GitHub significantly contributes to the creation of sexually exploitative technology and has been noted for facilitating the growing crime of image-based sexual abuse: the capture, creation, and/or sharing of sexually explicit images without the subject’s knowledge or consent. GitHub hosts guides, codes, and hyperlinks to sexual deepfake community forums dedicated to the creation, collaboration, and commodification of synthetic media technologies, and AI-leveraged ‘nudifiying’ websites and applications that take women’s images and “strip them” of clothing.(1)

Open-sourced repositories dedicated to image-based sexual abuse (IBSA) thrive on GitHub, allowing users to replicate, favorite (star), and collaborate on sexually exploitative technology without repercussions. GitHub hosts three of the most notorious technologies used for synthetic sexually explicit material (SSEM) abuse: DeepFaceLab, DeepNude, and Unstable Diffusion.

Despite GitHub’s public statement against sexually exploitative source codes in 2019, citing codes such as DeepNude as violating their policies and saying similar codes or replications would be banned and removed, as of April 2023, similar codes remain active. NCOSE researchers searched “deepnude” on GitHub and received 54 results for similar repositories, some of which contained the original source code for DeepNude.

Because of GitHub’s failure to effectively remove the original source code, ban replications, and moderate GitHub for similar source codes to DeepNude, replicas and “copycat” technology continue to proliferate.

Recent research has shown that synthetic sexually explicit material (SSEM), such as nudifying technology is increasingly being used to target women in the general public. In 2019, Sensity uncovered a deepfake ecosystem with a DeepNude bot at the center and according to self-reports from users of the bot, 70% of targets were “private individuals whose photos are either taken from social media or private material.”

The DeepFaceLab repository on GitHub directly sends users to the Mr.DeepFakes website – a website dedicated to creating, requesting, and selling sexual deepfakes of celebrities and ‘other’ women… As a 2020 Motherboard: Tech by Vice article It Takes 2 Clicks to Get From ‘Deep Tom Cruise’ to Vile Deepfake Porn, pointed out, “[i]t is impossible to support the DeepFaceLab project without actively supporting non-consensual porn.”

GitHub actively contributed to the creation of a dataset circling deepfake and AI communities that contained content depicting actual instances of sex trafficking, physical abuse, drugging, and rape of women from both Girls Do Porn and Czech Casting. Videos from Girls Do Porn and Czech Casting were found to have been used to create a dataset for AI and deepfake communities to generate sexual deepfake and AI-generated pornography.

Additionally, when NCOSE researchers conducted a search on GitHub for “onlyfans” more than 300 results containing image scrapers for downloading content from OnlyFans were returned.

Pornography and sexually explicit imagery scrapers and save bots thrive on GitHub. These have been used to scrape and save images from pornography and social media websites. Considering the growing body of evidence, survivor testimony, and lawsuits against the most visited pornography sites (Pornhub, XVidoes, XHamster) for hosting actual depictions of, sex trafficking and child sex abuse material, rape, and various forms of image-based abuse (“revenge porn,” “upskirting/downblousing,” and “spycam shower footage”) GitHub’s allowance of these scrapers further contributes to the dissemination of criminal and/or nonconsensually captured content. It further demonstrates GitHub’s pivotal role in contributing to IBSA and sexual exploitation by hosting such repositories.

1. Ajder et al., “The State of Deepfakes: Landscape, Threats, and Impact,” September 2019; Henry Ajder, Giorgio Patrini, and Francesco Cavalli, “Automating Image Abuse: Deepfake Bots on Telegram,” Sensity, October 2020; Patrini, “The State of Deepfakes 2020: Update on Statistics and Trends,” March 2021; Volkert et al., “Understanding the Illicit Economy for Synthetic Media,” March 2020; “Hello World”; Hany Farid, “Creating, Using, Misusing, and Detecting Deep Fakes,” Journal of Online Trust and Safety 1, no. 4 (2022). 
2. Victoria Rousay, “Sexual Deepfakes and Image-Based Sexual Abuse: Victim-Survivor Experiences and Embodied Harms,” Master’s thesis, Harvard University Division of Continuing Education, April 20, 2023, https://dash.harvard.edu/handle/1/37374909. SimilarWeb, “Top 10 Incoming Sites to Mr.DeepFakes.Com, January 2023 – February 2023,” SimilarWeb + Mr.DeepFakes, January 2023, https://pro.similarweb.com/#/digitalsuite/websiteanalysis/referrals/incoming-traffic/*/999/2m?webSource=Total&key=mrdeepfakes.com. 

See all of the proof we’ve compiled in this downloadable PDF.

NCOSE is deeply concerned about the extent of features on GitHub that may increase risk of harm to minors, such as limited content moderation policies and a lack of caregiver and teacher/administrative controls.

GitHub rates itself as 13+, and actively promotes numerous educational opportunities for students from middle school to college to learn software development and coding. Geared towards minor-aged users and student-teacher collaboration and development on GitHub, over 1.5 million students signed up for the Student Developer Pack Student Developer Pack by 2019. GitHub allows teachers and administrators to connect GitHub accounts to learning management systems such as Google Classroom, Canvas, and Moodle. The use of Google Classroom in primary education exponentially rose during the pandemic which surpassed 150 million student users by 2021. GitHub requires a valid email to create an account but fails to implement other basic safety features for students, such as age verification and meaningful content moderation.

