Hacker News new | ask | show | jobs
by JoshuaMulliken 2437 days ago
Unfortunately, I think projects like this that make it easy to create onion resources are quite dangerous. The reduction of friction to host material online in a completely anonymous way only enables adverse actions like the sharing of CP or other illegal content. Please look here for a good explaination of friction in this space -> https://stratechery.com/2019/child-sexual-abuse-material-onl...

If it is used by political or marginalized communities, then this project is also not useful. It does not have the support or attention required to enable it to be secure enough like the TOR project does. This application opens up legitimate users to incredible risk.

If I were a dissident, I would take my time and do the research required to set up a system like this in the correct way. This project may give people a sense of false security.
4 comments
momack2 2437 days ago
While IPFS has been used successfully for censorship resistance (ex the Catalonian independence movement: http://la3.org/~kilburn/blog/catalan-government-bypass-ipfs/), I completely agree that anonymity is not something that IPFS claims to support right now - and users should be very careful in how they use the network for censorship resistance. While there have been some experiments in this space (ex OpenBazaar's onion/tor transport for IPFS: https://github.com/OpenBazaar/go-onion-transport), none of them have been audited for reader/writer privacy.
link
DuskStar 2437 days ago
Ah, yes. The good old "don't make that tool because bad people might use it" argument.

Similarly, we should ban sharing information on hacking/security because bad people might use it, and require that all communications be visible to the government to prevent abuse.

link
JoshuaMulliken 2437 days ago
That is not the argument being made. It is an argument that having friction in the process to do something that may have dangerous outcomes is sometimes positive.

It is much the same as arguments that there should be gun training required to purchase a firearm. Adding friction to a process sometimes provides positive benefits.

link
DuskStar 2437 days ago
> That is not the argument being made. It is an argument that having friction in the process to do something that may have dangerous outcomes is sometimes positive.

The argument being made, as far as I can tell, is that this tool will make doing bad things easier, and thus this tool should not be made. As any tool to resist censorship will also enable said bad things, I do not find this to be a valid concern. (And since some governments would list censorship resistance itself as one of those bad things, this is always going to be true)

> It is much the same as arguments that there should be gun training required to purchase a firearm.

I think the tech equivalent to this would be mandating a "don't sexually exploit children" class before allowing purchase of a computer. (As you might guess, I'm not a fan)

> Adding friction to a process sometimes provides positive benefits.

Sure, but you have to make sure the collateral damage is minimized AND that you're actually catching the offending segment of the population. Mandating gun training before purchase is actually a great comparison here - the vast majority of gun crime in the US is committed with illegally acquired weapons (which would be unaffected by the mandate), just like I imagine that the majority of CSE imagery shared on the internet uses something more robust than OnionShare. So in both cases you'd have high collateral damage with minimal impact to the population you actually care about affecting...

link
JoeSmithson 2437 days ago
> I imagine that the majority of CSE imagery shared on the internet uses something more robust than OnionShare

The majority is shared on normal social media and Bittorrent, although the worst is shared on dark web sites of the same robustness as OnionShare.

link
dependenttypes 2437 days ago
> and Bittorrent

What? No, far from it. Bittorrent is pretty clean regarding illegal material (excluding piracy ofc) - which makes sense, after all you leak you ip address and the torrent that you are downloading to the whole network (if you have DHT enabled) and/or to your tracker, plus your ISP can see what you are sending and receiving (while there is a standard for encrypted transmission in bittorrent I do not think that it is widely used). What do you consider as "CSE" anyway? Would a picture of a girl at the beach be considered a "CSE"? If so you might find such torrents (I wouldn't know), but I think that calling it "CSE" is dishonest.

link
JoeSmithson 2437 days ago
I'm a detective that works exclusively on online child abuse, I regularly arrest people who have downloaded and/or distributed IIOC over Bittorrent.

The definition of IIOC is provided by the Home Office and split into three categories. Ultimately it is decided by a jury although the categorisation is rarely contested.

link
vageli 2437 days ago
> > I imagine that the majority of CSE imagery shared on the internet uses something more robust than OnionShare

> The majority is shared on normal social media and Bittorrent, although the worst is shared on dark web sites of the same robustness as OnionShare.

