Slashdot Mirror
Facebook To Fight Revenge Porn by Letting Potential Victims Upload Nudes in Advance (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: Facebook is testing new technology that is designed to help victims of revenge porn acts. It works on a database of file hashes, a cryptographic signature computed for each file. Facebook says that once an abuser tries to upload an image marked as "revenge porn" in its database, its system will block the upload process. This will work for images shared on the main Facebook service, but also for images shared privately via Messenger, Facebook's IM app. The weird thing is that in order to build a database of "revenge porn" file hashes, Facebook will rely on potential victims uploading a copy of the nude photo in advance. This process involves the victim sending a copy of the nude photo to his own account, via Facebook Messenger. This implies uploading a copy of the nude photo on Facebook Messenger, the very same act the victim is trying to prevent. The victim can then report the photo to Facebook, which will create a hash of the image that the social network will use to block further uploads of the same photo.
I already have a service that handles this, just send me the pic and I'll handle it....
Cheap storage VM.
I know they "claim" they will not keep the pictures, but only a hash of the image. But do you really trust Facebook that much?
First law of people: People are generally stupid.
What could possibly go wrong . . .
April Fools Day on Slashdot?
What could possibly go wrong?
What's wrong with putting all the nudes of every person on facebook on a database ?
What could go Equifax?
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
This reminds me of the humorous PSA where some teenage boys are offering free mammograms...
and sell it to advertisers and the government along with all the other PI you give him. For your protection of course.
You all laughed at me when I started building my labia shape hash algorithm, modded me funny.
Now you see how serious this issue is.
Ladies, send in your labia prints. Otherwise there can be no guarantee you'll be notified.
Next: Unlock you phone with the new 'snail trails' app.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
The public reaction to this is understandably somewhat muted and off-put. Why upload nude photos to Facebook, indeed? The claim is that they will compute a hash of the image, and store that to prevent future uploads.
If that is really the case, when why not compute the hash locally on the user's machine, and upload only the hash? Surely that can be done on essentially all modern hardware from cell phone to desktop in a reasonable amount of time.
Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
If you don't want your nudes to end up on the internet, don't send them to other people.
Forcing users to upload highly-sensitive pics to make sure others' won't post them.
There HAS to be a better way.... like: how about analyzing an image and computing the hash on a client device and uploading just the hash + analysis data? Or at the very least.... mask any public individual identifying info inside the image before uploading.
You can't tell me this idea did not come from a bunch of Facebook admins tired of the work it took to Google nudes.
"Let the nudes come to us!", they thought... and so it was.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Change the hash.
Next up, scripts that slice revenge porn into cropped blocks and rebuild revenge from cropped blocks.
What you upload to Facebook is your business.
But if you think Facebook is going to save you from internet trolls, I have a bridge that you might like to buy...
Theoretically you could hash files using FileAPI in modern browsers. Alternatively, an offline tool could be used to index your photos on your computer. Both of those scenarios would likely not be accessible via mobile devices although there's nothing preventing the development of a dedicated mobile app that does all of this locally on the device. Open source it so it can audited.
I'm not certain what the exposure is with this approach, in theory someone could abuse the process to claim hashes for other peoples images but I don't think there's any more risk of that with a local process than an online process. Regardless, the idea that you would upload nude images to a third party service like this seems ridiculous. Also, one seventeen year old does it and suddenly the service is in possession of child porn, it's nuts.
The idiocy of this is that if the revenge poster slightly alters the image (resize, re-compress, slight quality change, etc) it changes the hashing.
"All your nub are belong to us"
What, Zuckerberg isn't getting enough nude pix fast enough?
Reality has officially surpassed anything any parody could come up with.
Next up: Surpassing anything, any horror story could come up with. (I’m thinking post-Cthulhu here. If there will be a hellscape, I want it to at least blow my mind! :)
Wouldn't this be trivially defeated by running the pic through some sort of very minimal filter and then uploading the "new" pic?
Or even just re-saving it as jpeg with the compression cranked up a few percent?
