[uploaderwin]

Yeah this is asking for trouble. We only had a small demo on our homepage where users could upload media files and they were deleted after 24 hours and still some people managed to abuse it and nearly got our site killed, domain blacklisted in Google with a big red screen of death.

I don't want to spam any links here but if you are interested please do look at my last post about the dangers of doing this and lessons I learned from my mistake.

Please do not keep the files for 10 days. Even 24 hours is a deal-breaker. From what I've learned, anything more than 30 minutes can get you into trouble.

[dheera]

I once had a location-based file sharing service that also got blacklisted by Google with no recourse. I hate Google trying to police the internet with no timely appeals process.

I wonder though if you could simply just block the Google crawler and bypass it. Or use a JavaScript to auto-POST something before the file gets sent for download. The Google crawler doesn't issue POST requests as far as I know.

[gowld]

By "police", do you mean "warn people about dangers" ?

[unglaublich]

More like taking suspects into custody.

[cjohansson]

and without responding to questions or providing evidence

[dheera]

There wasn't any danger. Nothing more than Google Drive or Dropbox. And they didn't have any way to contact them and explain. Way to heavy-handedly shut down a potential business idea.

[xyzzy_plugh]

Drive and Dropbox are at least moderated.

[DyslexicAtheist]

I'm surprised to hear that because their response in dealing with actual child porn is absolute atrocious. A sick and sad story:

Couple years ago got a DM from an ex-colleague and security researcher who discovered child porn that was publicly accessible. he contacted Dropbox several times over the course of 3 weeks. Weeks later the links were still up. I reached out to somebody I knew at Dropbox who said they were reluctant to do me this favor and deal with that matter and would prefer if I continue contacting their security. I continued trying on LinkedIn and contacted several people in Germany and the UK. No response other than "thank you for your email". The head of security in Germany even blocked me for saying "there is child porn on the site please help me get hold of somebody in charge". Getting really fed up by then, I contacted sales from my company email (a fortune 500 company) and asked them to give me a quote for what looked to them like a multi million $ client. Within 2 hours I got a call from the VP of sales to talk about my "storage needs". I told them about the child porn and that they are helping to actively distribute it now since several weeks. One of the videos was a girl not older than 7 getting raped and tortured. It took another 3 days to take down the material.

[felipelemos]

Why didn't you contact the police first?

[planetafro]

Source? ...moderated via automation or human?

[PeterisP]

Automation; the bare minimum would be to scan for known child sexual abuse material hashes - if you're not doing that, then opening up anonymous uploads is very risky, as for CSAM (unlike most other things) you may be personally liable even if it's distributed there without your knowledge. Cloudfare's CSAM scanning tool is one option that may help, there are other options.

You can't rely on the good faith of users, if your service is easily usable for crime, it will be used for it.

[CobrastanJorji]

https://support.google.com/a/answer/172541?hl=en

> Google Drive scans a file for viruses before the file is downloaded or shared. If a virus is detected, users cannot convert the infected file to a Google Doc, Sheet, or Slide, and they'll receive a warning if they attempt these operations.

So at least some degree of automated moderation is going on. Frankly, I'd be astounded if some amount of scanning isn't being done for illegal content and/or phishing stuff.

[mwambua]

Can you remedy this problem by making it so that anyone can delete the file? That way anyone can take it down if they have a problem with it? It's supposed to be ephemeral storage anyway... people might not mind having files disappear.

[dspillett]

Two problems there:

1. Many people are more likely to go to a lot of effort to complain loudly and widely rather than hit a simple "delete this" link.

2. Such feature is basically a self-DoS. If someone takes a disliking to the app or a user of it they can script up a "delete everything" and fire it off.

[Naac]

Similar sites like http://ix.io/ have been up for many years with no issues. I assume spam can be a problem, but these sites must have figured something out.

[Natsu]

I suspect spam is on the nicer side of things people might upload... :/