Follow

Imagine a government agency ordered Apple to include hashes of all documents they wanted to track into that kiddie porn database. Suddenly the government knows who's got that antivax meme JPG. Or tax protest DOC. Or an environmental report PDF.

And it's just hashes! Apple won't know what they're tracking, so they can't say "no".

Now tell me you honestly believe no government *ever* will take advantage of this invisible monitoring power.

@ericphelps To be fair, a dedicated government with the right kind of access to certain companies already would have that kind of capability trough malware monitoring / antivirus software that is on mostly every system today. As far as I know, Windows Defender will upload hashes of new files it finds when "Cloud-delivered protection" is on. As will Google Play Protect with the default settings.

The difference is maybe that Apple is specifically not talking about malware here.

@galaxis @ericphelps Interesting, I just went through the setting and turned those off!

@ericphelps You won't have to imagine for much longer.

[in Adam Curtis voice]

"And they thought they were rational people, liberated by the technology which the geniuses of the information revolution had created...but in reality the software they used was keeping them under control. It was a prison with automated policing, all made by Sillicon Valley."

@bob
@ericphelps
But remember, it's not even the government (or Apple) that maintains the database; rather, an independent 3rd party US-based corporation with no public oversight.

@downey @bob Just as bad or worse. How hard can it be to pressure or infiltrate or hack a small NGO?

@ericphelps a fair point one I haven't thought of before.
Worth noting, though that these are hashes.
A changed letter here, a different shade there...
Dodging it at least SEEMS like it should be trivial.

@ericphelps
My hosting company has the option to opt in a check on such a hash database, pretty nice, though some weeks back I got an email reporting on an accident:
The database is filled in by police etc. and they uploaded 'standard wordpress images' and so a lot off peeps got WARNINGS! (i'm not sure if the police is informed if something doesn't come back good, as it's a tool recommended for websites that allow user uploads).

So you scenario is very real.

@ericphelps This is one of the most succint explanations of why this is a worrying move that I've seen so far

@ericphelps I went on a rant about this and then deleted it. Too much power over many by the few.

The few want to know the world's thoughts, while keeping solely their own private.

@ericphelps crApple done fucked up. They did it backwards. They should've said this was to combat "nazis," or "disinformation." After everyone supported and praised them for that, then they could slip in the porn stuff.

@ericphelps @bluestarultor As it’s been pointed out on other places, this has been a thing for the last decade. File hosting companies do the hashing server side so people don’t see it.

@jollyrogue @ericphelps As I have pointed out elsewhere, hashing is a lossy format that can provide identical results from completely dissimilar files.

They're not just doing hashing; they're mixing it with image recognition and neither is a reliable method under current technology, especially on a phone's computing power.

@ericphelps of course the government metals in everything they are idiots.

@ericphelps That is perhaps the most fundamental flaw in the whole system. Apple says it is only scanning for child porn, but what they are actually scanning for is a list of file hashes. Apple has no idea what they are actually scanning for. All it takes is a government being able to slip some false hashes into the list and this becomes a system for tracking dissidents, leakers, etc.

@ericphelps IOW, Apple introduced an Index of Forbidden Books?

@wolf480pl Let's be real. If the kiddie pic traders know Apple is watching images, they'll switch to sharing epubs. Or zips. Or docs with embedded pictures (maybe embeds that you double click to open?). Or... Any number of ways.

So phase two will be to extend the search beyond pictures to include all sorts of things. There's no limit to the level of surveillance they can do in the name of child porn.

The Chinese Communist Party will love this.

@ericphelps Apple is already OCRing and identifying the content of your images and a government could force them to include identification of any specific content and flag the user. This would be much more dangerous and effective than the phashes

@ericphelps That's why, limux phones (hardware as well as software) are necessary. There should be no hardware backdoors as well.

@ericphelps everyone wants to hate on Apple, but doesn’t Google, FB, Amazon, etc already do the same thing? FB has been using this for years. 🤷🏻‍♀️

@ericphelps Not only that but they can find networks of people sharing those files. That's the most important part of their system.

@ericphelps Absolutely. This is a very powerful capability that is primed for abuse. They don't need to have access to your actual device or cloud account if Apple has a comprehensive list of the hashes for every file in your cloud account.

@ericphelps Are you honestly of the belief that android doesn’t have similar code and practices at its core? When people claim that apple doesn’t value privacy and wave the flag of android in the same breath it’s hilarious.

@ericphelps this makes me think of the de-duping issue based on document hashes with mega. Basically if you had a copy (or the govt with an original of some whistleblowers document), you could of course compute its hash the same way mega does, and could find out who else had it on mega thru the storage api, without decrypting anything. Oops.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!