
Ask HN: Dealing with users who share child porn? - chejazi
We&#x27;re a bootstrapping link shortening startup and currently we don&#x27;t have a lawyer to consult. We&#x27;re working on that. In the meantime...<p>We got a tip that one of our users was using our service to share child porn. Does anyone have any advice for how to deal with this situation? We plan on reporting what we have to the authorities. Additionally, we banned the user and blocked access to the destination (didn&#x27;t delete the redirect url from our servers, to retain proof).<p>Any help would be greatly appreciated.
======
NameNickHN
I run a couple of short URL websites and this kind of short URLs along with
links to phishing and spam sites is what you'll get on a very regular basis in
this business.

Those short URLs are often being used in mass mailings, guestbooks, comment
forms etc. and they'll get reported pretty quickly to URL blacklists. That
gives you the chance to disable the shady short URls before too many people
come across them.

Here is a list of URL blacklist providers that you should check each URL
against, both before accepting it into your database and again before you
deliver it to the user:

multi.surbl.org, uribl.swinog.ch, dbl.spamhaus.org, url.rbl.jp,
uribl.spameatingmonkey.net, iadb.isipp.com, dnsbl.sorbs.net

You can find out more about this stuff on
[http://www.surbl.org/](http://www.surbl.org/)

Since I've implemented these checks I only receive complaint emails every
other month and no contact from the authorities so far (in contrast to the
disposable email services I run).

When you get a complaint about a URL, your software should allow you to
disable all the URLs of the reported domain. There are times when the spammers
have taken over a forum (or any site really) and created a large amount of
spammy content.

Hope this helps.

~~~
chejazi
Thank you - I'm going to check out those blacklist providers. I have the
ability to disable by host; up until now I haven't had the need to exercise
that feature.

------
bifrost
The EFF may be able to help you. I would prepare a document with the logs/info
that you have in addition to a copy of your privacy and data retention policy.
You may also want to doublecheck to see if the submitter IP is a Tor node,
that'll make everyone's lives easier. I believe the FBI has a special
taskforce for this should you contact them.

~~~
chejazi
Headed to the EFF branch in SF tomorrow. Thanks for the suggestion.

~~~
chejazi
EFF wasn't much help. They gave me a brochure of their services and told me to
email them.

------
brudgers
{Random advice from the internet}

My first thought is to wonder why someone would want to be in a space where an
arms race against people devoted to child porn was both necessary and
constant. Particularly when that space wasn't providing capital sufficient to
retain a lawyer.

My gut tells me that as a matter of will, it's going to be hard to keep this
class of activity from reoccurring regardless of how this incident works out
and that scaling the service will scale the headaches of monitoring and
policing user behavior along with it. Personally, I'd rather deal with users I
liked. YMMV.

Good luck.

~~~
chejazi
Thanks. We're working on ways to secure the capital for things like retaining
a lawyer. It's not the fault of the space itself; our business model hasn't
been fully executed.

As to it being an arms race, I'm not sure the techniques to filter content are
really competing against anything. Sure, it seems like there will always be
more sites to ban, but its not like adblocking, where the tricks are getting
more sophisticated over time.

Also, I like (most of) my users! We've had some spam issues in the past where
users created minor headaches, but this was a first.

------
Spooky23
If you store photos, Microsoft has a free product called photodna that will
match filed against illegal images.

Take a look at the Center for Missing and Exploited children and perhaps call
them. They operate a tip line to report this kind of activity. Sad that we
need to think about these things.

~~~
chejazi
No photos stored, just links. Thanks for the suggestion!

------
max_
you can use [https://davidwalsh.name/nudejs](https://davidwalsh.name/nudejs)
to detect their posts and then: Ban them!!

