undefined | Better HN

0 pointstoxik4y ago0 comments

The point in the NeuralHash and PSI system is to preserve user privacy as far as possible. From a technical standpoint, it is not essential - a NeuralHash function that returns 0x0000… for everything would still catch CSAM. It's just that it would upload every single image on the user's device.

Now, how well this NeuralHash does preserve privacy is a different question, and /not/ one that is being answered by the original post here. In fact, I've not seen anybody look at the hash distribution over natural images, which would be an actual argument against the system.

0 comments

Retr0id4y ago

It doesn't really matter whether all images are uploaded, or just 1 in x (for large value of x), due to the Panopticon effect.

ithkuil4y ago

Let's not forget what the alternative is: this is about images that are uploaded on icloud anyway. The alternative is to upload the image in clear (or with ane encryption key that apple controls), and let apple run the CSAM filter on their servers.

Apple now has the ability to encrypt the images before sending them to icloud, with a private key you own. Except that some percentage of images that match the CSAM fingerprint with their neural feature extractor will be sent to a CSAM filter on the server side (whose workings we don't have many details about)

This whole thing backfired on Apple entirely due to psychological effects, not because they are really doing anything more "panopticon" that they would already able to do now on their icloud storage (after all people are ready sending their photos to apple)

ben-schaaf4y ago

They already have the decryption keys for iCloud. Undoubtedly they've already been running a similar CSAM filter server-side for ages. The only thing doing this stuff client side has done is reduce privacy and erode trust.

2 more replies

PolCPP4y ago

Theres not even a need to do that, upload the encrypted image and its neuralhash.

1 more reply

simion3144y ago

But if Apple really cares about children why they did not done this scans in iCloud like all the others? Did not care as much as Google or Facebook? Seems to me like Apple does not care at all and seems more like a dev with big ego wanted to add neural hashes to his CV but if you can explain how Apple cared for children all this years but only now are doing something I really want to see the explanation

2 more replies

read_if_gay_4y ago

The “actual argument” against the system that this provides is that Apple lied about the likelihood of hash collisions.

Therefore, why trust any of their other claims?

simondotau4y ago

Apple's claims are based on the statistical likelihood that there would be 30 collisions with CSAM hashes within one user account.

Just because someone has found an image of a nearly featureless diagonal thing which collides with another image of a nearly featureless diagonal thing, that doesn't disprove Apple's claims.

BeefWellington4y ago

> Apple's claims are based on the statistical likelihood that there would be 30 collisions with CSAM hashes within one user account.

Given people can now generate images that collide, it seems like the statistical likelihood has drastically changed since it was originally announced.

toxikOP4y ago

I find this an unconvincing argument as well, you're saying that because Apple made a false claim, any claim may be valid. This is obviously not the case, what they did was to, albeit likely knowingly, calculate the hash collision probability /if each bit is a coin flip/, which comes out to pow(2, -k) for k bits. It's tiny. Of course, each bit is /not/ an independent coin flip under the NeuralHash function.

So again the actual argument becomes: what is that distribution like?

FabHK4y ago

> what they did was to, albeit likely knowingly, calculate the hash collision probability /if each bit is a coin flip/, which comes out to pow(2, -k) for k bits. It's tiny.

I doubt that's what they did. I think they ran tests on huge numbers of pictures, got an estimate, put in a safety factor, and determined the threshold to hit their target (and put in another safety buffer then).

Naturally occurring collisions are not going to be an issue, and adversarial ones neither, I predict. Just as with current cloud providers.

zepto4y ago

> that because Apple made a false claim

Apple never made a false claim. They have never anywhere stated that neuralhash makes false positives at 1 in a trillion. Only that that is the rate for the system as a whole to flag accounts for review. The explicitly mention that they will vary the number of matches needed to maintain this if it turns out to be higher or lower based on images in the wild.

There are good arguments against this system but most of the technical debate seems to have devolved into amplifying lies now.

read_if_gay_4y ago

Fine, let’s say they didn’t lie, they made misleading claims.

Still. Why trust them after that?

If a company can make my own smartphone report me to the police, and they want my business, they better prove I can trust them. Apple has plainly done the opposite.

The whole ordeal is just utterly 1984.

tsimionescu4y ago

Sure, but a NeuralHash system with a collision chance of 100% would obviously not be abused to say NeuralHash collision implies CSAM - the secondary validation system will definitely be the last bastion.

In contrast, a NH system believed to have a collision chance of 1 in a trillion trillion may well be considered infallible, and any detection be directly reported as CSAM, with the 'backend verification' amounting to nothing more than a rubber stamp.

Of course, if you implicitly trust Apple not to do the second, than you're right, the NH collision rate doesn't matter too much.

j / k navigate · click thread line to collapse

0 comments

Retr0id4y ago

It doesn't really matter whether all images are uploaded, or just 1 in x (for large value of x), due to the Panopticon effect.

ithkuil4y ago

ben-schaaf4y ago

2 more replies

PolCPP4y ago

Theres not even a need to do that, upload the encrypted image and its neuralhash.

1 more reply

simion3144y ago

2 more replies

read_if_gay_4y ago

The “actual argument” against the system that this provides is that Apple lied about the likelihood of hash collisions.

Therefore, why trust any of their other claims?

simondotau4y ago

Apple's claims are based on the statistical likelihood that there would be 30 collisions with CSAM hashes within one user account.

Just because someone has found an image of a nearly featureless diagonal thing which collides with another image of a nearly featureless diagonal thing, that doesn't disprove Apple's claims.

BeefWellington4y ago

> Apple's claims are based on the statistical likelihood that there would be 30 collisions with CSAM hashes within one user account.

Given people can now generate images that collide, it seems like the statistical likelihood has drastically changed since it was originally announced.

toxikOP4y ago

So again the actual argument becomes: what is that distribution like?

FabHK4y ago

> what they did was to, albeit likely knowingly, calculate the hash collision probability /if each bit is a coin flip/, which comes out to pow(2, -k) for k bits. It's tiny.

Naturally occurring collisions are not going to be an issue, and adversarial ones neither, I predict. Just as with current cloud providers.

zepto4y ago

> that because Apple made a false claim

There are good arguments against this system but most of the technical debate seems to have devolved into amplifying lies now.

read_if_gay_4y ago

Fine, let’s say they didn’t lie, they made misleading claims.

Still. Why trust them after that?

If a company can make my own smartphone report me to the police, and they want my business, they better prove I can trust them. Apple has plainly done the opposite.

The whole ordeal is just utterly 1984.

tsimionescu4y ago

Of course, if you implicitly trust Apple not to do the second, than you're right, the NH collision rate doesn't matter too much.

j / k navigate · click thread line to collapse