And I thought I was lazy.
"Here, to prevent someone uploading unauthorized nudes of you, send nudes."
Best idea since European advertisers convinced women that showing their tits was somehow liberating. LOL.
-Styopa
So the proper way to do this is a one way transfer between servers and then disconnect each server from the internet when it's full. Then send requests over a highly restricted local network for comparisons. How they'll actually probably do this is on live, public-facing servers and just try to permissions-protect them or something stupid like that.
Are you kidding me? Who would trust this? I can only imagine the day THAT database gets breached. or sold to a 3rd party....
First of all, it's easy to make trivial edits to photos that would defeat hashing.
More importantly, this is a system that's not just ripe for abuse, but likely designed to encourage it. If I want to harass someone, I just go get their photos and "report" all of them. Poof! They're gone. I don't like a politician, so I "report" the image accompanying their news story. Poof! Gone.
Unless they want to instigate a human review to determine what's "legit porn" before blocking. In which case, guess what? Your only way to block revenge porn is to guarantee a Facebook staffer sees you naked. But don't worry! Just like the TSA, we're sure nobody will abuse THAT practice...
If facebook only needs a hash of the image, it should allow users to upload only the hash by providing the hashing function. Or are we talking about something super proprietary here?
If Facebook really cared about privacy they could a local hash calculator tool. The fact that they want the original is weird.They must have someone or an algo confirming that it is a nude picture.
So could I post pics of the Kardashian/Jenner & Trump clans and then
flag them and essentially block them?
Or, maybe, instead of blaming the person who obtained the image fairly for whatever use pleases them, the "victims" should assume the blame themselves and correct their own behavior.
Does no one see the potential pitfalls of training certain 'protected classes' to believe that they have no personal responsibility for their actions?
Imagine the enlargement pill ads when they start figuring out who would actually benefit!
I'm terrible, I'm sorry. I couldn't help myself, the article made it too easy.
He wants to see you neked.
" . . . its system will block the upload process."
Given that revenge porn is a crime in an increasing number of places, shouldn't be include "and notify the police of the attempt"? Does it even notify the user of the attempt?
What are the terms of service on these uploads? Do they include the clause that says "and we can change these TOS any time we want, to anything we want, and there's nothing you can do about it"?
Simply create a utility that lets a user open an image, calculate the hash, and send to facebook. They have enough machine learning ability to look and tell if something is a hot dog or not a hot dog. Or are they going to rely on human beings to review every photo and validate that it isn't, say, a cat photo?
Cute... Facebook pretending they don't have nude photos or a naked composite of everyone already.
"That's the way to do it" - Punch
1) Get nekkid picture of someone
2) Load in photoshop
3) Do something so the image looks the same but has a different hash (change size by 1 pixel, change a couple pixels, etc)
4) Upload pic to Facebook
make a tool that computes the hash locally that you then upload, FFS.
Comment removed based on user account deletion
This won't work because someone from Facebook would need to look at the images to determine if a request is legit, which, as the article says, is EXACTLY the thing the victim wants to avoid.
If nobody looks at the image, or, as some have suggested, the hash is computed client side (so nobody would be able to look at the image) it would be ripe for abuse. I could easily file takedowns for any pictures I want.
As a side note, someone also mentioned hashes won't work since they can be foiled by simple image manipulations. Doubtless this will be true in some cases, but it is certainly possible to make an image comparison that can take some of these things into account. Plus, the goal is likely to get the easy image postings automatically, while the remainder will be much smaller in number and easier for Facebook support staff to deal with manually as requested.
I'm personally suspicious of anyone who asks me for my private data -- all the more-so, when the first thing out of their mouth is that they only need it to protect me. And the thought that promptly entered my mind upon reading this particular blurb, is that perhaps somebody deep within the confines of Facebook HQ is positively drooling at the prospect of all those uploaded nudes that will soon be coming his way...
Comment removed based on user account deletion
Why can't I just upload the hash myself?
