The Infrastructure That Profits From Harm

Follow the money, not just the platform.

Sponsored by

Last year, around this time, Meta blocked my accounts —Facebook and Instagram—for a month before someone on the team kindly took the time to manually fix them. They couldn’t give me a reason except that I had violated community guidelines. 

The only time I had received a notice from Meta about a community guideline violation was when I shared my own investigation — a story published in July 2024 that found Instagram accounts posting sexualised images of Indian children, directing users via bios to Telegram channels where child sexual abuse videos were sold for Rs 40 to Rs 5,000. I had found, that in any given week, searches for child sexual abuse content on Telegram received between 20,000 and 40,000 views in India alone.

And then, in June 2025, I faced the consequence: my account was shut down. Nothing else changed. The economy of child sexual abuse material remained intact. Talk about impact.

So when, last week, the BBC published a documentary — finding that Instagram was running roughly 30 paid advertisements using terms like "rape video" and "child video," directing users to Telegram channels selling abuse material for Rs 99 — and there was an almost immediate response from the government, a notice from MeitY summoning Meta, I started thinking about accountability.

Platforms know.

The internet's harm to women and children in India is a documented, researched, reported one. 

Months before our 2024 investigation, the Rati Foundation — one of Meta's own safety partners — wrote directly to the company flagging accounts that were sexualising minors and offering CSAM links in their bios. Instagram took down three accounts. The supply continued. In June 2023, the Wall Street Journal and the Stanford Internet Observatory found Instagram's algorithms actively connecting what they called a "vast pedophile network," complete with price lists for specific acts of abuse. Meta said it was forming an internal task force.

For the past few years, I have been editing and reporting stories about what platforms allow to happen to people while collecting ad revenue, processing payments and recommending the next piece of content. Every few months, one of these stories breaks through. Public anger spikes. A government ministry sends a notice. The platform issues a statement—something about how the abuse is "horrific," how "no system is perfect," how millions of accounts have been disabled.

The news cycle turns.

So when the evidence trail stretches back years, through multiple investigations, across multiple platforms, and using India’s own payment system, what does a notice to one platform actually fix?

This isn't one kind of harm. It's one system producing many kinds of harm.

Platforms have been hosting, monetising and looking away from many kinds of harms.

A few weeks ago, Decode published an investigation — reported by me, Tarunima Prabhakar of Tattle, and Tora Agarwala — into the AI economy that undresses women without their consent.

While writing the methodology piece on the Pulitzer Center, I realised that in the three months of working on that story, my question had stopped being "how bad is this?" and became "why does nothing change?"

There’s more.

Decode has reported on a 16-year-old queer makeup artist who died by suicide after relentless bullying on Instagram — hateful comments in Hindi that the platform's English-language moderation systems could not read. 

We have reported on Randomsena, a troll with 2.4 million followers who directed coordinated mob harassment against Muslims and Dalits using communal slurs and audio notes on Telegram, instructing followers on whom to target next. His account was suspended by Meta only after Decode flagged it. He made a new one. 

During elections, the machinery scales up. Decode's Viral For Votes series exposed how Varahe Analytics, a consultancy hired by the BJP, ran a network of anonymous proxy pages on Instagram — spending over Rs 6.5 lakh on Meta ads in 90 days, using young influencers from the Hindi heartland to spread communal content and troll opposition leaders. A 15-year-old from Bihar was acting in these reels. Meta's own ad library contained the receipts. 

Facebook whistleblower Sophie Zhang had told Decode that the company refused to act on fake engagement networks supporting a BJP MP, even as it took down similar networks for other parties. The Wall Street Journal reported in 2020 that Facebook India's public policy head had advised against applying the platform's own hate speech rules to members of the ruling party, to protect the company's business interests.

The same ad review system that approved election ads from anonymous proxy pages is the system that approved ads promoting child sexual abuse. 

The same moderation infrastructure that cannot read Hindi slurs under a dead teenager's last Instagram post is the infrastructure Meta says protects its two billion users. The system is working as designed — to prioritise revenue throughout, and to treat safety as a cost to be minimised.

Platforms aren't the whole infrastructure.

But accountability cannot stop at the platform. That was the central finding of our AI undressing investigation.

We traced a supply chain that ran across jurisdictions: Chinese AI models provide the generative capability, American platforms like Hugging Face and CivitAI host and distribute them, Telegram bots serve as storefronts, and Indian payment agents inside those bots accept money through UPI — the country's single most celebrated digital infrastructure — converting rupees into credits that generate synthetic nude images. 

I contacted two such agents and traced their payment addresses back to accounts at major Indian banks. UPI's own terms bar transactions involving obscene material. The National Payments Corporation of India did not respond to our questions.

