[YokoSix]

> Can non-CSAM images be “injected” into the system to flag accounts for things other than CSAM?

Our process is designed to prevent that from happening. The set of image hashes used for matching are from known, existing images of CSAM that have been acquired and validated by child safety organizations. Apple does not add to the set of known CSAM image hashes.

The problem is not that Apple can't add images to the database but that organizations from the outside can inject any hashes to the new, constantly sniffing system at the heart of iOS, padOS and macOS. Apple has no way to verify those or any hashes before they get injected into the database.

If the system detects any matches only some overworked and underpaid content checker from Bangladesh is there to stop your life from being destroyed by some SWAT team crashing through your front door at 3am, killing your barking dog. And who knows if those foreign sweatshops are even trustable.

[PikachuEXE]

Biggest problem is "who govern the governors"

What is the feedback when such system is abused

> Existing images of CSAM that have been acquired and validated by X organizations

Will Apple be considered as responsible? punished? Will Apple or the X publish the list of images and allow regular 3rd party validation? (I see security related product companies do that)

In this era it's hard, VERY hard to entrust our private properties to these giant tech companies. There is so little to NO negative feedback to their mis-behaviours. These companies need more regulations than individual citizens.

[candiodari]

> Biggest problem is "who govern the governors"

Child protection is an exception to all standards of due process in the US and Europe. There is NO organization that can interfere when people get mistreated based on these laws (the vast majority that fall victim to "side effects" are children, of course). Only generic "quality assurance" is done. There is no protection at all for individuals, whether children, parents, or third parties.

> Will Apple be considered as responsible? punished?

The EU court has judged just a few months ago that child protection authorities cannot be held responsible for the damage they cause, EVEN if it is shown that their actions were based on incomplete or wrong data.

> In this era it's hard, VERY hard to entrust our private properties to these giant tech companies.

Okay, well if you think this is a serious problem, then let me tell you what else social services data is being used for. In Belgium, social services, including homeless shelters, enter data into your medical records which you can't see, erase, or ... emergency departments will read this data, and use it to avoid the situation that they have to use the state insurance for non-insured persons, which is a polite wording for "refusing care to homeless persons".

[PikachuEXE]

Thanks for your detailed reply!

My point remains the same: Need more feedback on "governors/power wielding side"

[samrolken]

> If the system detects any matches

This part isn’t true. Unless a threshold of multiple matches is reached, Apple won’t have a complete key to decrypt anything.

[withinboredom]

I think this is being a bit pedantic. If they can slide one on your device, they can slide 100

[ribit]

This is already a thing today. Most major could providers perform server-side scanning, so if a nefarious party can smuggle problematic photos onto your cloud, you have the same problem.

To make it perfectly clear: I am absolutely agains this scanning system, but I think that we need to keep to high-quality arguments to successfully argue agains it.