Awesome, because the day that leaks will be the beginning of the end for Facebook. They say they won't save them, but I don't trust them, not even a little, to keep their word.
Well this is interesting.
You have to send the image to FB. That prevents abuse of the system, since you won't be able to get a hash of the Mona Lisa or some stock photo up there. What it also implies is that the image is verified before the hash is computed. That means that some dude will be looking at your nudes before deciding if it's a real or fake one.
But, why aren't they using an algorithm for this? Well, current models (IsItPorn) aren't remotely there yet. A lot of weird stuff will get hashed and submitted. Second, an algorithm will not have the talent to identify fake stuff or funny stuff. And third, what do you think happens if FB gets it wrong? If they are actively participating in the revenge porn activity they will in fact be liable for any mistake (and the person in question is unlikely to be amicable at the time). So they will absolutely have an employee go through the details to avoid mishaps.
I really hope I can sign up for that job.
I think I'll beta test this one for FB, if they agree that my title would be Master
Overheard at the water cooler: See that new guy over there, he's the (whispers)
Go ahead, call him
Assuming this is all automated, I can just upload any picture I don't want anyone else to upload?
If it is not automted/if it is verified by a human, I live it 6 monthes before the leaks start.
My understanding of file hashes is that they're calculated from the contents of the file. MD5, SHA1, SHA256, etc.
If an image is resized, or cropped, or even has a single pixel altered that'll change the data stored on the disk, and each of those algorithms will produce a completely different hash value for the modified file than for the original.
So exactly how does hashing make this work?
I think everyone is in agreement that this is a dumb move on facebook's part. I mean it is simple enough to compute the hashes locally and it has been proven that even after you "delete" something on facebook, they still keep a copy of it saved somewhere.
My questions are; who thought this was a good idea? and how much of the facebook koolaid have they been drinking?
I wouldnt be suprised to hear that group think on their campus has gotten so thick that they think that the general public loves facebook as much as they do but are there not more efficent ways to do this using their algorithms? I mean they already know who we are sleeping with by those algorithms so shouldnt they be able to narrow down which uploads are to be screened first?
Kind of like a "we know that you broke up with person x and these uploads have a large percentage of skintone in them thus we are going to review your upload before it becomes public"
They claim to be the smartest people, it shouldnt be that hard for them. Or maybe its all lies and bullshit and they are starting to sing their death song.
So from one side we have facebook getting people to send them nudes, like they need any more.
On the other side, the revenge porn people just need to crop or resize the image right?
You'd only have to tweak one pixel, just a little bit, and the hash would be completely different. I don't believe that "hash" thing. They act like this is gonna be unhackable but it won't be. It's just a very very bad idea unless there is some clever and perfect way to prevent tempering the the picture to change the hash, which would surprise me.
Facebook NudeProtect by Facebook Inc. [invisible unicode here]. Just a simple interface where users can upload their nudes to have them scanned by FB... could even include some fake Hollywood-looking scans and jargon, followed by a "destroying image" blurb. Nothing bad will come of this idea FB has.
Many have pointed out that with the simplest hashes, you just need to change a pixel to thwart it.
So, you go to a hash that works with image features. OK, shift or blur a feature. Defeated.
Next step, just use AI to recognize the face and nudity. The user can ban all nude pictures of them, even if generated from scratch using a 3D model of them. Now, you'll find that other people's images are occasionally banned too. This gets into a wonderful sci-fi story I once read where people could be forced to have plastic surgery for looking too much like the copyrighted image of a celebrity.
There is no end to the problem...
...accept to just get over it. Privacy is gone. Stop fighting for it. Learn to forgive your fellow man their faults. Realize that you have many of your own. There are likely very few out there who have not committed felonies in their lives if every moment of their life could be examined in detail. Body shame is the least of our faults. Get over it.
Revenge porn is a don't care if everyone would just grow up and not care.
As dumb as it sounds, this is how the copyright office handles it already. http://money.cnn.com/2015/04/2...
