• Daniel Quinn@lemmy.ca
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    One red flag from that podcast:

    When asked how they might deal with abuse of the service to distribute illegal files, he suggested that you could compare uploaded files to hashes of known files. This doesn’t make sense in a system where the server has no knowledge of the unencrypted file, since the same file encrypted with two different passwords will result in two different hashes.

    • braveone@lemmy.ml
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      1 year ago

      Can’t you hash it before uploading and upload just the hash? Or download the banned hash list locally.

      • Daniel Quinn@lemmy.ca
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        Sure, but then you’re trusting the client. I can always encrypt x and send along the hash for y.

        • myself@lemmy.ml
          link
          fedilink
          arrow-up
          13
          ·
          1 year ago

          In the end you can always just encrypt the illegal stuff externally before giving it to them…

    • m-p{3}@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      The only way I could see them flagging potentially illegal files on the server-side if they don’t have access to the cleartext file would be through the filesize, and that would lead to too many false-positives. On the client-side it could be done through a local checksum against a denylist (compared locally for privacy reason) before uploading, but that could be easily defeated.