This is the problem I'm currently struggling with.
I could go to Android, which is relatively good but still run by Google (one of the most data-hungry corporations around). I kind of want the Z Flip 3, but not if it's running the kind of operating system that thinks of me as a data source and not a customer.
I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.
I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.
This isn't a rhetorical position: what do I do in this scenario? I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.
You could stop buying iStuff on principle otherwise they'll just continue with this crap.
As for alternatives, anything would do. Android doesn't do client side scanning of files since that's your chief concern. If you want more you can always root and play around.
> I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.
Can't learn unless you try things.
I for one am happy with stock android and signal/telegram/whatsapp/sms.
I have freedom to root/modify as much as I want, I'm not forced to accept arbitrary company policies.
if that handful turns into a lot more they will care.
Hearing normal folk asking "will I get in trouble for photos of my baby" kind of shows its not just a bunch of angry nerds. Angry nerds will just put gas on fire with simple "yes" answers.
One problem is that there is a significant number of "nerds" who make money on Apple's platform. There's this quote: it's difficult to understand something if your salary depends on you not understanding it.
>> This is an outright lie. The only honest answer is no.
> Are you sure about that?,
Yes.
> I'm not... And all the news so far reinforces that oppinion...
There are no news articles that explain how anyone will be falsely accused for having pictures of their own baby.
> Perceptual filter there seems pretty poor
> in terms of collision resistance
I don’t think you know anything about how poor the filter is. What is the false positive rate on randomly selected photos?
The system is even resistant against intentionally created false positives.
Here is the relevant paragraph from Apple’s documentation:
“as an additional safeguard, the visual derivatives themselves are matched to the known CSAM database by a second, independent perceptual hash. This independent hash is chosen to reject the unlikely possi- bility that the match threshold was exceeded due to non-CSAM images that were ad- versarially perturbed to cause false NeuralHash matches against the on-device en- crypted CSAM database. If the CSAM finding is confirmed by this independent hash, the visual derivatives are provided to Apple human reviewers for final confirmation.”
> There are no news articles that explain how anyone will be falsely accused for having pictures of their own baby.
Umm... hash collisions that everyone keeps warning about is not enough?, all the discussions so far, I'll just go ahead and assume your comment here is in bad faith.
> The system is even resistant against intentionally created false positives.
Famous last words... Here's one of the top posts for reddit.com/r/apple
It took a few days after extracting the model to show how flawed it is... Apple's only 'security' feature here was obscurity...
It's so broken the person doing analysis above stopped as Apple will only change the hash function to include his pictures as training data instead of fixing the whole system.
"Finding a SHA1 collision took 22 years, and there are still no effective preimage attacks against it. Creating the NeuralHash collider took a single week."
That comment is incoherent, and not an explanation of a vulnerability.
> Also funniest bit from that on how broken it is
"Finding a SHA1 collision took 22 years, and there are still no effective preimage attacks against it. Creating the NeuralHash collider took a single week."
This quote demonstrates why we can reject that comment.
They appear to know the difference between a perceptual hash and a cryptographic hash from their earlier statements, and yet here they compare them as if they are expected to behave in a similar way.
Nobody who understands how perceptual hashing works would expect there not to be collisions or to think there was a meaningful comparison with SHA-1. The system doesn’t rely on the hash to behave like a cryptographic hash because it is not one.
Either that commenter is confused, or being deliberately misleading. Let’s assume they are just confused.
I have to assume you don’t know the difference between a cryptographic hash and a perceptual hash otherwise you wouldn’t have quoted this.
They will think twice when they realize the people who found them cool and did unpaid marketing for them doesn't anymore.
There is also a massive backlash going on against them. It hit a major tech news outlet here in Norway and was linked from the biggest national newspaper just a few days after it became known, so I guess there will be multiple waves of backlash.
This reminds me of the scene from the Simpsons, where Homer is yelling “you just lost yourself a customer” to Moe. But Moe can’t hear him over the cash register being continuously stuffed full of money.
