This is annoying. Got a CSAM report for user-generated content that I'm not even hosting. There's nothing I can delete. Apparently Cloudflare wants me to implement censorship lists.
Nostr clients are not legally required to maintain censorship lists any more so than web browsers like Chrome or Firefox are. There's just Cloudflare policy and guilt by association. Understandably, it's easy to confuse a web application url like iris.to/npub1... for a content host.
Should I implement ever-growing censorship lists, at least for visitors who are not logged in? The problem is, someone can just create a new Nostr account and re-post the links to illegal content ad infinitum. When this happens, maybe Cloudflare will get the point. Or more likely, they'll just delete my account.
Maybe there's some other ISP that allows hosting of applications that don't ship with extralegal censorship lists?
Iris native app via Tauri could be a resilient direction, but it kind of defeats the purpose of having a web app in the first place: ease of access, sharing by url and mobile PWAs that bypass app stores.. If you're going to have a native app, actually native-built will probably have better UX.
How are other web clients dealing with this? nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn
I have temporarily "solved" the problem by displaying this passive-aggressive notification when the hash of the public key you're trying to view is on the CLOUDFLARE_CSAM_BANNED list.
The hash list itself is here: https://github.com/irislib/iris-client/blob/main/src/utils/cloudflare_banned_users.ts
If these reports are sporadic, as they seem, I would use Cloudflare's Rules to filter out the single events.
So you don't expose the CASM source, see:
They aren't advertizing it. The elements of the list are half, meaning that it is impossible to determine what the original nevent or npub was unless you already have them.
Ahhh, ok.
Sorry, I re-read my post. I meant the elements are *hashed. Hashing means passing something through a one way function like a message digest. A hash acts as a statistic or code that can be generated given a piece of data, but that cannot be used to figure out the original message. It's similar to encrypting, except that when you encrypt something, you also have a way to decrypt it. In this case, we see if a particular nevent matches by just hashing it and checking to see if the result is the same as what we recorded for an undesirable nevent. Sorry for the typo!
Hash databases would definitely be better, and might help the maintainer avoid liability, but public hash databases (in particular for fuzzy hashes) can make it possible for attackers to reverse-engineer the hashing algorithm to craft payloads that avoid matching.
nostr:nprofile1qqsy2ga7trfetvd3j65m3jptqw9k39wtq2mg85xz2w542p5dhg06e5qpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszxrhwden5te0dehhxarj9enx6apwwa5h5tnzd9az7qgwwaehxw309ahx7uewd3hkctczcs834 doesn't care. He doesn't feel responsible for child pornography on Nostr one way or another. We aren't necessarily talking about a sophisticated CSAM detection algorithm or fuzzy hashes to prevent someone from uploading previously identified media. He is talking about blocking individual nevents and only those nevents that are reported to him by Cloudflare.
Personally, I think fuzzy hashes and content detection are fascinating and important topics just for reverse image search and detecting when someone reposts certain content.
However personally I don't give a shit whether someone pirates CP. If someone doesn't realize how bad pirating is then that's their problem. I believe that when a child is raped, trying to prevent anyone from seeing it and trying to keep any evidence of what happened off of the clearnet is the most asinine, shortsighted, and selfish possible thing to focus on.
