Technology Solutions

Consumer software for pornography accountability and monitoring spans a spectrum from screen-capture accountability systems to AI-powered social media surveillance.

Covenant Eyes is the market leader, using AI-powered screenshot analysis that captures the screen at least once per minute, analyzes content on-device, and sends blurred flagged images to a chosen accountability partner. It defeats incognito mode since it captures screen content regardless of browser mode. Twenty-plus years in market and over a million users have produced mature support and documentation, and the bundled “Victory” app now layers structured quit-porn content on top of monitoring (Ever Accountable comparison). Two important selection factors: Covenant Eyes uses explicitly Christian framing and is endorsed by the American Association of Christian Counselors — motivating for some users, irrelevant or off-putting for others — and the iOS implementation is limited to Safari (Covenant Eyes Support).

Bark differentiates through AI-powered selective alerts across 30+ social media platforms, detecting cyberbullying, predatory contact, and explicit content without showing parents every message — though it monitors after exposure rather than preventing it (Whitelist Video). Canopy uniquely censors explicit images in real time using AI without blocking entire websites, plus offers sexting prevention that blocks inappropriate photos before they can be saved or sent (Safety Detectives). Ever Accountable and rTribe occupy a similar accountability niche without the Christian framing of Covenant Eyes; rTribe was built by people in recovery and supports porn, drug, and food addictions with anonymous profiles, peer messaging, and check-ins (Rehabs.com).

A newer category, distinct from monitoring software, focuses on structured behavior change — daily lessons, habit and streak tracking, urge-management tools, peer community, and increasingly AI-coached cognitive-behavioral exercises. Where Covenant Eyes-style tools surveil, recovery apps teach (AddictionHelp.com).

QUITTR is the most feature-complete of the recovery-program apps, bundling a content blocker with a 90-day curriculum, AI-coached CBT-style exercises, urge tracking, and a community — usable as a single tool rather than as part of a stack (QUITTR comparison; Google Play). Brainbuddy is the most pedagogically rich, organized around a 100-day curriculum that explains the neuroscience and pairs it with daily tasks, meditations, and games designed to retrain reward circuitry (Google Play).

Relay (a Y Combinator-backed startup) takes a different shape: instead of solo tracking, it auto-matches users into small accountability groups for chat, check-ins, and shared goals — operationalizing the well-supported finding that social accountability outperforms solo willpower (Y Combinator). Cure is the lightest of the four, foregrounding the streak counter and education with an optional family-control lock for added friction (App Store).

Generic sobriety apps adapted to porn — Nomo, SoberTool, WEconnect, Sober Grid — were built for alcohol and drug recovery but offer many of the same primitives: streak counters, trigger logs, coping-tool libraries, and peer community. They lack porn-specific education and blocking, but for users who already use one of them for substance recovery, doubling them up for cross-addiction can be more sustainable than juggling two ecosystems (The Recovery Village).

DNS filtering operates at the network level, blocking adult content domains before connections are established. CleanBrowsing processes 355 billion DNS requests monthly across 70 data centers serving 4.5+ million devices, offering free Family, Adult, and Security filter tiers with DNS-over-HTTPS and DNS-over-TLS support (CleanBrowsing).

OpenDNS Family Shield from Cisco provides free, zero-configuration DNS filtering by simply changing DNS settings (208.67.222.123 / 208.67.220.123) (WizCase). Pi-hole provides self-hosted DNS filtering on a Raspberry Pi (~$35–50), with community-maintained adult content blocklists covering approximately 126,000 domains (Pi-hole Discourse).

DNS filtering's fundamental limitation is that it blocks only at the domain level, cannot inspect HTTPS content, and is bypassed by VPN usage or cellular data connections. Hardware solutions like Circle Home Plus ($129 + $10/month) and Firewalla ($179–$419, no subscription) provide deeper packet inspection and VPN detection capabilities.

All major operating systems include built-in parental controls. Apple Screen Time provides content restrictions, web filtering (three modes including whitelist-only), communication safety with on-device nudity detection, and — as of iOS 26 — complete remote management and zero-minute app blocking (Apple Support). Google Family Link offers app approval, web filtering, SafeSearch enforcement, and parent-managed contacts for Android and ChromeOS (Google Safety Center). Microsoft Family Safety extends across Windows, Xbox, and Android with age-based content ratings and — with Microsoft 365 — Copilot AI integration (Microsoft Learn).

A persistent cross-platform limitation: iOS monitoring is significantly more restricted for third-party tools due to Apple's privacy architecture, meaning every monitoring solution performs worse on iPhones than on Android devices.

Industrial-scale CSAM detection rests on a stack of complementary technologies: hash algorithms that fingerprint known imagery, hash-sharing networks that distribute those fingerprints across platforms, AI classifiers that surface novel material, and forensic tools that connect platform-level signals to law-enforcement investigation. Each layer was developed by a different organization; together they constitute the working defense.

Hashing algorithms

PhotoDNA (Microsoft and Dartmouth, 2009) remains the foundation — a perceptual hashing technology with a false-positive rate of approximately 1 in 50 billion, deployed free to qualified organizations and used by Facebook, Google, Dropbox, and hundreds of platforms (Microsoft). PhotoDNA is closed; access is gated through Microsoft's application process.

Meta PDQ (Pretty Darn Quick) is the open-source counterpart. PDQ produces 256-bit signatures via Discrete Cosine Transform and is released under the BSD license in Meta's facebook/ThreatExchange repository, with official C++, PHP, Python, Java, and WebAssembly implementations plus community ports. The companion TMK+PDQF algorithm covers video, producing 256KB signatures. Both are listed as supported fingerprint types in NCMEC's Hash Sharing API, meaning a platform can integrate PDQ end-to-end against the verified national hash list without proprietary licensing (ThreatExchange).

Hash-sharing networks

The hashes themselves are useless without a curated, verified, continuously updated list to match against. Three national-scale networks distribute these lists. NCMEC Hash Sharing (United States) operates a RESTful API in three environments (industry, law enforcement, NPO) supporting MD5, SHA-1, PhotoDNA, PDQ, NetClean, Videntifier, TMK+PDQF, and others. The industry platform holds over five million triple-vetted CSAM hash values, of which approximately 74% originate from Google. NCMEC's Video Hash Initiative Project hashed 435,000 videos in 2025 alone (NCMEC Hash Sharing).

The UK's Internet Watch Foundation Hash List distributes verified hashes to 200+ member technology companies, complemented by Keyword, URL, and Non-Photographic Imagery URL lists plus takedown notices and payment-provider alerts. The IWF processes more than 7,000 reports per week (IWF Services).

Canada's Project Arachnid, operated by the Canadian Centre for Child Protection, is the most aggressive of the three — an automated web crawler that has processed over 176 billion images, flagged more than 126 million for review, and issued over 141 million takedown notices to hosts. The free Shield API lets electronic service providers proactively scan uploaded content against its database; documented integrations include the Chevereto image-host platform. 18 partner organizations across 17 countries and 76 analysts staff the program (Project Arachnid; Shield API).

