Apple is (going to) scan your Apple devices

[RejZoR]

6 minutes ago, Laborant said:

Things that can be hashed: Basically everything.
Things that change the hash of an image: Basically everything. 

 

Just by saving it in a different format or cutting off one pixel row at the bottom or changing the white balance breaks that algorithm, if it works the way I think it does. 

 

I'm very "pro" regarding the fight against CP, but that system is too easy to circumvent and too easy to apply to different files. Find illegally downloaded movies or songs? Find images that are shared often in far right or far left communities? Even if Apple has a track record of not getting political and keeping privacy high, that technology sends some weird vibes.

Read my comment above. It's NOT static hashes for this very reason of easy circumvention. And it's because of this why it's a worrisome step. Sure, protect children from sending their nudes to creeps or post them anywhere, but the issue is, it'll never stop at only that and like I said, given PRISM is always involved, this is a dangerous point for privacy.

 

I dumped Google and consequently all Android devices because Google is such a creepy corporation. Went with Apple because they weren't. Just for them to also become creeps sprinkled with "good intentions". I really hate the idea of using Android phone without any Gapps because it's essentially useless then. But that seems to be where things are heading.

[Master Disaster]

2 minutes ago, RejZoR said:

Read my comment above. It's NOT static hashes for this very reason of easy circumvention. And it's because of this why it's a worrisome step. Sure, protect children from sending their nudes to creeps or post them anywhere, but the issue is, it'll never stop at only that and like I said, given PRISM is always involved, this is a dangerous point for privacy.

 

I dumped Google and consequently all Android devices because Google is such a creepy corporation. Went with Apple because they weren't. Just for them to also become creeps sprinkled with "good intentions". I really hate the idea of using Android phone without any Gapps because it's essentially useless then. But that seems to be where things are heading.

I'm seriously considering buying an old Nokia 3330 from eBay and dropping my Pixel.

[avg123]

Are they scanning every file on phone? like what if somebody has pirated music or movie? 

[wanderingfool2]

27 minutes ago, RejZoR said:

People keep saying "it's just image hash" so "think of the children!". No, no it's not. Static file hashes would change entirely if you'd just resize photo by 1 pixel width. Or recompress it. We're talking image "height maps" so to speak that are an image fingerprint that can technically be reconstructed back to rough approximation of an image. Because image matching is then done with similarity %. You can recompress, resize and flip image all you want, its "height map" doesn't change.

-snip-

Technically what you are describing is still a type of image hashing.  The term you are looking for is "geometric hashing".  Classical hashing that most people think of where literally changing one pixel from white to slightly less white changes the function completely is only one type of hash.  Geometric hashing allows you to identify if it's similar.  They could even be using facial recognition as part of the hashing function or other type of detection and I am fairly certain that you could get pretty good results without false positives (and without the images being sent to Apple).

 

With that said, I bet there still would be false positives (but the concept being if you have one, you likely would have more)...so one false positive is one thing, but if there is more than one image then flags would def. be going off.  I do think though this is a slippery slope, and could be abused too much (and the fact that I bet there will be "oh this person has one match, lets report them")

 

[Master Disaster]

30 minutes ago, wanderingfool2 said:

Technically what you are describing is still a type of image hashing.  The term you are looking for is "geometric hashing".  Classical hashing that most people think of where literally changing one pixel from white to slightly less white changes the function completely is only one type of hash.  Geometric hashing allows you to identify if it's similar.  They could even be using facial recognition as part of the hashing function or other type of detection and I am fairly certain that you could get pretty good results without false positives (and without the images being sent to Apple).

Possible I'm misunderstanding but Geometric Hashing doesn't seem to fit this scenario. It seems like a way of finding repeating patterns or known shapes using geometry. The problem with a photo is that the subject can be at any angle/position, facing any direction, be at any distance from the camera etc etc.

 

GH sounds like a great way of determining if a square is a square or for its main use, finding patterns in spike proteins for medical research however I don't think its going to be very effective in determining the age of a person in a photo.

[Dutch_Master]

Ah yes, 1984 is calling

 

(for you Millennials: 1984 is a book (you know, that stuff made from dead trees) by George Orwell, written in 1948 and worth a read if you want to understand modern society)

[Master Disaster]

Just now, Dutch_Master said:

Ah yes, 1984 is calling

 

(for you Millennials: 1984 is a book (you know, that stuff made from dead trees) by George Orwell, written in 1948 and worth a read if you want to understand modern society)

One of the mysteries from 1984: How did the screens get into every ones homes?

