undefined | Better HN

0 pointstgsovlerkhgsel4y ago0 comments

As I understand it:

When you choose to upload your images to iCloud (which currently happens without end-to-end encryption), your phone generates some form of encrypted ticket. In the future, the images will be encrypted, with a backdoor key encoded in the tickets.

If Apple receives enough images that were considered a match, the tickets become decryptable (I think I saw Shamir's Secret Sharing mentioned for this step). Right now, Apple doesn't need that because they have unencrypted images, in a future scheme, decrypting these tickets will allow them to decrypt your images.

(I've simplified a bit, I believe there's a second layer that they claim will only give them access to the offending images. I have not studied their approach deeply.)

0 comments

shuckles4y ago

These are not “claims.” The process by which they get access to only the safety vouchers for images matching CSAM is private set intersection and comes with a cryptographic proof.

In no step of the proposal does Apple access the images you store in iCloud. All access is through the associated data in the safety voucher. This design allows Apple to switch iCloud storage to end to end encrypted with no protocol changes.

nullc4y ago

The private set intersection is part of the protocol to shield Apple (and their database providers) from accountability, not to protect the users privacy.

They could instead send the list of hashes to the device (which they already must trust is faithfully computing the local hash) and just let the device report when there are hits. It would be much more CPU and bandwidth efficient, too.

The PSI serves the purpose that if Apple starts sending out hashes for popular lawful images connected to particular religions, ethnicity, or political ideologies that it is information theoretically impossible for anyone to detect the abuse. It also makes it impossible to tell if different users are being tested against different lists, e.g. if Thai users were being tested against political cartoons that insult the king.

1 more reply

jtc3314y ago

What good is end to end encryption if the OS is prebuilt with a method of breaking that encryption? This is definitional backdooring, and you’re back to trusting Apple’s goodwill (and/or willingness to resist governments) to keep your data safe (I.e., not add new decryptable triggers).

Not having backdoors is a hard requirement for end to end encryption offering privacy guarantees.

1 more reply

j / k navigate · click thread line to collapse

0 comments

shuckles4y ago

These are not “claims.” The process by which they get access to only the safety vouchers for images matching CSAM is private set intersection and comes with a cryptographic proof.

nullc4y ago

The private set intersection is part of the protocol to shield Apple (and their database providers) from accountability, not to protect the users privacy.

1 more reply

jtc3314y ago

Not having backdoors is a hard requirement for end to end encryption offering privacy guarantees.

1 more reply

j / k navigate · click thread line to collapse