
WhatsApp has an encrypted child porn problem - sahin-boydas
https://techcrunch.com/2018/12/20/whatsapp-pornography/
======
GreaterFool
> WhatsApp chat groups are being used to spread illegal child pornography,
> cloaked by the app’s end-to-end encryption. Without the necessary number of
> human moderators, the disturbing content is slipping by WhatsApp’s automated
> systems.

Wait what? Moderators for end-to-end encrypted communication?

Something doesn't add up!

~~~
enlyth
I'm guessing since these are publicly accessible groups via apps as the
article suggests, moderators could in theory search out and shut down such
groups. Not sure how much data they are able to provide to the authorities
though, I guess prosecuting the people is the difficult part.

~~~
GreaterFool
Yeah. It's just bad writing in the opening paragraph.

WhatsApp doesn't provide search but groups can be joined via links. Third-
party apps and sites use the links to index groups. Some groups share illegal
content. WhatsApp should hire people to crawl those apps/sites, find the
illegal groups, join, verify and ban.

Not entirely unreasonable. Won't fix anything* but if the company is big and
well funded they should at least make some effort.

* so you ban the users? $10 gets you a new pre-paid sim card

Could it be that "tech companies" are reluctant to pursue cat and mouse
solutions (which also cost money) while "non-tech public" seems content enough
if attempts are made to push the issue deeper under the surface?

~~~
ars
> so you ban the users? $10 gets you a new pre-paid sim card

And then when they recycle the unused number, and you get it and discover you
are "lifetime banned", and I'm quite sure there's no appeal process.

~~~
Matt3o12_
I don’t get why you were downvoted. Life time banning new phone numbers is a
real concern considering how often they are recycled. I mean WhatsApp isn’t
doing that (as far as i know) but some services do that or even do a step
further and ban your whole account if you add a banned phone number.

For instance, steams anti-cheating service will lifetime ban you and your
phone number if you ever get chaught cheating in any game that uses steam anti
cheating services. And apparently you will also get banned if you update your
account to a previously banned number. That sucks for normal users who get a
new phone number but doesn’t do much against determined cheaters who just
purchase a new SIM card if they get caught (and they won’t use their real
steam account as well).

Steam is not the only service that heavily relies on phone numbers not
changing and I find it very troubling how little is reported about that (which
might become a real concern later).

I believe the only reason WhatsApp doesn’t do that is because 90% of all
people aged 16 to 69 use it at least a few times a week in many of their
markets and a recycled phone number will very likely be given to a new,
innocent user (unlike smaller sites such as steam where giving a cheaters
number to another person who also uses steam is quite slim).

------
baby
Or rather, humanity has a lot of problems. Including rape, pedophilia,
murders, etc.

I don't think WhatsApp in particular has a problem.

Are houses a problem because they hide crimes with their walls?

~~~
legostormtroopr
Why aren't builders taking more initiative to employ moderators to monitor
crimes inside the houses they build?

~~~
Johnny555
That's not a perfect analogy -- these aren't people meeting one-by-one in
private spaces, WhatsApp is providing them a shared space where they can meet
and share images.

This seems more like blaming a hotel for letting one of their conference rooms
be used for an illegal porn swap meet.

~~~
Doxin
You can have a shared space in your private space very easily, so it does seem
to me like the analogy holds up.

------
dkobia
You can't have it both ways. End to end encryption or open groups with
censorship by moderation, pick one. This is a side effect of private clubs and
private online communities. While I don't condone the behavior, we need to get
more creative on how to police this than putting in place mechanisms for
violating everyone's privacy, which is just lazy and dangerous.

It's hard to read some of these stories without ignoring the current surge of
schadenfreude that writers are capitalizing on.

------
Sargos
This problem is only going to grow in the future. You can't control or
reliably censor information on a free and open internet. The only way to
ensure that nothing "bad" happens on the internet is to completely lock it
down and whitelist everything that is posted. This isn't going to happen.

In a few years blockchain based messaging apps will be launching and they will
not be controlled by Facebook or anyone else. You won't be able to ban anyone.
This is something we are going to have to accept and deal with. There will be
things you don't like on the internet.

~~~
munchbunny
_blockchain based messaging apps_

Out of genuine curiosity, where do blockchains enter into the messaging space?
Auditable chat histories and identities? As opposed to other
cryptography/security techniques, blockchain doesn't seem like an especially
good match for the problem space.

~~~
Sargos
Messengers need someone to host and maintain the servers. That requires a
monetization model and requires someone to act as a central figure. That
figure (like Facebook) then has to either moderate the content or try to make
a case of not being able to but still facilitating it.

A messenger using the blockchain as its medium requires no staff to operate it
and has nobody responsible for it. There is nobody to blame for whatever it's
used for and nobody to dictate what it can and can't be used for. The group
chats will simply exist and require no maintenance which is very desirable
from an app point of view. Also a big positive is that you don't have to worry
about the company running your messenger going out of business and then you
lose the ability to use your app.