I haven't read the article, but I assume a file hash won't prevent the abuser from resizing the picture, changing a pixel on the image which will change the hash completely. Unless of course Facebook does something like scale and rotation invariant pattern detection and hashes off of those.
I've made it impossible to take pictures of my junk in the first place, by way of a thick and luxuriant man-bush which tastefully covers all. And the ladies laughed at it! WELL WHO'S LAUGHING NOW!?
"When information is power, privacy is freedom" - Jah-Wren Ryel
First off, is there really a problem with revenge porn on facebook and if there is, it would seem that the easiest solution for
facebook is to block all porn. I've never seen nudes on facebook. I always assumed that it would be against facebook policy
as facebook is mostly a PG-13 kindof place.
Second, I would think that facial recognition would be the correct solution. Let someone upload a picture of their face and
facebook can make sure that that particular face doesn't appear in nudes. An unidentified nude without a face even if someone
says "this is so-in-so" is pretty harmless as if you can't see the face you could pretty much say it is anyone.
Lastly, google just came out with facial recognition for dogs so presumably you could also use that same technology for
tattoos, or specific body parts too.
But again, I would think revenge porn would be primarily a problem on other services not facebook.
First, why does an image have to be uploaded? Can't the hashing process be incorporated into the messenger app, or even a standalone app?
Second, all the "revenger" has to do is upload a photo that doesn't hash to the same outcome, right? So, just changing a single pixel should circumvent this?
Is Facebook really this stupid, or is someone there just trying to build the biggest porn collection ever assembled?
Besides, it won't block a damn thing.
A hash is calculated off a complete image.
All the revenge porn guy has to do is crop the original, fuzz some portion of it, add a text bubble, ...
Then you have a new image w/ a new hash that is not in the database and you can easily upload it and post to facebook, turning it into the largest purveyor of revenge porn out there because, just like that dumbass from LifeLock that posted his SSN and dared folks to steal his identity, FB is daring revenge porn guys into bypassing their filters...
How do you stop users from attacking other's rights to post their images by simply getting one of those images and posting it to this ban mechanism? It seems that everyone would have to provide some proof that they are the owner of the image. Only a verified account where a user has submitted a photo ID could utilize the system. Even then, it would be difficult to prove your right to block revenge porn that doesn't use your face.
Silly iPhone with their limited facial recognition. Facebook will soon offer you the confidence of the far more secure full-body recognition experience.
Check your premises.
As Bill Gates would say; "That ought to be enough for anybody". Unless Zuckerberg wants to browse the actual photos.
Facebook announces new partnership with YouPorn and RedTube.
#DeleteFacebook
I must be missing something.
If your ex has a set of naked pictures of you, that's the set that has to be flagged, and to do that, that's the set that has to be uploaded. Those won't match any picture you may have already taken separately and "pre-emptively" uploaded, if I understand what it is they expect people to do.
Or are they actually pretending all pictures of you in existence, past, present, and future, will somehow magically end up with the same hash?
If nobody looks at the image, or, as some have suggested, the hash is computed client side (so nobody would be able to look at the image) it would be ripe for abuse.
There is a very easy fix for this - the first time the hash matches the takedown requires human approval. This way someone only looks at the image if the image is already uploaded for people to look at and you can't abuse the system by filing takedowns for random pictures. This would even reduce Facebook's work because instead of checking every upload they only have to check ones which match.
1) Are we sure it isn't April 1st? I've heard of companies doing dumb things but I can't imagine how this anyone thought this was a good idea, are we sure the whole article isn't some kind of prank?
2) IF they were going to try this simple facial recognition should be enough.
I stole this Sig
Yes, but that's not how relationships work. People want to do things that don't work 100% because for that moment they want that person to have access to such things. Then the relationship sours and things that were wanted become unwanted.
If South Park is not making an episode out of this, they dropped the ball[s]!
Seriously, photoshop your own face onto your favorite porn star and send it to Facebook... then wait and see what happens. (if it surfaces anywhere, sue Facebook!)
Couldn't people wanting to post revenge porn just crop and/or apply a subtle filter to their image before submitting to cause it to hash differently?
