Honestly the Open-NSFW filter did a really good job of catching the overwhelming majority of the issues. Also until LetsEncrypt became commonplace, Dofler was still discovering tons of applications that forwent even basic encryption. It was quite terrifying.
This year was the last year I ran Dofler through its normal con-circuit, mostly due to the amount of encryption thats happening, I'd have to pivot away to completely different types of metadata that would be computationally expensive to pull, or would require a LOT of coding time, or would require dependence on commercial tools. it was simply time to lay it to rest.
Actually, it Dofler uses driftnet, ettercap, dsniff, tshark, ngrep, and PVS and wired them together into a web front-end. Driftnet was the component that made porn filtering very hard, as driftnet gives you no indication of WHERE the image came from, just that it found something.
Before Yahoo's Open-NSFW data was released, skin tone analysis and assessing if the image contained a majority of color palettes that are generally considered to correlate to flesh tones. You'd be surprised to know that many of these libraries are still commonly used (look at nude.js for example). The downside is that they are false positive heavy, and fairly easy to circumvent.
As the actual developer of the tool that was used, porn filtering was something that was added later on, after the porn became a problem. The issue is that trying to filter such things is often a losing game, as most conference NOC staff don't want to put in proxies for a variety of reasons.
The solution I ended up with was to use Yahoo's trained machine-learning algorithm to attempt to detect, score, and ignore images on an unbounded scan (generally from 0-100). In most cases the threshold was set to 70, however was something folks could independently sat if they ever wanted to open the front-end on their own machines. There was also a mechanism to blacklist images from the screen if one happened to pass through. I've run it at BSidesLV, BSidesChicago, Thotcon, CircleCityCon, BSidesDetroit over the years and I can tell you, monitoring and trying to block porn from hitting the board was generally what I ended up doing while running this.
This year was the last year I ran Dofler through its normal con-circuit, mostly due to the amount of encryption thats happening, I'd have to pivot away to completely different types of metadata that would be computationally expensive to pull, or would require a LOT of coding time, or would require dependence on commercial tools. it was simply time to lay it to rest.