Facebook To Fight Revenge Porn by Letting Potential Victims Upload Nudes in Advance

Catalin Cimpanu, writing for BleepingComputer: Facebook is testing new technology that is designed to help victims of revenge porn acts. It works on a database of file hashes, a cryptographic signature computed for each file. Facebook says that once an abuser tries to upload an image marked as "revenge porn" in its database, its system will block the upload process. This will work for images shared on the main Facebook service, but also for images shared privately via Messenger, Facebook's IM app. The weird thing is that in order to build a database of "revenge porn" file hashes, Facebook will rely on potential victims uploading a copy of the nude photo in advance. This process involves the victim sending a copy of the nude photo to his own account, via Facebook Messenger. This implies uploading a copy of the nude photo on Facebook Messenger, the very same act the victim is trying to prevent. The victim can then report the photo to Facebook, which will create a hash of the image that the social network will use to block further uploads of the same photo.

What could possibly go wrong?

[Major_Disorder]

I know they "claim" they will not keep the pictures, but only a hash of the image. But do you really trust Facebook that much?

Re: What could possibly go wrong?

[Pascoea]

Really? You honestly thing a company with virtually unlimited resources didn't think of that? (Or the Parent's "changing a pixel" comment?) I realize that what they are doing doesn't follow the definition of "hash" as we traditionally think about it, where changing one bit in the source changes the hash. But I'm pretty sure FB didn't just get outsmarted by two ACs on Slashdot.

Re: What could possibly go wrong?

[lgw]

The point is that facebook would need to store more than just a hash to accomplish their goal -- they need ways to deal with the image being scaled, rotated, run through a filter, etc. In other words... they need to keep a likeness of the original image.

There are simple image signature algorithms that are stable across all those transformations (unless the filter is extreme), but will still make random collisions unlikely. Old technology at this point.

Why not compute hash locally?

[pz]

The public reaction to this is understandably somewhat muted and off-put. Why upload nude photos to Facebook, indeed? The claim is that they will compute a hash of the image, and store that to prevent future uploads.

If that is really the case, when why not compute the hash locally on the user's machine, and upload only the hash? Surely that can be done on essentially all modern hardware from cell phone to desktop in a reasonable amount of time.

Re:Why not compute hash locally?

[swillden]

If that is really the case, when why not compute the hash locally on the user's machine, and upload only the hash?

Cool. I hate CNN's fake news. I'm going to write a script that takes every image from every CNN story and uploads the hashes. Sharing of CNN stories on Facebook is going to be shut down.

s/CNN/whatever you hate/

The obvious corollary here is that Facebook needs not just the hashes but also the original image, so they can determine whether it's a real nude photo. Algorithms can do that pretty well, so Facebook may be able to arrange that no human ever needs to see the image... but there's no way for the uploader to be certain that's what they're doing.

Also, the "hash" probably needs to be something a bit more image-focused than, say, SHA256. Otherwise any trivial modification of the image would change the hash. So it's got to be something that survives scaling, cropping, resolution changes, watermarking, etc. Which means that if the exact algorithm leaks, people can reverse engineer it to figure out how to work around it. That's another reason they need to do the hashing on their end.

Simpler solution

[religionofpeas]

If you don't want your nudes to end up on the internet, don't send them to other people.

Re:This is already avaliable

[cayenne8]

I have a QUICK solution to all this, works 100%.

Don't fucking let someone take pictures or video of you naked and/or having sex!!!!

Sheesh....when did something like common sense about not letting someone take pics of you in compromising situations go out the fucking door?

This is getting crazy

[whyyisthissohard]

Or, maybe, instead of blaming the person who obtained the image fairly for whatever use pleases them, the "victims" should assume the blame themselves and correct their own behavior.

Does no one see the potential pitfalls of training certain 'protected classes' to believe that they have no personal responsibility for their actions?