By what measure?

link
JoeSmithson 2437 days ago
Number of files shared
link
belorn 2437 days ago
The argument for friction was lost the moment we got cheap access to home recordings, which at this point is any mobile phone that was produced in the last 20 years.

From all my history in computer security, conferences and just picking up trends in what criminals do, the most common channel for sharing CP should be, as an educated guess: Plain text email. A smartphone, a camera app and the email app that is already installed, as an educated guess, is the tool of choice for the wast majority of cases. For the remaining portion we got people who do not take most friction-less method, and here I doubt OnionShare will cause any change in the availability of CP.

A bit of a tell is that during the crypto wars there were officials that forbode that there would be an explosion of CP if free encryption was allowed. CP and nuclear proliferation was the standing bet between Eben Moglen and Phil Zimmermann on what the opposite side would first bring up, and I think its fair to say that neither issue occurred after Phil Zimmermann won.

Taking a perspective from behavior science, CP production and sharing is unlikely to be a rational decision where risk and reward is fairly balanced. As an example I would predict that increased jail sentences does not actually reduce the crime rate, nor would turning a very hard tool into only slightly hard to use tool. Effective measures would have to either address the emotional state of the person right before the crime, or implement catching mechanism in the tools with lowest friction like email and email replacements like chat.

link
dependenttypes 2437 days ago
> like the sharing of CP

A victimless crime.

> or other illegal content

Such as for a chinese citizen to post criticism of the party.

> The reduction of friction to host material online in a completely anonymous way only enables adverse actions like the sharing of CP or other illegal content

More like "only enables the less tech-savy and saves time from the more tech literate", I do not see how it correlates with the sharing of illegal material.

> It does not have the support or attention required to enable it to be secure enough like the TOR project does

It is a front-end for tor basically, it inherits its security properties. Moreover just because a project is made by one person it does not mean that it is any less secure. Consider libsodium/nacl/monocypher vs most other crypto libraries for example. Also, by the same logic it would not be of use to these that share CP because "It does not have the support or attention required to enable it to be secure enough like the TOR project does", it's not like people that share CP need any less security than a dissident in china.

> legitimate users

This implies that these who share illegal content are not legitimate users. Please be more clear with your terminology, usually illegitimate users are people such as spammers and attackers.

link
BurnGpuBurn 2437 days ago
> > like the sharing of CP

> A victimless crime.

Most certainly not. A lot of victims that were exploited in the production of child porn have to live with the knowledge that for the rest of their life that material will be out there, viewed by every dirty slimy degenerate wanting to do so. It's also one of the reasons a lot of them commit suicide. The fact that the justice system makes even viewing this material illegal is not for nothing, but comes from a proper understanding of how child porn victimizes people.

link
buisi 2432 days ago
That isn't quite the case, it is more so due to negative attention in the media from child killers and the like. Most of it actually tends to be thirty year old magazines, nudes and things the minors (perhaps foolishly) upload themselves.

This may also seem morally wrong, so to speak, but the consequences for such are exactly the same as if you were to watch someone getting whipped and violently raped. There isn't really an incentive to go for anything "less bad", especially considering it is an innate attraction you can never get rid of.

In some states, the sentences for outright molesting dozens of kids is lighter than looking at some images or videos on your computer. It is ludicrous and it is almost as if the state cares more about "Out of sight, out of mind" than anything else.

They're even throwing people in prison for looking at cartoons or having the wrong books.

The question at the end of the day is... What exactly are people supposed to do then? Commit suicide? Perhaps genocide 0.1% to 1% of the population who have these "wrong thoughts"? The paranoia has gotten so bad that some viruses even plant CP on your computer.

link
dependenttypes 2437 days ago
> A lot of victims that were exploited in the production of child porn

Good thing, sharing existing CP is not the same as exploiting people to create CP.

> by every dirty slimy degenerate wanting to do so

You are aware that you managed to insult even the people who want to but refuse to watch CP for moral reasons, right? You are basically calling a group of people with a certain attraction that they themselves can't change as "dirty slimy degenerate"s.

