Mumsnet bad spam incident

[Alvin63]

This sounds pretty bad! I am guessing they don't have good spam filters and/or need to upgrade the software

Mumsnet: Parenting site targeted with child sexual abuse images

Company founder Justine Roberts tells the BBC the "horrific incident" has been reported to the police.

www.bbc.co.uk

 

[chillibear]

I believe the first incident was a poster uploading CSAM images into an existing thread, it took a while to resolve because the site's out of office hours (UTC) moderation is done by volunteers (bear in mind they make about £2M profit according to their accounts so it seems odd they don't have at least two or three people contracted around the world as senior mods for "out of hours") and those volunteers don't (or didn't) have access to the standard moderation tools, just a subset (basically the ability to hide threads). So users reporting the material via conventional channels didn't alert them and it remained online for some time. Off the back of that they have apparently implemented and AI scanning filter for uploaded images and re-enabled image uploads. For a short while they turned off their image uploads and user registrations. Apparently now a senior member of staff is on call for out of hours incidents. I don't think it was clear if the out of hours volunteers now have access to additional moderation tools.

The second incident was interesting in that it highlights that you need to consider all angles. Their forum (which is in-house software written in Java if memory serves) much like XF can "unfurl" URLs and just as your post above shows me a nice little picture ... well the poster posted links to sites containing CSAM and their servers dutifully fetched those images and presented them in the thread. I don't know what they have done to tackle that "exploit". Still it highlights the various different routes that might be exploited - XF obviously has IMG tags, MEDIA tags, Attachments, Avatars, Unfurled link are the obvious ones.

I'm interested to see the legal fallout (although I doubt we'll ever hear anything else about it) as under UK law some of their users and indeed their moderators will technically have committed "making", so might be required to offer a defence if prosecuted. The CPS guidance page is probably a better source than the legislation on that, but yes viewing the material by accident is enough to technically commit a crime. Still you'd hope they'd (Police/CPS) go after the poster not those who viewed the material or sent links to the threads in question to the volunteer moderators! Does I suppose make it impossible to moderate totally risk free! Would be interesting if anyone will challenge the UK Online Safety Act on those grounds? ie to comply with the act you may have to break the law!

Threads on their site related to the incidents: https://www.mumsnet.com/talk/site_s...dressing-the-recent-images-posted-on-the-site and https://www.mumsnet.com/talk/site_stuff/5269714-mnhq-update-on-image-uploads

 

[Alvin63]

Yes it would be easy enough for them to have a couple of moderators in the US - 6 hours difference so Uk night time could be covered. I wonder if they have settings to stop newly registered members posting photos for x number of days. That would make sense. But then I guess some spammers sign up and then don't post straight away.

It sounds pretty horrific. I have a home page that used to allow comments, whether or not someone was a member. Which rarely happened but on one occasion it was an unsuitable link so I set it to moderator approval for comments only.

 

[chillibear]

But then I guess some spammers sign up and then don't post straight away.

This is what we've seen in the past a lot. It might stop the immediate troll, but anyone intent on causing trouble will. "Post and later edit" was the other common thing some years back - post something sensible then come back later an edit it to be marketing spam once the thread moves on past it and moderator eyes are elsewhere.

have a couple of moderators in the US

It is odd isn't it, I'd have thought they could either contract out to a company that does that or find a reliable small self employed contractor (to make it easier than having actual staff overseas). One in Australia and one on the US Pacific coast would just about cover things 9-5 for the whole day and hardly break their bank. I get it, that doesn't work for most of us running forums for beer money or fun, but for a proper profitable business with a world wide userbase it seems a rather blasé approach to not staff it suitably.

It sounds pretty horrific.

I think they are probably being deliberately targeted by a group - seems to have moved onto PMs now. It is interesting to see the different views and the reactions - "ban PMs", "ban images", "ban posts" ... etc. I wonder if any of that are the same actors acting as provocateurs? Still must be less than pleasant dealing with it all.