There are 3 processes: PhotoDNA hashing [1], automated flesh tone detection, and manual review.
1. PhotoDNA runs on every upload. It's only used to identify known child pornography that has already been reported, to make sure it can't be re-uploaded.
2. Automated flesh tone detection only runs when a photo is shared. (This is a change in policy; it used to run on upload.) There are heuristics that try to measure whether it's personal sharing or broad sharing, and we're continually improving those. The goal is to make flesh tone detection only run during broad sharing.
3. If the broad sharing criteria is met and automated flesh tone detection triggers a positive result, that is the only case in which an item is anonymously sent to manual review. It's some highly controlled clean-room environment where a dedicated team tries to determine whether the content is a legal risk or not. Clear cases of shared child exploitation porn are reported. (A parent's "baby in bathtub" type of photos are not the target here.) In most cases, it's adult pornography or family photos. In those cases, the folder is marked as porn and simply can't be shared again. (There's a user-visible message on the web UI.) It's not deleted, and it continues to be fully accessible to the owner across all machines.
The scanning policy used to be more aggressive and didn't exclude content that was unshared or only shared to a small set of people. None of us liked that policy to begin with, and then some high-profile false positives helped force the policy to be revised.
I keep reading that OneDrive lets users upload adult porn either through here, or reddit AMAs, etc.
However, the terms that are linked to me at the bottom of OneDrive.com specifically tell me that uploading porn is not allowed and presumably (haven;t double checked) tell me that if I do my MSA will be deactivated.
It's nice to have you and co. tell me that you allow porn, but the fact that the terms I legally agree to contradict what you say sort of puts me in an uncomfortable position.
Have you thought about changing the terms of use to accurately reflect your policies?
1. PhotoDNA runs on every upload. It's only used to identify known child pornography that has already been reported, to make sure it can't be re-uploaded.
2. Automated flesh tone detection only runs when a photo is shared. (This is a change in policy; it used to run on upload.) There are heuristics that try to measure whether it's personal sharing or broad sharing, and we're continually improving those. The goal is to make flesh tone detection only run during broad sharing.
3. If the broad sharing criteria is met and automated flesh tone detection triggers a positive result, that is the only case in which an item is anonymously sent to manual review. It's some highly controlled clean-room environment where a dedicated team tries to determine whether the content is a legal risk or not. Clear cases of shared child exploitation porn are reported. (A parent's "baby in bathtub" type of photos are not the target here.) In most cases, it's adult pornography or family photos. In those cases, the folder is marked as porn and simply can't be shared again. (There's a user-visible message on the web UI.) It's not deleted, and it continues to be fully accessible to the owner across all machines.
The scanning policy used to be more aggressive and didn't exclude content that was unshared or only shared to a small set of people. None of us liked that policy to begin with, and then some high-profile false positives helped force the policy to be revised.
[1] https://en.wikipedia.org/wiki/PhotoDNA