mictter3d ago
Alec Muffett
Let Me Explain How a State Actor Could Perform a Denial-of-Service Attack on the Entire UK Government in the Wake of Ofcom “Online Safety Act” Client-Side Scanning
https://alecmuffett.com/article/150401
#ClientSideScanning #NationalSecurity #OnlineSafetyAct #PhotoDna #censorship #surveillance
Let Me Explain How a State Actor Could Perform a Denial-of-Service Attack on the Entire UK Government in the Wake of Ofcom “Online Safety Act” Client-Side Scanning

1/ obtain a hash of abuse material that’s both known & banned; if pervasive as claimed this shouldn’t be hard 2/ use algorithms from this paper to create a cat meme with the same ha…

Dropsafe
Mar 20 at 10:05amDropsafeBot
Show threadWolf in PDX4d ago

@alecmuffett

I really want someone to do it with this image.

Show threadkasperd3d ago
Sounds like a case of somebody rolling their own cryptography without knowing what they were doing. Why are they not using a mainstream cryptographic hash that has been analyzed for years without finding vulnerabilities?
Show threadAlec Muffett3d ago

@kasperd

If I'm honest: I think the problem stems from the use of the word "hash" when the more precise but verbose "fuzzy matching digital fingerprint" did not carry the desired gravitas.

Show threadbenji_w3d ago
@alecmuffett or you could just send actual banned material with the same effect.
Show threadAlec Muffett3d ago

@benji_w …so what you're admitting is that although there is such a thing as actual illegal data, there is also an infinite set of legal data which cannot be received by parliamentarians without causing a shutdown.

These two circumstances are different circumstances.

Show threadNick Taylor2d ago
@benji_w @alecmuffett Much stronger effect since possession of CSAM is a strict-liability offence here.
Show threadAlec Muffett2d ago
@tienelle @benji_w yes, but rather more legally challenging for recriminations to argue against a cat meme which possesses a certain digital fingerprint
Show threadNick Taylor1d ago
@alecmuffett @benji_w Fair, and I guess "the Online Safety Act is ridiculous" is actually a winnable fight.