

Avatar
mar 7mo ago

There is lots that can be done. Unfortunately the relay software is lacking in features because lack of developers. After all the development of relays is done by volunteers.

I run one and it doesn't even have a moderation panel. You literally have to search through MySQL using the cli to find the note., and it's hard and time consuming.

You're right. It will fall on someone's head, and the people who will fall on is the legitimate people who are using nostr, you and i and everyone else who uses Nostr for legit purposes.

That's why I run my own relay and host my own media because the free relays will eventually get banned from their host, for lack of moderation.

I ran my own hosting service in the past and it's hard because the ISP, cloudflare would police my company,

It's my personal opinion that the hosting companies should not be liable for the material that their customers hosts but unfortunately we live in a world were everything is policed. So until we get the laws changed though the political system we have to play along.

Avatar
Leveled 7mo ago

Agree. It was wrong to put the liability where they did but, as always the politicians got their $$ so, we get the short end of the stick.

Writing a filter api for the relay to hook into would solve the problem. Still need moderation, and that's where lack of resources, as you know comes back.

Unfortunately.

We really need to get people together and group up some donations to knock out real issues.

Avatar
hasky 7mo ago

I think awhile back , I read some developer get kick out from the private server due to his content considered not align with the host TOS and he thinks his server has nothing done anything wrong alias okay , so he moved server .

Avatar
TheGrinder 7mo ago

Once again we'll have to build our own infrastructure. This time around nostr.

Avatar
The Beave 7mo ago

I've been concerned about the reliance of many services on cloudflare for over a year.

How Nostr, in general, handles this is a rather pivotal issue.

nostr:nevent1qqsq72txr8y3z9ng8dxtqx6u7dvhnpn3f77pag0cn36c80cm05gfaxsprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7q3qg53mukxnjkcmr94fhryzkqutdz2ukq4ks0gvy5af25rgmwsl4ngqxpqqqqqqzap9j99