This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Previous message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Next message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon - Blacknight
michele at blacknight.com
Tue Sep 28 23:28:23 CEST 2021
Jeremy While it’s possible that a network or networks might have stopped routing traffic to / from somewhere else that is a decision at the network level. It’s not something that an RIR like RIPE or ARIN can do. For example RIPE NCC has assigned my company multiple blocks of IPv4 and IPv6 space. They do not have any interaction with or control over which providers we use to connect our network to the rest of the internet. None. They have zero control over what traffic we accept or reject. So if traffic is being blocked it’s NOT being blocked by RIPE NCC. Regards Michele Mr Michele Neylon Blacknight Hosting & Domains https://www.blacknight.com @mneylon Sent from mobile so typos and brevity are normal On 28 Sep 2021, at 19:57, Jeremy Malcolm <jeremy at prostasia.org> wrote: [EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources. Dear all, I am new to this list, although I am not completely new to the Internet technical community, as I am a long-time IGF (and occasionally ICANN) participant. I am writing about a case that has been referred to my organization involving global blocking (packet dropping, apparently) of IP addresses that have been reported as hosting CSAM by the Canadian Center for Child Protection (C3P). According to public information, the C3P runs a web crawler called Project Arachnid which searches for instances of CSAM on the clearweb, and sends automated takedown notices to providers. However, in the case that was reported to me, rather than allowing the hosting provider to take down the offending image, the takedown notice was followed by global packet dropping of the hosting IP address, which took down the entire server and other websites along with it: the hosting provider has attributed this censorship to RIPE, although I cannot verify whether or not this is true. If I am able to obtain more details from RIPE staff, I will follow up with them. Moreover the website in question was not a CSAM website, and neither was the image reported by the C3P a CSAM image. It was a scan of a 1960s postcard of an indigenous family, sent through the mail, which was included in a detailed ethnographic blog article about indigenous women and girls. In other words, this is an obvious false positive, and it should never have been reported as CSAM at all. I'm writing to find out if anyone has more information that they can share about how this might have happened, and how it can be prevented from happening in the future. Many thanks in advance for any help that you can offer. Not sure if I should include the RIPE Cooperation ML on this, given that it relates to the actions of the C3P? -- Jeremy Malcolm PhD LLB (Hons) B Com Executive Director, Prostasia Foundation https://prostasia.org - +1 415 650 2557 [https://mailfoogae.appspot.com/t?sender=aamVyZW15QHByb3N0YXNpYS5vcmc%3D&type=zerocontent&guid=6da5a3c0-b605-489c-a914-49bb037aca56]ᐧ -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20210928/59d24af0/attachment.html>
- Previous message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
- Next message (by thread): [anti-abuse-wg] False positive CSAM blocking attributed to RIPE
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]