Platform deployment

Cloudflare's CSAM Scanning Tool brings the hash-matching layer to every Cloudflare customer regardless of plan, free, with fuzzy-hash matching against NCMEC databases, automatic HTTP 451 blocking, and adjustable sensitivity thresholds. Given Cloudflare's footprint, this single product significantly raises the floor of detection coverage across the public web (Cloudflare). Google's Content Safety API and CSAI Match are partner-only services prioritizing novel suspected CSAM for human review; combined, they process more than 4 billion pieces of content per month for partners including Adobe and Reddit (Google for Partners).

Thorn's Safer platform combines hash-matching with AI classification at scale. As of 2025, Safer Match holds over 82 million verified CSAM hash values (recently expanded by 51.6 million), and SaferList connects 86+ platforms for cross-platform signal sharing. The platform processed 415.4 billion files in 2025 and flagged 1.3 million potential child-exploitation text lines for review (Safer 2025 Impact Report; Thorn).

AI detection for novel and AI-generated material

Hash-matching cannot surface previously unseen imagery, and it is blind to AI-generated CSAM by construction. AI classifiers fill the gap. Hive AI received a $150,000 DHS Cyber Crimes Center contract in 2025 specifically to distinguish AI-generated CSAM from real-victim imagery, citing a 1,325% rise in genAI-related NCMEC reports the prior year (MIT Technology Review). Safer's AI classifier flagged 3.84 million potential novel CSAM files in 2025 for human review. Microsoft's Two Hat acquisition (2021) and its previous CEASE.ai novel-CSAM project are now folded into Microsoft's Community Sift product line (Microsoft). WebPurify operates a human+AI hybrid moderation service that the company credits with contributions to 500+ child-predator arrests in the past year (WebPurify).

Microsoft's general-purpose Azure Content Moderator was deprecated in February 2024 (full retirement March 2027) and was never a CSAM-specific tool — Microsoft explicitly directed customers to PhotoDNA for that workload. Its successor, Azure AI Content Safety, scans for sexual, violent, hate, and self-harm content but is similarly not a CSAM solution (Azure docs). General-purpose AI moderation APIs are easy to confuse with CSAM detection; they are not the same product and should not be deployed as a substitute.

Forensic and policy infrastructure

Project VIC International provides the standardized VICS data model enabling interoperability across digital-forensics vendors (MSAB, Magnet Forensics, Cellebrite, ADF, Oxygen Forensics, Griffeye) used by police forces in the US, UK (CAID), Canada, Australia, and parts of Europe, Africa, and MENA. Active 2025 programs include KATALYST (capacity building) and GPUs for Good (donated GPU compute for ICAC labs) (Project VIC). At the policy layer, the WeProtect Global Alliance coordinates 320+ members — governments, private companies, civil society, intergovernmental organizations — producing the Model National Response, Prevention Framework, and recurring threat assessments. WeProtect does not operate detection technology itself; it produces the policy substrate the technology operates in (WeProtect).

Every major user-content platform has a public-facing CEO and a much less visible Trust & Safety / Child Safety leadership layer below them where day-to-day CSAM operations actually live. This section maps that second layer for TikTok, Meta, and X — the named VP/Head-of leadership, who they report to, and where child safety sits within the company structure (does it report to legal, to product, or to a board safety committee?). All named individuals carry a primary-source citation and are current as of May 2026; this is the most perishable content on the site, so claims that could not be tied to a primary or primary-adjacent source were dropped rather than hedged, and the refresh procedure is documented in PLAN.md. The framing is governance structure, not personality coverage.

TikTok: Trust & Safety pulled out of the legal chain and into platform leadership

At TikTok, Trust & Safety governance is defined less by a single named czar than by a deliberate move to pull the function out of the legal/parent-company chain and place it under platform leadership. Until early 2024, global Trust & Safety reported up through ByteDance General Counsel Erich Andersen. In a reorganization announced on 27 February 2024, oversight shifted to Adam Presser, then Head of Operations and Trust & Safety, who reported directly to TikTok CEO Shou Zi Chew rather than to ByteDance — a structural change first reported by Tubefilter. The prior global T&S head, Cormac Keenan, who had led the function from Dublin since 2020, moved into a non-executive advisory role.

The senior Trust & Safety leader today is Sandeep Grover, whom TikTok’s own careers publication identifies as Global Head of Trust & Safety Core Experience in a November 2024 leadership profile (lifeattiktok.com). A 31 July 2025 reorganization, confirmed via an internal memo from Shou Zi Chew and reported by TechCrunch, merged TikTok’s Core Product and Trust & Safety Product teams into a single Product organization, with Grover named head of Global Trust & Safety; the memo coverage did not disclose his exact reporting line, which we therefore do not assert. Child Safety is a named sub-function inside Trust & Safety: Sarah Hawkins Brass serves as Global Head of Child Safety Operations and leads the Global Child Safety Team (CST), whose mandate is detecting and reporting child sexual abuse material and predatory behavior, including referrals to the National Center for Missing & Exploited Children — a role documented in a December 2024 profile by the University of San Francisco. Distinct from Trust & Safety, security and data protection sit in a separate Global Security Organization under Kim Albarella, Global Head of Security since 2022, per TikTok’s own January 2025 profile.

The platform’s child-safety posture is most directly visible in regulatory and legislative records. Shou Zi Chew testified before the US Senate Judiciary Committee on 31 January 2024 at its hearing on the online child sexual exploitation crisis, stating that TikTok employed more than 40,000 trust and safety professionals and would invest over two billion dollars in trust and safety that year (TikTok Newsroom; Senate Judiciary). Leadership has since turned over substantially: Eric Han — named in older materials as US Head of Safety — left that role on 12 May 2023 and is not in any current safety position (South China Morning Post); and following the 23 January 2026 US ownership deal, Adam Presser became CEO of the carved-out US entity, TikTok USDS Joint Venture LLC, where content moderation, algorithm, and data-security safeguards are overseen by an American-majority board Security Committee chaired by independent director Raul Fernandez, with Will Farrell as Chief Security Officer (TikTok USDS; Al Jazeera).

Meta: no single safety chief, three lines converging on the CEO

Meta has no single executive titled Chief Trust & Safety Officer; child-safety accountability is distributed across three lines that all terminate at CEO Mark Zuckerberg. The public-facing safety lead is Antigone Davis, Vice President and Global Head of Safety — a role she has held continuously, contrary to reports that she left in 2023. She was named as “Meta global head of safety” in coverage of the March 2026 New Mexico consumer-protection trial, where jurors weighed statements by Zuckerberg, Instagram head Adam Mosseri, and Davis and found Meta liable, ordering $375 million in damages (NPR; CBS News).

The integrity function — the enforcement machinery behind Meta’s Community Standards — sits inside the Product organization rather than under a standalone safety or legal chief. Meta’s own executive page states that Head of Product Naomi Gleit “oversees the growth team, integrity team and social impact team” (Meta), and Tech:NYC describes her as leading Central Products and “the shift to AI-powered integrity and support” (Tech:NYC). Guy Rosen, who led integrity and safety for years and became Meta’s first Chief Information Security Officer in June 2022, has since shifted toward security and AI operations (Security Magazine). No primary source names a dedicated VP- or Head-of-Integrity beneath Gleit, so none is asserted here. On the policy side, Joel Kaplan became Chief Global Affairs Officer in January 2025, replacing Nick Clegg (Axios).