Stupidity Tests are awesome and I'm glad that the suits haven't taken over Facebook and forced them to lose their sense of humor. I like how Facebook gets to take things to the next level (they already have a population of volunteers who are pre-selected as being ok with Facebook in general). Let's see how many fall for it. 2018 needs good news stories too.
I think this is one of the very best prank ideas, ever. And would Google have thought of something so invasive? Would Microsoft have thought of something so dark? Would Apple have thought of something so limited and constraining? Would Amazon have thought of something this obviously-hair-brained? Facebook wins this round, period, beating everyone else at their own game.
"Believe me!" -- Donald Trump
Seriously, just let the hashes be uploaded in the first place and not the photo. If the tool really is just using hashes, there is no need to send the photo. The only thing that the photo could be used for is for all the other data mining that you have already agreed to, such as advertising uses...
Then of course, there is the insider threat that someone with the keys to the kingdom will have one heck of an amatuer collection on their hands....
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
we already know that FB is the king of metadata porn, and you want to volunteer genuine porn?
is there an antidote for the Stupid Virus, which seems to be spreading exponentially?
if this is supposed to be a new economy, how come they still want my old fashioned money?
FB could release an app (maybe more geared for a desktop) to generate the hash on THEIR OWN FREEKIN' PC. Then the hash itself is added to the database.
Sure, the admins at FB won't be able to do....umm, Quality Control?....on the image, but more people would use it if they knew no one else would see it.
But, what if they don't have the image (i.e. the guy took it on his cell and never sent it to her, etc.) This still would not help. Maybe some type of facial recognition tech, but more like Ms. Ballbreaker on Porky's where they would recognize it/them anywhere in a lineup? Boobie-metrics?
Seriously, Facebook just wants more data to blackmail you with.
Either be OK with pictures of you naked not being private or don't take them at all.
Well, anyone going into a relationship, assuming that it will last forever is an idiot.
We're all human, we all fuck up and most of the time, we split, and not all the time amicably.
So, if you keep that in mind...you'll know it isn't a good idea to let yourself be photographed in nude or sexual situations.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
.. I was born into. Times really have changed. Funnily enough for by now, I would have ventured personal space travel and flying cars, the preemption of revenge porn never crossed my mind.
But it is a good idea... at the time. It's only after the relationship sours that it becomes a bad idea. People are state machines and every moment is a forever, so it does last forever, just not for all eternity.
If I take that view though I'll never get married because by extension, I'd be an idiot to not assume financial ruin.
They want the pron.
A very common reason to take pictures during sex is to show that the person was enthusiastically taking part and in no way coerced. If later there is an allegation the picture is solid defense. With all the affirmative consent laws being passed parents with boys need to teach their sons to always take a picture of a girl during sex and keep it as proof of consent.
If they're just taking a hash of the image file, that's defeated by changing metadata. If they're hashing the image content, it's defeated by transcoding to a lossy format or resizing.
Image fingerprinting is a thing, though, so I imagine they're doing something like that. But that forces them to continue supporting that fingerprinting algorithm forever.
The algorithm they use is hopefully robust against standard image filters, like color transforms.
"I'd be an idiot to not assume financial ruin."
Yes, you would be. A pre-nup is nearly a must in this day and age.
This is a great idea! I am certain this kind of system could never have any flaws or be abused in any way.
I don't get this. Why can't you just upload the hash? There are some really fantastic algorithms that are virtually impossible to falsely collide. Then if your former SO uploads something that collides, a real human can still make the final call. A smart algorithm could also "fuzz" the pictures so that if your ex tries to sprinkle pixels, resize, crop, etc., the "fuzzed" shot still has the same hash as the clean shot. All of that could be done client side. FB has no need for the data... but when did that ever stop them?
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
ok.. nothing could go wrong here
Upload them _here_ and find out!
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
So to circumvent this all you need to do is change a single pixel to get a completely different hash.