Requires Manual Review of Images

[The+MAZZTer]

This won't work because someone from Facebook would need to look at the images to determine if a request is legit, which, as the article says, is EXACTLY the thing the victim wants to avoid.

If nobody looks at the image, or, as some have suggested, the hash is computed client side (so nobody would be able to look at the image) it would be ripe for abuse. I could easily file takedowns for any pictures I want.

As a side note, someone also mentioned hashes won't work since they can be foiled by simple image manipulations. Doubtless this will be true in some cases, but it is certainly possible to make an image comparison that can take some of these things into account. Plus, the goal is likely to get the easy image postings automatically, while the remainder will be much smaller in number and easier for Facebook support staff to deal with manually as requested.

Re:This is already avaliable

[Oswald+McWeany]

yup 100% of the time it will work. except the times where it doesn't like when someone has hidden a camera in a bathroom or hotel room or their bedroom...

Or they accidentally upload the photo to their feed instead of the protection service.

This doesn't make sense.

[Wycliffe]

First off, is there really a problem with revenge porn on facebook and if there is, it would seem that the easiest solution for
facebook is to block all porn. I've never seen nudes on facebook. I always assumed that it would be against facebook policy
as facebook is mostly a PG-13 kindof place.

Second, I would think that facial recognition would be the correct solution. Let someone upload a picture of their face and
facebook can make sure that that particular face doesn't appear in nudes. An unidentified nude without a face even if someone
says "this is so-in-so" is pretty harmless as if you can't see the face you could pretty much say it is anyone.

Lastly, google just came out with facial recognition for dogs so presumably you could also use that same technology for
tattoos, or specific body parts too.

But again, I would think revenge porn would be primarily a problem on other services not facebook.

Re:This is already avaliable

Also I have a tangential question (sorta reverse revenge porn):
1) Minor takes nude selfie and sends it to target (say hated step parent).
2) Reports target for being in possession of CP.
3) now what?

How it works in the US:
3) Police breaks down door and drags target to jail
4) Police finds evidence on phone
5) Depending on how rich/connected/white target is
    a) not: target gets charged with possession of CP and goes to jail. Target is put on list of sex offenders.
    b) very: target's lawyer points out the minor sent it, target is innocent. Minor is sent to juvie for distributing CP. Minor is put on list of sex offenders.
    c) somewhat: (a) and (b)

Re: This is already avaliable

[Falconnan]

Has said every aging generation to every up-and-coming generation since time immemorial. A large part of the problem is puritanical culture, frankly. Nudity should not be as big a deal as it is.

Re:This is already avaliable

[plopez]

Compromising position? Just do what I do, do not consider them compromising.

WTF is wrong with people? Showing war movies or action movies where people get blown away is OK, but if you were to show a married couple having sex to create a child it would be considered "dirty".

We live in a death culture.

Re: This is already avaliable

[whyyisthissohard]

It's not puritanical in any way. Nudity objectively implies availability for sex. Welcome to 10,000+ years ago.

But polynesian tribes etc.!

Guess what? Most of us aren't polynesians. These tribal people did not erect western civilization. These tribal people had less need of clothing for warmth in their habitat.
Humans need clothes to survive. There are only certain occasions when clothes are taken off. Traditionally the most important one if not the most common is for mating. This is ingrained in our brains.

And besides you have no point whatsoever, because these photos are invariably taken in a mood of arousal, signalling a very clear context.

But my pet theory!

Not so "insightful".

Re:This is already avaliable

[plopez]

Then don't look.

Re:This is already avaliable

[Tuidjy]

I would also take you up on that offer. But could you please explain to me, first, how you deal with the things with which Facebook clearly does not:
- how do you avoid charges of moving and storing child porn if the user is underage?
- how do you make sure that minor changes to the original picture do not produce completely different signatures?
- how do you make sure that none of your employees have access to the originals?
- how do you make sure people upload only pictures in which they are the subject?
- how do you make sure that the mechanism is not used to suppress legitimate pictures?
- etc, etc, etc.

What could possibly go wrong?!