These “vote with your dollar” comments all have the same energy.
Android does the CSAM image scanning on the server if you sync your photos to the cloud. On iphone if you don’t use icloud there is no scanning. I would call that “same difference”.
If you’re running stock android you’re running a closed OS that can be set up to spy on you just as easily as iOS. The existence of AOSP does not confer any “protection” if you run stock android, because you can’t know what other code google added onto it.
Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.
In this day and age, if you don't trust your phone vendor with your data, you shouldn't be using it. They can do anything at any time and you wouldn't know. Even if there is no tracking code on your phone at this moment, they can put it on at any time.
Can't find the news article anymore but there was an incident where Google accidentally turned on airplane mode for every pixel at once via their remote control tools.
I was watching a pinephone update video. It highlighted that it now had smooth hardware accelerated video playback. That was a feature released on the original iPhone
…I don’t want to go back to Windows Mobile/PalmOS days where you never know if you will be able to play a YouTube video.
The Pinephone is just a dev platform. It has completely obsolete hardware, but it's there to pave the way for more solid software to be used by better hardware in the near future.
Do you remember the days when Linux became a thing back in the 90s? From an average user's p.o.v. the experience was probably disappointing compared to the leading OS at the time (MS Windows). But enthusiasts persisted and now Linux is a world-class OS.
The same thing could happen with Linux on mobile. The Pinephone Beta is targeted at developers. However, it's only $200 so you could buy one if you want to support the community.
If you really wanted to quit you could get a pixel and install lineageOS or CalyxOS. Now I agree that's jumping through a lot of hoops to get your privacy but it's all based on how much you value that.
I personally like to believe that I value my privacy but de-googling sounds like a large inconvenience. The cynic in me also partially believes that it's pointless and another company will just be(gin) churning my data.
I was thinking of switching from my pixel to an iphone but this recent misstep by apple has dissolved the belief I've had that they are a privacy centric company.
... which is exactly why 99% of privacy laws should focus on government services. Becomes government services combined have all the highly sensitive data you absolutely do NOT want anyone to have, especially not the police, your doctor or other branches of the government. From tax to criminal records, with medical records in between.
And, of course, there, we've chosen to not care. So government social workers constructing databases of homeless with the express purpose to deny them emergency medical care is done at least in Belgium and the Netherlands, maybe elsewhere. And that's just one example.
If child services is involved, we now consider a mother's medical records fair game in divorce proceedings (and how long is it really going to take to drop that requirement too?). If you manage to download your spouse's facebook chats, or outlook, or whatsapp backup, you get to use them in divorce too, by the way (yes, I know about "no fault" divorces, but if they "depend" on someone else already you technically don't owe any alimony since someone else already took that over). Tax records are used to find people for parking tickets. Medical records are monitored live, so people can get arrested instead of cared for in hospitals if they're behind on their taxes. Child services, the front side (e.g. street workers, or the ones that are kind-of sports coaches in the street and do, say, basketball), by the way, are now forced to find "kids" for the police to arrest. NOT specific kids, mind you, when there's been a protest and the police needs kids to arrest, these people have it as their JOB to find kids for that (and yes, I'm sure they do try to find a few that were in the protest first).
To make matters worse, you can look at the organisational structure, which again, no-one seems to realise. The chief of police, who asks these social workers to find kids to arrest, is appointed directly by the major. The major, of course, is an elected official, who is absolutely not neutral. So it's a matter of time until a "Vlaams-Belang" major gets caught making sure it's "brown" kids that get arrested for every protest by replacing the chief of police with a raging lunatic racist. Or worse.
But we're worried that Apple might pass pictures that you're essentially carrying in your pocket to the police? I don't understand people ...
These days it actually makes sense to ask your doctor NOT to keep a medical file on you, which is a right you still have in Belgium. If you do get in trouble, you're FAR better off without one. You don't get to refuse to unlock your phone anyway in Belgium, so what's the point of having the pictures on your phone behind a lockscreen?
