**NOTE: Before reading this please be aware English is not my first language. And please be aware I’m writing this while working pro-bono for a client[^1]**
Dealing with “leaked” porn is part of our profession and porn gets leaked far more than you may possibly imagine. Part of our daily job is taking that offline[^1].
It’s not easy, especially for sexually explicit material depicting >18 customers, but attainable nevertheless.
During these days we’re dealing with a pretty nasty archive, though: dubbed **”Bibbia 3.0/4.0″** *(3.0/4.0 Bible, as you may have surmised)*, it is a 10.500+ images collection born out of some very nasty Facebook communities[^2].
The huge archive has an enormous amount of data including:
* **Revenge Porn:** pornography shared to public forum originally sent as a private message by the girls and/or shot in intimacy;
* **Stolen content:** content pulled by cloud services or victim’s phones without consent and/or taken without consent;
* **Slut Shaming:** content originally shared by the victim in smaller communities that have been widely published;
* **Exposed girls:** content originally sent as anonymous source that has been traced back to poster’s real name and surname;
* **Doxing**: content searched back using open source intelligence on the original poster and associated with personal data, name and surname, social media accounts.
The huge archive has dozens of folders and one in particular, named “Bagasce con Nome e Cognome” (“Harlots with Name and Surname”) provide a folder for each girl including names and surnames. We know about this because we are in posession of our client’s folder and pictures (which again is _not_ a minor[^1]).
As many publications has already published, **most of the content appear to be of children below the age of 18 years**[^4], configuring the content as Child Pornography by Federal and State laws definition[^3]. Child Pornography and not Pedophilia, to be precise, since most of the definitions place the age barrier of pedophilia on cut-off point for prepubescence, normally agreed upon as the age 13.
Back to us: our main aim has been to remove our client’s images and for doing this we have used several techniques:
* We have the file fingerprints of our client’s images that we can compare with the online versions we find;
* We have the fingerprint of the “La Bibbia 3.0” archive file provided by our client to compare with the archives available online;
* We can easily compare the directory structure and file names of partial and/or exploded archives we find online;
* We know our client’s images are present in a certain path of the “La Bibbia 3.0” directory structure and we can go and hunt down those “safe” files to check;
* We hunt down who is sharing the “Bibbia 3.0” and ask Internet service providers to remove it once we ;
* All of this “in memory” and on the fly;
Once we find an archive and/or a shared directory containing those files we start the reporting phase of our work: that’s fairly straightforward since we’ve been doing IP protection Take-Downs for our clients since 2008 and we’ve accumulated a fair amount of expertise.
Dealing with an archive that is mainly hosting Child Pornography (and having previously worked with underage clients) we report the content to the “abuse” contact, clearly stating *(to avoid customer care accidental exposure to this material, no one like to be exposed to CP…)* that the archive and/or directory is known to contain CP (the short code for Child Pornography) content.
In this case this was the content sent to Internet Service Providers:
> Esteemed all,
> this to report to your platform that a website/user on your platform is actively hosting Underage Minors Pornography related to the so-called “Bibbia 3.0”, a 10.500+ image collection of minors in sexy and/or pornographic attitude.
> Several civil and penal proceedings are in place to protect the victims from abuse and further exploitation. You can find more info in the link below (http://www.ilgiornale.it/news/cronache/lorrore-dello-stupro-virtuale-nuova-frontiera-su-facebook-1352637.html) *(italian newspaper)*.
> Here is the URL: **OMISSIS**
> Please be aware that multiple copies of same files has been reported on your platform, so fingerprint-base removal of files is strongly advised.
> Hoping in a swift resolution, please be aware that this report may be sent in copy to relevant State or Nation Police Agency.
> Kind Regards.
> /s/Matteo G.P. Flora
> *(several contact informations)*
From there started the normal trial-and-error procedure: some may ask you a little more information, some will ask you if you’re allowed by some of the minors/people in the archive to act on their behalf *(we are, but we provide name and documentation only if strictly necessary to avoid exposure of the client)* or pointing to different dedicated e-mails.
Some are a little bit stubborn: an hosting provider asked us to report each of the 10.500 images singularly but after a little bit of fuss came to more reasonable arrangements…
Each of the providers we sought help of dutifully complied in 1-24 hours, some of them in **less than 15 minutes** (kudos, Mega.nz folks!) and some of them going as far as reporting that fingerprinting was being activated, accounts were terminated and even thanking profusely for the reports (kudos again, Mega.nz).
Each of the provider with the except of Telegr.am (firstname.lastname@example.org is NOT ACTIVE).
And with the exception of… **Dropbox**.
Yeah, you got this right. Dropbox.
Dropbox dutifully received our e-mail, with subject *”[CP Report] Notification of Underage Minors Pornography Content”* on February 12, 2017 at 6:25 PM GMT+1.
Then on Tuesday, February 14 2017 at 12:42 AM (yeah, you read it right, after MORE THAN A DAY), Taylor responded with the most disturbing e-mail we’ve ever been provided with (bold added).
> Taylor, Feb 13, 3:42 PM PST:
> Hello Matteo,
> Thank you for contacting Dropbox.
> If you are claiming that shared content violates Dropbox’s terms of service then please have the people featured in this content write in to us, and provide the following:
> 1. All dropbox.com links to which you are referring.
