Comment by oneplane
10 months ago
No, your photos aren't sent, also not 'pieces' of it. They are creating vector data which can be used to create searchable vectors which in turn can be used on-device to find visual matches for your search queries (which are local).
You can imagine it as hashes (created locally), some characters of that hash from some random positions being used to find out if those can be turned into a query (which is compute intensive so they use PCC for that). So there is no 'data' about what it is, where it is or who it is. There isn't even enough data to create a picture with.
Technically, everything could of course be changed, heck, Apple could probably hire someone with binoculars and spy on you 24/7. But this is not that. Just like baseband firmware is not that, and activation is not that, yet using them requires communication with Apple all the same.
My understanding as the blog laid it out was that the cloud service is doing the vector similarity search against a finite database of landmark feature vectors, but they are performing that mathematical function under homomorphic encryption such that the result of the vector comparison can only be read with a key that never left your device, so it's just adding a tag "Eiffel tower" that only you see, but the feature vector is sent off device, it's just never able to be read by another party.
Yep. It's essentially an implementation of remote attestation "the other way around". Normally the edge device is untrusted and needs to attest a variety of things before compute is done and the result is accepted, but PCC is the other way where the edge device holds the keys (technically octagon works that out, but it's backed by the on-device SEP).
So it does it multiple ways:
- Finite sets and added noise, doesn't hurt performance too much but does make it nearly impossible to ID/locate a photo
- Encryption at rest and in transit
- Transit over hops they don't own
- Homomorphic Encryption during remote compute
The data it finds was available in two ways: the "result" and the vector embedding. Not sure which one you end up consuming since it also has to work on older models that might not be able to load the embeddings and perform adequately, but it doesn't matter since the data itself will be unique so you can't do parallel reconstruction, but it is also uniquely meaningless to anyone without a key. They are essentially computing on needles that aren't in a haystack, but in a needle stack.
The primitives all this is built on have been around for quite a while, including their HBONE implementation, the cryptographically hidden data distribution and the SEP. So far, it has been the only one of its kind outside of disjointed options like buying and operating your own HSM, a large TOR network and a yet to-be-invented self-hosted PCC solution (AMD was supposed to release something but they failed at that, just not as bad as Intel messed up with SGX).
Technically, even with everything else removed, just some good TLS 1.2+ and homomorphic encryption would have been more than any other mass market manufacturer has ever done in an effective way. But by adding the additional factors such as degrees of separation so they couldn't get in themselves (without breaking it for everyone in the process) is what makes this so much more robust.
That is incorrect. If everything was local they wouldn't need HE and OHTTP and everything else.
I would be ok with this being a local feature, where I can download the signature database to my device and run the search locally (as you say), but as it stands some information about my photos (enough to detect places at least, possibly more in the future) is being sent out of my device. I want zero information about my photos to leave my device.
> Just like baseband firmware is not that, and activation is not that, yet using them requires communication with Apple all the same.
I mean, this is just wrong. Baseband firmware and carrier activation can be managed entirely independently of Apple, they just choose to manage it themselves. The number of places where Apple chooses to insert their own services as arbitrary middlemen has been a perennially worrying topic among Apple enthusiasts. It's not just disrespectful to people that pay a premium for fewer service advertisements, it's downright unsafe and does not reflect the sort of forward-thinking security that people in the industry respect.
There was a time when Apple focused on real and innovative product differentiation, but I'll be damned if you can give me a post-Wozniak example that isn't under antitrust scrutiny. Apple relies on marketing and branding to make people feel unsafe in a fundamentally insecure system - I don't respect that as a proponent of innovation and competitive digital markets.
Baseband firmware and OS activation have nothing to do with the carrier, just like it didn't on RIM devices back in the day (which is probably the only somewhat comparable version of this).
Perhaps you are thinking about subscription activation (be it GSM or CDMA) and parameters for cell networks (which can indeed be consumed by the baseband, which will be running firmware supplied by the manufacturer, sometimes re-packaged in system images as done in OEM feature phones and many android phones).
Either way, macOS devices do the same thing (activation) as do iPads without cell networking. Same goes for radio firmware loading and updates. You'll find most wintel laptops doing the same for things like WiFi (regardless of softmac/halfmac/hardmac chips).