User Name
Password
AppleNova Forums » Third-Party Products »

Please Don't Trust Us, Inc®


Register Members List Calendar Search FAQ Posting Guidelines
Please Don't Trust Us, Inc®
Page 4 of 8 Previous 1 2 3 [4] 5 6 7 8  Next Thread Tools
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2021-08-07, 11:00

Quote:
Originally Posted by tomoe View Post
Can someone ELI5 the matching hash comment and implications?
turtle already touched on some MD5 examples earlier, and I'm pretty sure I'm repeating what some of the previous posts have said, but hopefully I can expand and recap the whole technical situation and concerns all at once.

Hashing is a common process that takes some file of any type and of any size and produces a new fixed-length (and usually relatively small) number. MD5 is a good example to demonstrate this hashing process because it's been around for ages and most computers have a built-in program that can make MD5 hashes. If you open your Terminal app, type "md5 " (with the space), drop any file (not a folder) into the window, and press enter, you'll see it quickly spits out something like this:

Code:
$ md5 /Users/bradsmith/Downloads/IMG_3363.JPG MD5 (/Users/bradsmith/Downloads/IMG_3363.JPG) = 36ff331972ac66f4c555628ee19b99b5
That value "36ff331972ac66f4c555628ee19b99b5" is a number (in hexadecimal instead of decimal) that was calculated based on the file. Repeating the MD5 command on the same file will always produce the same output. If you run the command with many different files, you'll see the length of the generated number is always the same but the content of the number changes always dramatically. If you give it two text files that are very similar but maybe only different by one letter, though, the output hashes are still very different. For example, MD5 hashing the phrase "hello world" versus "hallo world" will produce:

Code:
$ echo "hello world" | md5 6f5902ac237024bdd0c176cb93063dc4 $ echo "hallo world" | md5 c092aa310a370d3d1b6ecf5eae0a0ce4
Note that even though these inputs changed by only one letter, the generated hash is totally different. Hashing algorithms are sometimes called "cryptographically secure" when they do a very good job of this, as generating and comparing hashes is an essential part of modern secure computing and communications.

However, Apple's not just using any standard, open hashing algorithms like MD5 or SHA for this system, and some of the discussion points about MD5 don't exactly apply here.

What Apple has built for hashing appears to be much more complex than MD5 and has some interesting benefits and potential flaws. Where the MD5 hash just looks at the input as raw data and doesn't attribute any "meaning" to one part over the other, Apple's hashing is trying to look at the input specifically like we humans look at a picture, and it generalizes the image content into what are effectively "features" to a human eye before it calculates an output value. In their technical overview, they give an example of a color photo of a tree and a black-and-white version of the same picture, and their algorithm gives these two images the same hash even though they are obviously two very different photos.

While that is a clever way of preventing people from making slight changes to try to bypass naive tools like MD5 (changing one pixel would make a totally different MD5 hash, like my "hello world" example), it does present some possibly massive problems.

Remember that hashes are "fixed length"? That feature is a good thing because it means you can't infer much about the size of the original data that was hashed. A one-byte file's hash is exactly as long as a trillion-byte file's hash. However, that means you also introduce the very real possibility of two completely unrelated files producing the same hash. A good hashing algorithm is sufficiently complex and generates a sufficiently large number to make this extremely unlikely, but since Apple's algorithm is by design trying to generalize maybe-similar images to generate the same output, there is a very real risk that the likelihood of false positives skyrockets.

A clever individual could reverse-engineer the algorithm and hash to produce a perfectly safe and innocuous image that the feature detector thinks matches a feature set that has been reported in a hash as CP. This clever individual could then distribute that image around and cause a bunch of false positive reports. Or an unsuspecting user might take a perfectly safe and innocuous photo that just happens to fall into the right part of the feature detection and then they get a surprise visit from the FBI or Apple gets subpoenaed to hand over her data or she gets put on some kind of watch list.