NCOSE researchers did not find evidence of teacher/administrative safety controls for underage student users. While teachers can restrict public access to joining classroom repositories, “by default visibility to student repositories is public.” GitHub places the responsibility of administrators to upgrade their accounts to access private student repository capabilities – for a fee. Every child should be safe online, especially in an environment promoted for his or her education and learning services. GitHub is asking parents and teachers to put a price on their child’s safety. This feature should be free and on by default.

Further, NCOSE researchers also did not find evidence of parental controls for underage users. Considering the open-sourced format of the platform and the amount of sexually exploitative source coding available, parental controls are urgently necessary to further protect GitHub’s youngest users.

Below are just a few examples of the types of content minors can freely and openly access on and through GitHub:

• Minors are able to access links and communities dedicated to image-based sexual abuse such as Mr.DeepFakes. 
• Minors can access repositories dedicated to the scraping of pornography, sexually explicit imagery, and sexually explicit imagery. 

See all of the proof we’ve compiled in this downloadable PDF.

GitHub’s lack of effective content moderation practices allows sexually exploitative technology, including technology which creates child sexual abuse material (CSAM), to thrive. GitHub uses automated detection tools such as PhotoDNA to proactively scan for CSAM, but they fail to implement comprehensive moderation practices to remove technology found to have generated CSAM. Rather, they only moderate for CSAM itself.

In April 2023, nudifying technology was used to generate CSAM of five teenage girls by male classmates. The male peers stole photos from the 13-year-old girls’ social networks and used a bot on a messaging platform called BikiniOff to strip the images of the girls naked. The images were circulating amongst other peers at their middle school. Authorities were called and a full investigation by the juvenile prosecutor’s office for the production of ‘child pornography.’ The two teenage boys who generated the images were unaware of the harm and trauma they had caused the victims and stated, “It’s just a joke.”

However, child sexual abuse material is not a joke, it is illegal and results in traumatic experiences for victims, especially given the online nature of the incident. GitHub’s permittance of hosting source codes such as DeepNude has resulted in a proliferation of their replication. GitHub must ban and immediately remove repositories dedicated to the creation of sexually exploitative technology.

Additionally in 2023, a Quebec man created at least seven videos of child sexual abuse material using deepfake technology. He was also found to be in possession of 545,000 computer files of child sexual abuse material. According to reports, this was believed to be the first case involving deepfake technology being used for child sexual exploitation in Canada.

The presiding provincial court judge wrote that “the creation of the new images of sexual abuse encourages the market for child pornography, which craves novelty, and puts children at risk by ‘fuelling fantasies that incite sexual offences against children.’”

GitHub hosts all of the concerns outlined above. GitHub must act immediately and accept responsibility for the type of software being developed on their platform.

See all of the proof we’ve compiled in this downloadable PDF.

Below is a list of news articles related to the exploitation facilitated by GitHub.

• Best DeepNude App Examples in 2023, Outsource IT Today, April 30, 2023. 
• PornPen website: AI generated porn images tool, Outsource IT Today, April 22, 2023. 
• Quebec man who created synthetic, AI-generated child pornography sentenced to prison, Jacob Serebrin, CBC Canada, April 26, 2023. 
• Kat Tenbarge, Found through Google, bought with Visa and Mastercard: Inside the Deepfake Porn Economy, NBC, March 27, 2023 https://www.nbcnews.com/tech/internet/deepfake-porn-ai-mr-deep-fake-economy-google-visa-mastercard-download-rcna75071
• Online DeepNude App Alternative Comparison Table, Outsource IT Today, February 28, 2023. 
  • You Feel So Violated’: Streamer QTCinderella Is Speaking Out Against Deepfake Porn Harassment, Samantha Cole, Motherboard: Tech by Vice, February 13, 2023.
  • Ishan Gaba, “What is GitHub and How to Use It?” Simplilearn, February 3, 2023, https://www.simplilearn.com/tutorials/git-tutorial/what-is-github.
  • Sophie Cockerham, “Deepfake Porn Wrecks Lives – but, as One Woman Discovered, It Takes Just 8 Seconds to Make an Image.,” Metro UK, October 21, 2022, https://metro.co.uk/2022/10/21/deepfake-porn-takes-seconds-to-make-but-can-wreck-lives-17605029/
  • Deepfake Porn: Could You Be Next? BBC, October 2022 
  • It Takes 2 Clicks to Get From ‘Deep Tom Cruise’ to Vile Deepfake Porn, Emmanuel Maiberg, Motherboard: Tech by Vice, May 17, 2022. 
• • ‘Frankenstein’s Monster:’ Images of Sexual Abuse Are Fueling Algorithmic Porn, Samantha Cole, Emmanuel Maiberg, and Ana Koslerova, Motherboard: Tech by Vice, November 10, 2020. 
  • GitHub Removed Open-Source Versions of DeepNude, Josephine Cox, Motherboard: Tech by Vice, July 9, 2019.      
  • Copies of Ai Deepfake App DeepNude Are Easily Accessible Online – and Always Will Be, James Vincent The Verge, July 3, 2019. 
  • AI-Generated Porn Makers Have Been Kicked Off Their Favorite Host, Samantha Cole, Motherboard: Tech by Vice, January 31, 2018. 

See all of the proof we’ve compiled in this downloadable PDF.