On IWF's pamphlet about the "solving" encryption.

Written xx.03.2026

Internet Watch Foundation (IWF) is organization that works ... to eliminate child sexual abuse imagery online, preventing the ongoing victimisation of those abused in childhood and making the internet safer for all.

They support EU's Chat Control which suffered a set back when EU parlament rejected extending chat controls 1.0. I'm not going to talk about that too much. Reasons for the rejection are quite complicated but I wanted to understand organization like IWF perpective on this. I have mostly listen Patrick Breyer's perspective. I did learn some perspective. Basicly right now GDPR[wiki] prevents Facebook's, twitters, and TikToks to scan chats for CSAM^. Interesting problem but mass scanning is not good ether. However, my jaw dropped when I hit this claim[alt]:

Our new paper clearly demonstrates how child sexual abuse imagery can be prevented from being uploaded into end-to-end encrypted spaces in the first place. Users can be protected from the spread of this content without any need for anyone to ever be snooping on chats.

I was getting ready to dig up why having third global key in EE2E is not EE2E but then I noticed that spaces and corretly guessed that was doing a lot of heavy lifting. The "paper" in the quote can be found here and will be focus of the ridicule today.

It is a pamphlet

Before getting meat of things. No this thing is not a paper as in journal article or technial schema. It is a pamphlet. A marking piece with pretty colors and lack of technical subtance. It only completes the general idea description, not more. I will get more details on that later but for now I want to address IWF directly. This is not only place where I find your descriptions of things deceptive^. At least for this "paper" in the actual article about the paper you call it explainer[source] but this is not only example. In article about AI been online abuse machine you say first that you seen frightening 26362% increase of photo-realistic AI videos of child sexual abuse when 2024 and 2025 are compared. But then in the next sentece you admit this is increase of 13 to 3440. So basicly this NOT a socking relevation. You are abusing mathematical definition of procent here when really all this is that there was no tools to that there are tools. Later this article also says 312,030 reports where analysts confirmed the presence of child sexual abuse material. I have no idea does this include AI or not, I assume so, regardless your analysist confirmed AI use is give or take bit over 1% of total records. Yes AI is such a abuse machine^. Stop it, my trust in you is lowered by unprofessional way you talk about this issue.

No security researcher would propose this.

What is the IWF's idea? Essentially scan, before encryption, any message going into encrypted "space". Image below is from their pamplet.

So why such strong option. Well, let's just first aknowledge that idea side steps the hard part of actually decryption encryption. Problem is that it still introduces systematic leakagle posibility with real gain in CSAM prevention. To be fair, IWF is proposing it to be local compute rather than