The legal and policy layer exerts unusually direct control over what Meta knows and discloses about child harm. At a September 9, 2025 hearing before the Senate Judiciary Subcommittee on Privacy, Technology, and the Law (“Hidden Harms”), former Meta researchers Jason Sattizahn and Cayce Savage testified that Meta’s legal department directed the alteration and deletion of internal data on the sexual exploitation of minors and created “social issues protocols” restricting research into suicide, eating disorders, and child trafficking (Senate Judiciary; Tech Policy Press transcript). The Chief Legal Officer who oversees that department reports directly to Zuckerberg; the seat passed from Jennifer Newstead (who left for Apple) to C.J. Mahoney in January 2026 (Axios). At the board level, Meta restructured its committees in June 2025: per its 2026 proxy statement, it disbanded the Audit & Risk Oversight and Privacy & Product Compliance committees and created a new Audit & Privacy Committee overseeing the privacy program and product/regulatory compliance, alongside a Risk & Strategy Committee (Meta DEF 14A, 2026). The independent Oversight Board remains an external check on content decisions, and Meta continues to publish quarterly Integrity Reports and report child-exploitation material to NCMEC.

X: a single Head of Safety, no named child-safety lead, and an empty CEO seat

At X, accountability for child safety is structurally diffuse. The most senior named safety leader is Kylie McRoberts, promoted internally in April 2024 to lead the team Elon Musk renamed from “Trust & Safety” to simply “Safety” (he called “Trust” a “euphemism for censorship”). McRoberts is a roughly four-year company veteran who previously worked on privacy and safe-browsing at Google, and the RSAC 2026 conference still lists her as “Head of Trust and Safety, X,” confirming she remains in the role as of 2026. Her appointment was announced alongside Yale Cohen as Head of Brand Safety and Advertiser Solutions — an advertiser-facing, commercial role distinct from user-safety and child-safety enforcement.

No primary source names a dedicated child-safety executive at X, and the gap is itself a governance finding. X’s own 2025 Global Transparency Report attributes child-sexual-exploitation enforcement to “our safety engineering team” and to an unnamed “international, cross-functional team with 24-hour coverage,” never to an accountable individual. The report logs 313,917 NCMEC reports and 1,790,852 child-safety account suspensions for July–December 2024 but identifies no leader responsible for those systems. When NBC News pressed X on a June 2025 surge of accounts advertising abuse material, X again pointed only to its @Safety account and “the incredible work of our safety engineering team,” declining to surface a named executive.

The reporting structure above the safety function is unusually flat because the chief-executive seat is empty. Linda Yaccarino — who had personally testified before the Senate Judiciary Committee on 31 January 2024 that X had strengthened child-exploitation enforcement “with more tools and technology” — resigned as CEO on 9 July 2025. No successor has been named through May 2026, leaving the safety organization reporting, in effect, up to owner Elon Musk, who holds the Chairman and CTO titles; the corporate parent also shifted when X Corp became a subsidiary of Musk’s xAI on 28 March 2025. External pressure has meanwhile intensified: on 21 May 2026 the Australian Federal Court, by consent, ordered X Corp to pay a A$650,000 civil penalty for failing to fully comply with the eSafety Commissioner’s child-sexual-exploitation transparency notice, with Justice Wheelahan stating that a “penalty near the maximum” was warranted so it would act “as a real deterrent and not simply a cost of doing business”; separately, the nonprofit Thorn terminated its detection-tooling contract with X in June 2025 over nonpayment, after which X said it was moving to in-house CSAM hash-matching — again managed without a publicly named accountable child-safety leader.

Read across the three, a common shape emerges and so does the key divergence. All three locate day-to-day child-safety operations well below the CEO and decline, in their public record, to name a single accountable child-safety executive — TikTok and X both attribute the work to teams and organizations rather than one person, and Meta has no Chief Trust & Safety Officer at all. What differs is where the function is anchored and how legible that anchor is. TikTok has the most articulated structure, having deliberately relocated Trust & Safety out of the parent-company legal chain into platform operations and, post-deal, into an American-majority board Security Committee. Meta diffuses the responsibility across three lines — Safety, Product-owned Integrity, and a Legal department that whistleblowers testified actively shaped what child-harm research could exist — all ultimately reporting to one founder-CEO. X is the outlier in the opposite direction: a single renamed Safety function, no child-safety lead, no board safety committee, and an empty CEO seat, leaving the function reporting in effect to a sole owner — a thinness that regulators and a child-safety nonprofit have both moved against in 2025–2026.

The narrative above compresses into a rubric. The scorecard below rates TikTok, Meta, and X across seven dimensions of child-safety governance structure — each scored 0 to 3, for a maximum of 21. Every score is derived from the public, sourced facts established in the section above: who is named and accountable, where the function reports, whether a board oversees it, what the company discloses, and how regulators have responded. It is deliberately a measure of structure, not of sentiment.

A few cells carry most of the weight. On independence, TikTok scores highest because it deliberately relocated Trust and Safety out of its parent company’s legal chain into platform operations, while Meta’s integrity function sits inside Product and its legal department was the subject of September 2025 whistleblower testimony about shaping child-harm research. On oversight and independent checks, Meta scores highest for its external Oversight Board and detailed Integrity Reports, even as its regulatory standing is dragged down by the New Mexico liability finding. X scores lowest on five of seven dimensions: it names no child-safety lead, convenes no board safety committee, lost its detection partnership with Thorn, and drew an A$650,000 Australian Federal Court penalty for failing to answer a child-exploitation transparency notice.

The rubric matters because accountability, in the survivors’ framing, is finally about whether someone can be named and answered to. The Phoenix 11 and the survivor-advocacy positions in Chapter 05 insist that a system which cannot identify who is responsible for detecting and reporting their childhood abuse cannot be held responsible for failing to. A high governance score is not absolution; it is the precondition for accountability at all. A score of 5 out of 21 is not merely a thin org chart — it is a measure of how hard it would be, today, to find the person who answers for a child’s report.

Digital Rights Management prevents screen recording of video content through hardware-secured decryption. On iOS/iPadOS with FairPlay, macOS Safari, Windows Edge with PlayReady SL3000, and Android with Widevine L1, screen recording prevention is approximately 100% effective. However, desktop Chrome and Firefox browsers support only Widevine L3 (software-only), making screen recording fully possible (Inkrypt Videos). Forensic watermarking — embedding invisible, user-specific identifiers into video streams — provides deterrence and traceability when prevention fails, reducing piracy by approximately 40%.

The clearnet–darknet split: volume on the surface, commerce in the shadows

The popular image of child sexual abuse material is the dark web: hidden services, anonymity software, untraceable money. The data tells a different story. The Internet Watch Foundation confirmed 291,273 webpages containing CSAM in 2024, of which only 531 — roughly two-tenths of one percent — were on the dark web. The overwhelming majority sits on the open internet, on cyberlockers and image hosts run by legitimate companies, hosted in EU data centers, and surfaced to law enforcement by the same mainstream platforms that report tens of millions of files a year to the U.S. CyberTipline. But the infrastructure splits along a sharp axis: the open web is where the volume lives, while the dark web is where the commerce concentrates. Of those 531 dark web URLs, 82% were commercial; of the far larger clearnet total, only 2% was. Understanding where CSAM lives and how it moves means tracking two parallel economies — a vast non-commercial sharing ecosystem and a smaller, hardening commercial one that has pivoted decisively to cryptocurrency, disguised websites, and abuse-to-order production in the global South.

