undefined | Better HN

0 pointsshuckles4y ago0 comments

The database is shipped in the iOS image.

0 comments

3 comments · 1 top-level

pushrax4y ago· 2 in thread

That's what you wrote originally - and to me it doesn't indicate whether it can also be updated from other sources or not.

Lots of content is shipped in the iOS image but can update independently.

shucklesOP4y ago

The technical summary provides a lot of detail. I don’t think Apple would omit remote update functionality from it if such capability existed, especially since database poisoning is a real risk to this type of program. I’m comfortable with interpreting the lack of evidence as evidence of absence of such a mechanism. Explicit clarification would certainly help though, but my original point stands: there is positive evidence in the docs which the FUD tweets don’t engage with.

In particular, I’m referencing the figure which says that the database of CSAM hashes is “Blinded and embedded” into the client device. That does not sound like an asset the system remotely updates.

marshf4y ago

Do you not see any scenerio where the CIA/OGA inserts a hash into the database to specially target one person or a group of people?

1 more reply

j / k navigate · click thread line to collapse