|
|
|
|
|
|
by nicce
1769 days ago
|
|
|
> Who needs SWATing when you can send a CP pic (either real or with hash collision as per the thread few days ago) from a virtual overseas number/service and get FBI van to show up as well? You are talking like collisions are trivial to make.
I bet they have had a deep conversations in this area.
At first, you would need a real hash to even try (which are hidden). Secondly, to get real material it means that it must be in their database to trigger anything. This tells a lot from sender already, and is worth to tell for police. It is quite easy to prove that someone just send it to you. And one photo is not triggering anything. Besides, sender must know that those photos must go automatically into the cloud to mean anything. > What about injecting code into a public website to download same pic into local browser cache without user’s knowledge? At least US legistlation is precise that user must willingly obtain/download CSAM material, and it must be proved. So this is not harmful for the user in the end. A lot of speculation, but does not really lead for coencequences. Almost every system can be tried to be abused, but does it really mean something, is different story. |
|
|
Step 2: Manipulate pictures so that hash collides with CSAM
Step 3: Get pictures back on targets phone so they get scanned.
I don't have the skills or understanding of how the hashes are created but would this be possible?
>At first, you would need a real hash to even try (which are hidden).
How are the hashes hidden? It looks like they are shared: https://www.thorn.org/reporting-child-sexual-abuse-content-s...