The most persistent misconception about CSAM distribution is that it is primarily a dark web phenomenon. The Internet Watch Foundation's 2024 data directly contradicts this: of 291,273 webpages confirmed to contain child sexual abuse imagery, the IWF identified only 531 dark web URLs distributing such material — about 0.18% of the total actioned. The open web, indexed and accessible through ordinary browsers, carries the bulk of detected material.

What the dark web concentrates is not volume but commerce. Of those 531 dark web URLs, 437 (82%) were assessed as commercial — operations selling access for profit. On the clearnet, by contrast, only 7,028 of the 291,273 pages (2%) were commercial in nature, per the IWF's commercial URL analysis. The structural reading is that anonymity infrastructure is expensive and inconvenient enough that it is reserved disproportionately for paid transactions, while the much larger non-commercial trade — peer-to-peer sharing, forum distribution, cloud-storage abuse — proliferates on the surface web because it is free and frictionless.

This distinction matters for intervention strategy. The clearnet problem is fundamentally a content-moderation and hash-matching problem at scale, addressable through the detection stack (PhotoDNA, hash lists, proactive scanning). The dark web problem is a financial-intelligence and infrastructure-takedown problem, where following the money — increasingly cryptocurrency — has proven more productive than trying to deanonymize the network itself.

Hosting patterns: legitimate providers, abused at scale

Detected CSAM is hosted overwhelmingly on legitimate, free services rather than purpose-built criminal infrastructure. The IWF found that in 2024, 285,112 URLs (98%) used free hosting and only 4,981 (2%) used paid hosting. Image hosts were the single most-abused website type, followed by cyberlockers — file-storage and file-sharing services where a single uploaded file can be linked from many forums and chat rooms. Offenders also exploited 59 legitimate hacked websites in 2024, a 23% rise from the prior year, embedding criminal content inside compromised but otherwise lawful domains.

The platforms that surface the most material to authorities are the largest consumer services, reflecting both their scale and the comparative thoroughness of their proactive scanning. The NCMEC 2024 reports-by-ESP breakdown shows Facebook submitting 8,590,357 CyberTipline reports, Instagram 3,320,008, WhatsApp 1,851,086, TikTok 1,359,806, Google 1,175,084, and Snapchat 1,174,698, with Reddit (334,597), Discord (241,354), Microsoft Online Operations (101,009), Pinterest (65,810), and Amazon Photos (42,051) further down. These numbers measure detection and reporting effort, not prevalence — a platform that scans aggressively will report more than one that does not, and Meta's properties account for the lion's share precisely because they scan unencrypted surfaces. Dedicated forum and imageboard infrastructure, where committed offender communities organize, generates few CyberTipline reports because those services do not self-report; that material instead surfaces through the IWF, Project Arachnid, and law-enforcement crawling.

Research into forum structure underscores that these dedicated communities are highly organized. A 2024 study in Humanities and Social Sciences Communications mapped darknet CSAM forum networks and identified distinct key-player roles in public replies and private messaging, while work published in Child Abuse & Neglect analyzed why users continue contributing to such forums through frameworks of social exchange, social capital, and social learning — a reminder that the infrastructure is sustained by community dynamics, not merely technology.

Hosting geography: a European problem, concentrated in a handful of providers

The IWF's annual geographic breakdowns consistently locate the majority of detected CSAM hosting in Europe — a function of where cheap, high-capacity, well-connected hosting is available, not of where offenders or victims are. In 2024, EU member states hosted roughly 62% of the criminal URLs the IWF actioned. The 2025 data recorded 310,437 URLs, with EU member states accounting for 196,101 (63%).

The 2025 country-level figures show how concentrated and volatile this hosting is: Bulgaria 87,959 URLs (28%), the United States 49,021 (16%), the Netherlands 33,788 (11%), Romania 21,188 (7%), France 20,475 (7%), Germany 18,401 (6%), Malaysia 17,046 (5%), and Moldova 9,941 (3%). The year-over-year swings are dramatic and tied to specific providers rather than national trends: Bulgaria rose 19 percentage points (attributed by the IWF to "just a few particular sites"), France rose 6 and Germany 4, while the Netherlands — long a top host — fell 18 points, which the IWF credits to effective monitoring and fast takedowns. The UK itself hosts almost nothing: 951 URLs in 2025, 0.30% of the global total, with 88% removed within 24 hours.

The practical implication is that hosting geography is a moving target driven by a small number of abuse-tolerant or slow-to-respond hosting companies. A single non-cooperative provider migrating between top-level domains and jurisdictions can shift an entire country's apparent share, which is why the IWF emphasizes notice-and-takedown speed and provider relationships over national attribution.

The commercial pivot: disguised websites, domain hopping, and cryptocurrency

The commercial CSAM trade has evolved sophisticated evasion and monetization techniques. The defining clearnet innovation is the "disguised website": a site that displays legal adult pornography to ordinary visitors but reveals criminal imagery only to users arriving through a specific digital pathway — particular referrer headers, cookies, or both in sequence. The IWF uncovered 3,033 disguised websites in 2024, representing 43% of all 7,028 commercial sites and up four percentage points from 2023. These sites take at least twice as long to access and action as ordinary URLs, and they compound evasion with top-level-domain hopping, repeatedly changing TLDs to outrun blocklists.

The payment infrastructure has shifted toward cryptocurrency while retaining legacy rails. Among 2024 commercial URLs, the IWF observed 518 offering virtual-currency payment (1,067 instances), 291 showing money-transfer services (506 instances), and 42 displaying credit-card options (105 instances), while 1,345 URLs concealed payment methods entirely behind paywalls. The IWF operates dedicated Virtual Currency Alerts, sharing intelligence on payment addresses linked to CSAM with industry and law enforcement. Chainalysis's 2026 crypto crime analysis reports that commercial CSAM operations have consolidated around subscription models (typically under $100/month) rather than pay-per-item sales, that roughly half of CSAM-related transactions are under $100, and that vendors increasingly launder proceeds through Monero and no-KYC "instant exchanger" swap services after collecting payment in mainstream coins.

U.S. financial regulators have built out the red-flag framework to match. FinCEN's February 2024 Financial Trend Analysis found 2,311 Bank Secrecy Act reports referencing convertible virtual currency in connection with online child sexual exploitation and human trafficking for 2020–2021, totaling over $412 million in flagged suspicious activity, and identified four recurring typologies: darknet CSAM marketplaces, peer-to-peer exchanges, CVC mixers, and CVC kiosks. This regulatory architecture — alerts, advisories, and SAR red flags — is now the primary mechanism by which the commercial trade is disrupted, displacing the credit-card-coalition approach that defined anti-CSAM finance efforts a decade ago.