> I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.
It's the best time to start seriously investing development resources in this alternative.
I like this. Looking for a good way to encourage people to switch, even though Linux phones do seem inferior. That's exactly why people need to buy them -- and then tell the manufacturers what they really want. Be a vocal System76 customer, or Purism customer, tell those companies what you really want.
This inspired me to write both companies about my buying experience. Off to do that!
Android phones have nothing to do with what we call Linux phones right now, which is Linux kernel + a Debian/KDE Mobile/something else userspace that is NOT Android. It's not because you share a kernel that you are the same thing, and Android phones are by nature tied to Google by default and keep calling home.
> I could go to linux phones, except no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.
We might have to accept a solution that is technically inferior, yet overall superior. There is no guarantee that the quality of available consumer products is a monotonic function, so we shouldn't act like it is.
And perhaps it is time to experiment with a lifestyle that has less smartphone involvement.
That's not the right way to think of this. The point is to send a strong message to Apple that this is not cool. Just as people didn't buy MacBooks without Esc keys, or bad butterfly mechanisms.
The MacBook itself got popular because the most technically knowledgeable people used them, got their families to use them, and was seen using them.
As Apple sees their numbers, they will put 1+1 together and decide that it's not worth it for them--they're a company out to make profits. It doesn't matter how much people complain if they keep buying. This makes a better Apple, and we can then again purchase the Apple products that live up to our standards. If we say, it sucks but it's better than the other one, this is a downward slope with no recovery.
I went with GrapheneOS and F-Droid. There's not many apps and the quality is lacking, however I feel relieved that my phone isn't spying on me anymore (allegedly).
It has been a better, about 2 days between charges. However since a few weeks it's getting worse and worse. I suspect it's the Telegram app but I'm not sure.
I agree that we only have the choice between the devil and the deep blue sea concerning mobile OS.
But why is iMessage so great (asking as a non-apple user)? Is it even e2e?
Great alternatives which are not locked into a specific OS are Signal, Threema, and Matrix.
Specifically, Matrix -- which is also a protocol -- looks quite interesting to me. Similar to email, you can choose your client software. You are also free to set up your own matrix server but you don't have to.
A few months ago, I got a Pixel and installed CalyxOS on it. I'm self hosting Nextcloud for my files. It involves a bit of maintenance work to keep it going, but I take the adage "Program or be programmed" seriously.
I have tried a few times to move back to feature phones, but it has gotten exceedingly difficult nowadays. What I currently think is missing is a containerization/virtualization solution where you run something like lineageOS as a host, and then apps are run in their own virtualized containers. Ideally host can feed containers either actual data from the hardware (location etc) or some spoofed profile/gps/sensor data, say, profile 1 for some apps: single mom living in small midwest city, profile 2 for some other apps: megarich guy globetrotting the worlds famous places etc. All while the actual phone is sitting on your table.
> I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.
While I don't agree with that assessment, the more important question is: would jailbreaking my device reliably prevent Apple from scanning my photos? I really doubt so. Moreover, it would be difficult to prove it either way.
Linux phones seem like an okay option. Replacing my Mac with a System76 was an easier option.
Open source hardware and software seems like the only sustainable option long term. If it's not ready today, that's okay, it needs support to get there.
> This is the problem I'm currently struggling with.
> I could go to Android, which is relatively good but still run by Google (one of the most data-hungry corporations around). I kind of want the Z Flip 3, but not if it's running the kind of operating system that thinks of me as a data source and not a customer.
> I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.
> I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.
> This isn't a rhetorical position: what do I do in this scenario? I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.
Best option is lineage os, or cyanogenmod as it used to be called.
One thing that bugs me is how, on every such announced there is a good chunk of people who want to tell how hopeless it is.
If anything that is the thing that makes it hopeless, hearing again and again the voices shouting "it won't work", "we are weak, they are strong".
