I missed making an article for February! I blame it being the shortest year of the month. Or maybe you can count the maintenance post as an article.

So, anyone who has hosted anything that does not require authentication on the internet knows - bad people do bad things all the time. Leave SSH open on a machine? Botnet zombie in no time. Run a forum with no accounts? Advertising everywhere. Run a file upload service? You'll get CSAM on it. (Child Sexual Abuse Material. Colloquially known as CP). Run an imageboard? Maybe all of the above!

This is a difficult article to make, because I have to toe the line between showing my hand and actually providing useful, high level approach information for anyone else interested in running these services and keeping ne'er-do-wells off their platform. Those who upload said materials might be reading. So I'll be descriptively vague to keep things in order. Also because I am edgy, I am naming my various home-grown defense systems under strangely militaristic codenames.

RADAR:

The RADAR system for Pomf is a set of web based image and video galleries. Essentially it paginates all of the video and image data on Pomf and pumps each page through Imagemagick to generate a gallery of thumbnails. I named it this because Radar in real life generates imagery, so there you go.

It is based off https://github.com/ronilaukkarinen/quickndirty-photo-gallery with heavy modifications to thwart attempts to hide data and add additional layers of security (Triple factor auth. I'm not joking.) so that auditing Pomf materials, either on self-initiated scans or from abuse reports, is a breeze, and can only be done by myself. This system is fully functional, and has led to the removal of vast swaths of content before it can propagate too far. 

SONAR:

The SONAR system for Pomf is an upcoming largely complete heuristic platform designed to look for indicators that a file might be illegal, without ever inspecting the file itself. I can't go into detail as to what the heuristic data I am consuming is or even why I named it SONAR - but it is 100% compliant with my Privacy Policy (https://lain.la/privacy.txt). My goal is not to identify individual users - that would be just be a whack-a-mole game and utterly pointless. The goal is to target sources, patterns, etc. and feed that into suggestions as to what material should be removed. Files won't be removed automatically - this is just a detection engine and I don't want false positives. Other systems (LIDAR/PERIMETER) will feed into this too.

For those who are privacy conscious - I can assure you that there will be no client side changes at all to anything on Pomf to implement this platform. I am simply using existing data (web server logs, really. That's it.) to sniff out patterns of abuse. Legitimate users are never my target - and even in cases of CSAM being found I do not report IPs because I do not store them with uploads, ever.

LIDAR:

The LIDAR system for Pomf is an upcoming  largely complete hash based detection engine for confirmed CSAM material, developed by an external consultant (with no access to Pomf except knowing which commit my code is on) to my specifications. It uses the NCMEC ESP API to query for existing, known hashes derived from uploaded files in real time. It is named LIDAR because it is precise, like a laser - Hashes are pretty hard to get wrong.

The goal is when a file is uploaded, to take multiple different hashes of the file and query a local copy of the NCMEC APIs in a DB. We use a local copy because A. NCMEC is silly and doesn't have a query endpoint and B. I do not want to send hashes of every single file to an external third party - huge privacy breach. If the hash is found, the file is not permitted, and SONAR is alerted so I can determine if there are usable indicators to feed into PERIMETER. I expect this system to stop most bad uploads dead in their tracks when fully operational - with room for improvement off the original design when I scale past just MD5 and SHA1 hashing.

A smaller component of this is the files I've already blacklisted in Pomf's main DB.

PERIMETER:

The PERIMETER system for Pomf is essentially all of the web server and human based mitigations I have in place rolled into one system. There are multiple components to this - Tor blocks, IP blocks, referrer blocks, extension and MIME blocks, and, of course, everyone who is kind enough to email things to the Abuse mailbox. It is also the program in which I operate my outreach from - NCMEC, the IWF, ECO, etc., and attempt to gain additional preventative systems from these third parties to further enhance my defenses or any of the additional systems above. Really this doesn't need a fancy codename, but hey. Why not? It is constantly being improved, so technically it's done and not done at the same time.

There is, of course, more than just what I'm sharing here, but this is the bulk of it. My #1 goal with Pomf is to make sure it is the most reliable file upload service that doesn't have a profit (or hell, even revenue) incentive. Keeping this material off of Pomf ensures it remains operational.