Tor hidden services and the deanonymization toolkit: Playpen and Welcome to Video

Two landmark operations define how law enforcement has dismantled major dark web CSAM platforms — one through network exploitation, the other through blockchain analysis. In Operation Pacifier (2015), the FBI seized the Tor hidden service "Playpen" after a foreign tip revealed its IP address, then continued operating the site from a government server in Newington, Virginia for roughly two weeks while deploying a Network Investigative Technique (NIT) — malware exploiting a Tor Browser/Firefox vulnerability to exfiltrate real IP and MAC addresses from over 1,300 visiting computers. The operation produced hundreds of arrests internationally but generated a wave of Fourth Amendment litigation: because the single warrant authorized searches well beyond the issuing magistrate's district, courts suppressed evidence in numerous cases under the then-existing Rule 41, as documented in Lawfare's judicial-framework analysis. The controversy directly drove the December 2016 amendments to Rule 41 expanding magistrates' authority to issue remote-search warrants.

The second model — following the money — proved both less legally fraught and more scalable. The 2019 takedown of "Welcome to Video," a South Korea–based Tor marketplace selling CSAM videos, relied on the fact that the site transacted entirely in Bitcoin. As NPR reported, investigators working with Chainalysis traced approximately $353,000 in Bitcoin across the public blockchain to deanonymize buyers, resulting in administrator Son Jong-woo's arrest and 337 further arrests across 23 U.S. states and multiple countries, alongside the rescue of children from ongoing abuse. Welcome to Video became the template — later chronicled in Andy Greenberg's Tracers in the Dark — for treating cryptocurrency's permanent ledger as an investigative asset rather than an obstacle, and it explains the subsequent vendor migration toward Monero and mixing services described above.

Livestreamed abuse and production-on-demand: the foreign-demand economy

The most economically distinctive form of CSAM is not stored material at all but live, abuse-to-order production, in which a buyer in a wealthy country commissions and directs abuse of a child abroad in real time. The Philippines is the documented epicenter. The 2023 Scale of Harm study by International Justice Mission and the University of Nottingham Rights Lab estimated that nearly half a million Filipino children — roughly 1 in 100 — were trafficked to produce child sexual exploitation material in a single year, with the trade driven explicitly by foreign demand. IJM has documented a 250% rise in Philippine IP addresses linked to such exploitation between 2014 and 2017.

The defining feature of this ecosystem is its economics and its facilitators. Payments to local traffickers are small in dollar terms but locally significant: single livestreams have been documented earning roughly 2,000 pesos (about $44), and offenders have paid as little as $25 per session — enough, against impoverished local wages, to sustain ongoing demand. Crucially, facilitators are frequently the child's own family members or close acquaintances, who in some communities rationalize livestreamed abuse as not "real" because it involves no in-person contact by the paying offender. The top demand countries, consistent across IJM and Philippine Anti-Money Laundering Council data since 2015, are the United States (by a wide margin), the United Kingdom, Australia, and Canada. Abuse has historically been transmitted over consumer video platforms including Skype and similar services, and arranged through Facebook, dating apps, and messaging tools.

Payment patterns make these cases simultaneously traceable and hard to prosecute. Research compiled by the University of Nottingham Rights Lab on financial investigation in OSEC cases notes that money-transfer services such as Western Union, WorldRemit, Remitly, and PayPal are the dominant rails, and that proof of payment is often the single most important piece of evidence — because livestreamed abuse, unlike stored CSAM, leaves no file on the offender's device. The Philippines criminalized this conduct comprehensively through Republic Act 11930 (the 2022 Anti-OSAEC law), and the Philippine Internet Crimes Against Children Center (PICACC) has driven hundreds of rescues, but prosecution remains constrained by the evidentiary problem of crimes that, by design, produce no persistent artifact.

Sextortion as an organized criminal economy

Financial sextortion has emerged as the fastest-growing form of online child exploitation and is structurally distinct from traditional CSAM markets: it is extractive rather than collection-driven, monetizing coercion rather than content, and is run as a high-volume scam operation. The dominant actors are West African, principally Nigerian, cybercriminals known colloquially as "Yahoo Boys" — a loose subculture rather than a single syndicate — who deceive predominantly teenage boys into sending explicit images and then extort them under threat of exposure. The FBI has reported an increase of more than 1,000% in financial sextortion targeting minors over an 18-month period, with the crime concentrated in the U.S., Canada, and Australia.

The scale of the criminal infrastructure became visible through platform enforcement. In July 2024, Meta disrupted a Nigeria-based operation, removing approximately 63,000 Instagram accounts engaged in financial sextortion — including a coordinated network of about 2,500 accounts run by roughly 20 individuals — plus around 7,200 Facebook assets (1,300 accounts, 200 Pages, and 5,700 Groups) that functioned as a marketplace, selling scamming scripts, how-to guides, and stock photo collections for building fake profiles. Meta reported minor-targeting accounts to NCMEC and shared signals through the Tech Coalition's Lantern program, and classified the Yahoo Boys under its Dangerous Organizations and Individuals policy.

The financial-intelligence picture is developing in parallel. FinCEN issued a dedicated Notice on Financially Motivated Sextortion in 2025, cataloguing the payment rails — gift cards, peer-to-peer payment apps, and cryptocurrency, frequently routed through money mules — and the red flags that distinguish these flows. Together with NCMEC's 2024 figures showing nearly 100 financial-sextortion reports per day and a 192% surge in online enticement reports, the evidence points to a maturing, organized criminal economy that has industrialized a coercion-based business model at a scale comparable to romance-scam operations run from the same region.

The CyberTipline and the statutory duty that feeds it

When a platform discovers child sexual abuse material (CSAM), it triggers a pipeline that is at once highly engineered and chronically under-resourced. In the United States, the path runs from a statutorily compelled report, through the National Center for Missing & Exploited Children (NCMEC), to one of 61 regional task forces and a handful of federal agencies. Internationally, a parallel architecture of hash lists, INTERPOL databases, and Europol coordination tries to stitch jurisdictions together across a system where a single evidence request can take ten months. This section traces what actually happens at each stage — the legal duties, the triage, the forensic chain to victim identification, and the documented gap between report volume and law-enforcement capacity. The numbers are precise, recent, and sobering: of the 21.3 million reports NCMEC received in 2025, more than 4.5 million were classed as informational rather than actionable, and over 10 percent of industry reports arrived with inadequate information.

The CyberTipline, operated by NCMEC since 1998, is the legally designated reporting mechanism for U.S.-based online services and has received more than 195 million reports since inception. It accepts reports across eight categories — child sexual abuse material, online enticement, child sex molestation, child sex trafficking, child sex tourism, unsolicited obscene material sent to a child, misleading domain names, and misleading words or images. Providers file through a dedicated reporting API or a manual web form; NCMEC analysts then attempt to geolocate the incident (via IP, account data, or content) and route it to the appropriate law-enforcement agency for independent investigation.

The feed is compelled by 18 U.S.C. § 2258A, which requires any provider with actual knowledge of an apparent CSAM violation to report it to the CyberTipline as soon as reasonably possible. Critically, the duty is reactive, not proactive: the statute expressly states providers are not required to monitor users or affirmatively search, screen, or scan for violations. The REPORT Act amendments (2024) extended the evidence-preservation window from 90 days to one year and expanded mandatory categories to include child sex trafficking and enticement — a change NCMEC credits for the 55 percent rise in trafficking reports.

