Yes, that's exactly it. It uses a database compiled by NGOs and specialized firms comprising of file hashes matching child porn. These lists are handled by humans.
Fuzzy means that it takes compression and the like into account, because even if just one pixel out of 20 thousand is different, the hash is different too. Fuzzy hash still recognizes it as the same image, so using an algorithm to alter the color etc. won't work.
How about we turn the tables and have the complainers suggest a solution. Because every single time an approach to targeted child porn takedowns has been suggested, such as datacenter raids which would not affect as many people, someone is screaming about their privacy.
Child abusers evolve and are very happy if law enforcement doesn't.
why don't they start a partnership with a security company like they have with a server monitor and google? many security vendors use python somewhere (1), so I'm sure there would be someone willing to cooperate. scan all packages uploaded and all updates, when there is a detection put a warning on the page and in console put a warning like "this package might contain maliscious code. continue regardless?" so that typosquatting and code hijacking is mitigated
there once was an adblocker called nano which was open source and quite popular. the developer sold the ownership and the new owners injected malware which was then shipped to all chrome users with the extension.
so i don't see why the same shouldn't work for pypi packages and i also don't understand why noone saw this coming. with how many companies have adopted python there surely will be a security vendor willing to provide free package screening for the repo
also it's not just the industry that's going to fail if it hits the fan, but also all the other companies which rely on the no code platform. and if those companies are saas, they'll cause damage too somewhere else. or am i missing something? this seems like domino
they didn't "validate" anything, they just opened the csv. also i'd be interested in their take on the second column, that looks like clubhouse's scoring system (which they ran without telling anyone, likely for marketing purposes, according to this* article). if so, you can in fact tell which numbers are more significant than others.
They are done for this time. Leaking peoples' number who haven't even signed up yet because of their economy flame approach for literally anything, oh boy...
might be tempting to get one but hear me out: you can't imagine the amount of bloat and adware on miui. it depends on your region because they don't legally get away with the same intrusion everywhere. I configured it in a GDPR country (which disables some features) and when I checked the DNS requests, it made a tracking/ad request several times per minute.
Also the pre installed apps like file manager and browser have ads. The browser, which additionally has a bunch of bloaty games integrated for whatever reason, can't be uninstalled. Not going to get one again, my mate's pixel seems like a delight in comparison