In the 2024 CSAM investigation, we found child abuse material being bought through Paytm and Google Pay. In 2026, we found AI-undressing services being paid for through UPI. 

The payment infrastructure is common across both. The response has been silence.

The government knows too.

So what does the government do? It sends notices. 

This week, alongside the CSAM response, MeitY sent notices to WhatsApp, Telegram, and Signal over the username feature. When Grok was used to generate sexualised images of Indian women in January, MeitY issued a notice to X demanding an explanation within 72 hours, then extended the deadline by another 48. 

When platforms become the focus of public anger, the easiest political response is a ban — and over the last few months, India has been discussing banning social media for children altogether, following Australia's lead. As I wrote in a previous newsletter, bans sound comforting but tend to push harm somewhere harder to see rather than actually reducing it.

There is a reason governments reach for bans and notices. They are visible, they are fast, and they do not require looking inward.

Implementing POCSO consistently, funding cybercrime cells so forensic analysis does not take months, auditing ad moderation systems, holding payment infrastructure to its own stated rules — all of that requires examining why the existing machinery failed, and what it would cost to fix it.

So, who is accountable for the infrastructure of harm?

A researcher at Brown University I spoke to during the fake AI videos investigation pointed out that if you only go after the applications—the bots, the accounts, the ads—you are playing whack-a-mole. The bots clone themselves under new names within hours. The accounts regenerate.

The ads reappear with a different template and the same intent.

What would actually matter is intervention at the level of the infrastructure underneath: the payment processors, the app stores, the cloud services that host and monetise this content, regardless of what sits on top of them.

Accountability that operates scandal by scandal, notice by notice, does not touch that infrastructure. It touches the output. 

One set of ads comes down. One account gets suspended. One news cycle completes. The infrastructure survives because no one is responsible for the infrastructure. 

Platforms point to scale. Governments point to platforms. Payment systems point to their terms of service. And the people who bear the cost — the children in those Telegram channels, the women in those AI-generated images, the teenager whose last post still collects hate — are not at the table when these decisions get made.

A few days after our undressing investigation was published, I got messages from women asking how to check if their photographs had been used to generate nudes. I did not have a good answer then. I don't have one now. 

India has laws that cover this. It has institutions that could enforce them. It has payment rails that could refuse to process these transactions. What it does not have, so far, is anyone willing to own the problem for longer than a news cycle.

On My Bookmarks

Growing Up Online

UNICEF's new data, drawn from 10 countries, puts a number on something most parents already suspect: at least 20 million children are using AI, adopting it over three times faster than adults. Thirteen million use it for homework; two million turn to it for advice about things that worry them. A quarter fear their own photos could be turned into sexually explicit deepfakes. As UNICEF puts it, "a generation is growing up inside a global experiment", with almost no safeguards built for them. Read the full report.

China’s Bet

A Stanford study found 84% of Chinese respondents feel excited about AI, against 38% of Americans. This essay on OpenDemocracy argues that gap isn't optimism so much as history — a "Century of Humiliation" that still shapes how China sees technology, and a national anxiety about falling behind that goes back to Opium War-era defeats. It's a sharp corrective to narratives that flatten China's AI boom into pure state control, and it explains why cheap, powerful Chinese models spread as fast and as far as they have — including into ecosystems their makers never intended.

Confused British GIF by Rebecca Hendin

Gif by rebeccahendin on Giphy

Hidden Workers

A content moderator in Kuala Lumpur who reviews content on a 15-minute timer, avoids bathroom breaks that hurt his metrics, and calls his job one "AI could never do" — even as Accenture, his employer, laid off 22,000 people last year to make room for it. This Tech Global Institute report by Disha Verma, built on interviews with data workers across South and Southeast Asia, is a close look at the labour underneath the AI boom.

I've been away from this newsletter longer than I meant to be — the AI-undressing investigation took up most of the last three months, and everything else got pushed aside for it. If you missed it, it's below. It's a long read, and the interactives are worth slowing down for.

I'm hoping to be back here more often now. See you every other Wednesday.

MESSAGE FROM OUR SPONSOR

Leading AI expert shares one email per day on what’s new & what’s next

AI moves faster than any single newsletter can cover. To actually stay current you'd need to read every major AI newsletter, listen to the AI podcasts that move thinking, watch what every AI lab ships, and scan public-company earnings calls, investor letters, and GitHub. Almost no one has time for that. 

MavSource fixes this in 5 minutes a day. We aggregate all of those sources, summarize what matters, analyze the trends shaping AI — across both public and private markets, apps and infrastructure — and send it as one daily email with founder commentary on what the day's signal actually means. 

No checking dozens of sources. No hype. One brief, every morning. Built for the people who can't afford to fall behind. Free.

Was this email forwarded to you? Subscribe