The Answer: We willingly brought them in.

[RejZoR]

2 minutes ago, Master Disaster said:

Possible I'm misunderstanding but Geometric Hashing doesn't seem to fit this scenario. It seems like a way of finding repeating patterns or known shapes using geometry. The problem with a photo is that the subject can be at any angle/position, facing any direction, be at any distance from the camera etc etc.

 

GH sounds like a great way of determining if a square is a square or for its main use, finding patterns in spike proteins for medical research however I don't think its going to be very effective in determining the age of a person in a photo.

Geometric hashing/fingerprinting doesn't create a static hash number. It's a dynamic value which basically contains geometry proportions. You can change its colors (like making photo B&W), change it's dimension, change it's rotation or mirror it and it would still contain identical geometry proportions that you can account for by also instructing it to invert, rotate or mirror the fingerprint data. Image can be 1000x1000 pixels or 15000x15000, converted to B&W and from JPG to PNG, rotated and mirrored and proportions of its content would remain the same. That's how they are doing it.

[Master Disaster]

11 minutes ago, RejZoR said:

Geometric hashing/fingerprinting doesn't create a static hash number. It's a dynamic value which basically contains geometry proportions. You can change its colors (like making photo B&W), change it's dimension, change it's rotation or mirror it and it would still contain identical geometry proportions that you can account for by also instructing it to invert, rotate or mirror the fingerprint data. Image can be 1000x1000 pixels or 15000x15000, converted to B&W and from JPG to PNG, rotated and mirrored and proportions of its content would remain the same. That's how they are doing it.

Fair enough but I still don't understand how an AI is going to determine if the shape of the private parts belongs to an adult or a child.

 

Like yes, you can teach an AI the basic shape of a penis, you cannot teach it how to determine the age of the subject plus lets be real (and without getting too crude), vaginas come in many different shapes and sizes. The chances of false positives is enormous.

 

Edit - Also are we going to ignore the fact that Apple need access to images in the first place to even teach the AI at all and will be knowingly storing potentially illegal images under the guise of safety. Last time I checked, even viewing CP is a crime, being in possession is a worse crime.

[pythonmegapixel]

FFS. Is it even possible to own a mobile phone these days and NOT be spied on?

I guess I could just buy one of those little phones with the T-9 keypad, but that's not really ideal.

  

24 minutes ago, Master Disaster said:

One of the mysteries from 1984: How did the screens get into every ones homes?

The Answer: We willingly brought them in.

Exactly.

[RejZoR]

24 minutes ago, Master Disaster said:

Fair enough but I still don't understand how an AI is going to determine if the shape of the private parts belongs to an adult or a child.

 

Like yes, you can teach an AI the basic shape of a penis, you cannot teach it how to determine the age of the subject plus lets be real (and without getting too crude), vaginas come in many different shapes and sizes. The chances of false positives is enormous.

 

Edit - Also are we going to ignore the fact that Apple need access to images in the first place to even teach the AI at all and will be knowingly storing potentially illegal images under the guise of safety. Last time I checked, even viewing CP is a crime, being in possession is a worse crime.

Which is why I'm questioning their methods, because it'll always be a point where they'll have to get more precise image information. They won't bulk upload all of images because it would be just too much data and would be obvious. It's no problem to sneak a picked full photo after rough detection though. Who's gonna notice 5-7MB of data going somewhere as suspicious activity when phones send hundreds of megabytes just by sitting there doing "nothing"?

 

"Ai" can detect subject's age (remember how some camera apps have age detection of detected face?), possibly even pose, skin exposure to clothing ratio and stuff like that. But then they'll need a precise match after suspcious detection. And i can only see that happening by actual image transfer or something. Knowing there are subs like r/13or30 where people make fun of people who look the wrong age, you know geometric matching can't be done without actual image inspection at some point.

 

But it's easier for them to just wrap it all in "Ai magic" and people suddenly believe their privacy won't be violated because that "magic Ai" is checking it and not an actual human.

[Rauten]

So what you're saying is, my colleague who just had a baby should be VEEEERY careful about the pictures he sends to his family...

 

JFC Apple.

[Kisai]

9 hours ago, IkeaGnome said:

I'm torn. On one hand. Why isn't this already a thing?

