[Xanza]

I really don't think it's some horrendous oversight to expect that people will be kind to a service that you offer.

If you offer anonymous and free image uploading it's not wrong to assume that not 100% of your traffic will be pornographic uploads and I also don't think it's wrong that if after years of your offering, if you get to the point where all of your uploads are porn, that you feel the need to shutdown your service.

Nobody is entitled to do bad things with good tools.

[deaddodo]

I doubt porn was the major impetus.

I'm guessing CP (technically porn, sure; probably not what you meant), death/gore videos, pirated software/media, etc were the main issue.

[kristopolous]

Anything illegal on these forums is going to be encrypted with the decrypt passwords shared over tor sites. It's not like people are posting a cleartext version of stolen_credit_cards.csv

The operators don't know what's being posted. This is a problem because it's what's called "inducement of a crime" - it's like if you say "We are a bar that doesn't check IDs" - you have a responsibility that comes with the operations. If you have a bunch of underage people in the bar because of your policy of not checking IDs, that responsibility falls on you. When you choose to forego responsibilities, you get that secondary liability.

See Kim Dotcom, MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913 and Arista Records LLC v. Lime Group LLC. The courts have spoken many times on this and with a single voice.

You can have a service, then turn your head close your eyes and say "we'll just let freedom happen" but that doesn't excuse you from being responsible for what happens.

[stef25]

> This is a problem because it's what's called "inducement of a crime" - it's like if you say "We are a bar that doesn't check IDs"

Obviously operating on another level but what's the difference with Whatsapp saying we can't read your messages, and the other even more privacy focused alternatives?

Does WA check if CP.zip is being sent through groups ?

[zer8k]

It probably has more to do with the stated business rather than what's possible. For example, nothing is stopping you from going on whatsapp and, one hexadecimal byte at a time, writing out the entirety of a zip file full of whatever illegal stuff you want. Then, there's nothing stopping people from copying those bytes into a hex editor and recreating your stuff. This was used to great effect with DeCSS leading to the ideal of "illegal primes". The USG would have to ban typing any string of hex into anything to make this actually have teeth. But then you could move to binary, octal, brainfuck code that creates the file with shifts, etc.

But, with a company that hosts files you are liable for checking those files. There's also nuance here: you can't check everything all the time. You also can't check encrypted shit. But if you make no effort (see: the bar example) then that rises to inducement. Anonfiles, for example, is negligent in this regard. There's no law preventing you from allowing people to store encrypted files but there should be a way to not only comply with valid, warrant-provided, law enforcement requests but also keep track of such "prolific" uploaders as they are most likely uploading shit you don't want.

Source: I work in an industry that, unfortunately, has to deal with this stuff all the time. The internet is a sick place. Our legal team briefed us on our responsibility (in terms of storage and processing) along with the correct chain-of-command should something come up. Of course, we also have therapy available which is used more often than you'd think. In our case there's also some protection afforded to us for the things that may be stored because we comply with various law enforcement agencies when necessary. Posted further up you see:

> Recently, the last CP addict idiot basically killed us. We always remove those posts when we get a report (we can't see them by our-self, that's the point), but we were swamped by other things, and we didn't catch this one in time. It's a free volunteer project after all.

Which tells you they had zero idea what they were doing. If you're not hosting your anonymous service on an derelict oil platform deep in international waters you have a responsibility to get the correct legal counsel and set up a system for handling chomos. Ignorance is not an excuse, "volunteer" is not an excuse, AND you shouldn't make a service that protects chomos.

[AnthonyMouse]

Anyone can upload encrypted data to anything. You can do the same thing with Pastebin or Google Drive or Reddit or AWS. And there are many lawful reasons to want to be anonymous.

> See Kim Dotcom.

Megaupload got in trouble because their employees actively knew about and participated in infringement. Mega.com, which encrypts everything by default so they don't know what it is, is... still there?

[kristopolous]

mega.com isn't an uploads site anymore and those domains were seized in 2012 by the us doj.

The point wasn't that encryption is possible but instead that it's a de facto practice so the operators don't actually know the breakdown of the content being uploaded unless they're only considering the cleartext.

Furthermore, this doesn't protect them from being responsible for the content.

You can disagree, but until you can form a majority opinion on the SCOTUS, your thoughts don't actually matter.

I'm not a lawyer but I did a few podcast episodes on this topic a few years ago so I did about a month of research on it. The hosting providers are responsible for the content within some reasonable expectation of how the site is structured.

[toyg]

Isn't the whole point of DMCA Safe-Haven rules, that providers are not responsible for the content they transmit...? As long as they respond to law enforcement to the best of their ability, of course (i.e. taking down after being notified). I agree that encryption is not exempting them from enacting takedowns, and that intention matters (as discussed in the MEGA case), but that should be about it.

If I build a filesharing site with clearly-good intentions, my employees don't promote piracy, and the content is encrypted, as long as I take shit down when authorities tell me it's Bad I should be in the clear, surely...?

[kristopolous]

That's probably fine. AWS S3 or say Google Cloud or Dropbox doesn't have these issues.

There's plenty of long lived providers.

That's different from if you had a service called, say, pirate-share with a search function that has options like "artist" and "director". These difference matter.

As far as I know, the courts have looked at anonymous file sharing sites as closer to the second group than the first.

I remember when the internet was basically only anonymous and I think it was a better time and that's kinda why I like tor. The problem is most people seem to only go there for crime as opposed to some weird ideological commitment to how online engagement should exist.

It'd be nice if there could be a more healthy balance between anonymity and crime that's more encouraging for people to be anonymous but somehow less supportive of criminal activity.

Basically I think "influencer culture" and branding oneself has destroyed things

[AnthonyMouse]

> mega.com isn't an uploads site anymore

Okay, so they apparently moved it to mega.nz.

> those domains were seized in 2012 by the us doj.

The ones where they weren't encrypting the stuff.

> Furthermore, this doesn't protect them from being responsible for the content.

Laws commonly have knowledge requirements. If you go to the UPS store and ask them to deliver a metal cage clearly containing a screaming woman who has been kidnapped, and they do it, they're going to be in trouble. If you go and ask them to deliver a brown cardboard box of contents unspecified, that's a different matter, even if unbeknownst to them it turns out to contain some contraband.

[pixl97]

Yea, CP on anonymous and messed up shares has been a problem for just about forever.

Saw a company that accidently DMZ'd their printer with a public IP, and this had to be over 15 years ago at this point. Had anony ftp open on it, and yea, exactly what you expect happened.

[Pannoniae]

How is pirated software an issue or "abuse" in any way? Just take it down when you get a DMCA request and that's about it.

I think it's much more likely that people used it to host CP and malware....

[dragonwriter]

> I really don't think it's some horrendous oversight to expect that people will be kind to a service that you offer.

Its not like anonymous file hosting on the internet was a new thing two years ago. It very much is a major oversight to offer (or acquire) a service in an existing, established segment and have no idea what the usage patterns and challenges in that segment are.

> If you offer anonymous and free image uploading it's not wrong to assume that not 100% of your traffic will be pornographic uploads

Its file, not just image, hosting, but, yeah, you should probably assume that the stuff that the most controversial aspect of it is that it is just porn will be toward the milder end. And their piece doesn't say “porn” it says “abuse”.

[39]

Why is porn bad?

[constantly]

In theory nothing assuming it involves only consenting adults. In practice it’s very exploitative of vulnerable people to such a degree that it becomes ethically fraught.

[pixl97]

Lets refine this further...

Why is child porn bad...

And, why will the government punish you out of existence if you allow the trafficking of it?