Penalties for knowing failure to report are tiered by platform size: a first violation runs to $600,000 (under 100 million monthly active users) or $850,000 (at or above that threshold), rising to $850,000 and $1,000,000 for subsequent violations. A statutory safe harbor immunizes providers and NCMEC from civil liability for actions taken to comply, which is what makes the voluntary transmission of suspect content and subscriber data legally tenable.

Triage at NCMEC and the actionability problem

Volume is the defining operational fact. The CyberTipline received 21.3 million reports in 2025, containing 61.8 million images, videos, and other files — down from a 2023 peak of 36.2 million, a decline NCMEC attributes partly to report "bundling" and to reduced submissions following end-to-end-encryption rollouts rather than to any drop in underlying abuse. Reporting is extraordinarily concentrated: more than 2,000 ESPs are registered, but just over 300 actually submitted reports in 2025, and five ESPs accounted for over 75 percent of all reports.

NCMEC triages each submission and escalates the roughly 51,000 reports per year flagged as a child in imminent danger. But the headline volume overstates investigable signal. In 2025, more than 4.5 million reports were designated informational rather than actionable referrals, and over 10 percent of industry-submitted reports contained inadequate information for law enforcement to act. Roughly 2 million reports resolved to the U.S. (1.9 million to a specific state), while 77 percent of reports involved CSAM uploaded by users outside the United States, pushing the bulk of the caseload into the slower cross-border channels.

These caveats are the operational complement to the Stanford Internet Observatory's 2024 finding (covered in Chapter 04) that the system's data integrity — duplication, incomplete fields, and the mismatch between report counts and discrete incidents — limits how much the topline number can be read as a measure of either abuse prevalence or enforcement workload.

From report to arrest: the forensic and legal chain

A report does not authorize action on its own. Under Fourth Amendment doctrine, law enforcement generally must obtain a warrant before opening files that a government agent has not already lawfully viewed, and a warrant application requires probable cause built on more than the report alone — typically corroborating subscriber records obtained from the provider. Hash matching is the entry point: a file's PhotoDNA fingerprint is checked against known-CSAM databases. The often-cited 1-in-50-billion false-positive rate for PhotoDNA is a vendor figure that has never been independently verified, and researchers have argued operational error rates are materially higher at scale — a contested point relevant to how much investigative weight a bare hash match should carry.

Once a device or account is lawfully seized, examiners use the Project VIC International ecosystem to triage seized media at volume: known files are auto-categorized against shared hash sets so investigators can focus human review on unknown material that may depict an unidentified, still-at-risk child. New or unidentified images are submitted to NCMEC's Child Victim Identification Program (CVIP), established in 2002, which has reviewed more than 425 million images and videos and helped identify more than 19,100 children; over 30,000 victims total have been identified by law enforcement and recorded with NCMEC. The lag between report and any charge is long and largely undocumented in aggregate — reports enter investigative backlogs, and NCMEC and law enforcement both acknowledge that most never result in charges, constrained by staffing, forensic-evidence volume, and turnover.

Project VIC International and the interoperable forensic data model

Project VIC International, founded in 2012, is the connective tissue of modern CSAM forensics. Its core artifact is the VICS Data Model (built 2013), a standardized schema that lets otherwise-incompatible forensic tools exchange case data, hash values, and categorization tags. More than 30 technology vendors — including Magnet AXIOM, Oxygen Forensics, MSAB, and ADF Solutions — have implemented the standard, putting interoperable tooling in the hands of 5,000+ law-enforcement partners.

The payoff is scale and victim-centricity. Project VIC became the worldwide licensee of Microsoft's PhotoDNA for the crimes-against-children use case, collapsing the near-duplicate review burden, and added VICS Safer (a MITRE machine-learning classifier, 2019) and VICS Point (built with Microsoft AI for Good) to surface likely-CSAM from file attributes. Through this ecosystem, law-enforcement partners have discovered over 6 million new child abuse images, videos, and related files — material not previously in any known-hash database, each new file a potential thread to an unidentified victim. The "Victims First" framing is operationally literal: the value of categorizing the known is that it frees analyst attention for the unknown.

The international architecture: IWF, INTERPOL ICSE, and Europol

Outside the U.S., the Internet Watch Foundation (IWF) performs the analogous clearinghouse role for the UK and supplies the broader industry. Its Image Hash List holds over 3.2 million unique hashes, expressed in PhotoDNA, MD5, SHA-1, and SHA-256, and is distributed to licensed members either via API or through Microsoft's PhotoDNA cloud service — meaning IWF-confirmed material flows back into platform-side detection worldwide. The IWF also maintains URL, keyword, and non-photographic-imagery lists used for blocking and takedown.

For victim identification across borders, the operational system is INTERPOL's International Child Sexual Exploitation (ICSE) database. (The acronym sometimes given as "I-CAID" refers to its predecessor, the INTERPOL Child Abuse Image Database, ICAID, in use from 2001 until ICSE launched in 2009.) ICSE connects specialist investigators in 68–70 countries plus Europol, holds roughly 4.9 million images and videos, uses image and video comparison to link victims, abusers, and places, and has assisted in identifying more than 42,300 victims — on average about seven children identified per day. Europol's European Cybercrime Centre (EC3) coordinates the EU operational response, hosting international victim-identification taskforces at The Hague and running the crowdsourced Stop Child Abuse – Trace an Object campaign. Under the EMPACT framework, coordinated efforts such as Operation Daylight have disseminated 611 intelligence packages to member states, opening 207 investigations and producing 75 arrests or convictions in a single action cycle.

Cross-border friction: MLATs, the CLOUD Act, and Five Eyes

The international system's weakest link is evidence transfer. A formal Mutual Legal Assistance Treaty (MLAT) request — still the default route when data sits with a provider in another country — can take 120 days to ten months to fulfill, a timeline widely regarded as incompatible with fast-moving CSAM cases where content and a child's safety are both time-sensitive. The U.S. CLOUD Act (2018) was designed to route around this for partner countries with executive agreements, enabling faster cross-border access to data held by U.S. providers and supporting a "freeze-before-lose" preservation request — recommended as the first act of any cloud investigation — so that evidence is held while slower legal process runs.

Governance is coordinated at the political level by the Five Country Ministerial (Five Eyes: Australia, Canada, New Zealand, the United Kingdom, and the United States). In March 2020 it launched, with WeProtect and six industry partners, the Voluntary Principles to Counter Online Child Sexual Exploitation and Abuse — 11 principles covering proactive grooming detection, reporting to authorities, and transparency, since endorsed by more than 20 companies and the G7. The Five Eyes Tackling Child Sexual Abuse Working Group continues to promote the framework, conducting a virtual roadshow with industry through 2025, though the principles remain non-binding.

