undefined | Better HN

0 pointsbigiain4y ago0 comments

> The opt out of this is to not use iCloud Photos.

Wasn’t yesterday’s version of this sorry about how Apple is implementing this as a client side service on iPhones?

https://news.ycombinator.com/item?id=28068741

I don’t know if the implication there is “don’t use the stock Apple camera app and photo albums”, or “don’t store any images on yours Phone any more” if they are scanning files from other apps for perceptual hash matches as well…

0 comments

Klonoar4y ago

...yes, and the client-side check is only run before syncing to iCloud Photos, which is basically just shifting the hash check from before upload (client side) to after upload (server side).

aix14y ago

Thanks for this clarification. This, I think, is an important aspect that seems to often get overlooked.

Apple's explanation:

<quote> Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes. This matching process is powered by a cryptographic technology called private set intersection, which determines if there is a match without revealing the result. The device creates a cryptographic safety voucher that encodes the match result along with additional encrypted data about the image. This voucher is uploaded to iCloud Photos along with the image.

Using another technology called threshold secret sharing, the system ensures the contents of the safety vouchers cannot be interpreted by Apple unless the iCloud Photos account crosses a threshold of known CSAM content. The threshold is set to provide an extremely high level of accuracy and ensures less than a one in one trillion chance per year of incorrectly flagging a given account. </quote>

https://www.apple.com/child-safety/

bigiainOP4y ago

I'm actually super impressed at the lengths they went to make this as private as they did.

With the proviso that you have to trust the code they push onto your device actually does what they claim in the paper.

But it does, on the face of it, prevent the "cops adding the latest cop on black person murder viral image to the CSAM content hashes and easily seeing who has it on their device and when it showed up there" concern. They are at least going to need to add enough _other_ hashes to the list to get everybody with their target image over the threshold, then get it past whatever Apple has in place for their manual review and "visual derivatives". And surely that sort of abuse of the system would set off alarms instantly at Apple when a big list of hashes of images that are common enough to all push BLM activists and sympathisers over the CASM count threshold.

(I also wonder what those "visual derivatives" they get are, and how well they are going to work to filter out false positives, and how Apple are going to take care of whoever ends up doing that review work. While I have a fairly positive impression of the care and effort Apple put into ensuring my privacy, I have a somewhat less positive impression of how they treat outsourced or low-skill workers. I won't be _too_ surprised to hear the same sort of horror stories about both the work, and the management overseeing the workers that do this sort of job at Facebook... I can't imagine a worse job description than "review images to check if they are real child sexual abuse images", and doing that for minimum wage and no benefits with supervisors threatening to fire you if you take toilet breaks or miss your 150 images an hour targets - is sadly something I totally expect to read about in a year or two's time.)

j / k navigate · click thread line to collapse