After the massacre at the mosque on New Zealand, Microsoft’s president published a blog post in which he said, among other things, that:
We should also pursue new steps beyond the posting of content. For example, we should explore browser-based solutions – building on ideas like safe search – to block the accessing of such content at the point when people attempt to view and download it.
This implies that the hashes of content to be blocked would be distributed to every client.
As far as I know, today the hashes for flagged files are closely guarded. Is it a good idea to distribute them? Does not making them public make it easier for bad actors to evade detection?
I wouldn’t want a precedent for technology companies to be able to censor whatever they want directly on someone’s machine, they already do enough of this on their platforms.
Once it comes to that, slippery slope takes over and they look for other things they find “objectionable”. I know that they already do this to filter malware to an extent, but that is something you can explicitly override.
I will also note that CG tends to end up on these hash lists, even if it doesn’t represent a real person. I’ve seen results getting filtered on Google for that.
Just to add one other thing: a content hash only works in one direction. In other words, if you have (say) a digital photo, you can generate a hash of it. But if you have the hash, you can’t generate the photo from it. So in that sense, distributing a list of hashes is perfectly safe as it can’t give anyone access to illegal content that they don’t already have.
But I do agree with the others that this isn’t a technology we want to see embedded in the web browser, because the list of hashes would definitely be co-opted for other purposes. China would add hashes of the photograph of the famous Tiananmen Square massacre photo, Hollywood would add hashes of copyright content, etc. It’s just too risky a proposition.