Domestic enforcement capacity and survivor services

The U.S. front line is the Internet Crimes Against Children (ICAC) Task Force Program, a network of 61 task forces spanning nearly 5,500 federal, state, local, and Tribal agencies, funded through the Office of Juvenile Justice and Delinquency Prevention. The program received $39.9 million in FY 2024 (down from $42.4 million in FY 2023) and, in that year, conducted approximately 203,467 investigations leading to more than 12,600 arrests and trained roughly 46,000 professionals. The arithmetic — over 200,000 investigations against a 20-million-plus annual report inflow, much of it non-actionable or offshore — illustrates the triage forced by the volume gap. Federal cases are typically worked by the FBI and Homeland Security Investigations (HSI) in coordination with ICAC affiliates.

On the survivor side, once a child is identified through CVIP, NCMEC provides crisis intervention, peer support through Team HOPE, referrals to a specialized network of CSAM-literate therapists, and image-removal support — tagging and notifying providers to take down circulating material and registering survivors so they can be notified when their imagery surfaces in new cases. That notification channel feeds the restitution system: under 18 U.S.C. § 2259, and following the Supreme Court's apportionment ruling in Paroline v. United States (2014), courts must order restitution to identified victims of CSAM trafficking. The Amy, Vicky, and Andy Child Pornography Victim Assistance Act of 2018 set a statutory floor of at least $3,000 per defendant and created a one-time $35,000 defined-monetary-assistance payment (inflation-indexed) administered by the Department of Justice — converting each new prosecution into a potential restitution event for survivors whose images continue to circulate.

How perceptual hashing actually works: PhotoDNA, PDQ, and the Hamming-distance threshold

For fifteen years, the defense against child sexual abuse material has rested on a single elegant idea: reduce an image to a short, robust fingerprint, and compare it against a curated list of fingerprints derived from confirmed abuse content. This is how Microsoft PhotoDNA, Meta's PDQ, and the video equivalent TMK+PDQF work, and it is why a known image can be detected across dozens of platforms the instant it is re-uploaded. But perceptual hashing has two structural limits that now define the arms race. It only finds what is already on a list, and it can be defeated by an adversary willing to transform an image enough to push it past the matching threshold. Generative AI has attacked both flanks at once — producing a limitless supply of novel imagery that no hash list has ever seen, while end-to-end encryption removes the server-side vantage point from which scanning has always operated. What follows is a technical account of how detection works today, what defeats it, and where the cryptographic and machine-learning frontiers are headed.

Perceptual hashing differs fundamentally from cryptographic hashing. An MD5 or SHA-1 digest changes completely if a single pixel changes; that fragility makes it useful only for byte-identical duplicates. A perceptual hash is engineered to do the opposite — to remain stable under the transformations that leave an image visually recognizable (recompression, resizing, minor color shifts) so that a re-encoded copy still matches the original. Microsoft PhotoDNA (2009) achieves this by converting the image to greyscale, resizing it to a common scale, partitioning it into a grid of cells, and computing intensity-gradient histograms per cell, yielding a 144-byte (1,152-bit) fingerprint. Meta's PDQ (open-sourced 2019) is built on the Discrete Cosine Transform: it downsamples the luminance channel, applies a two-dimensional DCT, and thresholds the resulting spectral coefficients around their median to emit a 256-bit hash plus a quality metric, an approach the comparative analysis by Hao et al. (arXiv 2406.00918) confirms produces a 256-bit value with a quality factor. Apple's abandoned NeuralHash (2021) took a third route — a convolutional neural network producing an embedding hashed to 96 bits.

Matching is a nearest-neighbor problem in Hamming distance — the count of differing bits between two hashes. Meta's reference PDQ implementation sets the canonical conventions: a distance ≤ 31 (out of 256 bits) is treated as a match, and hashes with a quality score ≤ 49 are discarded as too low-information to compare reliably. The implementation is candid that these thresholds were "determined by experimentation and not by any rigorous methodology." PhotoDNA's operational selling point has long been an extremely low false-positive rate, frequently cited at roughly 1 in 50 billion comparisons — a figure that comes from Microsoft and its deployment partners rather than from independent published replication, a caveat worth keeping in view.

Matching at scale: Multi-Index Hashing and the FAISS pipeline

A naive linear scan — comparing an incoming hash against every entry in a list of tens of millions — is too slow for platform-scale ingestion. The standard acceleration is Multi-Index Hashing (MIH), which exploits the pigeonhole principle: if two 256-bit hashes are within Hamming distance r, and the hash is split into m contiguous substrings, then they must match exactly in at least one substring when r < m. MIH therefore builds m separate hash tables keyed on substrings, retrieves a small candidate set via exact substring lookups, and verifies full Hamming distance only on those candidates. This converts an O(N) scan into something far closer to sub-linear for the small radii (r ≤ 31) used in practice.

In deployed systems the index is typically realized with Facebook AI Similarity Search (FAISS) or equivalent. Meta's PDQ documentation reports its FAISS-backed matcher sustaining roughly 4,000 images per second, and the Canadian Centre for Child Protection states that Project Arachnid processes "tens of thousands of images a second". The engineering trade-off is the usual recall-versus-latency tension: tighter thresholds and exact-substring indexing minimize false positives but risk missing near-duplicates that fall just outside the radius.

The harder problem: video hashing with TMK+PDQF

Video defeats naive image hashing because the same clip can be re-encoded at different frame rates, resolutions, and bitrates, and because the unit of comparison is a temporal sequence rather than a still. Meta's answer, co-developed and open-sourced alongside PDQ, is TMK+PDQF (Temporal Match Kernel + PDQ-Float). The system extracts frames, computes a floating-point PDQ descriptor per frame, and then aggregates these descriptors across time using a Temporal Match Kernel that encodes the video as a fixed-length vector capturing both per-frame appearance and temporal structure. Matching then compares these aggregate signatures, with a fine-grained alignment step to handle temporal offset.

Video hashing remains markedly harder than image hashing, and benchmarking confirms it. The Technology Coalition's PHVSpec video-hash benchmark evaluates perceptual video-hashing systems against transformations specific to video and finds wide variation in robustness. Practical complications include key-frame extraction (which frames to sample, and how to stay stable when an adversary inserts or drops frames), partial-clip matching (a few seconds of known CSAM spliced into a longer benign video), and the much larger storage and compute footprint — reflected in NCMEC's hash-sharing API, which classifies TMK+PDQF among its "large" file-based fingerprint types rather than the compact inline hashes used for stills.

Adversarial evasion and the novel-image problem

Perceptual hashing is robust to incidental transformations but not to deliberate ones. The Hao et al. security analysis quantifies this: against simple image edits at the standard threshold, rotation defeated PhotoDNA, PDQ, and NeuralHash essentially 100% of the time, and filtering succeeded against PhotoDNA in 94% of cases. PhotoDNA was found "not robust to filtering, rotating, resizing, mirroring, bordering, cropping." The intuition is geometric: hashes built on grid or DCT alignment are sensitive to operations that shift that alignment, which is why Meta's documentation explicitly warns PDQ "does not guarantee exact rotational invariance." The same paper offers an important counterweight, however — against query-limited black-box adversarial attacks under realistic distortion budgets, success rates collapsed to near zero (PDQ 0%, PhotoDNA 1%, NeuralHash 14% untargeted), because the discrete, noisy nature of hash outputs makes gradient estimation unreliable. So crude transforms work; sophisticated minimal-perturbation attacks largely do not.

