The first two I knew but on your third point he kind of lost me there. Only way it works is if it is a mix of hash and AI. I think. I’m learning as I go as this stuff is not in my bailiwick.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Serious Question about the "Outrage" behind CSAM Scanning
- Thread starter hasanahmad
- Start date
- Sort by reaction score
The first two I knew but on your third point he kind of lost me there. Only way it works is if it is a mix of hash and AI. I think. I’m learning as I go as this stuff is not in my bailiwick.
I thought that was a Google feature Apple leveraged. Then later Apple ran the check through their servers to limit data gathering by Google. But my understanding was that this is a Google service.
Last edited:
Splitting hairs. A far as I know, for the hash and check to work the data being scanned has to be in “readable” format which means unencrypted.
For this feature I fail to see why Apple cannot do this between your device and their cloud. Kind of a middle stop check.
Okay. Nice.
Still, it would be better ton see or read the actual testing protocol / scripts instead of the summary headline.
Better to understand what they did instead of “We did it.”.
Exactly, and that's not confined to just 1 account. There would have to be 30 false positives in one single account to get flagged. To me, this alone makes me 100% confident that the photos I upload to iCloud will not be seen by another person unless I share it online.
That's good enough for me.
| Safari warns you if the site you’re visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as user names, passwords, and other account information. A fraudulent website masquerades as a legitimate one, such as a bank, financial institution, or email service provider. Before you visit a website, Safari may send information calculated from the website address to Google Safe Browsing to check if the website is fraudulent. If you have China mainland set as your region in the Language & Region pane of System Preferences, Safari may also use Tencent Safe Browsing to do this check. The actual website address is never shared with the safe browsing provider. These safe browsing providers may also log your IP address when information is sent to them. |
Apple Safe Browsing Explained - Why Apple sends your data to Google and Tencent and how to turn it off
If you use Safari on certain versions of iOS, then your IP address is being sent to Google or Tencent by default. Tencent is the Chinese equivalent of Facebook, who owns the popular WeChat mobile app. Tencent also works closely with the Chinese gover...
2019 saw significant changes to safari safe browsing.
How safe is Apple’s Safe Browsing?
This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tence…
blog.cryptographyengineering.com
He is a perfect example of a little knowledge is a dangerous thing. He is wrong and he doesn't understand Apple's technical description of NeuralHash.
Where he goes wrong is that he tried to induce how NeuralHash works by looking at what he believes to be the end result of a NeuralHash and his knowledge of more regular hashing functions.
This leads him to believe
NeuralHash = photo AI + hash
He describes photo AI to be similar to the scanning the Photo app is already doing.
If he was right, the CSAM detection system could be used for everything people are worried about: finding people smoking pot, participating in protest, having (illegal) guns, posing in MAGA caps, having a non-heterosexual preferences etc.
Fortunately,
NeuralHash = 1) algorithm for generating multidimensional floating point descriptors + 2) convolutional neural network + 3) hyperplane locality sensitivity hashing
The goal of 1) isn't to find similar images, but to
A. find images which are the same (or derivates) to images in the NCMEC database
B. and at the same time be extremely bad at finding similar images
C. and be extremely bad at finding dissimilar images
These are competing goals. That's why this algorithm is "sent through" a neural network (2) to optimise for these three tasks by testing many variations of the algorithm (1) on millions of non-CSAM images.
It is because of B this system is so inefficient to be misused by police and governments in many circumstances.
(It's important to my argument that you understand the difference between "derivative" and "similar" images).
Apple even said themselves that there’s no machine learning or training the system.
You know, when I said the same thing, I got a nastygram from a moderator saying that it was a "political" post...
It's not splitting hairs. When you log into a device (iPhone, Mac, Windows PC) you unlock decryption keys which are necessary to decrypt encrypted content.
If you didn't the operating system wouldn't be able to read the data in any meaningful way. Encryption isn't broken. This is working as designed. When you login you are implicitly giving the operating system access to your decryption keys.
Apple can implement this scanning on device, third party servers or their own servers. They choose the first one.
If you implement it on device there is no encryption to worry about since the user has the authority to decrypt every file they own. The CSAM Detection System is running with the authority of the user when it comes to accessing the data.
If implemented anywhere else it either had to be unencrypted or not end-to-end encrypted.
and Apple has the keys for the rest of the process. I still fail to see WHY? Apple is doing it on device.
… and Apple isn’t doing E2EE.
Apple does, and will, hand over their encryption keys to the FBI.
Source: https://www.androidauthority.com/fbi-document-messaging-apps-3069511/
The image in the post you quoted had words about “with a search warrant”. Those need to be approved by a judge to be valid, though I’m sure the FBI has judges in their back pocket. Still, you’d have to become interesting to the FBI first.
Apple has always said if it's on iCloud they will comply with any warrants for the information... They won't assist in extracting data from the phone, for now that is. Who knows what laws might be passed in the future. I have a feeling one day they won't have any choice but to give complete access
It's worse - the FISA courts are required to rubberstamp warrants if the agency asking for it simply says it's 'related' to terrorism. The judge can't even ask clarifying questions.
Has Apple officially updated it's position on the whole issue? My last count is they just don't activate the end user search feature for now. So will they just do it later? Do they reevaluate the entire concept? Is there a schedule or hearing or maybe expert's advice coming?
The last update from Apple was in September 2021:
Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.
Source: https://techcrunch.com/2021/09/03/apple-csam-detection-delayed/