[kscherer]

Quote:

Originally Posted by turtle Can't even trust iOS. Good thing I'm hesitant to click random crap.

We're all gonna wake up one day and wonder why we suddenly live in a 3rd-world country.

[PB PM]

Yup, a lot of zero day issues with iOS over the last few years. Apple talks a lot about security, but the reality is Apple stuff is just as problematic. Fewer of them yes, but when they come, it hits hard.

[PB PM]

And more signs that Apple needs to step up iOS security.

https://arstechnica.com/gadgets/2021...dated-iphones/

[kscherer]

Rumor has it that Apple may be preparing image surveillance into iOS.

I have no idea the validity of this claim, but holy cow is it a bad idea to go down such a road.

And before you say, "Well, if you're not doing anything wrong …" give it a rest. Define "wrong" in this! And, once an organization has such tools in place, "wrong" can be updated on a whim. Next, it's, "Oh, we see you have pictures of X, or Y, or Z on your phone. Well, we can't permit that." And, next thing you know, the cops are at your door because you have a picture, or a book, or a controversial thesis, or whatever.

This would be incredibly bad, and should it come to pass it will be a deal-breaker for me and the iPhone.

Let's hope it's just random speculation.

[psmith2.0]

I'm against child porn - I feel like I should make that clear upfront - but, yeah...I'm not so naive and trusting that I think such a thing couldn't get twisted, corrupted and misused. Apple's so big on privacy, and not knowing/caring what you do, buy, etc. It's odd to see this. I know they'd mean well, but we've all heard about those "good intentions".

Maybe if we stood child porn types and pedophiles against a tree and put two behind their ear upon conviction, maybe the problem would solve itself in a few years?

Or is that just too harsh? Sorry. What was I thinking. Carry on, everyone. I just had a momentary blip of candor/honesty. Hey, it happens...

[709]

Put me down as opposed to child porn too!

!! 🚫👶🍑 !!

[kscherer]

If any of you nutballs IS into child porn, I'm calling you in!

[709]

I have been guaranteed that those step-daughters are verified and legal-aged actresses! It's just acting!

[kscherer]

And here I thought you were into step-sisters!

[drewprops]

I was wigged out that typing "brassiere" into Photos allows me to find all the (ADULT!) girly pics I've saved to my phone. That already feels like an invasion, but it's so gosh darned handy, too.


...

[psmith2.0]

Quote:

Originally Posted by 709 Put me down as opposed to child porn too! !! 🚫👶🍑 !!

Strong stance, Senator!

[kscherer]

It's quite possible that is the most … eye opening? … set of emojis I have ever seen.

[709]

Quote:

Originally Posted by kscherer And here I thought you were into step-sisters!

I'm kinda an 'all of the above' guy.

[psmith2.0]

Speaking of emoji, does anyone else play "guess this movie" (or book, TV show, idea, phrase, etc.) with emoji? Didn't we have a thread about this a while back? You either spell out the title, or you provide visual clues that point to a title or whatever.

Fun stuff.

709's string above says it perfectly.

[kscherer]

I'm not sure how "Don't feed your baby Gerber peaches" plays into this, but whatever.

[kscherer]

Wow. It's official. Apple is going to begin scanning your iCloud photos for "naughty*" things. The system sounds secure enough, and they sure think they have the high moral ground, but I suspect there are going to be lots of lawsuits. I'm also curious whether or not this is opt-in (or out), and what the legal ramifications may be. Apparently Apple will wait until the photo gets tagged by the phone you have it on and, when that photo gets uploaded to iCloud, Apple will have a human look it over (pedophiles will certainly want those jobs) and then, if a human decides you're naughty, they call the people with guns to come knocking on your door (car door actually, since they can just use location data to come straight to you).

* Definition to change according to the edict of Apple, gubmint, or other.

[psmith2.0]

MacRumors article on it.

A few things...

Quote:

First, the Messages app on the iPhone, iPad, and Mac will be getting a new Communication Safety feature to warn children and their parents when receiving or sending sexually explicit photos. Apple said the Messages app will use on-device machine learning to analyze image attachments, and if a photo is determined to be sexually explicit, the photo will be automatically blurred and the child will be warned. When a child attempts to view a photo flagged as sensitive in the Messages app, they will be alerted that the photo may contain private body parts, and that the photo may be hurtful. Depending on the age of the child, there will also be an option for parents to receive a notification if their child proceeds to view the sensitive photo or if they choose to send a sexually explicit photo to another contact after being warned.

I know "busy parents can't be everywhere", but is this really the job of Apple? I'm on record, for years now, questioning whether "kids" need iPhones. But that Crest is out of the tube at this point, I realize.

Quote:

Second, starting this year with iOS 15 and iPadOS 15, Apple will be able to detect known Child Sexual Abuse Material (CSAM) images stored in iCloud Photos, enabling Apple to report these instances to the National Center for Missing and Exploited Children (NCMEC), a non-profit organization that works in collaboration with U.S. law enforcement agencies.

Not that I want these bozos to do a better job, but what kind of moron would keep such things in the cloud to start with? Anyone that stupid deserves to get caught and in trouble.

On a separate note - just so they're doing all they can to protect themselves and make it harder for the lowlifes of the world - I've hounded my sister for years to consider how much access she and her husband give their kids (my niece and nephew, now 18 and 16 respectively), to no avail. I shudder to think what my niece and nephew have seen over the years, especially since they both had iPhones from 10-12 years of age, with zero parental controls/limitations on them, much to my dismay.

[turtle]

Tech Crunch did a look/talk about how it works too.

Quote:

NeuralHash will land in iOS 15 and macOS Monterey, slated to be released in the next month or two, and works by converting the photos on a user’s iPhone or Mac into a unique string of letters and numbers, known as a hash. Any time you modify an image slightly, it changes the hash and can prevent matching. Apple says NeuralHash tries to ensure that identical and visually similar images — such as cropped or edited images — result in the same hash. Before an image is uploaded to iCloud Photos, those hashes are matched on the device against a database of known hashes of child abuse imagery, provided by child protection organizations like the National Center for Missing & Exploited Children (NCMEC) and others. NeuralHash uses a cryptographic technique called private set intersection to detect a hash match without revealing what the image is or alerting the user.

So the phone/Mac all hash the images before uploading.

I've talked to an FBI agent about this process and how they deal with pedophiles and child porn (cyber security class in college). When they have someone they suspect is into child porn or such there are known images out there. Those images are hashed, much like an installer is hashed for security verification, and those hashes are stored. Then when they go to someone they "know" is breaking parole or child porn laws in general they scan their drive for file hashes that match a known list.

The agent said it is shocking how often those people actually have the same images on their systems. Then again, birds of a feather flock together so how shocking is it really. We discussed (as a class) edge cases like those producing the images so they wouldn't be hashed yet, those who got their hands on images early before larger circulation, etc... and the agent was candid about it. Those "get away with it" that time, but inevitably if they are deemed to need deep scrutiny then they end up getting tagged in the end.

I have a major privacy concern here even though the likelihood of me getting a false positive are negligible, I don't like the fact that I'm going to have my pictures hashed.

Do I like the idea of all child porn/exploiters getting caught and hammered, absolutely. Fry them. Firing squad, electric chair, what ever. I do have to say the tweet that talks about the bad government having access to that deep look into files on a device it troubling. In this case, at least the images aren't specifically being looked at until after they "match" the hash data base.

In the end, this is better than Android there the feds likely already have direct access but no one wants to talk about. In the end, iOS security is still bounds above Android. Then we talk about Macs v PCs and we know Microsoft loves law enforcement and hands over everything with little fight. Since this is coming to Monterey it clearly isn't a mobile device thing only.

[turtle]

Quote:

Originally Posted by pscates2.0 If I had kids, they'd hate me. "You ain't getting an iPhone until you're 32...and even then, I'm gonna know all your passwords!" Just kidding. But I do think I'd make them wait until they were 14-16 or so. No kid of mine, at 10-11, would have their own iPhone. At that age, a (locked-down) iPod touch or iPad mini is all I'd consider. And no social media and "chat" stuff either. Not at 12 or under. Sorry.

I'm that dad. My oldest doesn't have a phone yet. Now they do have iPads, but not phones. I also have Screen Time set and I do have all their passwords. Social media? Not in my house for any of us, though I do still have an ignored Twitter account.

[kscherer]

No matter how you stack it, this is Apple making the assumption that all of their users are potential pedophiles. It cannot be argued around, no matter how hard you try. It's casting a wide net, dragging up all the fish, and then sorting through it all to find the one fish you want.

Bad plan, and way too open for abuse. I'm not saying Apple will abuse this, but they may not be given a choice. With all of the anti-trust floating about, what happens when developers demand access to this feature, and the government—being obtuse and uneducated in security matters—puts forward a law that requires Apple to open up all of their security features to 3rd parties? And I'm pretty sure this is coming, sooner rather than later. Touch ID, Face ID, hash-scanner thingies. Grief, the potential for abuse is just unfathomable.

And then there is the international abuse that is sure to come. What happens when, say, China demands Apple open this up to track unpopular populations like, oh, I don't know, Uyghurs. Will China force Apple to scan for Uyghur hashes? "Oh, we see you took a picture of a criminal element. Now, tell us everything you know! Where are they? Who are they? Where did you take this photo?" And on and on.

"Oh, I see you have a picture of Hitler on your phone."

"Oh, I see you and your significant other are into kinky things the gubmint does not like."

"Oh, I see you took a photo of a person of whom it is illegal to photograph."

"Oh, I see …"

And they do "see".

Better hope you don't have any baby nudies on your phone.

And I'm apparently not the only person thinking like this:

Quote:

At the current time, Apple is using its image scanning and matching technology to look for child abuse, but researchers worry that in the future, it could be adapted to scan for other kinds of imagery that are more concerning, like anti-government signs at protests. In a series of tweets, Johns Hopkins cryptography researcher Matthew Green said that CSAM scanning is a "really bad idea" because in the future, it could expand to scanning end-to-end encrypted photos rather than just content that's uploaded to ‌iCloud‌. For children, Apple is implementing a separate scanning feature that looks for sexually explicit content directly in iMessages, which are end-to-end encrypted. Green also raised concerns over the hashes that Apple plans to use because there could potentially be "collisions," where someone sends a harmless file that shares a hash with CSAM and could result in a false flag.

- Settings / Apple ID / iCloud / Photos = OFF

[turtle]

Let me start by saying I agree with you.

To give a bit more context here, it isn't looking for a picture of "Hitler" as much as an exact match of the hash of that file that is known to be a picture of Hitler.

So this is why it is hypothetically possible that you can have a file that has the same hash, even though it is completely different. The chances are in the trillions that the hash would match though.

So the guts of this aren't looking at the visual content of the images, just the hash of the file itself. If that hash matches, and goes through where other automated checks are present, then a human would look at the image and see if it matches the expected content. So for an example, my image in the "Community" tab has an md5 hash of 0a37cb3d3aab7b471c12b4555fcc94fb. If you download it and run an md5 hash on it you should have the same hash result.

Code:

$ md5 /Users/turtle2472/Desktop/turtle2472.jpg MD5 (/Users/turtle2472/Desktop/turtle2472.jpg) = 0a37cb3d3aab7b471c12b4555fcc94fb

I "modified" that image by running it through ImageOptim and now the hash is different:

Code:

$ md5 /Users/turtle2472/Desktop/turtle2472.jpg MD5 (/Users/turtle2472/Desktop/turtle2472.jpg) = fd1949d244aaf3c1f77fd78d707b74d3

However, it looks the same:


This does mean that we all say, sure scan for child porn because it is bad and no one should ever have it on their phones. Now that we can hash something with permission on a device we will expand that to be hash this type of file, say video, and see if it matches known child porn. Well, what if it is of a protest and a "bad government" wants all those files and those with them "questioned", now they can check those hashes and do what they want with them.

Yeah, it is a bad path but might be the least offensive option while maintaining privacy to a degree.

Maybe we should split this part of the thread out to a new thread.

[turtle]

Macworld has an interesting point I might have missed in the other articles:

Quote:

The company is therefore relying on a new technology called NeuralHash that will check to see if an image uploaded to iCloud matches known child abuse imagery, without decrypting the photo. It works entirely on your iPhone, iPad, or Mac by converting photos into a unique string of letters and numbers (a “hash”). Normally, any slight change to a photo would result in a different hash, but Apple’s technology is said to be such that small alterations (like a crop) will still result in the same hash.

This would imply they would have to see more than just a bit of the image or generate multiple "base hash" or "reference hash" values to compare. If a crop is able to still be picked up as a hash then there is some secret sauce going on.

[kscherer]

Quote:

Originally Posted by turtle Maybe we should split this part of the thread out to a new thread.

I'm going to leave it put, because it fits with the "Don't Trust Us" theme.

[kscherer]

Quote:

Originally Posted by turtle To give a bit more context here, it isn't looking for a picture of "Hitler" as much as an exact match of the hash of that file that is known to be a picture of Hitler.

In the context they are one and the same. Whether the picture or the hash, the system is snooping through all of your photos looking for offending material. It's the definition of that material that concerns me.

Child pornographers should be hung, but sacrificing the privacy of a billion people is not how we get there.

And the easy out for now: Turn off iCloud photos (which I did the moment Apple confirmed this ridiculous privacy intrusion). I suspect this is more about Apple not wanting these photos on their servers than it is about catching anyone. Because, you know, the smart kid-stalkers are just going to "opt out" by turning off iCloud. It's likely Apple has looked at the cost of fighting future litigation for "hosting" such filth and decided better to piss us all off now than pay the billions required in the future.

[psmith2.0]

I've never done the iCloud photo thing. I just keep them on my phone and then anything I want to keep I connect/sync to my Mac and import into Photos. Old school, I guess.

All those Hollywood starlets and pop tarts getting their iCloud "hacked" (the ones that weren't actual "oops, who me?!" PR stunts) should tell most people "be careful". I mean, when you've seen Jennifer Lawrence's butthole, you kinda take on a different perspective about all this stuff.

In any case, my photos aren't in iCloud (I always turn that off) and (yay!) I'm not into that stuff, so I don't plan on being affected.

[turtle]

Apple's Tech paper on the hash thing. I haven't ready it yet, but I'm sure there are some gems in there.

[kscherer]

It may well be that the only thing that happens on your phone is that the images get a hash from whatever Apple is doing. It appears the photo is not compared until it hits Apple's iCloud server. Then, just the hash is looked at.

Although I am all for the death penalty for child molesters, what concerns me is what is defined as "offensive material". I know from the new digital Miriam Webster Dictionary that the definition of words is updated regularly in order to suit agendas. I also know that if I make an editorial mistake in one of my books, I can correct that mistake on the fly so the next sale results in a corrected manuscript. All this digital crap can be changed on a whim (and you all know it to be true, as the articles you link to are updated/"corrected" on the fly) and I worry that Apple's definition of "offensive" will update/change from region to region, and from politic to politic.

The tech is good, and it's a very bad idea.

And just in time, Edward Snowden and the EFF are blasting Apple, mirroring what I've been saying. Good for them! You guys aren't going to hear me blasting Apple very often, but in this case I won't be silent. This is *EVIL*!

Edit: Also, I'm having a hard time finding anyone who is for this, other than Apple and the cops, and both are being incredibly disingenuous about it. Those of you who do commit "crimes" should be very careful what you store on your phone, because your privacy and security are going to be compromised. Shame on Apple!

Edit 2: A question posed by a commenter on a different forum:

Quote:

"So instead of telling us how it works, because we do get it, perhaps someone could tell us what safeguards are built in to protect protestors in foreign countries in the future? Anyone? Thought not."

It's a valid question, and it deserves a valid answer. We already know that Apple has caved to Chinese Government pressure regarding iCloud (as well as pressure in other countries). Thus, it stands to reason they will cave to the same pressure over this in the very near future.

Edit 3: My boss had a thought, and I'm going on the record with it. So, Apple clearly knew there would be public backlash over this. What if … and it's a stretch … but what if Apple is trying to force legislation over this? In other words, trying to do the opposite of what we think is happening. I mean, kiddie porn? It sounds so noble, but it opens the rest of us up to a type of surveillance we clearly don't want. So, what if it motivates Congress to say, "NOPE!" and they pass a law forbidding this kind of snooping*? Then Apple can say, "Well, we tried." and we all say, "PHEW!"

Just a thought.

* Hell, half of them are probably stars in Epstein's video collection, so they would be highly motivated to end this right now!

Edit 4: Apple knows it will be abused:

Quote:

Apple's known CSAM detection system will be limited to the United States at launch, and to address the potential for some governments to try to abuse the system, Apple confirmed to MacRumors that the company will consider any potential global expansion of the system on a country-by-country basis after conducting a legal evaluation.

China will demand it. Guaranteed!

[Brad]

Quote:

Originally Posted by kscherer Edit: Also, I'm having a hard time finding anyone who is for this, other than Apple and the cops, and both are being incredibly disingenuous about it.

It's almost certainly driven largely by Apple's own financial interests. The "think of the children!" is just a nice PR spin on top of it.

I was having a conversation with a colleague about this earlier today. One of the companies we used to work at was visited on several unrelated occasions by the FBI, SBI, and friends thanks to supposed customers uploading CP to our service. Dealing with the three-letter agencies is bad enough, but having to find and hand over and scrub all copies of data and logs from all work machines, servers, backups, etc. is a colossal pain in the ass and expensive. We were a relatively small shop, and it would take days of work to comply with the necessary cleanup and verification plus working with external vendors including the data centers and offsite backup data archival company. I would imagine it's far worse for Apple and its massive storage infrastructure, though they've likely automated this process to some extent.

Nothing could go wrong with hashing all your images and comparing to a known lookup table.

Nope. Nothing at all. Air-tight solution, that one.

…

I eagerly await when someone gets a list of hashes and engineers a perfectly innocuous image with a matching hash and then blasts it to thousands of unsuspecting iOS users.

[kscherer]

Quote:

Originally Posted by Brad I eagerly await when someone gets a list of hashes and engineers a perfectly innocuous image with a matching hash and then blasts it to thousands of unsuspecting iOS users.

Oh, this thing is gonna explode. There is just no way to prevent that from happening. I would be all my nickels that the hacker-types are already working on something for zero-day exploitation. I absolutely cannot wait for the first wave of false arrests and the resulting lawsuits. Gonna be popcorn-inducing fun, let me tell you!

[tomoe]

Can someone ELI5 the matching hash comment and implications?

It sounds similar to adversarial machine learning researchers I’ve followed [1].

[1]https://en.m.wikipedia.org/wiki/Dawn_Song