I do not say or even think these voices are paid shills, but I can hardly see how much better job one could do to demotivate anyone from doing resistance.
That said,let me add some facts:
- we won the crypto wars
- we won the nym wars
- Google and others have massively upgraded backbone security
- Matrix exist
- Signal exist
- Open source phones, PCs and even ebook tablets are shaping up really fast
- lots of people want to do something
So please people. Stop running the enemies errands.
If you have nothing good to say - don't say anything.
> If you have nothing good to say - don't say anything.
I can't describe how incredibly stupid this is. This is peak dystopia. An absurd example from history - "maybe we should rethink the Inquisition, no? They are kidnapping and torturing people based on no evidence" "Don't be a downer!".... "Let's brainstorm on this religion thing a bit with its pointless wars, flying airplanes into buildings and killing people?" "If you don't have anything good to say, don't."
Now - Matrix and Signal exists, but it takes two to tango. If you have no one to message there, because everybody uses iMessage/WhatsApp/Messenger, you are screwed.
Open source phones and PCs exist, but they are much more expensive for the same configuration and the open source software has its own problems. Just look at the whole Linux landscape. I just looked up System76 laptop with i7, 8 GB RAM and 240 GB SSD - it comes out at 1300 dollars. That's more than the brutto average wage in my country for the same configuration that costs about 700 dollars if you buy from mainstream brands.
I got disillusioned with open source when I tried connecting an iPhone to Linux. This is what it looks like in 2021 - https://itsfoss.com/iphone-antergos-linux/ . Full of esoteric terminal commands which operate a program written by some dude from who knows where with no guarantees what it really does, because I am not gonna bother learning about iPhone+Linux+USB delicacies enough to understand that code.
So in my opinion, it's easier to actually regulate the big corp overlords.
> I can't describe how incredibly stupid this is. This is peak dystopia. An absurd example from history - "maybe we should rethink the Inquisition, no? They are kidnapping and torturing people based on no evidence" "Don't be a downer!".... "Let's brainstorm on this religion thing a bit with its pointless wars, flying airplanes into buildings and killing people?" "If you don't have anything good to say, don't."
Did you misread something or am I misunderstanding you?
(If you meant to support me I misunderstood and the rest does probably not apply.)
Following you example I'm exhorting the people who say we should just give in and let the powers that be continue their inquisition or what not.
> Now - Matrix and Signal exists, but it takes two to tango. If you have no one to message there, because everybody uses iMessage/WhatsApp/Messenger, you are screwed.
It starts somewhere. I was part of getting first WhatsApp started and then Telegram started and I am also reachable via Signal. (Sadly I do not keep up to date on my Matrix accounts, bit they are there.)
The good thing is just by being there you make a difference:
When someone logs into Telegram or Signal and if they accept to match contacts with their address book they'll see you are there in addition to a few others and it feels less like a ghost town.
WhatsApp felt a bit odd last I tried it, but it used to work this way there too.
(PS: one kind of advocacy I recommend against is bulk messaging all contacts about a new messager that is end-to-end encrypted. My wife told about how weird that felt for her colleague when a friend of the colleague did that.
Instead just be there, and when as you see more people arrive create persistent groups and make it worthwhile.)
The vast majority of users won’t bat an eyelid. Most users doesn’t even know that their device scans their photos already and allows them to search for the content depicted therein.
This only matters to the privacy conscious and those who enjoy platform wars.
Cloud feudalism. The king has now changed the rules, you sigh and despair, but it's hard to move to a new kingdom, and the other kingdom doesn't even seem that nice.
I think most people want their privacy but they are either unaware or haven't realized the true extent at how much data companies have on them or what they're doing on your devices.
I believe most people would be outraged if they bought a home and the homeowner's association had the right to go into their house any time of day and review all the photos they took claiming that it's a policy to protect the kids for child porn.
