Apple scans iCloud photos to check for child abuse

Discussion in 'privacy general' started by mood, Jan 9, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,429
    Apple scans iCloud photos to check for child abuse
    January 8, 2020
    https://www.telegraph.co.uk/technology/2020/01/08/apple-scans-icloud-photos-check-child-abuse/
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,248
    Oh, I thought that stuff was securely end-to-end encrypted before being uploaded to iCloud.

    But if Apple can detect even known images of child abuse in iCloud, that's obviously not the case.
    That's just a complicated way to admit that their end-to-end encryption isn't secure.

    And it's not that I say that child abuse is OK.

    It's just that with this vulnerability, you're stuck trusting Apple. Instead of trusting the encryption methodology.
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    30,429
    Search warrant shows how Apple tackles child abuse images on iCloud and email
    February 11, 2020
    https://9to5mac.com/2020/02/11/child-abuse-images/
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,248
    The only defect is the fact that Apple can examine anything that's supposedly encrypted.

    It's a backdoor, and dishonestly concealed.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,607
    Location:
    European Union
    I could try to believe them when they claim they use homomorphic encryption, but that doesn't explain the possibility to inspect the images. So, yeah, that sounds like improperly implemented encryption.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,248
    Well, I think that they're just encrypting stuff to both the user's key and theirs.

    But even if they were using homomorphic encryption, that would be just as poor a choice, from the user's perspective.
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,828
    Location:
    UK
    It may be much worse than it initially sounds. You would, presumably, be able to recognise repeated hashes even if you weren't able to decrypt them. Then, using techniques as they did with the cracking of Enigma, where you might guess some repetitive plaintext, you might be able to recover at least a session key.

    Point being, if you can get a known hash of the "text", you may well be able to guess and widen.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,790
    Location:
    The Netherlands
    I haven't got any problems with this, if it can be used to stop crime.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.