[grlass]

calling resized thumbnails metadata is a bit of a stretch imo.

Surely that's just the data, but resized?

[koolhaas]

Yes I agree, bit of a stretch. Based on their whitepaper, it's a smaller version of the original image, I guess just large enough to support the human verification step.

But I'm unsure that the thumbnail is included with every CSAM "voucher" -- it's likely only included when you pass the 30 image limit. Need to read that section more clearly.

[saithound]

A thumbnail is included with every safety voucher. However, it is encrypted with a key that resides on your hardware and is unknown to Apple. So Apple doesn't have enough information to decrypt your thumbnails at will.

A secret sharing scheme is used to drip-feed Apple the key: each time a positive match occurs, Apple learns a bit more about your key. Once the threshold is reached, Apple will have learned enough to recover your encryption key, and will be able to use it to decrypt all your matching thumbnails at once.

[koolhaas]

Fascinating, thanks for clarifying.

[FabHK]

> Based on their whitepaper, it's a smaller version of the original image,

I seem to recall that the white paper speaks of a "visual derivative" without specifying it further.

[koolhaas]

The Technical Summary uses "visual derivative" without clarification, but their Threat Model PDF clarifies it further as thumbnails:

>The decrypted vouchers allow Apple servers to access a visual derivative – such as a low-resolution version – of each matching image.

https://www.apple.com/child-safety/pdf/Security_Threat_Model...

[berkona]

Resized thumbnails aren't a stretch... they're a scale. Bum dum tiss.... I'll let myself out