Details for Devs
Possible Insertion Points
Image processing libraries. Sharp / ImageMagick / Pillow / libjpeg / libpng etc.
Extending Blocklists that already exist (virus scanners etc)
Networking tools / protocols
Operating systems
Mobile Apps
Don’t Collect Metrics
For some applications, rather than blocking the image, it might be tempting to replace it with a blank one fetched from a URL. This would allow for the collection of metrics about how often the given image was attempted to be viewed.
Doing so would possibly leak the IP address of the user. While this seems desirable, it’s our opinion that this would only serve to block progress on this project.
The success of this project can be measured anonymously by the volume of detections by NCMEC / IWF / C3P etc.
Hashes
Only cryptographic hashes are recommended (SHAs etc).
Actual choice of hash depends largely on where this will be installed.
While MD5 has known flaws and it is technically possible to deliberately construct two images with the same MD5, this is not seen as a problem. If someone generates a legal image with the same hash, the impact is irrelevant.
Block / Delete?
Depending on where this is injected there are various options for Extinguishing this file.
Swap it for white pixels
Delete the file
Throw an exception
Obviously, it’s important you choose an approach that makes sense for the given injection point. You don’t want to cause applications to crash or break, just the image.