[the8472]

> - The user uses a JS solution to hash the images on the client, without the image being uploaded

You have to trust facebook in either case, each time you do it. Either to handle your nude pics properly or to serve you javascript that does what they claim it does, every single time.

On the other hand an open source desktop application only needs to be audited once and then can be validated based on a hash.

In browser crypto is not a solution if you want to minimize the needed trust.

[oh_sigh]

Nobody wants to run a desktop application given to them from facebook

[hnzix]

But it could force autoinstall from the website and autoscan your drives then preupload your nudie pics and tag them with your name. How convenient! If all your friends are using it then it must be safe right?

[the8472]

> only needs to be audited once and then can be validated based on a hash.

I thought I covered that concern, but I neglected to mention that it should be open source so everyone can audit it.

[statictype]

It’s better than sending them NSFW photos for human review

[zodiac]

You could examine network traffic to confirm that not enough data is sent to reconstitute the picture

[the8472]

They could save it indexedb or localstorage and send it later. So now you have three things to inspect. They could even shunt it to a different domain within the browser through iframes and messaging. Now you have another thing to watch. There aren't even any devtools to watch that.

The cheese is full of holes.

[icebraining]

You'd have to check every single time, since the code can change at any time.