People are happy for exactly that to happen when a photographer is anywhere near a playground. Police and private security will trample all over the rights of photographers taking photos in public spaces touting anti-terror laws and privacy.
We let Google scan our emails for advertising. We let Amazon put listening devices in our homes. We let Facebook run amok.
The general public has almost no concern about privacy other than some limited notion a about the physical sanctity of our front doors.
The photographer in a playground example is understandable, no parent wants a stranger having pictures of their children. That is a violation of the family's privacy.
I'm guilty of the home smart speaker as I have a few google/nest minis around my apartment. I don't plan on getting anymore because they're just basically used as glorified alarm clocks and speakers. In theory I would ideally replace them but the effort seems like a large inconvenience since the impact would be minimal considering I still use an Android phone.
Is it? If I’m at the playground with my daughters and I snap a photo with my phone or my Canon dSLR with its big fast lens which should worry you more?
Which device captures more data and shares it more?
But who is to know? I could be using a LiDAR equipped phone to scan faces in 3D. I could be live streaming. I could simply taking a family snap. I could be doing anything.
Does another person have any right to challenge me? Most parents would feel comfortable infringing the civil liberties of another to protect children from some perceived harm that holding a camera might entail.
The point is that we have massive inconsistencies in our respect for privacy and our hysteria over the behaviour of others.
>I believe most people would be outraged if they bought a home and the homeowner's association had the right to go into their house any time of day and review all the photos they took claiming that it's a policy to protect the kids for child porn.
On the other hand it seems people are quite happy for the police to do that, at least into other peoples homes.
I'm certain 99% of those who switch to Android over this recent drama will un-ironically backup their photos in Google Cloud. Which, FYI, Google already does the same thing Apple is proposing, and has been for years.
I've heard all the arguments. I've had this conversation 10 times now, I already know what all the replies will say. I'll save you all the time, you can downvote me here.
Here's how the conversation goes:
Android User: "With Android I could just turn off Google Cloud"
iOS User: "Apple also only scans as part of iCloud upload process also. So just disable iCloud Photos"
Android User: "But that's a slippery slope! They COULD scan all content of the phone with no effort!"
iOS User: "But they're not currently, and don't plan to. Doing it locally makes it some-what auditable. Also their system as designed would only work for data uploaded to iCloud."
Android User: "So you TRUST Apple to just not add that capability later!? What if a government forces them to?"
iOS User: "So you trust Google not to aswell? If any Government forces Apple to add this on-device, they would certainly require the same of Android"
Android User: "But Apple COULD add it more easily, because this is clearly a backdoor!"
iOS User: "I don't think that word means what you think it means"
The content isn't banned from the phone, just iCloud.
A list of banned content already exists on Facebook servers, and we have no way of auditing if that list only includes CP. Where's all the outrage over that?
Because Apple is one boolean flag away from total on-device surveillance of your phone. In the past they've pushed back on this kind of thing because they said they'd have to build new capabilities into iOS to allow it. Now it's just a matter of policy and Apple has a track record of bending policies to suit various jurisdictions.
If you actually read the white paper on Apple's CSAM system, you'd know it is far more than just a boolean flag away. The system was specifically designed to prevent the kind of abuse everyone is worried about. I've been looking into the system deeply, and I fail to see how it could be co-opted for nefarious purposes without a complete redesign. Even in the most optimal attacks setup by a security researcher, I can't see how it gets anywhere near the worst-case scenario.
The worry seems to boil down to; "they could CHANGE it in the future". If the concern is about the potential for a future system, then such concerns are infinite, since infinite new systems could always be proposed or deployed. I would rather conserve my outrage for that moment, rather than be the boy who cried wolf.
Though this certainly isn't an argument for apathy. I think the amount of push-back Apple is getting is probably healthy, even if it's hyperbolic.
But what does make us think Android manufacturer or Google are any better? It is slow erosion of all privacy. We already see in China and Belarus how this will (not if) be abused when things get rough with a wrong government.