> It's also one of the reasons a lot of them commit suicide

I honestly doubt that, but if we assume that was indeed the case, shouldn't the authorities simply not inform them that their pictures/videos are being distributed online? Even then though, I still can't see this as a reason to illegalise it. Should we also make rejections(from jobs/relationships/etc) illegal because some of the people who receive said rejection commit suicide?

Also, I find it dishonest of you not to consider the people who have been unjustly jailed if not for distributing at least for possession of CP, some of which have committed suicide.

> The fact that the justice system makes even viewing this material illegal is not for nothing, but comes from a proper understanding of how child porn victimizes people.

Just like how the justice system in most countries until recently illegalised homosexuality and sex before marriage, right? There are many unjust laws, especially in the area of personal freedoms/victimless crimes (growing weed, owning cocaine, sending a nude picture of yourself from when you were underaged, etc)/copyright (piracy/unauthorised modification/breaking drm).

link
BurnGpuBurn 2437 days ago
> > A lot of victims that were exploited in the production of child porn

> Good thing, sharing existing CP is not the same as exploiting people to create CP.

No it isn't the same thing. Sharing child porn is victimizing people though, it is victimizing the people that are abused in that material.

> > by every dirty slimy degenerate wanting to do so

> You are aware that you managed to insult even the people who want to but refuse to watch CP for moral reasons, right? You are basically calling a group of people with a certain attraction that they themselves can't change as "dirty slimy degenerate"s.

I didn't mean to insult those people. I like however how you've turned this around from the victims of child porn on to the victims of a comment on HN. And it's absolutely not a fact that people that suffer from an attraction to children can't change that. Some cases seem induced by excessive porn viewing and revert when those people stop doing so for a couple of months. Though there are also people who seem to be incurable.

> > It's also one of the reasons a lot of them commit suicide

> I honestly doubt that, but if we assume that was indeed the case, shouldn't the authorities simply not inform them that their pictures/videos are being distributed online?

This idea is laughable. Do you honestly believe just not telling the victims the material is out there will convince them the material isn't out there?

> Even then though, I still can't see this as a reason to illegalise it. Should we also make rejections(from jobs/relationships/etc) illegal because some of the people who receive said rejection commit suicide?

This is a straw man, I didn't cite the suicides as a reason to make child porn illegal. It's is part of the picture though.

> Also, I find it dishonest of you not to consider the people who have been unjustly jailed if not for distributing at least for possession of CP, some of which have committed suicide.

Oh yeah, how dishonest of me not to consider people punished for possessing child porn. Do you hear yourself?

> > The fact that the justice system makes even viewing this material illegal is not for nothing, but comes from a proper understanding of how child porn victimizes people.

> Just like how the justice system in most countries until recently illegalised homosexuality and sex before marriage, right?

No, this is absolutely not the same thing. Straw man again. Practicing homosexuality doesn't victimize people. Sex before marriage doesn't victimize people. Watching child porn does victimize people, namely the ones being exploited.

link
Darth_Hobo 2436 days ago
You do realize that FBI and similar state agencies shared CP online to catch people? So, did FBI victimize children and should face appropriate punishment (the same as other people who are sharing it)?

And about your last point: FBI and other people who investigate it absolutely do watch CP. Again - who is the victim in this specific case? Does children somehow not victimized when "good" people watch CP?

link
buisi 2432 days ago
It is worse than that. In one case, the Australian Police kept a site up for an entire year (the site is said to have had as many as million accounts, although account numbers often don't map precisely to actual people) to try to collect evidence on people.

A lot of these sites only tend to stay up for a year or two before they get shutdown or get skittish, so keeping it up for a year is very significant and aids in the proliferation of this content.

They also deliberately circulated quite a few relatively uncirculated images to try to gain their trust after they took over the site.

link
buisi 2432 days ago
> This idea is laughable. Do you honestly believe just not telling the victims the material is out there will convince them the material isn't out there?

I'm not really agreeing or disagreeing with your viewpoints, but your logic here seems weird. In that particular case, nothing would ever convince them that people aren't looking at it, even if they weren't.

You can never really tell if someone is or isn't doing something on the internet, especially with the proliferation of strong encryption.

link