The attacker isn’t a national state adversary. The attacker is a vengeful ex. The chances of such attacker even been aware of what hashing is, is close to zero.
Whoever designed this system is probably heavy on security, but low on product.
And when the attacker Googles "how to upload images banned by Facebook" won't they find that article from that one vengeful ex who understood the technology well enough to build a tool?
This is in general an unsolvable problem, and the only possible security is through obscurity. Images are on a spectrum, and so in order to hash an image, you must quantize the spectrum. Between two images, there is a continuum of mixed images. Using bisection, you can identify the point where it goes from matching to not matching. You can then upload the non-matching variant. Because of the way hashing works, this will be indistinguishable from any other non-matching image. Therefore, this creates an easy method to bypass facebook's filter while sacrificing minimal quality. As long as facebook matches against hashes, there is way to prevent bypassing of this form. All they can do is make it as difficult as possible.
> We use obscurity every day and its a completely valid layer of security.
Not sure I agree with that, most of the time when we do that is because we don't want to spend the time to have better security. And then we get burned. To your example of the 100$ bill: at my parents home with the car parked in the garage? No problem to do that at all. Out on the street in SF? No. I don't trust my glass enough as a security measure. But I don't leave money at all, is not security through obscurity.
But we are going OT. The problem that is raised is that they need necessarily security through obscurity. And we have two problems:
- How really robust are these algorithms? How long before we will see people abusing them?
- Have you thought hard enough about how this system could work? E.g: have a partial hashing made client-side and the final one on the server? Or a situation where the server code is open-sourced without the model to calculate the hash? That would allow for external review without disclosing the hash. Yes, you still need warranties that Facebook is using that code, but you could have a trusted third party certifying the program.
My point is, the person who designed this program didn't really understand the problem. The problem is not revenge porn. The problem is Facebook reputation. And this solution is totally deaf.
Facebook is pretty low on companies I would trust, on the other hand we know that NSA employees who have the highest level of security clearance were using their ability to intercept everything to stalk their exes and pass around their exes nude photos according to Snowden. Clearly nobody can be trusted, and as you write, a solution for this must incorporate this fact.
Whoever designed this system is probably heavy on security, but low on product.