Skip to content

Content Moderation

The mainland China platform (picora.cn) is subject to content compliance requirements that the overseas platform doesn’t face. This page describes how Picora integrates content scanning, how to configure it, and what to do when scans flag content.

The overseas platform (picora.me) does not run content scanning by default — only DMCA / abuse takedown processes apply.

Why CN-only

PRC regulations require platforms hosting user-generated content to:

  • Block illegal content (政治敏感 / 涉黄 / 涉暴 / 侵权 etc.) before it goes public
  • Maintain audit trails of moderation decisions
  • Respond to government takedown requests within defined timeframes
  • Verify uploader identity (实名制) for certain content types

Specifically:

  • 《互联网信息服务管理办法》
  • 《网络安全法》
  • 《数据安全法》
  • 《个人信息保护法》(PIPL)
  • 《互联网用户公众账号信息服务管理规定》

The CN platform’s content scanning is opinionated and erring on the side of compliance — false positives are preferred over false negatives.

Integration: 阿里云内容安全

Picora CN uses 阿里云内容安全(Content Moderation) API as the primary scanning provider:

  • Text scanning: Markdown content via text/scan API
  • Image scanning: image upload via image/scan API (returns sync result for synchronous block, async webhook for soft review)
[user uploads markdown / image]
         
   API service receives
         
   ┌─────────────────────┐
   │ Aliyun Content Safe │ ← parallel call
   └─────────┬───────────┘
             ↓ scan result
   ┌─────────────────────┐
   │ Decision logic      │
   ├─────────────────────┤
   │ pass    → write DB  │
   │ review  → write DB  │
   │            + flag   │
   │            + private│
   │ block   → 451 + log │
   └─────────────────────┘

Decision states

Each scan returns one of three states:

pass

Content is clear. Upload proceeds normally.

review

Content may violate but uncertain (often: borderline language, partial nudity, mild violence). Picora policy:

  • Resource is saved to the database
  • is_public is forced to false (private only) regardless of user’s setting
  • A pending_review flag is set
  • An email is sent to the user explaining the decision and providing an appeal contact
  • The resource appears in the admin moderation queue for human review
  • The flagged user’s reputation score decreases (3 reviews in 30 days = automatic stricter scanning for that user)

block

Content clearly violates policy (highly explicit / illegal / explicit threats). Picora policy:

  • Upload is rejected with HTTP 451 and code: 'COMPLIANCE_BLOCKED'
  • Nothing is saved to database
  • A compliance_block event is logged with the user_id, content hash, and detection categories
  • 5 blocks in 7 days triggers automatic account suspension (admin alerted to investigate)

Categories detected

Aliyun’s API returns granular categories. Picora’s policy thresholds:

Categorypassreviewblock
涉政 (politically sensitive)low confidencemediumhigh
涉黄 (explicit content)lowmediumhigh
涉暴 (violence)low + mediumhighextreme
涉恐 (terrorism)nonelow confidencemedium+
谩骂 (abusive language)mosthigh frequencyextreme + targeted
广告 (spam ads)mostrepeatedbot-like patterns
违禁 (banned items)nonelowmedium+

These thresholds are opinionated and conservative — Picora errs on the side of blocking when in doubt.

Configuration

The CN deployment uses these environment variables (set via Aliyun KMS / docker secrets):

Terminal window
ALIYUN_CONTENT_SAFE_ENDPOINT=green.cn-shanghai.aliyuncs.com
ALIYUN_CONTENT_SAFE_ACCESS_KEY=<from KMS>
ALIYUN_CONTENT_SAFE_ACCESS_SECRET=<from KMS>
ALIYUN_CONTENT_SAFE_REGION=cn-shanghai


# Failover
CONTENT_SAFE_FAIL_MODE=review  # if API unavailable, treat as 'review' (conservative)
                               # alternatives: 'pass' (risky), 'block' (annoying)


# Sampling
CONTENT_SAFE_TEXT_SAMPLE_RATE=1.0       # scan 100% of markdown
CONTENT_SAFE_IMAGE_SAMPLE_RATE=1.0       # scan 100% of images
CONTENT_SAFE_AUDIO_SAMPLE_RATE=0.1       # scan 10% of audio (speech-to-text first)

Admin moderation queue

Resources flagged review appear in Settings → Admin → Moderation Queue:

  • Resource type / ID / uploader
  • Aliyun’s category labels and confidence scores
  • Original detection timestamp
  • Action buttons:
    • Approve — clears flag, restores user’s intended is_public setting, sends approval email
    • Reject — soft-deletes the resource, sends violation notice with citation
    • Request more info — emails uploader asking for clarification (optional, used rarely)

The queue auto-prioritizes by:

  1. Resource age (oldest first; aim for < 24h queue time)
  2. Detection confidence (higher first)
  3. User reputation (lower first — repeat offenders get faster review)

Government takedown requests

When law enforcement / regulators request takedown:

  1. Verify the request is from an authorized agency (signed letter / official seal / contact verification)
  2. Use Settings → Admin → Government Removal
  3. Specify resource ID, removal reason category, and request reference number
  4. The resource is hard-deleted; takedown record retained for 5 years

Picora does not pre-emptively scan for content based on government request templates — only acted on after specific verified requests.

User appeal flow

Users can appeal a review flag:

  1. Click Appeal this decision in the email
  2. Fill in the appeal form (max 500 chars)
  3. Appeal goes to the moderation queue with appeal=true priority
  4. Admin reviews within 7 business days
  5. Outcome emailed back

block decisions can also be appealed but historically <5% are overturned.

Compliance with PIPL

Specifically for personal data within user-uploaded content:

  • Markdown documents containing personal data (e.g., contact lists) are private by default
  • If a user marks such a document public, Aliyun’s PIPL detection flags it for review
  • Admin must verify the user has consent from the listed individuals before approving public access
  • Audit log retains every PIPL-related decision for 5 years

Common issues

“Why was my upload blocked? It’s totally fine.” — Aliyun has false positives. Use the appeal flow.

“Aliyun API down — what happens?”CONTENT_SAFE_FAIL_MODE determines behavior. Default review means uploads continue but get flagged — admin queue grows; you’ll need to manually review later or extend the failure mode.

“Compliance scan slowing uploads” — yes, by 200–800ms typically (Aliyun’s API). Async scanning (queue model) is on the v0.20+ roadmap; current sync model is simpler and meets compliance requirements.

“How do I export the moderation log for an audit?”Admin → Audit → Export supports date-range exports as CSV / JSON.