I am typing this from the porch with Macbook Air with freshly installed PopOS. The feeling of control over my computer is removing the lack of macOS polish. I know that less than 5% of "outraged" users will abandon the ecosystem . The other 95+ will continue to buy and use everything Apple. They got us all by the balls.
I am switching to flip-phone and waiting for Xperia (SailfisOS). This thing that Apple created ruined all respect and motivated me (finally) to move to FOSS for the most part.
There is a huge opening here for Microsoft to deliver a decent phone.
Since they already co-opted Chrome, I presume that could also do it with Android. That would give them immediate entry with working phones and a known OS.
Any bets on when the announcement will come that it's being delayed/put on hold indefinitely? They've completely lost control of the narrative at this point and that can't be helpful if they want to preserve the image they've cultivated for themselves of being pro-privacy.
On the other hand, if they still adamantly push this feature forward, it shows that there are some vested interests(Apple or otherwise) in wanting this feature in, PR be damned.
I think time can tell. I believe the NeuralHash is obviously flawed and they know it too. Hence they have the human moderators to look through the content.
I feel what might really happen is that the moderators may end up leaking someone’s private pictures. I think there was another thread earlier on HN which talked about how Apple’s repair team did something similar with someone’s photos, and there is also Apple’s iCloud disaster that happened with the actresses.
But I feel the Pandora’s box is already opened with regard to this. Even if Apple may not relent to another government’s desires to add extra things to be checked for, the various governments of the world may want to implement something like this on their own, if they haven’t already.
You understand correctly what Apple claims is their current policy (which, while probably true, could be changed whenever they want, or whenever they're convinced/compelled to by external forces).
The legal headache Apple faces here (and as a result, the power lever held over them by nation-level interest groups) is the liability of storing user-generated content on servers under their control. NOT the photos on your phone, those are YOUR liability.
Their cloud offering is fully E2EE (to the best of everybodies knowledge), so doing it à la Google Drive or OneDrive is not possible. If you can not access the unencrypted content and have/will not backdoord the encryption mechanism, yet are still being forced to implement such a scheme by a legal entity, client side is pretty much your only option.
As a side-note, IMO the company does not have a strong enough moral compass to assign the required man-hours into a project of this magnitude just out of good will. I would assume they are being forced to do so.
I stand corrected, the vast majority is not E2EE'd.
Now there unfortunately is no information about the at-rest encryption "On server". Going by the iCloud encryption debate in china [1] and the alleged security modules used [2], they probably have the keys to "Photos" iCloud. Which is consistent with the Reuters claim that "backed-up [...] encrypted services remain available to Apple employees and authorities".
Allows them to add end to end encryption for non csam content in the future. Also, prevents them from having to set up a system to scan every photo added to their service.
it is somehow funny that governments could track and force people getting vaccinated, give them a qrcode to comply to whatever new law under the premises of a virus/public health but that the same government couldnt do that for pedophiles and has to push for a private company to do this kind of things. people are not dumb. we all know why. it is because the people that would fall into the net of pedophily are the powerful ones. just like the belgium dutroux case proved it. we all know where it is going with this CSAM and we not gonna like it
Seems like there is rather a lot of misunderstanding about what Apple are doing here, which is a bit disappointing. They're running an algorithm to detect known child pornography pictures from a database (CSAM). It's run on your phone and the hashes of images are compared.
Separately, if you are a child, and I presume you are not if you are reading this, photos sent in messages are scanned to catch if you are sending something sexually explicit. You can opt not to send, but if you do your parents are informed. So this is relevant if you are a child or if you have a child with an iPhone. Otherwise, it is not relevant to you.
Please help me understand what is so outrageous about these systems that would make you throw away your Apple products and move to something (what?) else.
Outside of controversial implementation with on device "processing" is the fact that a third party - private corporation funded by DOJ (30+ millions)can change hashes. Nobody publicly can check this because of the sensitive nature of the materials. This system will be exported to all the world.
