← Back to context

Comment by JimDabell

3 days ago

I thought Apple’s approach was very promising. Unfortunately, instead of reading about how it actually worked, huge amounts of people just guessed incorrectly about how it worked and the conversation was dominated by uninformed outrage about things that weren’t happening.

15 comments

JimDabell

Reply
WarOnPrivacy  3 days ago

> Unfortunately, instead of reading about how it actually worked, huge amounts of people just guessed incorrectly about how it worked

Folks did read. They guessed that known hashes would be stored on devices and images would be scanned against that. Was this a wrong guess?

> the conversation was dominated by uninformed outrage about things that weren’t happening.

The thing that wasn't happening yet was mission creep beyond the original targets. Because expanding-beyond-originally-stated-parameters is thing that happens with far reaching monitoring systems. Because it happens with the type of regularity that is typically limited to physics.

There were 2ndary concerns about how false positives would be handled. There were concerns about what the procedures were for any positive. Given Gov propensities to ruin lives now and ignore that harm (or craft a justification) later, the concerns seem valid.

That's what I recall the concerned voices were on about. To me, they didn't seem outraged.

  • JimDabell  3 days ago

    > Folks did read. They guessed that known hashes would be stored on devices and images would be scanned against that. Was this a wrong guess?

    Yes. Completely wrong. Not even close.

    Why don’t you just go and read about it instead of guessing? Seriously, the point of my comment was that discussion with people who are just guessing is worthless.

    • WarOnPrivacy  2 days ago

      >They guessed that known hashes would be stored on devices and images would be scanned against that. Was this a wrong guess?

      > Yes. Completely wrong. Not even close.

      Per Apple:

          Instead of scanning images in the cloud, the system performs on-device
    matching using a database of known CSAM image hashes

      Recapping here. In your estimation:

           known hashes would be stored on devices
     and images would be scanned against that.

      Is not even close to

          the system performs on-device
    matching using a database of known hashes

      . And folks who read the latter and thought the former were, in your view, "Completely wrong".

      Well, okay then.

      https://web.archive.org/web/20250905063000/https://www.apple...

    • odo1242  3 days ago

      The actual system is that they used a relatively complex zero-knowledge set-matching algorithm to calculate whether an image was a match without downloading or storing the set of hashes locally.

      That said, I think this is mostly immaterial to the problem? As the comment you’re responding to says, the main problem they have with the system is mission creep, that governments will expand the system to cover more types of photos, etc. since the software is already present to scan through people’s photos on device. Which could happen regardless of how fancy the matching algorithm was.

odo1242  3 days ago

Among many many issues: Apple used neural networks to compare images, which made the system very exploitable. You could send someone an image where you invisibly altered the image to trip the filter, but the image itself looked unchanged.

Also, once the system is created it’s easy to envision governments putting whatever images they want to know people have into the phone or changing the specificity of the filter so it starts sending many more images to the cloud. Especially since the filter ran on locally stored images and not things that were already in the cloud.

Their nudity filter on iMessages was fine though (I don’t think it ever sends anything to the internet? Just contacts your parents if you’re a minor with Family Sharing enabled?)

  • nullc  3 days ago

    > once the system is created it’s easy to envision governments putting whatever images they want to know people have into the phone

    A key point is that the system was designed to make sure the database was strongly cryptographically private against review. -- that's actually where 95% of the technical complexity in the proposal came from: to make absolutely sure the public could never discover exactly what government organizations were or weren't scanning for.

nullc  3 days ago

Sorry, but you're relaying a false memory. Conversation on the subject on HN and Reddit (for example) was extremely well informed and grounded in the specifics of the proposal.

Just as an example, part of my responses here were to develop and publish a second-preimage attack on their hash function-- simply to make the point concrete that varrious bad scenarios would be facilitated by the existence of one.

dmitrygr  3 days ago

> instead of reading about how it actually worked, huge amounts of people just guessed incorrectly about how it worked and the conversation was dominated by uninformed outrage

I would not care if it worked 100% accurately. My outrage is informed by people like you who think it is OK in any form whatever.

  • JimDabell  3 days ago

    [flagged]

    • dmitrygr  3 days ago

      No amount of my device spying on me is acceptable, no matter how cleverly implemented. The fact that your comment said anything positive about it at all without acknowledging that it is an insane idea and should never be put into practice is what I was referring to.

      2 replies →