In light of the SESTA/FOSTA laws, which effectively remove a lot of protections for social/forum/ugc webmasters (Section 230 safe harbor). Making webmasters liable for what their users do.
It might be wise to support using an image recognition API as one solution for improving protection. In order to automate blocking uploads of explicit content like (unsafe, nudity, gore etc.).
Also improve protection from exploits like uploading inappropriate images in drafts, then hotlinking to those images elsewhere. Using it like free anonymous image hosting. I’m not sure how exploitable this is with Discourse, but it looks like with default settings, it could be exploitable for 180 days after draft creation without the webmaster knowing what has been uploaded (delete drafts older than n days).
Checking all images uploaded to Discourse via the Google Cloud Vision API would be really nice in order to stay safe for Adsense. We did that on our former website and never got any nude or gore pictures uploaded.
A potential plugin should hook into the main image upload process of Discourse for all images (posts, avatars, profile backgrounds etc.) and reject images that contain disallowed content:
This is absolutely possble but it would take away the seamlessness IMHO from the experience. If there’s any way the model could be built into the plugin, that would be super cool.
Well, the upload process for inline images is async already IMHO. And the Google API is very fast.
On the other hand, I would also be happy to check images after a user has posted a new post via an external webhook (Discourse API), and alter the user’s post (e.g. change the image and replace it with a text “IMAGE REMOVED BY ADMIN”). That part seems to be possible with the API, but I can’t find any reference how to actually DELETE the “bad” image via the API in such a case, because I don’t even want to keep the somewhere in the shadow.
@Terrapop - Something you may want to take into account is the accuracy of the recognition. It can be good to be able to see some of the content that was blocked, to ensure it isn’t configured too strict in terms of ‘POSSIBLE’, ‘LIKELY’ and ‘VERY_LIKELY’. False positives and negatives are quite common.
I think it might be a better implementation to send any posts that include images above a certain ‘possibly adult’ level to the review queue. So the post is never public, but you can still approve it if the recognition wasn’t accurate. If it’s rejected from there, the images will be deleted, I believe after a time period according to what is set for the ‘clean_orphan_uploads_grace_period_hours’.
This would allow using the ‘POSSIBLY’ detection level with more confidence.
We have tested the API on our current website and know which levels work for us quite well.
@fzngagan is developing the plugin for us open source, thus once finished you can alter and pull request an option to not directly reject but instead forward to mod queue.
If that is optional as an addition on top, I am fine with that of course.
We used the API in our former community for quite some time and know the levels acceptable for us. And most of the time the API was correct to deny, and the user simply uploaded a less severe image instead.
Also, I wanted not only posts but also image uploads of avatars and profile backgrounds checked. Don’t know if a queue option is being possible for those as well?