This has been addressed before, as anything that pops up anymore - The accepted approach is if you do have your pix taken, wear a mask. It's that simple. It can be as unobtrusive as the ones Google shows if you search for: nude pictures with mask and view images.
Based on a hash? So if I modify 1 pixel, the hash changes right?
If they wanted to avoid the inevitable leaking of those photos in the future, they would have users upload the hashes instead. Facebook would be unable to ever leak the photo, and they'd still be able to block it.
Fapbook? The Bookening?
As you say, humans fuck up. An amazingly common form of fuckup is making the assumption that the person you're dating/fucking is completely trustworthy. When people are in love (or just really, really horny, as the case may be), they're just not prepared to think that this person would betray them.
Can't you do stuff to the photo to change the hash? I mean, it can't be that simple, no?
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
You know it will happen. Especially for nudes.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
If Facebook is more trustworthy than your lovers then you've really made some poor choices in your life.
This is just back to basics for what facebook's original intention was; mark zuckerberg's personal snoop and fap source.
I'll have to remember to flip a random bit in each of my revenge porn images that I upload. What a nuisance... I'll never put up with that. The power of checksums is that they are completely changed if any single bit is altered, so this solution has more holes than my spaghetti strainer.
We need an app that will convincingly put a naked body on anyone's face.
Then no one could ever be sure that a naked picture of someone was a real pic or something manufactured.
Then if a naked pic of you showed up you could just say "nice fake! not me."
Even though I understand the technical explanation behind this, Facebook is going to have a very very hard time suggesting such a thing
1. Suckermountain is dirty.
2. Arrest him for indecency ! LOL.
http://mobile.abc.net.au/news/2017-11-08/sia-leaks-nude-photo-of-herself-to-thwart-paparazzi/9129056
What is to stop someone (or a group, so the images are uploaded by different users) uploading 100 images of someone famous. It would effectively ban them from Facebook!
How will FB know it's a false positive, or a malicious hit without the original image?
Ladies and gentlemen i give you the next big hack target
Will FB be able to fix the obvious and simple dodge: minor changes to the file completely change the hash, making hash-matching filters almost meaningless.
It doesn't have to be completely butt naked does it? Like seriously they need the hash of your dick to know it's you? Can't just use faces, arms and everything else but no?? They need you dick! ;)
Clearly a scam if you ask me.
I'm going to upload photos of things I'm sick of people posting on facebook. :-)
Social media sites should listen to reports and actually follow their own policies.
Take down posted images and severely punish those who publicly threaten to post nudes.
My story on this. This guy who is a total piece of garbage, threatened several women to post nudes of them on Instagram / send them to their husbands and proceeded to tell them "stfu you stupid worthless hoe" .. HE THEN SCREENSHOTS THE COMMENTS AND POSTS THEM TO INSTAGRAM. Bragging saying look at these stupid hoes.
Me and others report the image to Instagram. When I reported it, I see in RED PRINT "threats to send nude photographs is a serious violation of our terms and we take violations of this very seriously." ... Or something similar to that.
Nothing happened. Eventually we actually got the dude's account suspended, but he somehow contacted Instagram and got it unsuspended.
"I was told by a lawyer there's nothing anyone can do legally. You can't force them to follow their own policies." .. This is what needs to change. Right there.
They need to be permabanned from using Instagram if they do that, and reported to the authorities..
That's like someone grabbing some girl's ass and crotch in a store and then slapping her across the face if she says no, and the store not calling the cops. It's ridiculous, and haunted me for some time. I let it go, which was the healthiest and only thing I could do, because there seems to be nothing else you can do.
The problem in fact is with the site AssFaceBook. Also RedFaceBook, PronFaceBook, and DoYouKissYourMotherWithThatFaceBook!
Or at least make sure that everything on the wedding gift registry is in multiples of two so it's easier to sort things when you split up.
What could possibly go wrong? :-)
Seems like it should be possible to upload a hash of the subject photo instead of the photo itself; photos hashing to the same value would be suppressed, or at least subject to additional scrutiny before going public.
What am I missing?