Matrix.org uses Cloudflare’s CSAM detection APIs and IWF hashes and keywords list on unencrypted content

We use Cloudflare’s CSAM detection APIs on unencrypted content on Matrix.org.

We use the IWF Hash, URL and Keyword lists from the IWF on unencrypted content on Matrix.org.

Tbf to alot of people that will say 'Wow, matrix scans messages? Matrix bad!"
First things first, as it says, it’s on unencrypted content
Second of all, CSAM Was a problem in Matrix for a long time and it was about time they deployed a solution to this ever raging problem, GrapheneOS and many many other if not even former matrix communities were disbanded or are otherwise suffering because of this problem. I am not going to claim this is a perfect solution, no, no it isn’t but a solution was needed to be honest considering the situation.
So do yourself a favour and think about it before posting anything like what I said above

Couldn’t SimpleX’s approach to moderation be more privacy respecting?

they could very well indeed been inspired from SimpleX instead of deploying Cloudflare CSAM, as I stated:

I am not going to claim this is a perfect solution, no, no it isn’t but a solution was needed to be honest considering the situation.

maybe I’m hoping it’s temporary so they can provide a more privacy friendly solution but that’s about as far as I’ll put it if hopefully understandable

For context, random Matrix users would be added to group chats that contain illicit content, including CSAM unfortunately. I never had to encounter that but I heard that happening to quite a few people.

Why would using Cloudflare’s API on unencrypted content excessive? I don’t personally have a problem with it since they are making a good faith effort to mitigate the problem without undermining E2EE. I only have an issue when these platform try to break the entire security model itself, endangering everyone.

Like you said, I am quite intrigued to learn more about SimpleX’s approach to mitigating CSAM. Wouldn’t a bot joining these group chats be another way of scanning for illegal content?

The CSAM is a problem, and this shit must never see the light of day, some are the solutions, I refuse to have the content I post scanned, child pornography is a decoy, it will only be used for mass surveillance and research into political criticism (Israel and its genocide), manifestation etc., don’t be naive!

For context, random Matrix users would be added to group chats

This seems like the kind of capability you don’t want clients to support by default. Even without the CSAM element, this screams “poor design that doesn’t take user consent into consideration” to me.

I believe he meant “invited to” not “added to.” What drives people to accept random invites I’m not quite sure, but my personal “deny all requests” policy has had a 100% success rate against this sort of thing on Matrix lol

Although what I will say is that Matrix doesn’t blur out profile pictures of unknown contacts like Signal does, so there is that vector remaining I suppose.

Many would argue Cloudflare does do this as a general rule

But I agree, I have no issue with server-side scanning of content tbh

Right. It’s the client-side scanning that I object to as well.

Yeah sorry but this is nothing, every unencrypted service scans everything for CSAM. You should assume unencrypted = public for literally everyone including authorities.

And those “many” have no idea what a WAF is and how it works because they’ve never spent a day working an actual cybersecurity job

Yeah that’s a valid position, but in general offloading any sort of service to “the cloud” is not ideal, which brings Cloudflare from “useful service” down to just neutral to me.

This was much more of a problem back in the day when people almost exclusively used Cloudflare as their SSL termination and just had an unencrypted Cloudflare to Origin connection, but now that has mostly been solved by either origin SSL or Cloudflare tunnels. I do think Cloudflare still technically allows admins to choose that unencrypted footgun though.

Even if not, Cloudflare still sees all the unencrypted traffic so it’s a massive concern (IMHO). ~20% of all web traffic is visible, unencrypted, by a single centralized entity. This includes passwords, PII, TOTP tokens when enrolling MFA, PHI, etc…

From a technical perspective, I get where you’re coming from, and I largely agree even if I like and use Cloudflare services myself.

However, from a legal perspective, any “serious” customer of Cloudflare will drag their ass through court if they mishandle particular classes of data, which is a decently strong incentive for CF to be as secure as needed and not rock the boat too hard on using the data they process