maude: Autonomous decentralized moderation for IPFS and Web3

• 

• 

• 

Inspiration

There are inherent risks in running a public IPFS gateway. IPFS can be used to host and distribute malware or ransomware or phishing schemes or illegal content like CSAM in a way that skirts traditional Web content analysis and filtering solutions. For instance, HTML forms hosted on IPFS and accessed via Cloudfare's gateway appear to have an SSL certificate signed by a reputable authority: Cloudflare, which operates one of the most widely-used public IPFS gateways, has released a patch to the mainline IPFS code called safemode which allows gateway operators to block blacklisted CIDs. This approach though reintroduces the spectre of centralized censorship by network service providers, which is one of the things IPFS is supposed to prevent.

Moderating user-generated content, like the videos and images users choose to store on an IPFS-backed storage service or the blog posts, forum posts, and messages written by users and sent to other users on a decentralized social media app, is one of the most difficult, labour-intensive, emotionally draining, and politically-charged tasks administrators and operators of decentralized storage services and social-media platforms must perfom.

Most decantralized and P2P apps have chosen to rely on individual users and human moderators to report content or messages deemed abusive or toxic and to take the appropriate action. This approach obviously will not scale. All the traditional social media giants like Twitter and Facebook and Twitch and Reddit rely on ML-powered automated content moderation to complement and support their huge staff of human moderators. Web3 companies with only a tiny fraction of the human resources of traditional social media companies will not be able to rely on human-only reporting and moderation if their platform is to grow beyond niche usage. But all existing automated content moderation solutions are designed to operate in a traditional centralized way with a single point of decision-making and control.

The need to moderate and potentially filter and block illegal and dangerous and abusive content in a scalable way seems at odds with the need for web3 apps and platforms like IPFS to operate in a decentralized way. But automated moderation and content filtering and blocking is a necessary part of any storage or application platform that seeks to challenge the status quo.

What it does

maude is an autonomous decentralized moderation tool that tries to solve this set of constraints of providing automated content moderation and filtering in a way that avoids centralization and a single authority for decision-making.

maude has 2 primary modes of operation:

• Monitoring
• Subscription.

Monitoring

The maude daemon in monitor modes run locally on an IPFS node and monitors the files or directory CIDs that are locally pinned:

maude uses ML models like nfsw_model to analyze the content of file-types it recognizes like images and videos::

The ML models classify the image, video, or content using attributes like nfsw, sexy, porn etc.:

Subscription

In subscription mode, maude subscribes to IPFS topics that act as channels that decentralized apps like chat apps or social media platforms can send user-generated text content like chat messages, blog posts, forum posts etc. for analysis and moderation. maude uses NLP models or services like Google's Perspective API that classify text according to attributes like profanity, sexually explicit language, toxicity, identity attacks and can identify hate speech or incitements to violence.

In both monitoring and subscription modes, maude publishes the data it has gathered via IPFS pubsub message queues as moderation feeds which contain all the information about a particular file CID pinned locally by a node, or about an identifiable user-generated message or post that maude was able to gather. Other nodes or network apps or browsers or users can subscribe to these moderation feeds and make decisions to ignore or filter or block this CID or content when they encounter it.

maude instances are designed to work collaboratively in an open trust network. Each maude instance has a public-key/private-key pair and each CID analysis is signed and constitues a claim by the instance for the CID. Each claim can itself be the target of ranking by human or automated moderators or observers on how accurate and useful the claim is. Each maude instance thus builds up a reputation feed with a ranking of the moderation assertions and claims made and this reputation feed can be used by network apps or users to automate deciding which maude moderation instances are reliable or unbiased.

With this system it is up to the individual IPFS node operators or IPFS end users to decide which moderation feeds to use to implement blacklists or filtering of IPFS content. IPFS blocks are immutable but individual nodes may choose to make CIDs determined to contain CSAM or revenge porn or doxxing or other abusive and illegal content harder to discover and access, by not locally pinning those blocks. End-user tools like browsers and browser extensions can automatically block and filter CIDs on based on trustworthy maude moderation feeds, but that decision is ultimately up to the user. Filtering and blocking of IPFS content can be thus done voluntarily and an in a decentralized manner giving the maximum amount of decision-making and control to individual operators and users while still retaining the advantages and scalability of ML-powered automated content moderation for web3 apps and platforms.

maude can use technology like Microsoft's PhotoDNA via libraries like PyPhotoDNA and Facebook's Threat Exchange via their Python client to identify images or other content involving CSMA and other types of illegal or dangerous content. Another moderation technique that will be trialled in maude is what can be called (for lack of a better term) Mod2Vec: creating sentences out of raw classification data for images or videos e.g. `This is a very large image with a small amount of nudity and several faces visible' and then using NLU models and libraries like Gensim to classify and group these sentences using existing word vectors which provides a way to incorporate semantic information into automated moderation decisions.

Challenges we ran into

It took me a while to figure out go-ipfs logging and which go-ipfs system I needed to monitor log messages for to tell me when files are locally pinned or requested by the network. It also wasn't clear that you should use environment variables GOLOG_FILE and GOLOG_LOG_LEVEL to control the logging and that IPFS_LOGGING is obsolete

The pubsub module of py-ipfs-http-client doesn't support the latest go-ipfs HTTP RPC API. Pubsub topics have to be multibase-encoded using base64url when subscribing, and publishing needs to use a POST request with multipart/form-data encoding. I made changes to support this in the maude fork of this module.

Accomplishments that we're proud of

Initially, I wanted to build a decentralized anonymous imageboard forum using IPFS. But I realized that some of the problems that needed to be solved were quite challenging and broad in their own right. One major hangup I have about using IPFS is what happens when people upload illegal content or when people dox others or abuse others using revenge porn. That data in theory stays around forever using IPFS. I think maude has the potential to go a long way to addressing issues like that without reverting to a centralized unilateral decision-making authority.

What we learned

I learned a lot about IPFS and thinking in a decentralized way about system design.

What's next for maude

Deploying it to a publically available endpoint where it can be fed with real-world data.

Built With

• ipfs
• ml
• python