360

Lemmy Safety now supports cleaning local pict-rs storage from CSAM (github.com)

submitted 1 year ago* (last edited 1 year ago) by db0@lemmy.dbzer0.com to c/selfhosted@lemmy.world

44 comments fedilink hide all child comments

I posted the other day that you can clean up your object storage from CSAM using my AI-based tool. Many people expressed the wish to use it on their local file storage-based pict-rs. So I've just extended its functionality to allow exactly that.

The new lemmy_safety_local_storage.py will go through your pict-rs volume in the filesystem and scan each image for CSAM, and delete it. The requirements are

A linux account with read-write access to the volume files
A private key authentication for that account

As my main instance is using object storage, my testing is limited to my dev instance, and there it all looks OK to me. But do run it with --dry_run if you're worried. You can delete lemmy_safety.db and rerun to enforce the delete after (method to utilize the --dry_run results coming soon)

PS: if you were using the object storage cleanup, that script has been renamed to lemmy_safety_object_storage.py

you are viewing a single comment's thread
view the rest of the comments

[+] bamboo@lemmy.blahaj.zone -54 points 1 year ago

I hope people share the positive hits of CSAM and see how widespread the problem is…

It sounds like you're encouraging people to share CSAM images found, which is obviously not the intent of this tool. There's probably a better way to phrase what you were trying to say.

[-] smegger@aussie.zone 35 points 1 year ago

I expect they just want statistics

[-] BitOneZero@lemmy.world 13 points 1 year ago* (last edited 1 year ago)

Yes. odd how people think sharing CSAM is why people would post here, instead of actually tracking down and prosecuting those sharing CSAM. Details about the users who sharedl CSAM content, such as timestamps - would help identify the offenders for prosecution.

[-] bamboo@lemmy.blahaj.zone -2 points 1 year ago

I assumed as much after reading it several times, but just wanted let you know and point out that statement could be misconstrued. Thanks for clarifying!

[-] andrew@lemmy.stuart.fun 5 points 1 year ago

Because of the way pictrs organizes photos, which I believe is by hash (could be random id but I suspect not), you should be able to share filenames for cleanup by neighbors without having to share the contents.

Even if it's not organized that way automatically, though, you can pretty easily use sha256sum to get a shareable hash before deleting the content.

[-] BitOneZero@lemmy.world 3 points 1 year ago

I think timestamps of files would be one of the easier things, and try to track back to postings and comments that references the upload... ideally the logged-in account (which is the standard install of lemmy, only logged-in users can upload to pictrs)

[-] BitOneZero@lemmy.world 9 points 1 year ago

It sounds like you’re encouraging people to share CSAM images found, which is obviously not the intent of this tool.

Yes, that is in fact the context.

Context: "which is obviously not the intent of this tool. "

it is not my intent to share the images, nor is it the context of the tool.. Sharing details about the users, timestamps - would be the obvious context.

[-] Earthwormjim91@lemmy.world 5 points 1 year ago

Why are you such a weirdo where that’s where your mind goes.

Sharing positive hits isn’t saying share the images. It’s saying share the data on who what when where how the hit showed up positive.

Who shared it.

What was it (this is obviously going to be some kind of CSAM given that’s the tool).

When did they share it (time stamps).

Where did they share it (was the same image hit on other runs and what instances did it hit on with the tool).

How did they do it (local sharing, an image hosting service, etc).

[-] bamboo@lemmy.blahaj.zone 0 points 1 year ago

You list great points of information that should be shared to admins of other instances. Thanks for clarifying.

[-] SharkEatingBreakfast@sh.itjust.works 4 points 1 year ago

In order to get the answers you're looking for, put out the question "what exactly does this statement mean?" instead of "sounds like this means ___" and waiting for a confirmation/rejection of your assumption.

[-] 1984@lemmy.today 0 points 1 year ago

Who would do this....

this post was submitted on 31 Aug 2023

360 points (99.5% liked)

Selfhosted

39677 readers

432 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz