Comment by Thorrez
1 month ago
>The system is essentially scanning for the signature for some known set of images of abuse
Huh? The system is scanning for landmarks, not images of abuse.
>people will be caught this way
Due to the homomorphic encryption, I don't think Apple even knows whether the image matches a landmark in Apple's server database or not. So even if Apple put some images of abuse into its server database (which Apple claims only contains pictures of landmarks), I don't think Apple would know whether there was a match or not.
Does Apple explicitly say that?
Or only that they don’t know which landmark it matched?
Fundamentally, vector search like this doesn't have a concept of something "matching" or "not matching". It's just a cosine similarity value. To determine if an image "matches", you have to check if that similarity is within some given threshold. If the results of the cosine similarity operation are encrypted (they are with HE), that wouldn't be possible to determine.
The bigger privacy risk would be that the device routes the request to a specific database shard based on whichever has a center-point closest to the image embedding on the device. They take steps to protect this information such as third-party proxying to hide user IP addresses, as well as having devices send fake requests so that the server cannot tell which are real user data and which are fake data.