[IanCal]

I can think of a very obvious one, identify and refuse to send messages that the client app decides are child porn. No intrusion.

Or perhaps add a counter to the account when it's detected. Minimal intrusion, single flag defining the message.

You don't need to mitm things to implement _some_ mitigations.

Before the inevitable - a method that is not 100% reliable in stopping something is not useless. Otherwise we may as well make it as easy as possible to share child porn because it wouldn't make a difference.

[gonehome]

FB also already proposed one where users can report encrypted messages and send an unencrypted log to them from their client device.

Since most existing child abuse imagery is reported by users that see it somehow - this seems like a reasonably pro-privacy way to keep the same amount of reporting.

[DukeBaset]

Perhaps the app itself can use ml to detect flag and prevent known images from being sent...

[fogihujy]

"Why is Whatsapp using up my phone's battery?"

[brokenmachine]

I'm opposed to this on other grounds, but computing and checking a single hash for each image wouldn't be that big a burden.

[fogihujy]

Agreed. You mentioned ML though, and that's a different matter.

Checking hashes is definitely viable, but only works for known good examples.