this post was submitted on 20 Jul 2023
1828 points (98.3% liked)
Technology
59605 readers
3422 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Anything could be added to the hashes with the user having no way to know what's being searched for beyond "trust us". This could be partially alleviated if, for example, the hash had to be signed by organizations in a combination of states that'd make it difficult to push through hashes for anything other actual CSAM (so not just Five Eyes)
Adversarial examples to intentionally set off the filter were demonstrated to be possible. Apple made it clear that there are types of content they'd be legally obligated to report once they became aware of, and it'd be well within a government agency's capabilities to honeypot, say initially, terrorist recruitment material
Coincidental false positives are also entirely possible (ImageNet had some naturally occuring clashes) and can result in their employees seeing your sensitive photographs
The user's device acting against the user cements other user-hostile and privacy-hostile behavior. "People could circumvent the CSAM scan" would be given as another reason against right to repair and ability to see/modify the software your own device is running
Tech companies erode privacy by flip-flopping between "sure we're giving ourselves abusable power, but we'll stand up to governments pressuring us to expand this" and then "well what were we supposed to do, leave the market?" when they inevitably concede
What's anything? They are not looking for any CSAM pictures they are looking for specific ones that are in a database. Its not like they can create a hash for a guy letting his dog on a horse and find all those pictures.
They could be looking for any images without your knowing - there's no guarantee that those images came from a CSAM database.
They could trivially create a hash for a picture of a guy letting his dog on a horse (which would also include other very similar images).
I didn't necessarily mean to claim that they can scan for a concept lacking a fixed image, if that's what you're saying. That would theoretically be possible with enough hashes, but impractical.