[wizzwizz4]

Not really; there's not enough information in the NeuralHashes. You'd get pictures like this,[0] (from [1]) instead.

[0]: https://user-images.githubusercontent.com/1328/129860810-f41...

[1]: https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX/issue...

[FartyMcFarter]

That is assuming that adding plausibility constraints wouldn't fix this issue. I don't know if this is feasible though.

[mlindner]

That's not really correct. That's a forcibly created colliding image, that's not the output of the NeuralHash. Also as reported elsewhere, it's absolutely possible to do so.

[zepto]

No, it’s not possible.

If you think there is a credible mechanism, please link to it.

[tvirosi]

It might have to do with the output possibly being a probability vector as opposed to a binary hash. The whole thing is thus differentiable and optimizable (if a dog image was incorrectly placed in the bad hash bucket it might only be on the border of it while the real CP corresponding to the hash is found at the probabilistic maxima of the hash bucket). Just guessing.

[zepto]

That isn’t correct, nor is it credible.

See: https://www.apple.com/child-safety/pdf/Security_Threat_Model...

[tvirosi]

Where am I supposed to look in that pdf to understand that it isn't correct or credible? It is certainly true that the model has differentiable and thus optimizable outputs.

[zepto]

Sorry - I posted that link in the wrong place.

Either way, if the claim is that it’s possible to reverse engineer CSAM from the hashes, proof is needed, and nobody has provided even a proof of concept.

The person I responded to was claiming it had been demonstrated. I asked for a link to evidence. You just made a hypothesis about how it might work. That’s not helpful.