Unfortunatly i can reliably reproduce the steps to get to the CSAM i came across, but i wont share it. But it was not something that popped up in my feed, but as a result of a search query (to something completely unrelated to the CSAM obviously).
In this case they were kind 1063 events, hosted on one of the bigger relays that a lot of people use.
Normally 1063 event contain a URL and content (in this case a picture) is hosted somewhere else. Here, it was not a URL but the raw file in base64 encoding, which the client is then supposed to translate to a webp (though this is not part of the NIP-94 spec).
How clients handle this varies, i happened to use one at the time that is able to handle this stuff, so it displays the picture direcly. Most other clients i have tried dont and just produce a raw base64-string (luckely in this case) without transforming it into a webp picture. Or a download button that does nothing (because there is no actual url there)
constant / Constant
npub1t6…vksrw
2024-10-13 15:08:33
in reply to nevent1q…ktm7
Author Public Key
npub1t6jxfqz9hv0lygn9thwndekuahwyxkgvycyscjrtauuw73gd5k7sqvksrwPublished at
2024-10-13 15:08:33Event JSON
{
"id": "406a8dde9a94f7bbb9657f5ddd5cc60ce478cc3c62ead7228ae6e4b2bc97dbc1",
"pubkey": "5ea4648045bb1ff222655ddd36e6dceddc43590c26090c486bef38ef450da5bd",
"created_at": 1728832113,
"kind": 1,
"tags": [
[
"e",
"3b851802d707858bf95f3279692f43e89971d4b75b8996312ff21db57acd7bd8",
"",
"root"
],
[
"e",
"3b851802d707858bf95f3279692f43e89971d4b75b8996312ff21db57acd7bd8",
"",
"root"
],
[
"e",
"98838461f0c2531c73c8827dda63e06f6e85c7b529075a0aa69cf9acfc60050f",
"",
"reply"
],
[
"p",
"5ea4648045bb1ff222655ddd36e6dceddc43590c26090c486bef38ef450da5bd"
],
[
"p",
"592295cf2b09a7f9555f43adb734cbee8a84ee892ed3f9336e6a09b6413a0db9"
]
],
"content": "Unfortunatly i can reliably reproduce the steps to get to the CSAM i came across, but i wont share it. But it was not something that popped up in my feed, but as a result of a search query (to something completely unrelated to the CSAM obviously).\n\nIn this case they were kind 1063 events, hosted on one of the bigger relays that a lot of people use.\nNormally 1063 event contain a URL and content (in this case a picture) is hosted somewhere else. Here, it was not a URL but the raw file in base64 encoding, which the client is then supposed to translate to a webp (though this is not part of the NIP-94 spec).\n\nHow clients handle this varies, i happened to use one at the time that is able to handle this stuff, so it displays the picture direcly. Most other clients i have tried dont and just produce a raw base64-string (luckely in this case) without transforming it into a webp picture. Or a download button that does nothing (because there is no actual url there)",
"sig": "185229113cd329c5dd22d6badacdf466bbe8666827ed787042cf51ae3cfaa7935778c5eec1a8fd9b5401629d71da1641f3cc1af13f42d7236f6e477b1713ea3e"
}