Abuse prevention #4

New issue

Open

opened 2024-06-29 17:39:48 +00:00 by sofia · 0 comments

sofia commented 2024-06-29 17:39:48 +00:00

Owner

Copy link

Users cannot directly share their memories (their heirs can access them, but they must request to do so), but they can theoretically share their assets with anyone using their session_key. This may be an useful feature, but we should keep in mind that this is a feature that may be abused by malicious third parties.

A server that blindly hosts and serves images and videos can lead to undesirable things such as hosting and sharing CSAM content, other illegal media, malware, etc. In order to comply with my moral and ethical principles, and European law, this must be addressed before hosting an instance.

Key points

• Balance usability and likelihood of abuse.
• Implement reporting systems, both automated and manual.
  • Perceptual hashes can be useful, but mainstream services like PhotoDNA are a privacy concern.
  • Develop a moderation panel that can be used to monitor suspicious activity and content by platform moderators.
  • AI systems with manual intervention have proven to be effective in cases like these; research is required.
• Improve the M2M mechanism to stop relying on the session_key.
• Improve the Asset API implementation to only serve images to the IP they were requested from.
• #1

Users cannot directly share their memories (their heirs can access them, but they must request to do so), but they can theoretically share their assets with anyone using their `session_key`. This may be an useful feature, but we should keep in mind that this is a feature that may be abused by malicious third parties. A server that blindly hosts and serves images and videos can lead to undesirable things such as hosting and sharing CSAM content, other illegal media, malware, etc. In order to comply with my moral and ethical principles, and European law, this must be addressed before hosting an instance. **Key points** - [ ] Balance usability and likelihood of abuse. - [ ] Implement reporting systems, both automated and manual. - Perceptual hashes can be useful, but mainstream services like PhotoDNA are a privacy concern. - Develop a _moderation panel_ that can be used to monitor suspicious activity and content by platform moderators. - AI systems with manual intervention have proven to be effective in cases like these; research is required. - [ ] Improve the M2M mechanism to stop relying on the `session_key`. - [ ] Improve the Asset API implementation to only serve images to the IP they were requested from. - [ ] #1

sofia added this to the First stable (v1) milestone 2024-06-29 17:39:48 +00:00

sofia referenced this issue 2024-06-29 17:45:38 +00:00

Server cost and long-term maintenance #5

sofia referenced this issue 2024-06-30 17:56:43 +00:00

Implement trustee system #6

sofia added the

area:infra

label 2024-10-20 11:10:06 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

rust-api

No results found.

Labels

Clear labels   

area:branding

  

area:infra

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

area:branding

area:infra

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

First stable (v1)

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: sofia/identity#4

No description provided.