Monitoring Content

  • There was an interesting discord discussion on how images of child abuse would be handled on the Sia network, ultimately, it was left at “Sia has no plans on preventing this sort of content from getting on the network”. I’m not terribly interested in changing Sia’s roadmap of the future, but I do find the problem interesting and I’m sure other people in this space do as well. As decentralized data-storage becomes more popular, this will be a growing problem. If people consider joining the network, and they hear that people are using it to store this sort of data, it’s going to dissuade a good chunk from following through – it’s the only thing keeping me on the fence about renting out space.

    Someone mentioned that forcing renters to agree to a TOS that any files uploaded are their responsibility would be a possible solution. How would something like this be enforced even if they do agree to the TOS? All the big data storage companies have a system that assigns a digital fingerprint to each child abuse picture that they have a record of. Once a picture is uploaded, the picture is scanned and cross-referenced to the database. Could a decentralized data-storage network have something like this implemented either at the first hop, or directly on the client’s machine? Also, in this interview (18:38) David Vorick mentions that user’s data is private but not anonymous. “Sia will protect your data, no one can access it and no one can tell what you’re storing. People will generally know it is you who is storing that data, although they can’t see it, if they suspect something about it there’s nothing to hide behind.” Can anyone expand on exactly what he means by this? I understand the data is segmented and encrypted, how would someone “suspect” something?

    Again, my goal is not to change the plans for the network, but rather envision the most-perfect decentralized data storage system if it were built from scratch tomorrow.

  • Global Moderator

    @Com4ter TL;DR. Sia storage is encrypted and in chunks. There is no government and there is no suspecting. No one but the renter (holding the encryption seed) will know if his content is illegal or not. This is an intentional design. A TOS breaks the decentralisation so it cannot be used.

    Make sure you tag me @bryan if you need to me respond.
    Forum Mod. I cannot fix transactions. I can't help with Mac or Linux.
    alt text
    Unofficial Web Based Siacoin Wallet. No more syncing.


  • Isn't David the lead developer at Sia? Surely he meant something by this, no?

    Are TOS agreements and decentralized models really mutually exclusive? Maybe it's not possible for Sia, but if you did some sort of fingerprint matching within the client you could ensure that the user is adhering to the TOS, right? What if you included random snapshots of the data being uploaded and sent them to some sort of independent inspection agency? I'm just curious as to what's possible with this technology.

  • Global Moderator

    The problem is that there is nobody between the renter and the hosts (i say 'problem', but this is really a strength). The renter has full control over his uploading software, and can modify it as he wishes. If the Sia team were to add content filters to the Sia client, the user could just disable them without much hassle. Meanwhile the hosts have no clue what's being uploaded to their nodes, and there is no way for them to figure it out either.

    The team could also make the Sia client make you agree to a TOS during allowance formation, but then you have the same problem. There is no way to check if a user is breaking the TOS or not, and there is also no way to verify that every user has even agreed to the TOS, since the client could have been modified to remove the agreement check.

    Sending uploaded files to a third party for checking would completely defeat the whole point of Sia, as you would lose the privacy and security of a decentralized system.

    Overall, no, content filtering is not possible in a truly decentralized system, which Sia strives to be.

    I'll also add that if some renter were to upload some illegal material to Sia, each node would only receive a tiny encrypted piece of the whole file. No individual host will store anything that even remotely resembles the original material, only when you combine all 30 (by default) hosts and have the metadata required to assemble and decrypt the files you would be able to reconstruct the illegal material.

  • @Fornax @Com4ter - I think the privacy and anonomity is SIA strongest feature and weakest spot at the same time. The way SIA deals with it, not being actually the middle man is very good from this perspective.
    But think ahead when we get the first case of SIA being targetted and detected as storing dubious materials of any kind and there is no one than the the renter to unlock and reveal. If a renter choose or is forced to unlock content as a part of et a court case, and it is revealed which hosts has participated in storing illegal material - what then - are they then from a hosting perspective participating in these criminal activities. And what a bout SIA, as a foundation writing the software that makes it all happen? We all know what happned to PirateBay, when that blew up.
    Merely, how can a system like this ever go main stream with such risks - I'm not so sure hosts can hide behind renters anonomity? I mean, if the next 911-attack was ever to be planned and SIA used for sharing the plans - would "I did not know what I stored" be enough to being regarded as not facilitating it?
    I'm not so sure that SIA cannot be forced to somehow coorporate with authorities to invent decryption, may it be required.
    I simply do not buy into that authrities in any legislation will not hun illegal content down to the end, just becaus SIA makes it nearto impossible to decode it..
    Indeed it is adialog that deserve a lot of attention from SIA and the community... In fact I'd like it to have it's own channel in Discord!

  • @Fornax Thanks, it sounds like having it built into the client would be the only option. Couldn't the client be made tamper-proof through use of the blockchain somehow? Like when I check a hash of a file to ensure that it hasn't been altered. The hash could be appended to the data and each node would have to verify that it matched up before allowing the data to be stored. You're saying this isn't really possible with open-source software, or just not with Sia?

    @larsfloe It's going to be similar to the Apple vs FBI San Bernardino incident. At this point (iOS v 8.0 +) Apple claims that it doesn't have the tools necessary to extract data from their phones. I'm not sure how true this is, regardless, Sia will be in the same exact situation.

  • Global Moderator

    There is no way to prevent people from lying about their client checksum. The blockchain can't do anything about that.

    This counts for all software, the client cannot be trusted and data can be manipulated in any way. This is why server-side applications must be written to check all input for validity. But decentralized networks don't have servers, so there is no way to check anything.

  • "All the big data storage companies have a system that assigns a digital fingerprint to each child abuse picture that they have a record of."

    I would bet that no large Data hosting company does this, as not only would this be a Herculean task, but it would it would infringe on customer rights - many would not be OK with Amazon scanning their AWS / E3 data irregardless of any child abuse concerns.

    You may be confusing Image hosting sites /companies with Data hosts?

    Amazon uses what they call a n "Acceptable Use Policy" :

    Many other companies have a section in their TOS for "User Legal Compliance" or something similar.

  • Global Moderator

    @Papayaface it's sort of irrelevant since Sia is not similar to any of those services.

    Make sure you tag me @bryan if you need to me respond.
    Forum Mod. I cannot fix transactions. I can't help with Mac or Linux.
    alt text
    Unofficial Web Based Siacoin Wallet. No more syncing.


Log in to reply