I wonder if projects like Signal could make a community run and certified hash database that could be included in Signal et al without threat of governments and self-interested actors putting malicious entries in. It definitely doesn’t solve every problem with the client side scanning, but it does solve some.
But… an open, verifiable database of CSAM hashes has its own serious problems :-S
Maybe an open, audited AI tool that in turn makes the database? Perhaps there’s some clever trick to make it verifiable that all the hashes are for CSAM without requiring extra people to audit the CSAM itself.
Yes, though doesn’t client side scanning do that anyway? Or must the client side scan be completely secret and also only communicate to law enforcement/whatever secretly?
I wonder if projects like Signal could make a community run and certified hash database that could be included in Signal et al without threat of governments and self-interested actors putting malicious entries in. It definitely doesn’t solve every problem with the client side scanning, but it does solve some.
But… an open, verifiable database of CSAM hashes has its own serious problems :-S Maybe an open, audited AI tool that in turn makes the database? Perhaps there’s some clever trick to make it verifiable that all the hashes are for CSAM without requiring extra people to audit the CSAM itself.
You’re unfortunately also handing people distributing csam a way to verify whether their content would be detected by checking it against the database
Yes, though doesn’t client side scanning do that anyway? Or must the client side scan be completely secret and also only communicate to law enforcement/whatever secretly?