> 2. Statement defining which part of the terms of service are being violated: https://dropbox.com/terms
> 3. **Copy of identification that shows name, address and photo of the person/people making the claim**.
> 4. **Sworn statement from the person/people whose ID is provided (3) that they are featured or referenced in the content (1)**.
> 5. Any correspondence that supports your claim of a terms of service violation.
> Thank you.
So DropBox, while leaving the content online wants **sworn statement** and **copy of documents** of each child for proceeding with the removal.
And, in the meanwhile, all content is still accessible for anyone in the world to download it. And spread it again.
Please note that I don’t necessarily ask for **immediate removal** (content may be and should be subject to review), but leaving it **shared with all the world** with the doubt of suspicious CP content is, frankly, unbelievable. And this kind of behaviour is **helping people who submit the content and share it, damaging all the girls within that archive**. At least temporary **blocking of the sharing** while content is investigated may mitigate the risk…
That is the moment I turned to Twitter:
Many and many tweets followed (thank you heartily to those who contributed[^5]), showing once again the **complete cluelessness of @DropBoxSupport** which seemed to be unable to read at the ticket number that is clearly cited in the original tweet…
Meanwhile several hours more passed. And the 2 days mark from the reporting was reached. Even the Social Media fiss didn’t really seem to help on the matter. And with all the possible calm an additional email came on February, 14
8:32 PM GMT+1 stating (once again bold text added):
> Tara, Feb 14, 11:32 AM PST:
> Hi Matteo,
> Child exploitation is a horrific crime, and we will review, report, and remove any illegal content brought to our attention. Dropbox promptly reports evidence of child exploitation to the National Center for Missing and Exploited Children (NCMEC) which then works with its global partner agencies, as needed.
> In this situation, you **received a generic response asking for more context on your report** to help determine if the content depicted minors because **our initial review of this content did not discover any obvious evidence of child exploitation**. We acknowledge it could have been more nuanced to better explain why we were requesting that information.
> We are grateful that you have brought this to our attention. **We will review all the content on the link you shared and report any evidence of child exploitation, as mentioned above**.
> Thank you for reporting your concerns,
So after initial review, they didn’t find evidence in 10.500+ images that scores of news agencies were horrified of[^4] and will, with all the possible calm, **review all the content on the link you shared** while *(brace yourself)* **MAINTAINING ALL THE ARCHIVE AND THE FOLDERS ONLINE FOR ANYONE TO SEE, DOWNLOAD AND SHARE**.
Yeah, you got it right. Content is still online.
Here is my latest response:
> Are you REALLY sure you didn’t find evidence?
> You can start with the provided articles and there are tons of evidences.
> It’s been more than 2 days since my report and you’ll easily find minors in most of the “bagasce con nome e cognome” directory. By the way, in that directory you’ll find exposed minors with names and surnames that are still online thanks to your neglect and poor response.
> Your e-mail will be forwarded to relevant press asking for information on the subject.
And another tweet:
I’ll update this with any significant message and/or content on the matter, but in the meanwhile I really think that something is fairly broken in this policy of handling exploited girls and, in my very humble opinion, has to change.
A great deal.
Moving from providing shelter and services to people who share revenge porn, stolen content, and much more as DropBox appears to be doing right now – willingly or not – letting the content online and shared, to a more proactive approach in protecting the victims.
But that is, of course, only my personal opinions.
For any other information feel free to [contact me](http://mgpf.it/who-is-matteo-flora) (end of page).
**STORY IN PROGRESS**
[^1]: I run a fairly known italian Reputation Company in Italy named [The Fool](http://thefool.it/en), like the Tarot Card, which in this case has a client (not minor) which is included into the porn archive.
[^2]: In this communities girls are often exposed as “bitches” and “sluts”, most of the times without being aware of it, although in some case some individuals has willingly sent images.
[^3]: “pornographic materials that exploit or portray a minor (under the age of 18)” as per 18 U.S.C. § 2251, 2251A, 2252, 2252A, 2260.
[^4]: See [here](http://www.scuolazoo.com/info-studenti/news/bibbia-3-0-le-immagini-che-sconvolgono-il-web/) or [here](https://www.laltroweb.it/la-bibbia-30-il-mostruoso-archivio-pedopornografico-che-sta-facendo-discutere-lintero-world-wide-web-r172/) or [here](http://www.nextquotidiano.it/lo-slut-shaming-contro-le-ragazzine-finite-nella-bibbia/) or [here](http://www.liberoquotidiano.it/news/italia/11910861/Sesso-minori-osceno-web-.html) and so on… Just search “Bibbia 3.0” on Google to find articles…
[^5]: @SecNewsBot @freeuser @shakycode @ValbonneConsult @s4n7h0 @securityaffairs and many other. Thanxs. Really.
Just to be clear, my article (second link in 3d step) do not contain any
link to archive (i don’t want provide any help for share illegal
[…] C’è che di fronte ad una segnalazione si attiva in 15 minuti rimuovendo tutto, chi ci mette 24 ore e chi chiede documenti d’identità, dichiarazioni giurate ed “ulteriori informazioni” facendo passare giorni e non ore. Quest’ultimo approccio è quello seguito da Dropbox, secondo la segnalazione di Matteo Flora. […]