undefined | Better HN

0 pointsshuckles4y ago0 comments

Before: you would upload images to iCloud Photos. Apple can access your images in iCloud Photos, but it does not.

Now: You upload images to iCloud Photos. When doing so, your device also uploads a separate safety voucher for the image. If there are enough vouchers for CSAM matched images in your library, Apple gains the ability to access the data in the vouchers for images matching CSAM. One of the data elements in the voucher is an “image derivative” (probably a thumbnail) which is manually reviewed. If the image derivative also looks like CSAM, Apple files a report with NCMEC’s CyberTip line. Apple can (for now) access the image you stored in iCloud, but it does not. All the data it needs is in the safety voucher.

Lot of words spilled on this topic, yet I’d be surprised if a majority of people are even aware of these basic facts about the system operation.

0 comments

munchler4y ago

Thank you for this explanation. Much more helpful than any of the lengthy articles I've read to date.

I think Apple has botched the rollout of this change by failing to explain clearly how it works. As a result, rumors and misunderstandings have proliferated instead.

matwood4y ago

Not sure your before is entirely correct. Apple has admitted to scanning iCloud photos, so they are already accessing them at some point.

https://digit.fyi/apple-admits-scanning-photos-uploaded-to-i...

shucklesOP4y ago

The before is entirely correct. Only iCloud Mail was previously scanned for CSAM. As a sanity check: it's not plausible that Apple only generated O(100) referrals to CyberTip annually if it were scanning all iCloud Photos. Other services of similar scale generate O(1M) referrals.

dmitriid4y ago

> access the data in the vouchers for images matching CSAM. One of the data elements in the voucher is an “image derivative” (probably a thumbnail)

So the author of the article is technically correct: Apple intentionally uploads CP to their servers for manual review which is explicitly forbidden by law.

He even describes the issue with thumbnails

shucklesOP4y ago

It is exceedingly unlikely that a system developed with NCMEC’s support and a Fortune 5 legal team somehow fails to comply with the most obviously relevant laws.

dmitriid4y ago

I'd say: A trillion-dollar company and a government agency can do whatever they feel like, and laws be damned :)

j / k navigate · click thread line to collapse

0 comments

munchler4y ago

Thank you for this explanation. Much more helpful than any of the lengthy articles I've read to date.

I think Apple has botched the rollout of this change by failing to explain clearly how it works. As a result, rumors and misunderstandings have proliferated instead.

matwood4y ago

Not sure your before is entirely correct. Apple has admitted to scanning iCloud photos, so they are already accessing them at some point.

https://digit.fyi/apple-admits-scanning-photos-uploaded-to-i...

shucklesOP4y ago

dmitriid4y ago

> access the data in the vouchers for images matching CSAM. One of the data elements in the voucher is an “image derivative” (probably a thumbnail)

So the author of the article is technically correct: Apple intentionally uploads CP to their servers for manual review which is explicitly forbidden by law.

He even describes the issue with thumbnails

shucklesOP4y ago

It is exceedingly unlikely that a system developed with NCMEC’s support and a Fortune 5 legal team somehow fails to comply with the most obviously relevant laws.

dmitriid4y ago

I'd say: A trillion-dollar company and a government agency can do whatever they feel like, and laws be damned :)

j / k navigate · click thread line to collapse