Ensuring user safety and preserving privacy in shared canvases
We've designed floref to be a secure platform with end-to-end encryption for image storage and sharing. However, we also recognize the importance of maintaining a safe environment for all users.
To address this, we had to implement a system that allows users to report inappropriate content while preserving the privacy of those sharing images.
How Privacy is preserved in Shared Canvases
Shared canvases are designed to allow viewing by the public and collaboration with other users. This is achieved using public key encryption, where the sharing user encrypts the image with a key that is only shared with the intended viewers. This key takes the form of either
- A link containing the key that can be shared with others, or
- An encrypted key stored on the floref servers that must be decrypted locally on the app with the user's secret before the key can be used to decrypt the image or canvases
Not even floref is able to access user content, as if the user has set up a non-floref-managed key (pin or passphrase), then it is required for accessing content. This allows us to maintain privacy for our users.
Additionally, publicly shared links are shared with a non-persisted key parameter (after the # symbol). The key is generated from the client and never sent to the server, ensuring that only those with access to the link can view the content (this is also why we recommend using an external link shortening service for longer-term use cases such as original character reference sheets so that the link can be more shareable on social media and such without allowing floref to access the key)
These design choices allow floref to provide complete user privacy while still allowing for easy sharing of content.
However, this presents a challenge when it comes to assessing user reports, as the server does not have access to the content of the image or canvas being reported. To address this, we have implemented a secure reporting mechanism that allows users to report inappropriate content without compromising the privacy of those sharing images.
Floref's Reporting Mechanism and Content Review Process
As items in our cloud service are stored encrypted, we've designed a reporting mechanism that:
- Allows users to report inappropriate content by flagging it for review, without needing to download the content themselves
- Utilises an external CSAM detection system that assess content for illegal material efficiently
- Ensures that reported content is reviewed by our team of moderators in a secure and private manner
When a user reports an image or canvas, the report is sent to our servers with decryption keys for only the reported image. The server then creates a review snapshot of the content, which is a temporary decrypted copy of the image that is only accessible to our moderation team. This review snapshot is then assessed by an automated CSAM detection system to check for illegal material. If the content is flagged by the automated system, it is then reviewed by our human moderators to ensure compliance with our policies and legal requirements. After the review process is complete, the review snapshot is securely destroyed to maintain user privacy.
Conclusion
Floref is committed to maintaining a safe environment for all users. If CSAM material involving living or deceased individuals is found by our moderation mechanism, it will be reported to authorities as required by law, all copies of the content will be destroyed, and the user responsible for sharing the content will be restricted from using our platform.
We have a zero tolerance policy for such materials, and we encourage all users to report any content that they believe violates our policies or is illegal. By working together, we can help ensure that floref remains a safe and welcoming space for everyone