On the other hand, this opens a whole can of worms I don't want open. "We already search their photos for abuse, why not add this activity, or that activity"

Pretty much.

 

Like child abuse is abhorrent, but a lot of it is generated by cyberbullying teens/pre-teens by bullies and predators online, so the most likely place for it to be generated is by the child themselves. 

 

This scanning tech however is only looking for existing stuff, if I've read it right, which means the phone probably downloads a fingerprint file like an AV product does, and scans photos that are saved to the device when they are saved to the device. That will not stop someone from cropping, rotating, mirroring or taking a photo of a photo, so I don't see it being effective beyond catching the stupidest of criminals who go to known predatory sites.

 

9 hours ago, IkeaGnome said:

Edit: I'm more worried about what it COULD turn into them monitoring later on. 

"We see you have looked at pictures of guns 2 times the last week, but you live in a place where they are illegal. Let's notify authorities" or "We see you searched for 'how to avoid police radar scanners' time to turn you in"

Pretty much. I'd imagine this is something existing pushed on them by Chinese regulations and had to be justified to the western customers instead of someone finding it later and accusing Apple of loading spyware on the device.

 

Because this is the literal definition of spyware.

 

At any rate, it's a "if you got nothing to hide" thing. It'll probably not meaningfully impact Apple customers, just people who either don't know better, or know-better-but-did-it-anyway. Many software/movie/music pirates are the latter. You can't fight everyone at the same time, so what I reasonably expect is that the first dozen or so criminals who get taken down by this and then predators will just not use Apple devices and start using Android phones with modified firmware that is VPN by default and stripped of identification strings.

 

This reminds me of how stupid some criminals really are, like there have been cases of PC's brought into service shops that just had child abuse images on the desktop.

[RejZoR]

19 minutes ago, Rauten said:

So what you're saying is, my colleague who just had a baby should be VEEEERY careful about the pictures he sends to his family...

 

JFC Apple.

Pretty much. And not just what they send. It's what the snap! From my understanding it's when phone detects image in its file system it'll process it. Not when you actually send it. Which is why it's even more fucked up.

 

If only photos uploaded to iCloud were a concern, I'd say ok, that's the hosting policy and you can opt out of it by not using iCloud. You can't opt out of it by not using creepy phone. And go with what? Another creep called Google or use useless flashed custom ROM's with bunch of retarded limitations?

[Stahlmann]

7 hours ago, krakkpott said:

I don't like where this is going.  This essentially means Apple has some (or even full) control over your personal data on your personal iPhone.

What's a personal iPhone? iPhones are not meant to be owned by the user. This whole topic confirms it yet again.

 

3 hours ago, Bombastinator said:

There is all this aregument that Apple is worse than Google because of this thing.  There’s two problems.  Apple may not do this thing the way the article states because there is critical data missing, but apparently Google DOES do this already and has for years. The worst this can be is “Apple is just as bad as Google now” it would be incredibly foolish of them to do this.  Apple HAS done foolish things before which makes this harder to poopoo, but there’s something off about this whole thing.  I want more data before I jump to conclusions. 

It's kinda sad that the choice nowadays is between bad and worse isn't it?

 

1 hour ago, pythonmegapixel said:

FFS. Is it even possible to own a mobile phone these days and NOT be spied on?

No it's not.

 

1 hour ago, pythonmegapixel said:

I guess I could just buy one of those little phones with the T-9 keypad, but that's not really ideal.

While it would be the best thing to do for privacy reasons, it would be a pretty big tradeoff. Nowadays people want to be connected to each other all the time. While i'd probably do fine as i like to call people rather than send a message via WhatsApp etc, most people would just lose contact with a person who decides not to use a smartphone anymore.

[WihGlah]

Not mine. 

[Roswell]

1 hour ago, RejZoR said:

Pretty much. And not just what they send. It's what the snap! From my understanding it's when phone detects image in its file system it'll process it. Not when you actually send it. Which is why it's even more fucked up.

 

If only photos uploaded to iCloud were a concern, I'd say ok, that's the hosting policy and you can opt out of it by not using iCloud. You can't opt out of it by not using creepy phone. And go with what? Another creep called Google or use useless flashed custom ROM's with bunch of retarded limitations?

From the quote it only mentions the photos app when it backs up to iCloud. It also mentions iMessage, which uploads photos to Apple for delivery/hosting. 
 

So in both instances they are only analyzing photos you choose to upload to their services, not everything on the phone.

