Catbox.moe got screwed đż
(blog.catbox.moe)
from Toes@ani.social to technology@beehaw.org on 02 Jun 2025 23:20
https://ani.social/post/14569311
from Toes@ani.social to technology@beehaw.org on 02 Jun 2025 23:20
https://ani.social/post/14569311
threaded - newest
I wonder what kind of of csam detection they have. If theyâre only relying on hash matching, theyâve gonna get fucked from novel genai csam. This is why stuff like the fedi-safety exists which they could use as well
It seems to be unspecified "automated and manual" systems plus reports from the NCMEC https://lemm.ee/post/65739566/20890503 , which they process quite fast https://lemm.ee/post/65739566/20890630 .
Sorry your links donât work it seems. Maybe those posts were deleted.
In any case, if their âautomatedâ is just hash matching, itâs just not going to cut it.
Just guessing what the links may have beenâŚ
Possibly my post on lemmy.world, removed due to breaking rule 2, âOnly tech related news or articlesâ
Iâll copy paste my comment from there:
In the reply to Patreon they mentioned having some automated and manual ways of removing CSAM, plus âclosely working with NCMECâ, but I have no idea what that means.
And these statistics of resolved reports: missingkids.org/âŚ/2024-notifications-by-ncmec-resâŚ
Total number of reports of 128 resolved on average in 1.91 days. Less than half the time spent by Amazon, Google and Microsoft (for Bing).
The other link might have been to this comment:
<img alt="" src="https://i.imgur.com/jrC5OT1.png">
âHaving manual ways to remove csamâ means almost nothing. All of lemmy has a âmanual way to remove csamâ. âclosely working with NCMECâ can mean they just use the cloudflare mechanism which is just hash matching. Point is, itâs very easy for a malicious actor to upload csam and then report them to patreon for it, without ever reporting it to them.
Canât you always attempt uploads until they bypass arbitrary filters and then report-snipe on that?
How would a content-based filter prevent this if the malicious actor simply needs to upload correspondingly more images?
I think the sad reality is that the only escape here is scale. Once you have been hit by this attack and been cleared by the 3rd parties, youâd have precedent for when this happens again and should hopefully be placed in a special bin for better treatment.
Scale means you will be fire-tested, and are more likely to receive sane treatment instead of the ai-support special.
There can be warning about someone getting caught with multiple failed attempts
Screwing with payments is a go to scummy tactic these days. Itâs enough to make you go full commie
This sucks. I use Catbox quite heavily. I'll probably buy a sub to help support them, but I hope they're able to recoup enough to stay afloat. It's been really great having access to a non-enshittified, login-free host for video files and I'd hate to lose it.
.