undefined | Better HN

0 pointsksaj2y ago0 comments

The hashes can not have collisions anymore, because modern forensics hash with both md5 and sha512, and both hashes must be together for use in any legal case. The odds of both of them having a collision is big enough to flat out say it's not going to happen.

But even if there was an md5 hash collision back when md5 was the only one hash use, it still doesn't matter because upon viewing the image that matched, if it's not csam, it doesn't matter. Having said that, the chance of dozens of images matching hashes known to be associated to csam is also so unlikely as to be unthinkable. Where there is smoke, there is fire.

And further, a hash alone is meaningless, since in court there must be a presentation of evidence. If the image that set off the csam alarm by hash collision is say, an automobile, there is no case to be had. So all this talk about hash issues is absolutely moot.

Source: I have worked as an expert witness and presented for cases involving csam (back when we called it Child Pornography, because the CSAM moniker hadn't come about yet), so the requirements are well known to me.

Having said all that, I am an EFF member, and I prefer cryptography to work, and spying on users to be illegal.

0 comments

pseudalopex2y ago

Apple's system used a perceptual hash. Not cryptographic hashes. The hash databases were not auditable and were known to contain false positives. The threshold for viewing reported matches was not auditable and could have been changed at any time. I hope your expert testimony was more careful.

sebstefan2y ago

You just said yourself that hash collisions don't matter as "because upon viewing the image that matched, if it's not csam, it doesn't matter"

So when you say "a hash alone is meaningless, since in court there must be a presentation of evidence", you'd just present the image to court.

The hash is the trigger to call the authorities they handle the rest

And with a userbase the size of apple and people as pissy as reddit, you want to completely exclude a possibility of collisions or you'll get a repeat of the scenario we got in 2021

Manuel_D2y ago

I don't think it's an MD5 or SHA512 hash, since just changing one pixel would be enough to evade the scanner. My understanding is that it's heuristic similarity detection, which has a much wider footprint for collisions.

sebstefan2y ago

It was a hashing technique that would output similar outputs with similar inputs, maximizing collisions rather than minimizing it

That's why people were initially all up in arms about

But they didn't need to do that.

A regular hash where "just changing one pixel would be enough to evade the scanner" is already good enough

j / k navigate · click thread line to collapse

0 pointsksaj2y ago0 comments

Having said all that, I am an EFF member, and I prefer cryptography to work, and spying on users to be illegal.

0 comments

pseudalopex2y ago

sebstefan2y ago

You just said yourself that hash collisions don't matter as "because upon viewing the image that matched, if it's not csam, it doesn't matter"

So when you say "a hash alone is meaningless, since in court there must be a presentation of evidence", you'd just present the image to court.

The hash is the trigger to call the authorities they handle the rest

And with a userbase the size of apple and people as pissy as reddit, you want to completely exclude a possibility of collisions or you'll get a repeat of the scenario we got in 2021

Manuel_D2y ago

sebstefan2y ago

It was a hashing technique that would output similar outputs with similar inputs, maximizing collisions rather than minimizing it

That's why people were initially all up in arms about

But they didn't need to do that.

A regular hash where "just changing one pixel would be enough to evade the scanner" is already good enough

j / k navigate · click thread line to collapse