172
Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy (www.wired.com)
submitted 1 year ago by Peaces@infosec.pub to c/privacyguides@lemmy.one
48 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Kelsenellenelvial@lemmy.ca 8 points 1 year ago

Not really. The plan that Apple backpedaled on was to compare hashes photos on device to hashes of known CSAM material. They wouldn’t see any user-generated photos unless they was a hash collision. Other companies have been known to report false positives on user-generated photos and delete accounts with no process to recover them.

[-] phillaholic@lemm.ee 5 points 1 year ago

They published a white paper on it. It would have taken many detected examples before they did anything about it. It's not strictly a hash as it's not looking for exact copies but similar ones. Collisions have been proven, but afaik they are all reverse engineered. Just Grey blobs of nonsense that match CSAM examples. I don't recall hearing about someone's random taken photo matching with anything, but correct me if I'm wrong.

[-] Kelsenellenelvial@lemmy.ca 2 points 1 year ago

True, it’s hash-like in that the comparison is using some mathematic representation of the source material. It was intended to be a little fuzzy so it would still catch minor alterations like cropping, watermarks, rendering to a new format, etc..

The example I heard of was someone that was using an app for a remote doctors appointment. The doctor requested photos of the issue, a rash in the genital area of a minor, supposedly one included an adult hand touching the area involved. That photo ended up in Google’s cloud service where it was flagged, reported to law enforcement, and that users while Google account was frozen. The investigation quickly confirmed the innocence of the photo, and provided official documentation of such, but last I heard Google would not release the account.

[-] phillaholic@lemm.ee 1 points 1 year ago

Google has unencrypted access to your files to do whatever they want with, do we know this was the same CSAM system or one of Google internal ones? Google Photos does their face and object scanning on the cloud where apple does it on device.

[-] uriel238@lemmy.blahaj.zone 4 points 1 year ago

This assumes the program stays that way. Much the way Google promised no human would look at (or be able to look at) the data set, we dont have an external oversight entity watching over Apple.

And then there's the matter of mission creep, much the way the NSA PRISM program was supposed to only deal with foreign threats to national security (specifically Islamist terrorism) yet now it tells local precincts about large liquidatable assets that can be easily seized.

Even if it only looks as hash codes, it means law enforcement can add its own catalog of hashes to isolate and secure, say content that is embarrassing to law enforcement, like videos of police gunning down unarmed, unresisting suspects in cold blood, which are challenged only when the event is captured on a private smartphone.

this post was submitted on 01 Sep 2023
172 points (100.0% liked)

Privacy Guides

16263 readers
138 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
jonah@lemmy.one
dngray@lemmy.one
freddy@lemmy.one
ninchuka@lemmy.one
jonah@lemmy.jonaharagon.net