But the decisive shift is not evasion of a known image — it is the generation of imagery that was never on any list. Because every AI-generated image is a novel artifact, hash matching is constitutively blind to it. The Internet Watch Foundation documents that fine-tuned models and LoRA adapters let offenders "create realistic deepfakes of specific children using as few as 20 existing images in as little as 15 minutes," producing material "indistinguishable from real photographic imagery to the untrained eye." The IWF reports AI-generated videos rising 26,385% between 2024 and 2025 (from a small 2024 base of single-digit videos to 3,443 in 2025). Against an adversary that manufactures infinite unique violations, a fingerprint of known content is structurally insufficient — which is precisely the gap classifiers exist to fill.

AI classifiers: detecting the unknown via embeddings

Where hashing answers "have I seen this exact image before," a classifier answers "does this image depict abuse," generalizing to content it has never encountered. This is the only viable response to novel and AI-generated material. Thorn's Safer classifier and Hive AI (which deploys a CSAM classifier built in partnership with Thorn) are the dominant commercial offerings. Architecturally these are deep convolutional and increasingly vision-transformer models trained for multi-label classification; Hive's broader stack is explicitly a multi-label classification system that assigns independent confidence scores across categories. The Hive CSAM detection API is designed as a two-stage pipeline — hash matching first to catch known content, then, if no match is found, the media is routed to the classifier to flag novel CSAM, with outputs returned as confidence scores between 0 and 1 across classes that distinguish CSAM from adult pornography.

A defining operational constraint is the handling of training data and the source media itself. Both Thorn and Hive use an embedding-first design: media is converted to a numeric embedding and "the original media is permanently deleted" after the embedding is computed, so the production system never durably stores abuse imagery. The deeper unsolved tension is training-data sourcing: a classifier must learn the visual signature of abuse without its developers possessing or circulating that material, which forces reliance on tightly controlled access within law-enforcement and NCMEC-sanctioned environments, hashed-and-segregated datasets, and — increasingly discussed but contested — synthetic or partially synthetic training examples that approximate the target distribution without depicting real victims. The contamination risk is real in both directions: a poorly governed training set could itself become a vector for abuse imagery, while an over-broad classifier raises false-positive and over-removal concerns that hashing's precision largely avoids.

The encrypted-content frontier: PSI, threshold secret sharing, and homomorphic proposals

Server-side scanning presumes the operator can see the content. End-to-end encryption removes that vantage point, and the proposed responses are among the most contested in the field. The most fully specified attempt was Apple's 2021 CSAM Detection system, which would have run NeuralHash on-device and used a Private Set Intersection (PSI) protocol to compare each image's hash against a blinded NCMEC hash database without the device learning the list or the server learning non-matching images. As the protocol analysis by Ittai Abraham details, the construction leaned on Diffie-Hellman random self-reducibility and Reed-Solomon decoding via the Coppersmith-Sudan algorithm, layered with threshold secret sharing so that Apple could decrypt the associated "safety vouchers" only once an account exceeded a set number of matches — a design Apple claimed bounded false-account reporting at roughly one in a trillion per year. Apple abandoned the system in 2022 after researchers demonstrated NeuralHash collisions and a coalition of cryptographers warned that any client-side scanning channel is repurposable for broader surveillance.

The frontier beyond PSI is largely theoretical. Fully homomorphic encryption (FHE) would in principle let a server compute a hash-match over ciphertext it cannot read; recent work such as the Summation-based Private Segmented Membership Test from threshold-FHE explores private membership queries of exactly this shape. But FHE's per-operation cost remains orders of magnitude too high for population-scale image ingestion, leaving a sharp gap between what is mathematically possible and what is deployable. The honest summary: PSI plus threshold disclosure is implementable but politically radioactive after the Apple episode; FHE-based scanning is not yet practical; and federated learning — training shared classifiers across platforms without centralizing the underlying media — is plausible for model improvement but does not by itself solve detection inside an encrypted channel.

Project Arachnid and the distinct problem of detecting CSAM on Tor

The Canadian Centre for Child Protection's Project Arachnid is the most aggressive open-and-dark-web crawler in the field. As of May 2026 it reports having processed over 176 billion images, triggered 126 million suspect media for analyst review, and issued 141 million takedown notices. Its detection core is image and video hashing — exact matching plus PhotoDNA-style perceptual matching against multiple hash sources including its own Arachnid list and the IWF list — fronted by the no-cost Shield API that lets platforms compare their media against Arachnid's fingerprints. Classification of detected suspect media is performed by a global analyst network the Centre describes as 18 hotlines across 17 countries coordinating through the "Arachnid Orb."

What makes Tor detection technically distinct is less the hashing than the crawling and the topology. A standard web crawler resolves DNS, follows links, and can be rate-managed against known hosts; a Tor crawler must route through the onion network, contend with non-indexable .onion hidden services that publish no sitemap and are reachable only via shared addresses, tolerate high latency and frequent unavailability, and discover content through references rather than enumeration. The Centre's own characterization reframes the threat model usefully: "the vast majority of CSAM detected by Project Arachnid is not physically hosted on the dark web," which instead "acts as the main conduit for directing individuals on where to find it on the clear web." The operational consequence is that effective Tor work is reconnaissance — mapping the directory layer that points to clear-web hosting — as much as it is takedown, since the abusive payload usually sits on a conventional, hash-scannable, takedown-amenable provider.

Hash-list governance, the CyberTipline, and false-positive recovery

Detection is only as trustworthy as the lists it matches against, which makes governance a first-order technical concern. NCMEC operates two hash-sharing platforms — one for industry members to contribute their own hashes to one another, and one through which NCMEC distributes more than five million hash values of confirmed CSAM to vetted companies. The integrity control is human review: a reported file is confirmed by analysts at least three times before its hash is added to a list. The Hash Sharing API supports a deliberately heterogeneous set of fingerprint types — MD5, SHA-1, PhotoDNA, PDQ, and NetClean as compact inline hashes, plus Videntifier, TMK+PDQF, and SSVH variants as large file-based fingerprints — and tags entries with the standardized industry severity classifications A1, A2, B1, B2. Crucially for false-positive recovery, the API exposes a community feedback mechanism: members can submit affirmative (upvote) or negative (downvote, with a coded reason) feedback on individual fingerprints and revise it later, so a disputed or erroneous hash can be flagged through distributed validation rather than unilateral central adjudication. This matters because a bad list entry propagates to every subscriber simultaneously; the downvote channel is the principal correction path.

The reporting backbone these lists feed is the CyberTipline, and its modernization is the operational counterpart to the technical arms race. The 2024 Stanford Internet Observatory report — drawn from 66 interviews and on-site work at NCMEC — found the system strained by volume and by poor API field completeness from reporting platforms, with only roughly half of tips actionable and law enforcement overwhelmed at triage. Reporting volume fell from 36.2 million reports in 2023 to 20.5 million in 2024, a decline driven substantially by a 2024 report-bundling feature that lets large platforms consolidate viral-meme-style mass incidents into single reports while retaining per-user detail. The throughline of "CyberTipline 2.0" modernization is exactly this: better-structured API submissions, deduplication, and prioritization so that the marginal new threat — vast volumes of novel AI imagery that hashing cannot pre-filter — does not bury the actionable signal that reaches a child.