Dropsafe

by Alec Muffett

Let Me Explain How a State Actor Could Perform a Denial-of-Service Attack on the Entire UK Government in the Wake of Ofcom “Online Safety Act” Client-Side Scanning

1/ obtain a hash of abuse material that’s both known & banned; if pervasive as claimed this shouldn’t be hard

2/ use algorithms from this paper to create a cat meme with the same hash

3/ send the cat meme to all MPs & Civil Servants via SMS, E-Mail, WhatsApp (bonus if it goes viral)

4/ watch as MPs are locked out & banned by platforms for possessing abusive material, preventing government

Also: there is no mitigation by saying “all of these cases should be appealed” because by the time enough resources have been deployed to resolve the appeal claims, government will have been offline for 12 hours or more.

Of course one could propose mitigations: the government could ex-ante inform all platform providers which accounts needed to be prevented from ever being blocked – to be given special treatment – however:

  1. Politically that will not fly well, and…
  2. It will immediately cast doubt upon any politician who has an unacknowledged backup social media profile, which will be visible to the platforms of course because of device cookie sharing and things like that, so…
  3. Such information will be a topic of extortion or leaks

Also, there will be claims of “two-tier surveillance” and so forth.

White-Box Attacks on PhotoDNA Perceptual Hash Function

https://eprint.iacr.org/2026/486

[*] note: strictly, it is not necessary to obtain the material, merely the hash; therefore a leak of the existing database of hashes – several million in size – would be catastrophic by providing material for an infinite sequence of attacks like this.

Fediverse reactions

Comments

One response to “Let Me Explain How a State Actor Could Perform a Denial-of-Service Attack on the Entire UK Government in the Wake of Ofcom “Online Safety Act” Client-Side Scanning”

  1. Free speech hamster

    Also, there will be claims of “two-tier surveillance” and so forth

    ^^ Yeah, this has already been proposed in the EU from what I understand. VPNs and encryption ONLY for the ruling classes, a la China. As someone who is deeply invested in privacy, part of me would love to see them try, only to be destroyed by freedom loving techies.

    Question: could they, technology permitting, really succeed in creating a “great firewall” around countries affected by anti privacy legislation . I’ve seen posts from folks who know more than I ever will that it’s possible to completely block ALL VPN traffic except that which is govt approved. And they could legislate that every pc and device sold come with hardware that identifies you and logs your every action and communication on said devices. Complete totalitarian control a la North Korea, where every mobile in the country endlessly spies on the user, and even corrects their speech as they type to prevent any thought crimes against dear leader.

    This all seems very hyperbolic I admit, but I worry that too many people either don’t care, or are only looking at the surface and not seeing that these laws can lead to a very bad place. Freedom is hard won and easy to lose.

    I apologise if my questions are stupid or annoying. You seem to know what you are talking about, and there is so much misinformation out there that I don’t know what is and is not possible. Ultimately this legislation needs to be stopped in the courts, but I legitimately fear a 1984 style future, and I will resist it should it come to pass!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts