[Kaytaro]

This is a great point. You don't even need to unlock an iPhone to take a picture. So in theory anyone with access to your phone for a few seconds could incriminate you with little effort.

[selsta]

This is already possible today with things like iCloud Photos, Google Photos, OneDrive etc.

[mobiledev2014]

Today: "WTF is this?" delete

iOS 15: "WTF is this?" SWAT team crashes through window

[gonehome]

This is not true. The check is only against known CSAM hashes.

[noisem4ker]

Just photograph a known bad picture.

[gonehome]

Then that's a different photo and will have a different hash.

[Simucal]

These aren’t cryptographic hashes. They are perceptual hashes and a picture of a picture could absolutely end up with the same phash value.

[skavi]

is there really no fuzziness to it? If not, can’t this be defeated by simply reencoding the image?

[gonehome]

I think it has gotten more sophisticated to detect cropped images and small changes now: https://inhope.org/EN/articles/what-is-image-hashing

The example is somewhat contrived.

If a 'friend' takes your phone and has access to it and then uses it to take images of CSAM similar enough to the original image that it triggers the hash match and does this enough times to go over Apple's threshold to flag the account after these images are uploaded to icloud without the original phone owner noticing then yes it might cause a match.

At that point the match is probably a good thing (and not really a false positive anyway) - since it may lead back to the friend (that has the illegal material).

[zbobet2012]

Or you know, anyone who wants to plant material on a device and has physical access. Say a disgruntled employee before leaving, or ex, or criminal or...

Or anyone who can just text you since imessage backs up to icloud automatically...

[antpol]

Are you sure the hash function literally called "NeuralMatch" running on the device with 2+ gen of AI capable chips won't have "collisions"?

[archagon]

Picture of a picture?