Hey @[email protected], just so you know, this tool is most likely very illegal to use in the USA. Something that your users should be aware of. I don’t really have the energy to go into it now, but I’ll post what I told my users in the programming.dev discord:
that is almost definitely against the law in the USA. From what I’ve read, you have to follow very specific procedures to report CSAM as well as retain the evidence (yes, you actually have to keep the pictures), until the NCMEC tells you you should destroy the data. I’ve begun the process to sign up programming.dev (yes you actually have to register with the government as an ICS/ESP) and receive a login for reports.
If you operate a website, and knowingly destroy the evidence without reporting it, you can be jailed. It’s quite strange, and it’s quite a burden on websites. Funnily enough, if you completely ignore your website, so much so that you don’t know that you’re hosting CSAM then you are completely protected and have no obligation to report (in the USA at least)
Also, that script is likely to get you even more into trouble because you are knowingly transmitting CSAM to ‘other systems’, like dbzer0’s aihorde cluster. that’s pretty dang bad…
here are some sources:
- https://www.law.cornell.edu/uscode/text/18/2258A
- https://crsreports.congress.gov/product/pdf/LSB/LSB10713
- https://www.missingkids.org/theissues/csam
- https://www.cloudflare.com/service-specific-terms-application-services/#csam-scanning-tool-terms
- https://developers.cloudflare.com/cache/reference/csam-scanning/#what-happens-when-a-match-is-detected
- https://developers.cloudflare.com/cache/reference/csam-scanning/#what-action-should-i-take-when-a-match-is-detected
Thanks for the context. You can really tell by reading it too, they’re clearly trying to make it sound like companies can’t exist without tracking users, absolutely batshit insane.