Your fact-checks will appear here
Image identification technology
Snapchat’s parent company reports that its automated detection and reporting systems generated roughly 690,000 CyberTip submissions to the U.S. National Center for Missing and Exploited Children (NCME...
ISPs detect and report CSAM through a mix of voluntary technical tools (hash‑matching like PhotoDNA), network blocking and URL blocklists, and legal/reporting obligations such as U.S. reporting to NCM...
Federal law today requires online providers to report apparent child sexual abuse material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) when they become aware of it, but it...
Hash-matching detects known child sexual abuse material (CSAM) by converting images or video frames into compact digital fingerprints (“hashes”) and comparing them to curated databases of verified CSA...
Cyberlockers sometimes supply NCMEC and law enforcement with the metadata and logs necessary to pursue downloaders of child sexual abuse material (CSAM), but this access is uneven and contingent on th...
’s public materials and partner guidance treat computer-generated or illustrated depictions that appear realistic as within the scope of () and subject to reporting through the , while text-based sexu...
Investigators stitch together image hashes, file and network metadata, platform logs, and third‑party data to move from a detected file to a user or server of interest, using forensic pipelines and ma...
Investigators can establish access to CSAM without a suspect’s physical device by tracing cloud-stored matches, server logs, account metadata, and financial or network traces — for example, on-device ...
The uses reporter-selected categories and structured metadata to classify incoming tips, then analysts prioritize and enrich those reports before making them available to designated law‑enforcement pa...
Platforms rely on layered technical and human checks—hash-based matching to known , machine‑learning classifiers for novel material, and human moderation/triage—plus engineered reporting workflows and...
Platforms can combine robust perceptual-hash databases, cross-service hash sharing, machine‑learning similarity engines, and behavioural/contextual signals to find and remove duplicate non‑consensual ...
Investigators combine established forensic collection—disk and mobile imaging, metadata extraction, and —with automated detection (hash matching) and newer to identify who viewed or distributed (CSAM)...
CSAM stored on file-hosting services and cyberlockers can and does remain undetected for long periods—sometimes years—because a mix of technical gaps (hash-dependent detection, delays in hash circulat...
Investigating every person who downloads CSAM from a file-hosting site linked to a teen porn site is legally mandatory in many jurisdictions and technologically possible in limited cases, but it is op...
An OpenAI-generated or platform-generated CyberTip to NCMEC does not, under the statutes and reporting practice described in public documentation, have to include a named victim, an exact physical loc...
Most internet services do not keep CSAM-related logs forever—many apply short preservation windows and rely on voluntary detection—so even when IP logs exist they often expire, are incomplete across j...
Documented outcomes for OneDrive account suspensions tied to sexual content show two realities: Microsoft offers an appeal pathway and promises review, but public reporting and user threads repeatedly...
Platforms detect and voluntarily or legally must report suspected CSAM—including AI-generated imagery—to NCMEC’s CyberTipline, typically using automated hash‑matching and moderation workflows that cre...
Timestamps on file-system artifacts and network/transfer metadata plus content hashes and geolocation tags are repeatedly cited by industry and forensic practitioners as the most persuasive, actionabl...
Digital forensic methods can create evidence consistent with unintentional possession — for example, metadata timelines, artifact context (shared accounts, browser cache, cloud sync logs), and recover...