They require hash hits from two companies. And there is a human at Apple checking final hits, so that is a way of verifying nonsense isn’t being added to the database.
Pine64 should just try to get money from the capital markets and charge for the service. It's so stupid I have a new iPhone 12 Pro Max and also a PinePhone but I just decided to buy the former because I just don't have the capability to use the PinePhone realistically with all the services I pay for and use day to day. I don't have the time to devote my time to an ecosystem either, which... I'm sorry but it's true.
Apple was objectively better than Google until they decided to start spying on my pics with an algo that has a terrible false positive rate, all the while after basically forcing you via war of attrition to comply with the constant ++ beyond annoying popups compelling you to use iCloud.
Literally just create an alternative. The other potential competitor who made Essential (Andy Rubin iirc?) literally just gave up after 3 quarters - I guess he would know how to pull out of a project after getting ingested by Google twice in a row.
The ecosystem is a joke. I hope the FTC destroys Apple over the App Store literally just to spite them for this dark move but I'm not optimistic.
No matter how smart any "NeuralHash" is, the fact that it IS hash-based means there exists more than one image that maps to the same hash.
(Using a opaque NeuralNet-style AI that not even its developers can reason about combined with unknown groud-truths does not help).
That isn’t a proof of concept. The system is designed to handle even intentional hash collisions.
Here is the relevant paragraph from Apple’s documentation:
“as an additional safeguard, the visual derivatives themselves are matched to the known CSAM database by a second, independent perceptual hash. This independent hash is chosen to reject the unlikely possi- bility that the match threshold was exceeded due to non-CSAM images that were ad- versarially perturbed to cause false NeuralHash matches against the on-device en- crypted CSAM database. If the CSAM finding is confirmed by this independent hash, the visual derivatives are provided to Apple human reviewers for final confirmation.”
Requiring a second key to unlock a lock does not invalidate the fact that the first key can be picked (which the question was about).
I had read through the technical whitepaper [1], which does not include this information. Thank you for sharing.
Since the second hash only works on pictures that Apple can decrypt within this system ("for an account that exceeded the match threshold"), this merely saves the human reviewers at Apple time.
Thanks for posting. I've come out guns blazing on this issue but I think - as in a few other cases - it is time for me concede a bit:
If such a system should be built they surely have gone out of their way to preemptively secure it.
I'm still very much of the opinion that we need people both in police, politics and in tech with balls - or whatever the equivalent is for women - to tell people that we cannot just interfere with everyones right just to hopefully maybe catch a few more baddies, but again:
If such a system needs to be built, this is an amazingly well thought out system.
> Requiring a second key to unlock a lock does not invalidate the fact that the first key can be picked (which the question was about).
Apple’s CSAM mechanism can’t be ‘picked’ in the way that you claim. The two ‘locks’ are not separate. You can’t pick them one at a time.
> I had read through the technical whitepaper [1], which does not include this information. Thank you for sharing. Since the second hash only works on pictures that Apple can decrypt within this system ("for an account that exceeded the match threshold"), this merely saves the human reviewers at Apple time.
This is false. The second hash is independent and designed to prevent attacks based on adversarial spoofing of neuralhash.
Nobody, not even Apple, denies that someone can generate neuralhash collisions.
You can only assert that this is a vulnerability by making the false claim that a neuralhash collision alone will cause the system to flag an image.
This is the problem I'm currently struggling with.
I could go to Android, which is relatively good but still run by Google (one of the most data-hungry corporations around). I kind of want the Z Flip 3, but not if it's running the kind of operating system that thinks of me as a data source and not a customer.
I could go to linux phones, execpt no, they have absolutely no concept of competence in any form, and frequently die with less than two hours of battery life under their belts.
I might decide to root/jailbreak, but that's the kind of resistance that invites malicious intruders to take advantage of the broken security models of our duopolist platform economics to sell my data to the highest bidder.
This isn't a rhetorical position: what do I do in this scenario? I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.