~~~
hiccuphippo
There's already p2p messaging apps that do that without any blockchain
nonsense. The blockchain would leave a permanent trace to which pseudonym
posted what forever.

~~~
Sargos
P2P messaging apps have a hard time with group messages because you have to
have someone online to relay messages at all times. Group chats really have to
have a shared storage medium to work.

~~~
tya99
> P2P messaging apps have a hard time with group messages

Well [https://tox.chat](https://tox.chat) and
[https://ring.cx](https://ring.cx) (now Jami) can do just that as well as
[https://briarproject.org](https://briarproject.org).

So these do exist. Such a thing was also being proposed for Ricochet
[https://github.com/ricochet-
im/ricochet/issues/54](https://github.com/ricochet-im/ricochet/issues/54)

~~~
Sargos
That's neat. Thanks.

------
Asooka
No. The world has a child porn problem. And until you start offering mental
health care to paedophiles and going after child porn producers, nothing will
change. You can ban the entire internet if you like and paedos will just meet
in bars and exchange usb sticks. This is ridiculous, of course every single
secure information exchange platform will be used for child porn. And drugs.
And teens sending nude pictures to each other. And terrorists. Etc.

------
gmaster1440
Newsflash: e2e encryption is used to send content that stands to gain most
from using it.

~~~
izzydata
Careful there. You don't want to cause people to pull an Australia.

~~~
muthdra
Australia has passed controversial laws designed to compel technology
companies to grant police and security agencies access to encrypted messages.
The government says the laws, a world first, are necessary to help combat
terrorism and crime.

Source: [https://www.bbc.com/news/world-
australia-46463029](https://www.bbc.com/news/world-australia-46463029)

~~~
tya99
Passing a law is easy, but putting it in practice is enough thing. We of
course won't hear about that side of it because "secret".

I have no doubts that the big companies which this seems mostly for will be
doing everything to decentralize and remove themselves from the problem citing
"systemic weakness" and then doing nothing for the government.

~~~
cyphar
> Passing a law is easy, but putting it in practice is enough thing. We of
> course won't hear about that side of it because "secret".

ASIO has to provide statistics on how many notices they issued in their yearly
reports. In addition, recipients of reports are allowed to provide statistics
about his many reports they've received. See s317ZF.

> I have no doubts that the big companies which this seems mostly for will be
> doing everything to decentralize and remove themselves from the problem
> citing "systemic weakness" and then doing nothing for the government.

Except that Apple (and other such companies) have explicitly designed their
e2e systems in a way that they could be backdoored (users don't need to sign
new identities with a key, so Apple can add a new one -- which is how the
device adding feature works).

In addition, many such companies have the ability to provide a single
backdoored binary to a single user. This, according to the legislation, would
not be a systemic weakness. There is work you could do to make yourself
resilient to company-wide sabotage but no company I'm aware of is doing it.

------
ag56
> In July 2018, the NGOs became aware... The NGO reported their findings to
> Israeli police but declined to provide Facebook with their research.
> WhatsApp only received their report and the screenshot of active child
> pornography groups today from TechCrunch.

Huh? Who are these NGOs looking out for? Why wouldn't you tell FB in the first
instance?

~~~
gtirloni
Because once you become aware of a crime you let law enforcement handle it?
Neither these NGOs nor Facebook are Batman.

------
albertgoeswoof
Is it possible to use metadata to understand these networks without actually
decrypting anything?

If you can track down a bunch of these groups through public / advertised urls
you can probably figure out a whole bunch of them based on the participants in
each group. I bet it forms a beautiful graph.

There might be some other user patterns you can identify which point to
suspicious groups / patterns as well

How else could you solve this? Create hashes of known illegal images and check
them locally?

------
hiccuphippo
Does the postal service have a problem if people uses their service to share
illegal pictures? I think they are just a victim of abuse of their service.

~~~
astura
Yes, it cares very much, the postal service has its own police department
even.

------
philip1209
But, if it's encrypted, isn't it impossible to quantify?

~~~
ars
The join group links are public. So not really encrypted, since the key is
public.

~~~
rorykoehler
So then the police should do their jobs?

~~~
ars
I actually agree, I don't think this should be WhatsApp's job. I really don't
like this trend of making private companies do the job of Police, Judge, and
executioner.

