Comment by amatecha
1 month ago
Yup, this is their way of injecting the "phone home" element via an innocuous rationale, "location matching". The global index will of course also match against other markers they deem worthy of matching, even if they don't return that to the user.
But wouldn't the homomorphic encryption prevent Apple's servers from knowing if there was a match or not?
The server must know what it's matching at some point, to be able to generate a response:
> The server identifies the relevant shard based on the index in the client query and uses HE to compute the embedding similarity in this encrypted space. The encrypted scores and set of corresponding metadata (such as landmark names) for candidate landmarks are then returned to the client.
Even with the server supposedly not knowing the identity of the client, the response could simply include extra metadata like some flag that then triggers an instant send of that photo to Apple's (or law enforcement's) servers unencrypted. Who knows?
[0] https://machinelearning.apple.com/research/homomorphic-encry..., during the period of generating
> The server must know what it's matching at some point, to be able to generate a response
The entire point of homomorphic encryption is that it doesn't.
The homomorphic encrypted Wikipedia lookup example is pretty neat.
https://news.ycombinator.com/item?id=31668814
7 replies →
not if you need to access from multiple devices (otherwise, what's the point of this feature?)
in that case it's the source of common key of "the same account" becomes the threat
and now you have to trust... megacorporation with closed-garden ecosystem... to not access its own servers in your place?
>not if you need to access from multiple devices (otherwise, what's the point of this feature?)
I don't think the feature works perfectly fine on single device. You take a ton of pictures on your iPhone. You search your photos for "Eiffel tower" and it shows you the photos you took of the Eiffel tower. I don't see why you need multiple devices.
Honestly, why the hell would Apple bother with such a contrived and machiavellian strategy to spy on their users?
They literally own the code to iOS. If they wanted to covertly track their customers, they could just have their devices phone home with whatever data they wanted to collect. Realistically there would be no way to know if this was actually happening, because modern devices emit so much encrypted data anyway, it wouldn’t be hard to hide some nefarious in all the noise.
Time Cook isn’t some Bond villain, sitting in a giant chair, stroking a white cat, plotting to take over the world by lulling everyone into a false sense of privacy (I mean Zuckerburg already did that). Apple is just a large giant corporation that wants to make money, and is pretty damn open about that fact. They clearly think that they can make more money by doubling down on more privacy, but that doesn’t work if you don’t actually provide the privacy, because ultimately, people are really crap at keeping secrets, especially when a media group would happily pay for a story, even at Apple.
Yeah, that sorta already exists. If you've ever done remote customer support, they can send a query to remotely-view your screen -- a query which you have to accept or deny. There's really zero reason there couldn't be a similar feature, but without asking you, and without putting a big red bar a the top of your screen that says "Apple Support is viewing your screen". Wish I had a screenshot or photo of that, can't seem to find a screenshot online unfortunately.