Mozilla, DNS-over-HTTPS, and child abuse

Originally published at: https://prostasia.org/blog/mozilla-dns-over-https-and-child-abuse/

Last month, the UK Internet Services Providers’ Association nominated Mozilla as being one of its 2019 internet villains, accusing it of undermining Internet safety standards that help to protect children. What is this all about? Well, it’s about a technology called DNS-over-HTTPS, that Mozilla is trialling as a way to make your Internet usage more…

I generally prefer to disrupt things at the source (distribution and production) rather than playing the endless game of cat and mouse with viewers (which sometimes leads to viewing an image having heavier consequences than a contact offense) which modern politicians love the most.


There isn’t much information here, but this is kind of interesting, snuffing out every means of monetizing this content would be good, especially as it deincentivizes distribution. There might also be other ideas which go by the wayside.

As ads run scripts on the page anyway, perhaps they could scan around for specific hashes and to terminate the ads, if it finds one and report the incident to law enforcement? They might also spot other warning signs and report suspicions?

This might be complicated as the majority of the content on a site may be safe, so there might be kinks to work out and it may be co-opted for other purposes like sniffing around to see if someone has a pirated movie. Reporting to law enforcement is regardless a good course of action, proportion of content and timely removal could be factors. If a site is particularly at risk and legitimate, then perhaps it could implement measures for expedited removal to co-operate with industry’s own efforts.

Distribution of content hashes might be one option, but it might be risky if these were to get into the wrong hands, as someone pointed out, as they could literally just mutate an image, run it through the hash a thousand times and see when it stops working. This could happen completely automatically without anyone’s involvement.

It should however be possible test that legitimate images are not included. Currently, we can’t have much confidence in that, because NCMEC is including known legal content in some of the hash list data that it supplies to companies, and the IWF was unable to confirm whether or not its lists include cartoon images that are legal in many countries. We are following up formally with both of them as part of our upcoming report on transparency in the child protection sector.