this post was submitted on 28 Jun 2023
58 points (100.0% liked)

Apple

17469 readers
384 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] AlexKingstonsGigolo@kbin.social 4 points 1 year ago (3 children)

@generalpotato Ish. I read the technical write up and they actually came up with a very clever privacy-focused way of scanning for child porn.

First, only photos were scanned and only if they were stored in iCloud.

Then, only cryptographic hashes of the photos were collected.

Those hashes were grepped for other cryptographic hashes of known child porn images, images which had to be in databases of multiple non-governmental organizations; so, if an image was only in the database of, say, the National Center For Missing And Exploited Children or only in the database of China's equivalent, its cryptographic hash couldn't be used. This requirement would make it harder for a dictator to slip in a hash to look for dissidents by making it substantially more difficult to get an image in enough databases.

Even then, an Apple employee would have to verify actual child porn was being stored in iCloud only after 20 separate images were flagged. (The odds any innocent person even makes it to this stage incorrectly was estimated to be something like one false positive a year, I think, because of all of the safeguards Apple had.)

Only after an Apple employee confirmed the existence of child porn would the iCloud account be frozen and the relevant non-government organizations alerted.

Honestly, I have a better chance of getting a handjob from Natalie Portman in the next 24 hours than an innocent person being incorrectly reported to any government authority.

[–] generalpotato@lemmy.world 2 points 1 year ago

Haha! Thanks for the excellent write up. Yes, I recall Apple handling CSAM this way and went out of it’s way to try and convince users it was still a good idea, but still faced a lot of criticism for it.

I doubt this bill will be as thorough which is why I was posing the question I asked. Apple could technically comply using some of the work it did but it’s sort of moot if things are end to end encrypted.

[–] ansik@kbin.social 1 points 1 year ago

Great writeup! I tried searching but came up short, do you have a link to the technical documentation?

[–] MisuseCase@infosec.pub 1 points 1 year ago

It would have worked and it would have protected privacy but most people don't understand the difference between having a hash of known CSAM on your phone and having actual CSAM on your phone for comparison purposes and it freaked people out.

I understand the difference and I'm still uncomfortable with it, not because of the proximity to CSAM but because I don't like the precedent of anyone scanning my encrypted messages. Give them an inch, etc.