Skip to content

This RocketchatApp validates uploaded images against the Microsoft PhotoDNA cloud service and quarantines those identified as child abuse images (child pornography or CSEM).

License

Notifications You must be signed in to change notification settings

prostasia/rocketchatcsam

Repository files navigation

PhotoDNA CSEM scanning App

This Rocket.Chat App validates uploaded images against the Microsoft PhotoDNA cloud service, moves them to a quarantine channel or deletes them before they are shown, and, when configured to do so, reports each match to the National Center for Missing and Exploited Children (NCMEC).

Prerequisites

Installation

Method 1: package as .zip

  1. Clone this repository
  2. run npm install
  3. run rc-apps package

The resulting package goes in the 'dist' directory in the project folder as a .zip file. Rocket.Chat administrators can upload the .zip as a Private App through the Marketplace interface.

Getting to the Marketplace Uploading a Private App

Method 2: deploy directly to server

  1. Clone this repository
  2. run npm install
  3. Create a file called .rcappsconfig that resembles this:
{
    "url": "https://server.url",
    "username": "admin_username",
    "password": "admin_password",
    "ignoredFiles": [
        "**/README.md",
        "**/package-lock.json",
        "**/package.json",
        "**/tslint.json",
        "**/tsconfig.json",
        "**/*.js",
        "**/*.js.map",
        "**/*.d.ts",
        "**/*.spec.ts",
        "**/*.test.ts",
        "**/dist/**",
        "**/.*"
    ]
}
  1. run rc-apps deploy

This method is very convenient for localhost testing and debugging, when you are making frequent minor changes and need to deploy them to your local RC instance.

Obtaining the required configuration credentials

Configuration

As Administrator go to Marketplace > Private Apps and click on Photo DNA CSEM-scanning. This will open the App Info page:

App Info

The service will not be active until you enter your API key in the API Subscription Key field. This corresponds to the primary key received during the PhotoDNA registration.

In CSEM Quarantine Target Channel you have to provide the channel ID where quarantined messages will move to. Please be sure to have this channel created like shown in the following image:

targetChannel

If the target channel does not exist, the image will be removed from the message.

In Limit image analysis to specified channels you may provide a comma-separated list of channels to limit the analysis to. In the depicted setting, only images uploaded in the channel testchannel will be subject to investigation by this app.

Troubleshooting

The app generates logs when it screens images. They are reachable from the App Info page:

logs

Setting up a local Rocket.Chat instance for testing and debugging is very easy with Docker. If Docker Desktop's licensing terms are not favorable for your situation, Rancher Desktop is an effective, free alternative.

If you're trying to use npm in PowerShell and a package has an @ symbol in the name, be sure to quote the package name, otherwise PowerShell may interpret the @ as the splat operator.

@rocket.chat/[email protected] uses a custom TypeScript transpiler, @rocket.chat/[email protected], which currently has a bug that affects this project. When you run rc-apps package or rc-apps deploy, it fails with TypeError: PhotoDNACloudService_1.PhotoDNACloudService is not a constructor. I was able to temporarily work around this by opening TypescriptCompiler.js and commenting out line 151.

  • Line 151: this.appValidator.checkInheritance(appInfo.classFile.replace(/\.ts$/, ''), result);
  • Location on Windows: %AppData%\npm\node_modules\@rocket.chat\apps-cli\node_modules\@rocket.chat\apps-compiler\compiler\TypescriptCompiler.js
  • Location on *nix: $(npm list -g | head -1)/node_modules/@rocket.chat/apps-cli/node_modules/@rocket.chat/apps-compiler/compiler/TypescriptCompiler.js

-J. F. Gaulter 2023-12-31

Preventing child sexual abuse

For information on protecting your users who are at risk of being caught up in child sexual abuse, either as a victim or as a potential perpetrator, Prostasia Foundation can help. We offer consulting services to platforms to help them eliminate abuse without interfering with the free speech of legitimate users. Our Get Help page also offers a variety of support options for users, including the MAP Support Chat forum for which this app was originally developed.

Changelog

  • 0.2.0
    • Allow to limit analysis to specific rooms
  • 0.2.1
    • Optimistic removal of Converting circular structure to JSON
  • 0.2.2
    • Limit analysis to room names setting is now case-insensitive
    • Fix Converting circular structure to JSON bug
  • 0.2.3
    • Added information about CSAM prevention resources
  • 0.3.0
    • Added automated report functionality (configurable)
  • 0.3.1
    • Patched minimatch from 3.0.4 to 3.1.2 to mitigate security vulnerability
  • 0.3.2
    • Fix Invalid or missing request parameter(s) bug
  • 0.3.3
    • Implemented setting to watch all direct rooms (DMs)

Todos / Caveat

  • Currently the user posting the matching image does not see any actions happening, just the message not occuring.
  • The images are transported to the Microsoft PhotoDNA Service. The Edge-Hash algorithm is not implemented.
  • App logging is too verbose at the moment RocketChat/Rocket.Chat#13312
  • Real user IP is not available for automated report functionality RocketChat/feature-requests#433
  • If the PhotoDNA API request occurs while the server is momentarily disconnected from the network, the result of the call will be undefined. It will not appear as a match, and the App will let the image through, even though it has not been confirmed to not match.

About

This RocketchatApp validates uploaded images against the Microsoft PhotoDNA cloud service and quarantines those identified as child abuse images (child pornography or CSEM).

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •