undefined | Better HN

0 pointsnicce4y ago0 comments

There is public reference on Apple site[1].

Citing final phrase on the paper to TLDR their system:

> Apple is able to learn the relevant image information only once the account has more than a threshold number of CSAM matches, and even then, only for the matching images.

This applies only for images, so you can still reset your password. Technically, there are two layers of encryption on images. Regular server-side encryption and this "E2EE like" encryption, which allows access for CSAM matches in specific threshold.

[1]: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...

0 comments

new2994y ago

This document contains the following:

> As part of setup, the device generates an encryption key for the user account, unknown to Apple.

The question is, how is this generated. Can it be re-derived from information Apple has? If not, how will Apple handle cases where the user loses or breaks their device?

Is it derived from the iCloud password? Currently Apple can reset your iCloud password and restore access to your images. Will Apple no longer be able to do this in the future?

It’s really unclear to me, and I’d want explicit answers to these questions personally.

nicceOP4y ago

This seems to be explained on white paper of PSI system[1]. A lot of math is included, but on the page 30 there is a mention that different devices can be used. I am not the one who can explain that well.

[1]: https://www.apple.com/child-safety/pdf/Apple_PSI_System_Secu...

new2994y ago

Sure, different devices can be used they share the same key as stated in the document.

But it’s still not clear how that key is derived. It’s not clear, as implemented that Apple do not hold a master key to decrypt all data (as they do currently).

In fact, if the key is randomly generated, if you have one device (as many users do) and you lose that device. Do you lose all your data? Even if you have your iCloud password?

It doesn’t make sense. It would be a massive change to how iCloud currently operates and is used. And I find this extremely unlikely.

Right now, you can browse your photos online. That functionality is going away?

There are seemingly many open questions. But given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.

1 more reply

j / k navigate · click thread line to collapse

0 pointsnicce4y ago0 comments

There is public reference on Apple site[1].

Citing final phrase on the paper to TLDR their system:

> Apple is able to learn the relevant image information only once the account has more than a threshold number of CSAM matches, and even then, only for the matching images.

[1]: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...

0 comments

new2994y ago

This document contains the following:

> As part of setup, the device generates an encryption key for the user account, unknown to Apple.

The question is, how is this generated. Can it be re-derived from information Apple has? If not, how will Apple handle cases where the user loses or breaks their device?

Is it derived from the iCloud password? Currently Apple can reset your iCloud password and restore access to your images. Will Apple no longer be able to do this in the future?

It’s really unclear to me, and I’d want explicit answers to these questions personally.

nicceOP4y ago

[1]: https://www.apple.com/child-safety/pdf/Apple_PSI_System_Secu...

new2994y ago

Sure, different devices can be used they share the same key as stated in the document.

But it’s still not clear how that key is derived. It’s not clear, as implemented that Apple do not hold a master key to decrypt all data (as they do currently).

In fact, if the key is randomly generated, if you have one device (as many users do) and you lose that device. Do you lose all your data? Even if you have your iCloud password?

It doesn’t make sense. It would be a massive change to how iCloud currently operates and is used. And I find this extremely unlikely.

Right now, you can browse your photos online. That functionality is going away?

There are seemingly many open questions. But given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.

1 more reply

j / k navigate · click thread line to collapse