oh well. Hello again!
A day ago the NCMEC announced a Take It Down service to help minors who were stupid enough to share their intimate photos with public. Alright, this is a great idea and apparently it costs tons of facebook cash, who sponsored this, but the way this idea was deployed sucks.
Here’s a extract from their FAQ:
Ok, so no visual verification will take place and NCMEC trusts everyone who adds hashes there? Good for kids, alright! As per out test this is really the case: the hash is really calculated on client side and nothing more than that hash is then sent to NCMEC. Nice! The problem here is in “trust”.
Of course we didn’t submit this hash, we are good guys. But a Bad Guy can poison the hash database with nonsense. What exactly would prevent trolls from abusing service like that if NCMEC trusts everyone?
Wait, this reminds me something… Yep, EOKM that was! And now we are up to (at least) two databases full of crap that will force ISPs and hosting operators to take down anything just for lulz.
That being said there is no way to apply to join this programme. So basically they have chosen great folks at Pornhub and OnlyFans to partner with, but we are not invited to this party, despite that we could help much more.
NCMEC, if you are reading this, please contact us firstname.lastname@example.org.