------
shamborambo
The internet has an unencrypted child porn problem as well.

The medium used to communicate is irrelevant to the discussion here. If they
can't control the unencrypted platforms, why are they pulling focus to
encrypted platforms if not to influence public opinions regarding encrypted
mediums?

------
pmarreck
It seems impossible to determine the amount of secular empirical harm being
done by child porn consumption (for example, if all of the child porn being
produced in a group was fabricated, who is harmed and how?), but we can at
least imagine how much harm is done by a breach of privacy by corrupt
governments.

Also, this (Frankly dumb) article perhaps unknowingly just marketed the
existence of these groups to new fans (I note that the link to the cited
Android app for whatsapp-group-discovery now 404's) and THAT will surely be
harmful.

I'd comment on the article itself but Techcrunch's website is a dogpile of
shit with a terrible onboarding workflow and site design.

------
wpdev_63
Is this _actual_ child porn or is this the kind of child porn they found on
NSA/CIA leaker's computers[0]?

[0]:[https://arstechnica.com/tech-policy/2018/06/ex-cia-
engineer-...](https://arstechnica.com/tech-policy/2018/06/ex-cia-engineer-
indicted-on-several-new-charges-connected-to-vault-7-leak/)

------
S-E-P
I take issue with this idea that pedophilia has been "growth-hacked" (stupid
term BTW).

Like what? Does no one who looked at this article (before publishing) have any
idea how the internet works? Do they have this wonderful illusion that just
because something is made slightly easier to access that it suddenly boosts
how many pedophiles in the world? Little Johnny doesn't just browse a WhatsApp
directory listing and say, "You know what? I've never really wanted to see
children abused but now that there's a nice 'Adult' section containing this
sort of content... I think I'm a pedophile now!" Anyone viewing that crap
voluntarily was a pedophile to begin with, and like every single one of them,
public castration should be an acceptable form of punishment (legalize it).

CP (a known abbreviation) has been circulated on the world wide web since the
first big wave wherein more than a few thousand people were using it (back
before it was referred to as the 'internet'). Hell i remember accidentally
running across several images in my early teen years (when I was moderating
for a forum), surprise surprise, it didn't "growth-hack" that vile garbage
into my life, you know what it did? It ruined my day that's what it dig, and I
absolutely hated the fact that I even saw that, it made me want to never see
it again! Flagged for deletion, offender's account was terminated, and a
report was filed (with the authorities).

It was also around this time that me and some of my friends decided to have
some fun on IRC, I was bored enough that I would often troll IRC for hours,
found several questionable channels, where RP (a known abbreviation) was huge
and a few of the members were looking for someone to RP as... well children.
Yikes! So... we didn't RP, what we did was act like real 12 yr. olds just to
mess with them, and after a while of conversing, we'd sometimes get these
creeps to get on a greyhound and make a trip (several times across the
country) to send them to non-existent meetings, often humorously sending them
to a place right across from a police station or whatever we thought was
funniest.

Innocent fun I'd say, but anyway, more to the point of the article. No this
does not "growth-hack" pedophilia, it just makes it all the more apparent that
people are not inherently good and it's stupid to think you can stop the rot.
Though I do support the push to limit this as much as possible, though I'd
like to see arrests, I'd like to see these bastards rot in prison till they
drop dead, and any solution that just covers up the issue without actual
consequences for the offenders does not get my consideration. Children are our
future, they must be protected.

------
faissaloo
Some people have taken to calling this 'the pedo problem' or 'pedophiles ruin
everything' since it's such a recurring theme around encryption and
anonymisation.

------
woolvalley
This kind of shit is like the black mold of communication systems.

------
tinus_hn
Should be pretty easy to trace the users if it’s an open group. The encryption
only keeps things hidden from people not in it and anyone can join.

------
hackandtrip
Other than closing the Internet as someone suggests, wouldn't be possible to
integrate the service that Microsoft offers to detect this material? Other
apps like telegram, not e2e, could be integrated more easily, but personally I
wouldn't mind such system being native on Android or IOS - allowing to make
life much more difficult for pedos.

------
graphememes
Doesn't the Dark Web have the same issues?

~~~
gtirloni
If the news is to be believed, people on the Dark Web screw their privacy up
so frequently that law enforcement probably _wants_ them to be there so it's
all contained and easier to investigate.

------
shiburizu
Aaaand the privacy advocate community collectively goes "Here we go again" all
at once.

------
hkt
It is almost like letting people act with impunity by putting the state at an
informational disadvantage in a hyper-connected and hyper-mediated age is
going to result in pretty unpleasant stuff becoming more common and more
accessible.

Goodness, who knew?

