We're a bootstrapping link shortening startup and currently we don't have a lawyer to consult. We're working on that. In the meantime...<p>We got a tip that one of our users was using our service to share child porn. Does anyone have any advice for how to deal with this situation? We plan on reporting what we have to the authorities. Additionally, we banned the user and blocked access to the destination (didn't delete the redirect url from our servers, to retain proof).<p>Any help would be greatly appreciated.
I run a couple of short URL websites and this kind of short URLs along with links to phishing and spam sites is what you'll get on a very regular basis in this business.<p>Those short URLs are often being used in mass mailings, guestbooks, comment forms etc. and they'll get reported pretty quickly to URL blacklists. That gives you the chance to disable the shady short URls before too many people come across them.<p>Here is a list of URL blacklist providers that you should check each URL against, both before accepting it into your database and again before you deliver it to the user:<p>multi.surbl.org,
uribl.swinog.ch,
dbl.spamhaus.org,
url.rbl.jp,
uribl.spameatingmonkey.net,
iadb.isipp.com,
dnsbl.sorbs.net<p>You can find out more about this stuff on <a href="http://www.surbl.org/" rel="nofollow">http://www.surbl.org/</a><p>Since I've implemented these checks I only receive complaint emails every other month and no contact from the authorities so far (in contrast to the disposable email services I run).<p>When you get a complaint about a URL, your software should allow you to disable all the URLs of the reported domain. There are times when the spammers have taken over a forum (or any site really) and created a large amount of spammy content.<p>Hope this helps.
The EFF may be able to help you.
I would prepare a document with the logs/info that you have in addition to a copy of your privacy and data retention policy. You may also want to doublecheck to see if the submitter IP is a Tor node, that'll make everyone's lives easier. I believe the FBI has a special taskforce for this should you contact them.
{Random advice from the internet}<p>My first thought is to wonder why someone would want to be in a space where an arms race against people devoted to child porn was both necessary and constant. Particularly when that space wasn't providing capital sufficient to retain a lawyer.<p>My gut tells me that as a matter of will, it's going to be hard to keep this class of activity from reoccurring regardless of how this incident works out and that scaling the service will scale the headaches of monitoring and policing user behavior along with it. Personally, I'd rather deal with users I liked. YMMV.<p>Good luck.
If you store photos, Microsoft has a free product called photodna that will match filed against illegal images.<p>Take a look at the Center for Missing and Exploited children and perhaps call them. They operate a tip line to report this kind of activity. Sad that we need to think about these things.
you can use <a href="https://davidwalsh.name/nudejs" rel="nofollow">https://davidwalsh.name/nudejs</a> to detect their posts and then: Ban them!!