cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Hashing to prevent spread of hate videos?

The general media has (temporarily) discovered hashing.  I predict a short run of calls for social media platforms to use it to prevent the spread of hate videos, violent videos, revenge pr0n, etc, etc, etc.

 

I've seen hashing in use for some time.  Fifteen years ago it was very popular as the increase in the number of viruses exploded.  Not so long ago Facebook tried using it in an odd, rather futile, and foolish attempt to prevent revenge pr0n.  It's been used to prevent the theft of music and video as intellectual property for some time.

 

It works, a bit, but not terribly well.

 

The idea is to detect something you don't want spread, and then take a hash of it.  You can then search, relatively quickly, and compare that hash value against the hash values of either existing files, or newly uploaded files (depending upon your application).

 

I said "relatively" quickly.  One of the people quoted in that article said "It's exceedingly fast."  It's exceedingly fast compared to more detailed forms of analysis.  But when around 10 hours of video are uploaded to YouTube alone every second (anybody have current statistics?) ... well, hashing does take some time, and little bits add up.  And then there is the time to compare every hash against every other hash ...

 

And hashing only works if nothing has been changed.  After all, hash values are used, sometimes in digital signatures or certificates, to ensure that something hasn't changed.  Again, someone in the article referred to "'robust' hashing — a method that should be able to detect variations on reuploads."  That's an interesting use of the word "robust."  I'd think most people in the crypto field would think of a "robust" hash as one that would detect any changes, not one that would allow some changes and still match.  But, quite aside from the use of the word "robust," making a hash that will accept some changes and still detect "similar" is a non-trivial task.  And such a hash function would likely take even more time to run.

 

It's easy to use hashes to catch direct and identical copies.  But videos can be modified in all kinds of ways.  They can be edited for length, cut into collections, processed to add comments, or even just drop a few packets during streaming.  Any or all of these events could mean that a hash value will not match.

 

No, I don't think hashing will be the silver bullet people are looking for ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
3 Replies
Caute_cautim
Community Champion

The horse has bolted, once released - and given the recent circumstances, at least 250,000 copies were made, before the authorities shutdown the stream via the local Telecommunications Providers. 

 

Regars

 

Caute_cautim

JoePete
Advocate I


@rslade wrote:

 

No, I don't think hashing will be the silver bullet people are looking for ...


An interesting set of observations. It leads me to a statement that we live in an age of "hashed values" - pun intended. Too often we react not to the act but the summation of it. We tend to judge the message based on the messenger. Whether we are talking politics or the absurdity of social media "influencers," our desire and ability evaluate a statement on its own merits has atrophied. Ultimately, hashing to determine the value of data may not be the right answer, but that doesn't mean it won't be the easy and popular one.

rslade
Influencer II

> JoePete (Contributor I) posted a new reply in Industry News on 03-18-2019 12:13

> Ultimately, hashing to determine the value of data may
> not be the right answer, but that doesn't mean it won't be the easy and popular
> one.

Indeed ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
You don't need to use PowerPoint to tell a lie, but it helps.
- https://twitter.com/#!/MeetingBoy/status/169820252841066496
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468