When I read @aschrijver above about hacking PhotoDNA to propagate fake alerts, I thought that relying on a technical tool will always expose us to attackers that have an interest in making the tool less effective.
It seems to me that some Fediverse Enhancement Proposals should be in order regarding the deletion mechanism for proper implementation of fast propagation of delete events in such cases – in a way that would not backfire as a censorship tool.
I want to highlight @kaniini’s topic about The Delete Activity And It's Misconceptions. Considering the ActivityPub specification mentions in the S2S Delete activity section:
7.4 Delete Activity
The side effect of receiving this is that (assuming the
objectis owned by the sending actor / server) the server receiving the delete activity SHOULD remove its representation of theobjectwith the sameid, and MAY replace that representation with aTombstoneobject.(Note that after an activity has been transmitted from an origin server to a remote server, there is nothing in the ActivityPub protocol that can enforce remote deletion of an object’s representation).
and in the Spam security consideration:
B.6 Spam
Spam is a problem in any network, perhaps especially so in federated networks. While no specific mechanism for combating spam is provided in ActivityPub, it is recommended that servers filter incoming content both by local untrusted users and any remote users through some sort of spam filter.
I think a FEP addressing CSAM and/or shouldPropagate property, i.e., federated moderation, SHOULD mention an upgrade for Tombstone requirement of deleted objects from MAY to SHOULD — since we cannot enforce a MUST. But beware, this can easily backfire with various use-cases:
- over-reacting servers (which may simply be hosted in weird legal jurisdictions where, e.g., breastfeeding images would be forbidden)
- attempts at censorship (which may be distinct from the previous case by the source and intent of the order)
It should be clear that addressing such concerns do require cool headed and thorough discussion.