In turtle's earlier example, his photo could be confused for Hitler (sorry! but you invoked Godwin's Law here first! ) due to some unknown-to-us arrangement of features in the photos even though the raw data making up the image is completely different than the "matching" photo of the führer.

Fooling AI/ML-based image processing systems is already a small but growing area of interest. Disrupting self-driving car systems is a related area that's been getting lots of research and press in recent years. It's only a matter of time before people try to figure out and exploit this system too.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Dr. Bobsky
Senior Member
 
Join Date: Feb 2015
Location: UK's most densely packed city. It's not London...
 
2021-08-08, 04:39

Apple has a legal liability to report images of child pornography stored on its servers to law enforcement. These reports do not necessarily lead to prosecution, nor do they necessarily identify, in the strictest sense, child pornography. The fear here seems focused on Apple as some sort of extra-legal entity. It is not. It is a company operating within the law.

And yes, if duly elected politicians pass laws that make it illegal to take photos of double rainbows, Apple may be responsible for reporting those images as well. This wouldn't be Apple's fault, but yours, since you voted those idiots in who passed those stupid laws, and if your concern now is that the laws against child pornography are too broadly written such that companies like Apple have to work with law enforcement, well 1) gross, and 2) you live in a democracy, but I am not sure you want to ally with child pornographers...

Last edited by Dr. Bobsky : 2021-08-08 at 07:42.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-08-10, 12:56

TechCrunch posted and interview with Apple's Head of Privacy. It is long and I haven't read it all yet, but will be shortly. Scanning this doesn't really make me feel better about it.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-10, 13:02

Apple's commitment to "refuse government intervention" is laughable. While they may be able to get away with that in the U.S., other nations won't be so forgiving.

And while the technical side of things sounds well thought out, tell a hacker that.

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-08-10, 14:48

Given that this system will only run on US users devices, it’s a non issues for the rest of the world; for now anyway.

To be honest it just doesn’t sound anywhere near as bad/evil as some of the posts make it out to be. Given that the system works on your devices, not the cloud, it means Apple knows nothing unless you have some child porn on your device. If so, you get what you deserve.

I also get the feeling that Apple is doing this to fight off attempts by government to ban mobile device encryption. That would be a much worse outcome.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-08-11, 08:02

Well, you mean "Apple knows nothing unless its algorithm detects the probability of child porn on your device."

That last part of Brad's post points out people intentionally fooling AI image scanning and that is a thing. One day I might get a "gag image" that trips up the algorithm for fun and now my images get checked.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-08-11, 09:23

The article makes it sound like it would take more than just one image to trigger the system, so a single “gag image” wouldn’t be enough.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-08-11, 10:11

Well, I finally read the interview and you are right as described in the last question/response. You just need one real asshole friend to send you a ton. At least you would know he would be getting a visit from the feds too, unless he doesn't use iCloud Photos.

So really, if you don't want Apple looking at your photos then don't use iCloud Photo.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
Dr. Bobsky
Senior Member
 
Join Date: Feb 2015
Location: UK's most densely packed city. It's not London...
 
2021-08-11, 11:39

Sorry, but 'friend' in this scenario seems like a misnomer... Tony, if you can imagine a friend doing this to you... get better friends...
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-11, 11:50

Yeah, Tony!
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-08-11, 14:50

No doubt, with friends like that, who needs enemies.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-08-11, 15:04

All I can say is, I am a US Navy Sailor. Shipmates are shipmates and many are REALLY twisted.
  quote
Bryson
Rocket Surgeon
 
Join Date: Feb 2005
Location: The Canadark
 
2021-08-11, 15:33

Stupid question: Surely the people who trade in such things (or, at least the "big players") don't put them in iCloud Photos and this is all utterly pointless?
  quote
Dr. Bobsky
Senior Member
 
Join Date: Feb 2015
Location: UK's most densely packed city. It's not London...
 
