All I want to know is how easy it would be for Apple to slip in a hash that directs to another database altogether.
Turns out, not easy. As Apple described, the system is designed specifically around CSAM detection. You'd need 30 pictures of Reagan, to cite your example. This could never detect a single photo, its for finding collections.
And when you think about it, what individual would have a collection of photos that could be matched to a database? CSAM is something people collect, terrorist images? Pictures of political figures? Not so much.
Would be too narrow a vector for anyone to target. All that said, that't not mentioning the fact that images can only exist in the database once they are added by two independent systems from two different governing countries.
Well as I understand it Reagan photos are a thing. Ever since the NSA Agent John Casey in the TV show Chuck used to worship the gipper. Anyway, that was glib. The actual risk is more like images of that Polish opposition leader currently in trouble, or Aung San Suu Kyi. Or Ché. Or Winnie the Pooh apparently in China because Xi Jinping believes people think he looks like Pooh Bear and he doesn’t like it.
And Apple says 30 images. Yes, it does indeed. I feel soo safe now. Firstly, political activists are a strange mob, it would be almost compulsory to have a stack of pictures of their latest political saviour de jour. or even previous, cast aside saviours, it isn’t like they get deleted. Think of your vocal Move On activist, probably has a stack of offical Obama, Clinton, Biden and Harris photos, hard as that may be to understand. An activist on the other side, a similar stack of official Trump photos at various functions (plus, yes, Reagan and maybe even…Thatcher!). Doesn’t even have to be pictures of people. It could be a collection of subversive memes stored in the photos library. 30 would be easy. Apple of course would never change that number, just like they would never change the hash list it points to, or add another list. Which obviously, they can or it would be a very temporary way to get the kiddie fiddlers indeed. We aren’t talking wholesale code rewrites.
And even if the current mob running Apple pinky swear and actually never change these things, who is to say the mob in charge a year or two down the track won’t? In time for the 2024 presidential elections if not 2022.
there is an old saying: the path to hell is paved with good intentions.
Right. And the "anyone" you need to pay special attention to in this situation is the one who purports to be your benevolently patriarchal Uncle. And Uncle, in all his infinite wisdom, has continually asserted his influence on those you trust to keep your data, your information, your *life* yours — and in this case, the entity you have decided to trust, well that's Apple.
Apple is the modern-day version of your locked bureau. And that locked bureau was clearly and unequivocally OFF LIMITS from Uncle.
When this provision was affirmed, it didn't matter if you had nothing to hide. You had the right to that locked bureau.
It didn't matter if you had the severed head of an innocent child in that bureau, either. You had an indisputable right to privacy from a prying Uncle's eyes except in VERY special circumstances.
It would have been preposterous if a bureau manufacturer had built a skeleton key and EULA for the piece of furniture which allowed them to inspect the contents of your bureau — as a neutral third party, of course — anytime they chose. It would have been even more unthinkable had the manufacturer's policy included a provision which allowed them to report the contents of your private papers and effects to Uncle should they deem them illicit.
Now, how much do we need to worry about Uncle, and his wily ways of creeping on our privacy and autonomy?
Well, seeing as how Uncle incarcerates more of its own fam, and spies on, invades the homes of, and bombs more innocent humans than any other patriarchal entity in the entire human race, I'd say it's a serious point of concern. And any person here or elsewhere dismissing this backdoor attempt to peek into your bureau as "not that big of a concern" has forgotten or been forever blind to the real risk this poses — and the consequences it brings — to civilized society.
This was very good except for the irrelevant mentions of ‘patriarchy’. That has nothing to do with expectations for privacy and the woke chip-on-your-shoulder is showing in a situation where it is not helpful to show.
The fact anyone can reverse engineer this is scary.
Concern troll much? The fact that anyone can reverse engineer this is expected -- for anyone with any knowledge of software development.
That’s not the point. It shouldn’t even be accesible. No other Apple services/features have been reverse engineered this fast or this way ever(that I know of).
The fact anyone can reverse engineer this is scary.
Concern troll much? The fact that anyone can reverse engineer this is expected -- for anyone with any knowledge of software development.
Really? So, for example, can you name someone who reversed engineered windows? MacOs? Can you link me to references of reversed engineered non open source softwares? Can you tell me someone who can do that? I have a software Id like to reverse engineer and I would pay for it.
Well of COURSE nothing like this is exploitable by nefarious players. How could it be?!? Apple writes perfect code, has perfect protocols, perfect security, no human errors, and will remain steadfast to the point of dissolving the corporation before they would bend to the will of big government politics or laws passed to try to force apple to do things. So rest easy! It’s impossible that this could be used as spyware, because every step and oversight is completely flawless!
The fact anyone can reverse engineer this is scary.
Concern troll much? The fact that anyone can reverse engineer this is expected -- for anyone with any knowledge of software development.
Really? So, for example, can you name someone who reversed engineered windows? MacOs? Can you link me to references of reversed engineered non open source softwares? Can you tell me someone who can do that? I have a software Id like to reverse engineer and I would pay for it.
