HackerTrans
TopNewTrendsCommentsPastAskShowJobs

zx10

no profile record

comments

zx10
·5 năm trước·discuss
I have some genuine questions regarding Apple's new CSAM detection.

From what I have read

  1) Most cloud providers including Apple already scans uploaded photos for child abuse. Photos are scanned server-side.
  2) Apple wants to do this on-device instead of server-side so that,
     1) photos are not looked up and scanned on the server.
     2) the device can generate a cryptographic safety voucher to prevent leaking information about images that do not match the CSAM database.
     3) threshold secret sharing can be used to prevent match results and encrypted data about the images from being accessed unless the account exceeds a threshold of matches.
  3) Photos that are not uploaded to iCloud Photos are not affected.
  4) Matching is done against *already known* database of CSAM images.
  5) Data is manually reviewed before reporting to NCMEC.
Isn't this better than what Apple and other companies(Google, Microsoft, Facebook etc.) have been doing on the server-side? Server-side and on-device CSAM detection both perform scan > match > manual review > report process. As far as I can see, the difference is that on-device detection adds more restrictions to Apple and third-parties.

There are many claims focused on Apple's decision to move away from server-side to on-device CSAM detection that,

  1) it is worse for privacy. (How is it worse than server-side detection? It is worse than no detection, but then there is no point of focusing on Apple's decision to move away from server-side detection.)
  2) it is bad that other companies will follow this path. (Why is it bad if other companies replace server-side detection to on-device detection?)
  3) it will let false positives to be triggered. (If it lets, were false positives previously(server-side) impossible to be triggered?)
I'm all in for ceasing personal data scanning, both server-side and on-device, altogether. But based on what I have read, I think on-device detection is at least better than server-side detection. On the other hand, the amount of backlash laser-focused on Apple's decision to move away from server-side to on-device CSAM detection has led me to believe that I might be missing something. Am I?