2021-08-11, 15:54

Quote:
Originally Posted by Bryson View Post
Stupid question: Surely the people who trade in such things (or, at least the "big players") don't put them in iCloud Photos and this is all utterly pointless?
The issue I suspect is that they aren’t even capturing the small time idiots who browse/consume this shit (think fresh Jared for instance, although he’s an unconvicted rapist as well ). The forensics behind identifying the victim and origin of the photos is evidently quite advanced so capturing a small fraction might yield larger nets of people…

Last edited by Dr. Bobsky : 2021-08-11 at 16:05.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-08-11, 16:03

As I read this, you are correct that if you don't use iCloud Photos then this is nothing. Maybe the Parental Warnings portion will still work but the token/hash/pass thing is not relevant without iCloud Photos.

I would suspect those who are really making money at the expense of children isn't sharing with iCloud either though. Those are the guys with literal kill switches for their servers and such. They use encrypted everything.

This scanning is going to really catch the ones who are sharing the images after the fact who might not realize the image was a 16 year old rather than an 18 year old. Or just plain idiots who think they can share kiddie porn on any network and it'll be just fine.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-08-11, 18:13

It will also get the people who don’t follow any tech news, or news in general.
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-08-18, 09:37

I guess this fits here too, this T-Mobile breach?

Quote:
…T-Mobile has now confirmed that the stolen data included personal information, such as customer names, dates of birth, SSN, and identification such as driver's licenses.
Oh, is that all?
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-18, 10:46



This stuff is only going to get worse over time. The more connected our world is—and the more personal data is out there up for grabs—the more hackers are going to take the easy-money path.

You are for sale!

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-19, 10:55

More fun for Apple. "We'll never cave to government pressure!"





Also, the tech-nerds are coming out in force.

And the rest of the planet is practically begging Apple not to go down this very dangerous path. Folks in the West are dumb enough to think this will protect them … somehow because reasons … but other nations that have been living with persecution for decades aren't so ignorant.

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-08-19, 23:22

Quote:
Originally Posted by kscherer View Post


This stuff is only going to get worse over time. The more connected our world is—and the more personal data is out there up for grabs—the more hackers are going to take the easy-money path.

You are for sale!
The Matrix is real, they are sucking us dry even now!
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-20, 11:04

This thing keeps looking worse for Apple. Other than a couple organizations and the government (go figure) is there anyone onboard?

From the article:

Quote:
A foreign government could, for example, compel a service to out people sharing disfavored political speech. That's no hypothetical: WeChat, the popular Chinese messaging app, already uses content matching to identify dissident material. India enacted rules this year that could require pre-screening content critical of government policy. Russia recently fined Google, Facebook and Twitter for not removing pro-democracy protest materials.

We spotted other shortcomings. The content-matching process could have false positives, and malicious users could game the system to subject innocent users to scrutiny.

We were so disturbed that we took a step we hadn't seen before in computer science literature: We warned against our own system design, urging further research on how to mitigate the serious downsides....


Apple always complies with local laws. What's the difference between being ordered to remove an app and being ordered to update hashes?

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-20, 11:07

Aaaaaaand T-Mobile is not alone.

But, we already knew that.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2021-08-20, 11:09

Oh good. Now we just need Verizon added to the list so we are all covered equally.
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-08-20, 11:10

Oh crap, I’m on AT&T.

Oh well, I don’t care (and someday, on my deathbed when it no longer matters, I’ll share why.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-08-26, 11:49

Edward Snowden chiming in on the Apple CSAM controversy. His article is worth reading.

I love the bit in bold text:

Quote:
If you’re an enterprising pedophile with a basement full of CSAM-tainted iPhones, Apple welcomes you to entirely exempt yourself from these scans by simply flipping the “Disable iCloud Photos” switch, a bypass which reveals that this system was never designed to protect children, as they would have you believe, but rather to protect their brand. As long as you keep that material off their servers, and so keep Apple out of the headlines, Apple doesn’t care.
And:

Quote:
If Apple demonstrates the capability and willingness to continuously, remotely search every phone for evidence of one particular type of crime, these are questions for which they will have no answer. And yet an answer will come—and it will come from the worst lawmakers of the worst governments.

