sofia/identity
1
0
Fork 0
Code Issues 7 Pull requests Actions Packages Projects Releases Wiki Activity

Abuse prevention #4

New issue
Open
opened 2024-06-29 17:39:48 +00:00 by sofia · 0 comments
sofia commented 2024-06-29 17:39:48 +00:00
Owner
Copy link

Users cannot directly share their memories (their heirs can access them, but they must request to do so), but they can theoretically share their assets with anyone using their session_key. This may be an useful feature, but we should keep in mind that this is a feature that may be abused by malicious third parties.

A server that blindly hosts and serves images and videos can lead to undesirable things such as hosting and sharing CSAM content, other illegal media, malware, etc. In order to comply with my moral and ethical principles, and European law, this must be addressed before hosting an instance.

Key points

  • Balance usability and likelihood of abuse.
  • Implement reporting systems, both automated and manual.
    • Perceptual hashes can be useful, but mainstream services like PhotoDNA are a privacy concern.
    • Develop a moderation panel that can be used to monitor suspicious activity and content by platform moderators.
    • AI systems with manual intervention have proven to be effective in cases like these; research is required.
  • Improve the M2M mechanism to stop relying on the session_key.
  • Improve the Asset API implementation to only serve images to the IP they were requested from.
  • #1
Users cannot directly share their memories (their heirs can access them, but they must request to do so), but they can theoretically share their assets with anyone using their `session_key`. This may be an useful feature, but we should keep in mind that this is a feature that may be abused by malicious third parties. A server that blindly hosts and serves images and videos can lead to undesirable things such as hosting and sharing CSAM content, other illegal media, malware, etc. In order to comply with my moral and ethical principles, and European law, this must be addressed before hosting an instance. **Key points** - [ ] Balance usability and likelihood of abuse. - [ ] Implement reporting systems, both automated and manual. - Perceptual hashes can be useful, but mainstream services like PhotoDNA are a privacy concern. - Develop a _moderation panel_ that can be used to monitor suspicious activity and content by platform moderators. - AI systems with manual intervention have proven to be effective in cases like these; research is required. - [ ] Improve the M2M mechanism to stop relying on the `session_key`. - [ ] Improve the Asset API implementation to only serve images to the IP they were requested from. - [ ] #1
sofia added this to the First stable (v1) milestone 2024-06-29 17:39:48 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
First stable (v1)
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: sofia/identity#4
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?