Is this strictly a physical thing or can it apply in software?
Sure, some Linux distros (or is it MacOS?) ask for confirmation before executing `rm -rf /`, which breaks the typical UX of the command but prevents bad mistakes.
Readit Newskoolhaas commented on Poka Yoke en.wikipedia.org/wiki/Pok... · Posted by u/rfreytag
> Based on their whitepaper, it's a smaller version of the original image,
I seem to recall that the white paper speaks of a "visual derivative" without specifying it further.
The Technical Summary uses "visual derivative" without clarification, but their Threat Model PDF clarifies it further as thumbnails:
>The decrypted vouchers allow Apple servers to access a visual derivative – such as a low-resolution version – of each matching image.
https://www.apple.com/child-safety/pdf/Security_Threat_Model...
A thumbnail is included with every safety voucher.
However, it is encrypted with a key that resides on your hardware and is unknown to Apple. So Apple doesn't have enough information to decrypt your thumbnails at will.
A secret sharing scheme is used to drip-feed Apple the key: each time a positive match occurs, Apple learns a bit more about your key. Once the threshold is reached, Apple will have learned enough to recover your encryption key, and will be able to use it to decrypt all your matching thumbnails at once.
Fascinating, thanks for clarifying.
Apple frequently decrypts icloud data including photos based on a valid warrant. This new local scanning method does not stop apple from complying and decrypting images like they have for years.
https://www.apple.com/legal/privacy/law-enforcement-guidelin...
(Note: I have worked with law enforcement in the past specifically on a case involving Apple and two iCloud accounts. You submit a PDF of the valid warrant to Apple. Apple sends two emails one with the iCloud data encrypted. A second email with the decryption key.)
Of course, but it's a kind of last resort thing to support a valid legal process they cannot (and probably don't want to) skirt around. They also publish data on warrant requests.
To me it's pretty clear they are doing the absolute minimum possible to keep congress from regulating them into a corner, where they lose decision making control around their own privacy standards. The system they came up with is their answer for doing it in the most privacy conscious way (e.g. not decrypting user data in icloud) while balancing a lot of other threat model details, like what if CSAM-hash-providing organizations provide img hashes for a burning American flag, and lots of other scenarios outlined in the white paper.
calling resized thumbnails metadata is a bit of a stretch imo.
Surely that's just the data, but resized?
Yes I agree, bit of a stretch. Based on their whitepaper, it's a smaller version of the original image, I guess just large enough to support the human verification step.
But I'm unsure that the thumbnail is included with every CSAM "voucher" -- it's likely only included when you pass the 30 image limit. Need to read that section more clearly.
Apple has yet to make a valid reason for implementing client side CSAM scanning.
According to Apple only images that will be uploaded to iCloud will be scanned.
If this is the case there is zero reason to scan locally and you can just scan the uploaded image once it is on the server.
Apple has not implemented E2E nor has it released a statement indicating this will be implemented in the future.
Presumably, it’s done this way so they can say computers other than your personal device do not scan photos and “look” at decrypted and potentially innocent photos. And technically the original image is never decrypted in iCloud by Apple - if 30 images are flagged they are then able to decrypt the CSAM scan meta data which contains resized thumbnails, for confirmation.
In summary, I’m guessing they tried to invent a way where their server software never has to decrypt and analyze original photos, so they stay encrypted at rest.
I think the reason "steal" can feel strange here is that we've spent the last 15 years arguing that copyright infringement is "not stealing" because the original creator has not been deprived of anything.
The phrase "not stealing" is almost exclusively used in this context on HN: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
I think it’s context dependent, just like other uses of the word steal. With copyright infringement, internet communities have come to agreement that it is not stealing, so avoiding the use of the word in that context is important. In baseball it’s not, and neither with identity theft. With illegally obtained private photos, never intended to be shared or released to the world, is there a better word? It’s such a different scenario, the only similarity I see is both involve files on a computer.
Isn't "stealing" inaccurate here? Copies were made, sure, but nothing was removed from their possession.
What word do you use when someone unrightfully gains possession of something that isn’t theirs?
Btw a lot of words in English have multiple meanings, and transform meaning over time, which can be confusing sometimes. For example, in baseball you steal a base, which was being protected by the other team, but you don’t remove the base from the field and run off with it.
I think steal works better than copy here, more accurately conveying meaning and intention, and unjust access.
koolhaas commented on Apple’s crackdown on multicast thomask.sdf.org/blog/2021... · Posted by u/todsacerdoti
2023 Q1: each TLD you make web requests to will need individual human moderated entitlements.
koolhaas commented on Apple’s crackdown on multicast thomask.sdf.org/blog/2021... · Posted by u/todsacerdoti
Wait, even to develop/test on your own device, without releasing, you need to fill out the form?