Hacker News new | ask | show | jobs
by 0x426577617265 1783 days ago
Couldn't the hack just be as simple as sending someone an iMessage with the images attached? Or somehow identify/modify non-illegal images to match the perceptual hash -- since it's not a cryptographic hash.
1 comments
barsonme 1783 days ago
Does iCloud automatically upload iMessage attachments?
link
samename 1782 days ago
No, iMessages are stored on the device until saved to iCloud. However, iMessages may be backed up to iCloud, if enabled.

The difference is photos saved are catalogued, while message photos are kept in their threads.

Will Apple scan photos saved via iMessage backup?

link
0x426577617265 1782 days ago
I would assume yes, that this would cover iMessage backups since it is uploaded to their system.
link
0x426577617265 1782 days ago
I think so, since the iMessages are synced across devices.
link
tjoff 1782 days ago
Doesn't need to, the detection is client side at first.
link
marcellus23 1782 days ago
No, like many others commenting on the issue, you seem to only have a vague idea of how it works. Only photos being uploaded to iCloud are being scanned for CSAM.
link
tjoff 1782 days ago
Then tell us. Because this is what apple says:

The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple.

Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy.

https://www.apple.com/child-safety/

There is no ambiguity here. Of course they will scan images in the cloud as well, but they are explicit in saying that it is (also) on the device itself.

link
wingspar 1782 days ago
The operative separator is “Next”

Apple is announcing 3 new ‘features’.

First one scans iMessage messages / photos on device / warns kids and partners.

Second one is the CSAM photo hash compare in iCloud upload feature.

Third one is the Siri search protection/warning feature.

link
tjoff 1782 days ago
Stand corrected on the first part.

But surely iCloud upload feature is on the device. And if it was only in the cloud they wouldn't need to mention iOS or iPadOS at all.

link
jeromegv 1782 days ago
You are mistaken, the iMessage feature is for parental consent and is not used at all for the CSAM database.

It is not related to the CSAM database feature.

Read details here: https://daringfireball.net/2021/08/apple_child_safety_initia...

link
voakbasda 1782 days ago
And you have an overly optimistic idea that they will not enable this feature more broadly. You really want to trust them, when this incident shows that they do not intend to be fully forthright with such changes?
link
jeromegv 1782 days ago
They published full technical documents of what is happening and what is changing, and this is what this debate is about. It's a bit odd to argue that they are not forthright, this is all documented. They could have updated their terms of service vaguely and never mention that feature, they did not.
link