There used to be plenty of packages that would reverse engineer complied code. Not sure how accurate they were, but many had strong claims. I’m suspect they have only grown in number, although I haven’t looked into in several years.
The fact anyone can reverse engineer this is scary.
Concern troll much? The fact that anyone can reverse engineer this is expected -- for anyone with any knowledge of software development.
Really? So, for example, can you name someone who reversed engineered windows? MacOs? Can you link me to references of reversed engineered non open source softwares? Can you tell me someone who can do that? I have a software Id like to reverse engineer and I would pay for it.
What I've noticed about this "controversy" is that the people who spend the most time talking about Big Brother kinds of scenarios for the technology are also the ones most likely to be pushing false information about what it actually does.
Another “exploit” that’s possible (only because there’s a non-zero chance it could happen) but in the real world would never happen.
As mentioned, users have to save the photo. Not just one photo, but 30 photos. You think you’re going to convince someone to save 30 photos they received from a random person? I get pictures in iMessage all the time from friends/family. I rarely save them as once I’ve seen it (often it’s a joke or meme) I simply delete it. Or I’ll leave it in iMessage if I ever need to see it again.
Photos in iMessage are saved to iCloud even if they are not manually added to Photos. How do you think they end up on all your devices?
Photos in iMessage are saved in the Messages stream, and as such, not hashed.
They are not saved to iCloud Photos, which, presently, is the only place the on-device hash is taking place. Apple is clear about this - if it isn't in the iCloud Photos library, it isn't getting hashed.
Another “exploit” that’s possible (only because there’s a non-zero chance it could happen) but in the real world would never happen.
As mentioned, users have to save the photo. Not just one photo, but 30 photos. You think you’re going to convince someone to save 30 photos they received from a random person? I get pictures in iMessage all the time from friends/family. I rarely save them as once I’ve seen it (often it’s a joke or meme) I simply delete it. Or I’ll leave it in iMessage if I ever need to see it again.
Photos in iMessage are saved to iCloud even if they are not manually added to Photos. How do you think they end up on all your devices?
Photos in iMessage are saved in the Messages stream, and as such, not hashed.
They are not saved to iCloud Photos, which, presently, is the only place the on-device hash is taking place. Apple is clear about this - if it isn't in the iCloud Photos library, it isn't getting hashed.
I would imagine and hope that at some point in the near future Apple will announce that they'll also hashcheck any images sent through the iMessage service for CSAM too.
Another “exploit” that’s possible (only because there’s a non-zero chance it could happen) but in the real world would never happen.
As mentioned, users have to save the photo. Not just one photo, but 30 photos. You think you’re going to convince someone to save 30 photos they received from a random person? I get pictures in iMessage all the time from friends/family. I rarely save them as once I’ve seen it (often it’s a joke or meme) I simply delete it. Or I’ll leave it in iMessage if I ever need to see it again.
Photos in iMessage are saved to iCloud even if they are not manually added to Photos. How do you think they end up on all your devices?
Photos in iMessage are saved in the Messages stream, and as such, not hashed.
They are not saved to iCloud Photos, which, presently, is the only place the on-device hash is taking place. Apple is clear about this - if it isn't in the iCloud Photos library, it isn't getting hashed.
Speak the truth as much as you want. It doesn’t matter. Almost every article on the subject claims the iPhone itself will be scanned. The inaccuracies and disinformation is rampant now. Just read the nonsense being spread right here in this thread by anonymous nobodies claiming to be experts on the subject, blathering on about hashes and algorithms that don't even make sense.
Comments
Anyway, that was glib. The actual risk is more like images of that Polish opposition leader currently in trouble, or Aung San Suu Kyi. Or Ché. Or Winnie the Pooh apparently in China because Xi Jinping believes people think he looks like Pooh Bear and he doesn’t like it.
And Apple says 30 images. Yes, it does indeed. I feel soo safe now. Firstly, political activists are a strange mob, it would be almost compulsory to have a stack of pictures of their latest political saviour de jour. or even previous, cast aside saviours, it isn’t like they get deleted. Think of your vocal Move On activist, probably has a stack of offical Obama, Clinton, Biden and Harris photos, hard as that may be to understand. An activist on the other side, a similar stack of official Trump photos at various functions (plus, yes, Reagan and maybe even…Thatcher!). Doesn’t even have to be pictures of people. It could be a collection of subversive memes stored in the photos library. 30 would be easy. Apple of course would never change that number, just like they would never change the hash list it points to, or add another list. Which obviously, they can or it would be a very temporary way to get the kiddie fiddlers indeed. We aren’t talking wholesale code rewrites.
And even if the current mob running Apple pinky swear and actually never change these things, who is to say the mob in charge a year or two down the track won’t? In time for the 2024 presidential elections if not 2022.
there is an old saying: the path to hell is paved with good intentions.
No other Apple services/features have been reverse engineered this fast or this way ever(that I know of).
This is like saying “so what that a criminal knows how to access my secret money stash. Not like he has a key to open it!!”
They are not saved to iCloud Photos, which, presently, is the only place the on-device hash is taking place. Apple is clear about this - if it isn't in the iCloud Photos library, it isn't getting hashed.