[CarlBar]

A few things, posting a link to the BBC article for the source: https://www.bbc.co.uk/news/technology-58109748#

 

1. Its only scanning stuff uploaded to iCloud e.t.c. not stuff on the phone thats not been uploaded.

 

2. it's comparing the hashes to a database of know abuse images, it's not going to flag 2 teenagers sending each other nudes because it has no way to know if they're underage.

 

3. Any positive result flag will require an apple employee to manually review before any action is taken. That kills the false positive problem instantly as false positives will be caught by the human aspect.

[Rauten]

1 hour ago, CarlBar said:

A few things, posting a link to the BBC article for the source: https://www.bbc.co.uk/news/technology-58109748#

 

1. Its only scanning stuff uploaded to iCloud e.t.c. not stuff on the phone thats not been uploaded.

Uuhh... not really?

From the same BBC article:

 

"Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes," Apple said.

 

So what they're saying is, "we are perfectly capable of checking everything in your device, but we pinky-swearsies that we will only scan pictures you are trying to upload to iCloud, and only for CP. You can trust us, we're your neighbourhood friendly megacorporation!"

[Master Disaster]

1 minute ago, Rauten said:

Uuhh... not really?

From the same BBC article:

 

"Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes," Apple said.

 

So what they're saying is, "we are perfectly capable of checking everything in your device, but we pinky-swearsies that we will only scan pictures you are trying to upload to iCloud, and only for CP. You can trust us, we're your neighbourhood friendly megacorporation!"

[Roswell]

11 minutes ago, Rauten said:

Uuhh... not really?

From the same BBC article:

 

"Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes," Apple said.

 

So what they're saying is, "we are perfectly capable of checking everything in your device, but we pinky-swearsies that we will only scan pictures you are trying to upload to iCloud, and only for CP. You can trust us, we're your neighbourhood friendly megacorporation!"

What do you honestly think they’re going to do with hash values of your other pictures…?

[WolframaticAlpha]

4 hours ago, RejZoR said:

Read my comment above. It's NOT static hashes for this very reason of easy circumvention. And it's because of this why it's a worrisome step. Sure, protect children from sending their nudes to creeps or post them anywhere, but the issue is, it'll never stop at only that and like I said, given PRISM is always involved, this is a dangerous point for privacy.

 

I dumped Google and consequently all Android devices because Google is such a creepy corporation. Went with Apple because they weren't. Just for them to also become creeps sprinkled with "good intentions". I really hate the idea of using Android phone without any Gapps because it's essentially useless then. But that seems to be where things are heading.

I recommend you try GrapheneOS+microG. It might be hard to setup, but gives you a good level of privacy.

[Fasterthannothing]

4 hours ago, RejZoR said:

Read my comment above. It's NOT static hashes for this very reason of easy circumvention. And it's because of this why it's a worrisome step. Sure, protect children from sending their nudes to creeps or post them anywhere, but the issue is, it'll never stop at only that and like I said, given PRISM is always involved, this is a dangerous point for privacy.

 

I dumped Google and consequently all Android devices because Google is such a creepy corporation. Went with Apple because they weren't. Just for them to also become creeps sprinkled with "good intentions". I really hate the idea of using Android phone without any Gapps because it's essentially useless then. But that seems to be where things are heading.

Yeah I got an open source Linux phone the Pinephone to tinker around with. It's rapidly going to end up being my daily driver no matter how painful it will be loosing so many modern smartphone features. I'm all for stopping abuse but this is absurdity and a complete violation of privacy and security.

[Rauten]

3 minutes ago, Roswell said:

What do you honestly think they’re going to do with hash values of your other pictures…?

It's not about what they're going, or not going, to do with that.

BTW, I don't even have an iPhone, so I'm not personally concerned.

 

But this is a humongous back door to any and all data you have stored in your phone.

Right now it's just hash data for pictures you've marked for upload, sure. But the fact remains that they are going to make themselves a direct access to the files in your phone, and all it takes is a couple clicks here, and a modified "if" clause there, and what used to be "check hashes for CP" is now "let's have a movie night at the office watching the videos this person recorded on their phone".

Which is particularly worrying considering it comes from a company that has been touting how "privacy concerned" they are for years.

[Vishera]

12 hours ago, linux fanboy said:

"designed with user privacy in mind,"

There is no privacy here,they literally scan people's phones like they are a KGB agent.