This is not a slippery slope. It’s a cliff.
And this from a child sexual assault survivor named Eliza:

Quote:
It’s one thing to have
@Snowden
speak out about the Apple announcement.

My entire area of focus is human trafficking with a particular focus of child sexual abuse material in the digital space.

The fact that I’m speaking out against it should terrify you.

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-08-26, 14:31

Well this is encouraging!

T-Mobile's security is "awful" says hacker who stole data from 50M customers.



He would know, I guess.

Quote:
John Binns, a 21-year-old American who lives in Turkey, told The Wall Street Journal that he is responsible for the attack. Binns said that he discovered an unprotected router in July after scanning T-Mobile's known internet addresses for weak spots.

He used the unprotected router to access T-Mobile's data center located in Washington, where stored credentials provided him access to over 100 servers. He said he initially panicked because he "had access to something big," and went on to claim that T-Mobile's "security is awful."

It took him about a week to sort through the servers to find the personal data on millions of customers, and he downloaded the data on August 4. On August 13, T-Mobile was informed that someone was selling T-Mobile customer data, and T-Mobile confirmed the breach just days later.
Awesome. A round of applause for everyone involved. And perhaps some raises/bonuses for the T-Mobile tech/security crew?

Quote:
Affected T-Mobile customers can receive two years of free identity protection services through McAfee's ID Theft Protection Service and can implement Account Takeover Protection features.
Of course they can. Never let a good opportunity go to waste, ladies and gents.

You know, if I were the cynical type - okay, I am - I'd kinda wonder if a bunch of shitheads were in cahoots on all this at some level. 1) create a problem 2) offer a "solution" for said problem 3) high-fives/drinks
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2021-08-26, 18:22

Sounds almost as bad as one of the computer stores I used to buy stuff from. When the company folded 5 years ago everything was sold off, including servers that held customer and staff information; credit card info, staff SIN numbers. Worse yet they hadn’t even encrypted the data, it was stored as plain text! Of course the people who got the stuff sold the information to unknowing individuals, and shortly there after it was all on the dark web.
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-08-27, 22:53

Well what else is he going to say?

“Tough cookies, gang. We’re colossal screw heads and we just cornholed your personal data’s brains out, like Cinemax at 2am. We’re sorry, I guess?”

The PR crew drafted up some boilerplate apolopalooza and requisite quiver-lipping to try and put out the fire. Because we love to see our multi-millionaire CEO types pretend to give a shit about these things.

“Awww, you can tell he’s a good man…he almost teared up during that interview with Anderson Cooper! I sure hope none of this affects his golf game!”
  quote
psmith2.0
Mr. Vieira
 
Join Date: May 2004
Location: Tennessee
 
2021-09-02, 11:16

I guess this kinda fits here. Or it will, soon enough.

“Sounds like a sweet price. We just ordered 27,000 of them to use in our stores, data centers and corporate offices. We know a deal when we see one!.” -T-Mobile
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2021-09-02, 11:39

Yeah, you have to watch out for stuff. No idea where someone would get one of these things in the wild.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Page 4 of 8 Previous 1 2 3 [4] 5 6 7 8  Next

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Do you trust Toyota? cosus General Discussion 144 2010-03-19 13:39
You Can't Trust McCain... Moogs AppleOutsider 21 2008-06-11 11:17
Voting - do you trust it? torifile AppleOutsider 48 2006-11-06 21:00
Help, not sure if I should trust this web site. Meltedbutter421 AppleOutsider 28 2006-07-25 15:11
Can I trust Xbench? Dima General Discussion 7 2005-12-17 19:49


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 05:54.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova