Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
turtle already touched on some MD5 examples earlier, and I'm pretty sure I'm repeating what some of the previous posts have said, but hopefully I can expand and recap the whole technical situation and concerns all at once.
Hashing is a common process that takes some file of any type and of any size and produces a new fixed-length (and usually relatively small) number. MD5 is a good example to demonstrate this hashing process because it's been around for ages and most computers have a built-in program that can make MD5 hashes. If you open your Terminal app, type "md5 " (with the space), drop any file (not a folder) into the window, and press enter, you'll see it quickly spits out something like this: Code:
$ md5 /Users/bradsmith/Downloads/IMG_3363.JPG
MD5 (/Users/bradsmith/Downloads/IMG_3363.JPG) = 36ff331972ac66f4c555628ee19b99b5 That value "36ff331972ac66f4c555628ee19b99b5" is a number (in hexadecimal instead of decimal) that was calculated based on the file. Repeating the MD5 command on the same file will always produce the same output. If you run the command with many different files, you'll see the length of the generated number is always the same but the content of the number changes always dramatically. If you give it two text files that are very similar but maybe only different by one letter, though, the output hashes are still very different. For example, MD5 hashing the phrase "hello world" versus "hallo world" will produce:Code:
$ echo "hello world" | md5
6f5902ac237024bdd0c176cb93063dc4
$ echo "hallo world" | md5
c092aa310a370d3d1b6ecf5eae0a0ce4 Note that even though these inputs changed by only one letter, the generated hash is totally different. Hashing algorithms are sometimes called "cryptographically secure" when they do a very good job of this, as generating and comparing hashes is an essential part of modern secure computing and communications.However, Apple's not just using any standard, open hashing algorithms like MD5 or SHA for this system, and some of the discussion points about MD5 don't exactly apply here. What Apple has built for hashing appears to be much more complex than MD5 and has some interesting benefits and potential flaws. Where the MD5 hash just looks at the input as raw data and doesn't attribute any "meaning" to one part over the other, Apple's hashing is trying to look at the input specifically like we humans look at a picture, and it generalizes the image content into what are effectively "features" to a human eye before it calculates an output value. In their technical overview, they give an example of a color photo of a tree and a black-and-white version of the same picture, and their algorithm gives these two images the same hash even though they are obviously two very different photos. While that is a clever way of preventing people from making slight changes to try to bypass naive tools like MD5 (changing one pixel would make a totally different MD5 hash, like my "hello world" example), it does present some possibly massive problems. Remember that hashes are "fixed length"? That feature is a good thing because it means you can't infer much about the size of the original data that was hashed. A one-byte file's hash is exactly as long as a trillion-byte file's hash. However, that means you also introduce the very real possibility of two completely unrelated files producing the same hash. A good hashing algorithm is sufficiently complex and generates a sufficiently large number to make this extremely unlikely, but since Apple's algorithm is by design trying to generalize maybe-similar images to generate the same output, there is a very real risk that the likelihood of false positives skyrockets. A clever individual could reverse-engineer the algorithm and hash to produce a perfectly safe and innocuous image that the feature detector thinks matches a feature set that has been reported in a hash as CP. This clever individual could then distribute that image around and cause a bunch of false positive reports. Or an unsuspecting user might take a perfectly safe and innocuous photo that just happens to fall into the right part of the feature detection and then they get a surprise visit from the FBI or Apple gets subpoenaed to hand over her data or she gets put on some kind of watch list. In turtle's earlier example, his photo could be confused for Hitler (sorry! but you invoked Godwin's Law here first! ) due to some unknown-to-us arrangement of features in the photos even though the raw data making up the image is completely different than the "matching" photo of the führer. Fooling AI/ML-based image processing systems is already a small but growing area of interest. Disrupting self-driving car systems is a related area that's been getting lots of research and press in recent years. It's only a matter of time before people try to figure out and exploit this system too. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
quote |
Senior Member
Join Date: Feb 2015
Location: UK's most densely packed city. It's not London...
|
Apple has a legal liability to report images of child pornography stored on its servers to law enforcement. These reports do not necessarily lead to prosecution, nor do they necessarily identify, in the strictest sense, child pornography. The fear here seems focused on Apple as some sort of extra-legal entity. It is not. It is a company operating within the law.
And yes, if duly elected politicians pass laws that make it illegal to take photos of double rainbows, Apple may be responsible for reporting those images as well. This wouldn't be Apple's fault, but yours, since you voted those idiots in who passed those stupid laws, and if your concern now is that the laws against child pornography are too broadly written such that companies like Apple have to work with law enforcement, well 1) gross, and 2) you live in a democracy, but I am not sure you want to ally with child pornographers... Last edited by Dr. Bobsky : 2021-08-08 at 07:42. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
TechCrunch posted and interview with Apple's Head of Privacy. It is long and I haven't read it all yet, but will be shortly. Scanning this doesn't really make me feel better about it.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Apple's commitment to "refuse government intervention" is laughable. While they may be able to get away with that in the U.S., other nations won't be so forgiving.
And while the technical side of things sounds well thought out, tell a hacker that. - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
quote |
Sneaky Punk
|
Given that this system will only run on US users devices, it’s a non issues for the rest of the world; for now anyway.
To be honest it just doesn’t sound anywhere near as bad/evil as some of the posts make it out to be. Given that the system works on your devices, not the cloud, it means Apple knows nothing unless you have some child porn on your device. If so, you get what you deserve. I also get the feeling that Apple is doing this to fight off attempts by government to ban mobile device encryption. That would be a much worse outcome. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Well, you mean "Apple knows nothing unless its algorithm detects the probability of child porn on your device."
That last part of Brad's post points out people intentionally fooling AI image scanning and that is a thing. One day I might get a "gag image" that trips up the algorithm for fun and now my images get checked. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Sneaky Punk
|
The article makes it sound like it would take more than just one image to trigger the system, so a single “gag image” wouldn’t be enough.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Well, I finally read the interview and you are right as described in the last question/response. You just need one real asshole friend to send you a ton. At least you would know he would be getting a visit from the feds too, unless he doesn't use iCloud Photos.
So really, if you don't want Apple looking at your photos then don't use iCloud Photo. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Senior Member
Join Date: Feb 2015
Location: UK's most densely packed city. It's not London...
|
Sorry, but 'friend' in this scenario seems like a misnomer... Tony, if you can imagine a friend doing this to you... get better friends...
|
quote |
Sneaky Punk
|
No doubt, with friends like that, who needs enemies.
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
All I can say is, I am a US Navy Sailor. Shipmates are shipmates and many are REALLY twisted.
|
quote |
Rocket Surgeon
Join Date: Feb 2005
Location: The Canadark
|
Stupid question: Surely the people who trade in such things (or, at least the "big players") don't put them in iCloud Photos and this is all utterly pointless?
|
quote |
Senior Member
Join Date: Feb 2015
Location: UK's most densely packed city. It's not London...
|
The issue I suspect is that they aren’t even capturing the small time idiots who browse/consume this shit (think fresh Jared for instance, although he’s an unconvicted rapist as well ). The forensics behind identifying the victim and origin of the photos is evidently quite advanced so capturing a small fraction might yield larger nets of people…
Last edited by Dr. Bobsky : 2021-08-11 at 16:05. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
As I read this, you are correct that if you don't use iCloud Photos then this is nothing. Maybe the Parental Warnings portion will still work but the token/hash/pass thing is not relevant without iCloud Photos.
I would suspect those who are really making money at the expense of children isn't sharing with iCloud either though. Those are the guys with literal kill switches for their servers and such. They use encrypted everything. This scanning is going to really catch the ones who are sharing the images after the fact who might not realize the image was a 16 year old rather than an 18 year old. Or just plain idiots who think they can share kiddie porn on any network and it'll be just fine. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Sneaky Punk
|
It will also get the people who don’t follow any tech news, or news in general.
|
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
I guess this fits here too, this T-Mobile breach?
Quote:
|
|
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
This stuff is only going to get worse over time. The more connected our world is—and the more personal data is out there up for grabs—the more hackers are going to take the easy-money path. You are for sale! - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
More fun for Apple. "We'll never cave to government pressure!"
Also, the tech-nerds are coming out in force. And the rest of the planet is practically begging Apple not to go down this very dangerous path. Folks in the West are dumb enough to think this will protect them … somehow because reasons … but other nations that have been living with persecution for decades aren't so ignorant. - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
quote |
Sneaky Punk
|
|
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
This thing keeps looking worse for Apple. Other than a couple organizations and the government (go figure) is there anyone onboard?
From the article: Quote:
Apple always complies with local laws. What's the difference between being ordered to remove an app and being ordered to update hashes? - AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
|
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
|
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Oh good. Now we just need Verizon added to the list so we are all covered equally.
|
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
Oh crap, I’m on AT&T.
Oh well, I don’t care (and someday, on my deathbed when it no longer matters, I’ll share why. |
quote |
Which way is up?
Join Date: Aug 2004
Location: Boyzeee
|
Edward Snowden chiming in on the Apple CSAM controversy. His article is worth reading.
I love the bit in bold text: Quote:
Quote:
Quote:
- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :) - Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9) |
|||
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
Well this is encouraging!
T-Mobile's security is "awful" says hacker who stole data from 50M customers. He would know, I guess. Quote:
Quote:
You know, if I were the cynical type - okay, I am - I'd kinda wonder if a bunch of shitheads were in cahoots on all this at some level. 1) create a problem 2) offer a "solution" for said problem 3) high-fives/drinks |
||
quote |
Sneaky Punk
|
Sounds almost as bad as one of the computer stores I used to buy stuff from. When the company folded 5 years ago everything was sold off, including servers that held customer and staff information; credit card info, staff SIN numbers. Worse yet they hadn’t even encrypted the data, it was stored as plain text! Of course the people who got the stuff sold the information to unknowing individuals, and shortly there after it was all on the dark web.
|
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
Well what else is he going to say?
“Tough cookies, gang. We’re colossal screw heads and we just cornholed your personal data’s brains out, like Cinemax at 2am. We’re sorry, I guess?” The PR crew drafted up some boilerplate apolopalooza and requisite quiver-lipping to try and put out the fire. Because we love to see our multi-millionaire CEO types pretend to give a shit about these things. “Awww, you can tell he’s a good man…he almost teared up during that interview with Anderson Cooper! I sure hope none of this affects his golf game!” |
quote |
Mr. Vieira
Join Date: May 2004
Location: Tennessee
|
I guess this kinda fits here. Or it will, soon enough.
“Sounds like a sweet price. We just ordered 27,000 of them to use in our stores, data centers and corporate offices. We know a deal when we see one!.” -T-Mobile |
quote |
Posting Rules | Navigation |
Page 4 of 8 Previous 1 2 3 [4] 5 6 7 8 Next |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Do you trust Toyota? | cosus | General Discussion | 144 | 2010-03-19 13:39 |
You Can't Trust McCain... | Moogs | AppleOutsider | 21 | 2008-06-11 11:17 |
Voting - do you trust it? | torifile | AppleOutsider | 48 | 2006-11-06 21:00 |
Help, not sure if I should trust this web site. | Meltedbutter421 | AppleOutsider | 28 | 2006-07-25 15:11 |
Can I trust Xbench? | Dima | General Discussion | 7 | 2005-12-17 19:49 |