Ride the Lightning

Facebook: Upload Your Nude Photos to Prevent Revenge Porn – Huh?

November 7, 2017

Naked Security reported on November 6^th that Facebook wants you to stop worrying about your nude photos being shared by, say, your ex-boyfriend, without your consent. How? It wants you to send it your nude photos.

If your reaction is "What the heck?", you're not alone.

But it makes some sense (assuming you trust Facebook with your nude photos).

Not much detail has been reported about this pilot project but it sounds like Facebook is planning to use hashes of our nude images, just like law enforcement uses hashes of known child abuse imagery.

As Naked Security says: "A hash is created by feeding a photo into a hashing function. What comes out the other end is a digital fingerprint that looks like a short jumble of letters and numbers. You can't turn the hash back into the photo but the same photo, or identical copies of it, will always create the same hash.

So, a hash of your most intimate picture is no more revealing than this: 48008908c31b9c8f8ba6bf2a4a283f29c15309b1."

Facebook has announced a pilot program with four countries—the UK, the US, Australia and Canada—in which people will typically be advised to send the photos to themselves via Messenger.

Julie Inman Grant, Australia's e-safety commissioner, whose office is working with Facebook, told ABC News in Australia that sending photos via Messenger would be enough to enable Facebook to take action to prevent any re-uploads, without the photo being stored or viewed by employees.

Facebook says that it won't be storing nude pictures but will use photo-matching technology to tag the images after they're sent via its encrypted Messenger service. Then, Inman Grant said, "if somebody tried to upload that same image, which would have the same digital footprint or hash value, it will be prevented from being uploaded".

The first trial will be in Australia and will soon be tested in Britain, the US and Canada. Currently, Facebook users can report photos of themselves that have already been posted without consent or maliciously. Once the images are identified, Facebook's in-house teams review them, using hashing to prevent them from being re-uploaded.

Naked Security has asked Facebook for more information and promises to report back. For example, what safeguards are in place to ensure that people can't take any picture they want—a non-porn publicity photo, for example—and send it in, under the false premise that it's a nude and that it's a photo they have the right to have banned from social media circulation?

Right now, we have only the broad outlines of this effort. I agree that we need to see exactly what technology Facebook plans to use and the policies that will surround this project. But it sure is an interesting effort to defeat revenge porn, which, regrettably, we see all the time in our digital forensics cases. Our best advice is not to let anyone take photos of you that you wouldn't want to see online someday.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson