Author Topic: Apple privacy letter (Law enforcement through your phone)  (Read 13392 times)

0 Members and 1 Guest are viewing this topic.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #75 on: August 23, 2022, 07:13:05 am »
Propaganda? It's called mathematics. Look at something like SHA-256... the probability of a hash collision is so extraordinarily small.
Until it doesn't. They used to say the same about MD5.

At any rate, you made it sound like this property is somehow guaranteed, which is utter :bullshit:

Again, maths. The limitations of MD5 were very well understood early on. Whilst I agree with "never say never", the chances of that are astronomically slim and certainly "good enough" for the purposes being discussed. On the ever-so-remote chance there is a collision in my lifetime, it will be manually verified by a human anyway. I'll also eat my hat. I would also make an educated guess that a single solitary hit wouldn't be enough (but that's just a guess).

I'd suggest you go look up how big a number all the possible SHA-256 combinations really is, then you'll start to get some perspective.

If you don't wish to take my word for it, you only need to speak to someone (else) in the industry, or perhaps examine the court cases where this has been previously tested (and failed). Also, keep in-mind, no one is talking about anyone being dragged through the courts or being sent to prison because of a hash value. The hashes are used to establish probable cause (and it's damn good probable cause at that), then from there, normal investigative processes commence. In order to be charged with an offence of possessing/distributing child abuse material, the prosecution must to be able to prove, beyond reasonable doubt, all the elements of the offence(s). You don't simply rely on the hash value alone. You also can't rely on AI to be able to classify what is and isn't child abuse material, a human does that.
« Last Edit: August 23, 2022, 07:30:18 am by Halcyon »
 

Offline magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #76 on: August 23, 2022, 07:58:58 am »
Dude, I know what's hashing.

My other point, which you conveniently ignore, was that even if accidental collisions are unlikely, deliberate ones may become possible at some unknown future time and all sorts of fun could be had with that.

Besides, is it established that they actually use a modern long hash or is it MD4 and the information that it's MD4 is also classified like the hashes themselves? I believe we are talking US government here ;)
« Last Edit: August 23, 2022, 08:01:55 am by magic »
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #77 on: August 23, 2022, 08:57:49 am »
Dude, I know what's hashing.

My other point, which you conveniently ignore, was that even if accidental collisions are unlikely, deliberate ones may become possible at some unknown future time and all sorts of fun could be had with that.

Besides, is it established that they actually use a modern long hash or is it MD4 and the information that it's MD4 is also classified like the hashes themselves? I believe we are talking US government here ;)

You don't seem to fully grasp the concept though, so I assumed otherwise.

Let's assume the improbable happened and a collision DID occur, what then? That file somehow finds its way onto someones device as a prank, which just so happens to also be a valid image/video file, which is then matched against known bad files, which is then checked by a human only to find out it's nothing?

Whilst MD5 hashing is still an option available in most digital forensics software, SHA-1 and SHA-2 are far more popular. That being said, even if it was something weaker like MD5, I've actually stood up in court and given evidence on the probability of that being a collision and it mattered not (the defence was simply trying to find a hole where there wasn't one). As I said, it's more than just the hash itself that's important, it's the contents of the file. For the context of what is being discussed here, even MD5 would be fine to use.

Even the absence of any hashing, companies still report back to law enforcement about child abuse material on their servers when they become aware of it. Hashing simply automates some aspects of the whole exercise.

Getting back on topic... if being given a choice between having the files hashed and compared against the database, or your files being uploaded to the company to be checked, by AI, a person, whatever... which would you feel more comfortable with? If you don't like the way a company conducts business or designs its products, then don't use them. The issue isn't about the reliability of use of hashes as evidence against someone, it's about the policies Apple are implementing.
« Last Edit: August 23, 2022, 09:14:13 am by Halcyon »
 
The following users thanked this post: Someone

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #78 on: August 23, 2022, 09:24:47 am »
Hashing is a poor technical measure as well. Ignoring improbable collisions it has other problems:

1. The blacklist can be poisoned through incompetence.
2. The blacklist can be poisoned through malicious intent.
3. The blacklist has no independent oversight.
4. The blacklist can be extended to other material later.
5. The hash is not necessarily traceable back to the original image / material thus is impossible to re-moderate.
6. You have to store the original material if you want to regenerate the list.
7. It's a byte level hash so adding pixel changes and noise circumvents the whole thing.

There is no choice but to put these stupid fucking retarded ideas where they belong: in the trash.
 
The following users thanked this post: JPortici, SiliconWizard

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #79 on: August 23, 2022, 09:43:06 am »
7. It's a byte level hash so adding pixel changes and noise circumvents the whole thing.

This is an interesting idea and one that has been raised many times before. The truth is, crooks are (mostly) dumb and it doesn't stop them from getting caught. There is a good reason why things like Project VIC are very effective.

You will never solve 100% of crime. Sadly, things like possessing child abuse material is slowing becoming "volume crime".
 
The following users thanked this post: Someone

Offline magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #80 on: August 23, 2022, 09:45:34 am »
The only people getting caught are illiterate loosers who jerk to it.

I sometimes use some warez sites (for non-cheese-pizza content :P) and make no mistakes, those people know what they are doing.
 
The following users thanked this post: bd139

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #81 on: August 23, 2022, 09:49:43 am »
The only people getting caught are illiterate loosers who jerk to it.

I sometimes use some warez sites (for non-cheese-pizza content :P) and make no mistakes, those people know what they are doing.

Oh absolutely. And law enforcement know all about it. You think they aren't on those same sites and on the dark web? I can tell you some stories.

I guess fortunate for us who are normal, the "smart" crooks make up a small minority.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
 

Offline magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #83 on: August 23, 2022, 11:17:22 am »
Quote
combat sexualized violence against children online
Holy shit, where can I get the software for this, there is like a few dozen people I would hit it with immediately :-DD
 
The following users thanked this post: bd139

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #84 on: August 23, 2022, 11:37:22 am »
I assume that's people you don't like  :-DD

(oh another vector there!)
 

Offline PlainName

  • Super Contributor
  • ***
  • Posts: 7508
  • Country: va
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #85 on: August 23, 2022, 12:22:54 pm »
Quote
On the ever-so-remote chance there is a collision in my lifetime, it will be manually verified by a human anyway.

That actually makes it worse. Once people think it's a so remote chance it's never likely to happen, the time when it does happen just can't be real so clearly someone is pulling a fast one and should be nicked anyway. The less chance of it happening, the greater the danger of a miscarriage when it does happen.

And, as the NYTimes article I posted above shows, it doesn't matter if even law enforcement say it's not real kiddie porn and a mistake - the poor person caught out is fucked for life anyway.
 

Offline Bicurico

  • Super Contributor
  • ***
  • Posts: 1816
  • Country: pt
    • VMA's Satellite Blog
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #86 on: August 23, 2022, 12:34:02 pm »
I have a question: if the system only relies on matching a hash database of known pedofile pictures against the pictures on the mobile phone, how is it supposed to detect newly taken pictures? If it doesn't do that, why should it search phones to start with? I would imagine that pedofiles don't install a library of pictures on their phone?

My problem with this technology is that a governmental agency is running software on my device without my consent or without informing me. At my cost (bandwidth, energy, CPU load). I am no pedofile or criminal, so why should I be investigated?

Also, there are so many evident crimes that are not persecuted but could easily be, that I wonder why this matter is consider more urgent.

Finally, let me mention Eppstein: convicted and suicided for sex trafficking of minors, yet no customer has been charged?

« Last Edit: August 23, 2022, 02:59:50 pm by Bicurico »
 
The following users thanked this post: Red Squirrel

Online rsjsouza

  • Super Contributor
  • ***
  • Posts: 6106
  • Country: us
  • Eternally curious
    • Vbe - vídeo blog eletrônico
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #87 on: August 23, 2022, 01:15:55 pm »
Finally, let me mention Eppstein: convicted and suicides for sex trafficking of minors, yet no customer has been charged?
Even before charges are pressed, who are they? Where is the phonebook with the names of the customers?

The elites in power are there to protect only themselves, nothing more. Think of it next time you read about "scandal X" and who is being implied and actually is sentenced at the end of the day.
Vbe - vídeo blog eletrônico http://videos.vbeletronico.com

Oh, the "whys" of the datasheets... The information is there not to be an axiomatic truth, but instead each speck of data must be slowly inhaled while carefully performing a deep search inside oneself to find the true metaphysical sense...
 
The following users thanked this post: Red Squirrel

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2757
  • Country: ca
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #88 on: August 23, 2022, 02:47:12 pm »
They use algorithms which will not experience a hash collision, that way, every single file in the world will have it's own, unique hash.
You fell for propaganda.

It is guaranteed that there exist multiple pairs of files of length N+1, where N is the length of the hash, which map to the same hash value.
I don't even need to know anything about the hash to prove it, it's called "pigeonhole principle".

Yeah if you take something with say 100,000 characters and try to condense it into something that is say 16 characters, no matter what, you will eventually get a collision.   Otherwise, you just invented the Pied Piper of compression algorithms!   

As for "the greater good" that is a very very dangerous thing to say and I see it often and it's usually to try to justify stuff like this.  The very premise of communism is "for the greater good" and the people are the ones that suffer in the end via loss of rights, freedoms, etc. 
 
The following users thanked this post: bd139

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15797
  • Country: fr
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #89 on: August 23, 2022, 08:49:21 pm »
Two major issues there IMO:
- Basic one: we may just not want this total surveillance society that is coming up. Period. Already a ton of existing books and movies about that. No need to guess or even to give it a chance: we exactly know what that means and how it ends up. No need to pretend it will be all different, because guess what? It won't be.
- Currently, systems (most being ML-based) are being deployed and get official authorizations while they are still not validated and are known to still be unreliable. (That's true for mass surveillance, autonomous vehicles, and so on.) With sometimes little or unclear recourse.
 
The following users thanked this post: Red Squirrel, bd139

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #90 on: August 24, 2022, 02:51:06 am »
Quote
On the ever-so-remote chance there is a collision in my lifetime, it will be manually verified by a human anyway.

That actually makes it worse. Once people think it's a so remote chance it's never likely to happen, the time when it does happen just can't be real so clearly someone is pulling a fast one and should be nicked anyway. The less chance of it happening, the greater the danger of a miscarriage when it does happen.

And, as the NYTimes article I posted above shows, it doesn't matter if even law enforcement say it's not real kiddie porn and a mistake - the poor person caught out is fucked for life anyway.

No one is ever charged with an offence such as possession of CAM, without someone, a human, doing some work.

No one is "caught out and fucked for life" with this kind of stuff, when they haven't done anything wrong. That's not how the justice system works... even in the USA.
 

Offline bdunham7

  • Super Contributor
  • ***
  • Posts: 8175
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #91 on: August 24, 2022, 04:58:32 am »
No one is "caught out and fucked for life" with this kind of stuff, when they haven't done anything wrong. That's not how the justice system works... even in the USA.

Oh really?  Felony charges and mandatory sex offender registration for minors that have taken pictures of themselves?  That sounds pretty much like fucked for life to me.  I suppose they have "done something wrong" so it's all OK....

https://www.aclu-wa.org/blog/sexting-and-law-press-send-turn-teenagers-registered-sex-offenders
A 3.5 digit 4.5 digit 5 digit 5.5 digit 6.5 digit 7.5 digit DMM is good enough for most people.
 
The following users thanked this post: rsjsouza, tooki

Offline magic

  • Super Contributor
  • ***
  • Posts: 7453
  • Country: pl
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #92 on: August 24, 2022, 05:14:30 am »
Oh really?  Felony charges and mandatory sex offender registration for minors that have taken pictures of themselves?  That sounds pretty much like fucked for life to me.  I suppose they have "done something wrong" so it's all OK....

https://www.aclu-wa.org/blog/sexting-and-law-press-send-turn-teenagers-registered-sex-offenders
Using Apple or Android spyphones does count as "doing something wrong" in my book.
 

Offline JPortici

  • Super Contributor
  • ***
  • Posts: 3573
  • Country: it
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #93 on: August 24, 2022, 05:41:50 am »
No one is "caught out and fucked for life" with this kind of stuff, when they haven't done anything wrong.

you say that.
The moment your name is associated with kids you are marked. it doesn't matter if it's the truth, you are marked and that will follow you because people develop selective hearing and selective reading. There will be always someone who doesn't know the truth and even if you try to move a million miles away someone will find out why and people there will start thinking but why did he move away if he's innocent*. Unless of course you are a catholic priest, not even a joke. For that people develop selective hearing in the other sense "They must not be!" no matter the hard evidence, and if it's really blatant they just get transfered nearby, where a bunch of other bigots won't believe the priest did anything wrong. Seen that happen a few times.

*The president of our local footbal team got accused of molesting kids. You know, he did also train the children's team for almost thirty years, including all of my childhood friends so it's pretty scary, even though we can't believe it. overnight there were dozens of news articles with the face and the name and everything. He of course had to resign, quit his job. Months later it turned out it was a family of pieces of shit who decided to try to spread the rumor in order to extort some money from the guy. A single brief article was made, but the damage was done permanently. Who can trust him now that the seed of doubt has been planted? Last i heard he was trying to sue back the newspapers, don't know how it will end. People kill themselves for a lot less, when you take something they care from them in this way
 
The following users thanked this post: rsjsouza, Ranayna

Offline Miyuki

  • Frequent Contributor
  • **
  • Posts: 908
  • Country: cz
    • Me on youtube
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #94 on: August 24, 2022, 08:47:33 am »
Just look on next Louis video how google do the same and just fucks peoples lives for false alarms
No protection, you are on a mercy of your AI overlord



 
The following users thanked this post: Red Squirrel

Offline Bicurico

  • Super Contributor
  • ***
  • Posts: 1816
  • Country: pt
    • VMA's Satellite Blog
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #95 on: August 24, 2022, 09:17:57 am »
What I fear most is the symbiose of big tech gigants like Apple, Google, Amazon, etc. and goverments.

This is not lobbying it is plain corruption.

How is it possible that a small company in the EU is supposed to have a data privacy delegate, to assure that privacy laws are respected to a point where keeping a customer email can become critical, while Google is recording all transcribed phone conversations?

And the problem is exactly this: once you are flagged, even if you can prove that you did not othing wrong and the flagging resulted from poor AI or an error of the service provider, you have nobody to talk to. They don't care: you are one person amongst BILLION of users!

And yes, we may have the erroneous flagging of people, we may have the correct flagging of people, but we also may have the flagging on PURPOSE! This is done to eliminate any unwanted competition: in elections, as a competing startup, as an annoying voice.

What if Google or Apple flaggs Louis on purpose, as if it was a mistake? Lucky for him, he will at least be better off than the average guy, because he has a wider audience.

I really would wish that the suckers at the EU goverment would stop imposing the standard length of saussages and financing stupid goals as EU funded projects. Instead they should make an effort to limit the influence of US based tech gigants in the EU and sponsor the development of propper competition. It is sad to see how the EU has fallen behind on IT - at all levels.
« Last Edit: August 24, 2022, 09:20:18 am by Bicurico »
 

Offline Miyuki

  • Frequent Contributor
  • **
  • Posts: 908
  • Country: cz
    • Me on youtube
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #96 on: August 24, 2022, 10:32:38 am »
What I fear most is the symbiose of big tech gigants like Apple, Google, Amazon, etc. and goverments.

This is not lobbying it is plain corruption.

How is it possible that a small company in the EU is supposed to have a data privacy delegate, to assure that privacy laws are respected to a point where keeping a customer email can become critical, while Google is recording all transcribed phone conversations?

And the problem is exactly this: once you are flagged, even if you can prove that you did not othing wrong and the flagging resulted from poor AI or an error of the service provider, you have nobody to talk to. They don't care: you are one person amongst BILLION of users!

And yes, we may have the erroneous flagging of people, we may have the correct flagging of people, but we also may have the flagging on PURPOSE! This is done to eliminate any unwanted competition: in elections, as a competing startup, as an annoying voice.

What if Google or Apple flaggs Louis on purpose, as if it was a mistake? Lucky for him, he will at least be better off than the average guy, because he has a wider audience.

I really would wish that the suckers at the EU goverment would stop imposing the standard length of saussages and financing stupid goals as EU funded projects. Instead they should make an effort to limit the influence of US based tech gigants in the EU and sponsor the development of propper competition. It is sad to see how the EU has fallen behind on IT - at all levels.
As an EU citizen, you are to some extent protected from this
Plenty of people use national email and other services
So they are somewhat isolated at least when using their windows based devices
The Bank system is also organized in a different way
So they will lose "only" the phone
And I know a lot of Android users who live happily without any cloud services or accounts

The other thing is the EU will never have tech giants, it just won't allow it
There are too many obstacles to entering and growing a company
And if some miracle will happen they will chop it afterward

They barely tolerate things like VW, Bosch, Siemens, and of course Oil companies
But they predate the EU, employ a big portion of the population, and of course are a big part of national economies.
 

Offline radar_macgyver

  • Frequent Contributor
  • **
  • Posts: 748
  • Country: us
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #97 on: August 24, 2022, 10:41:22 am »
Meanwhile back in Google territory:

https://news.yahoo.com/dad-took-photos-naked-toddler-142928196.html

Even though the police cleared the guy, Google refuses to reinstate his accounts.
 

Offline MT

  • Super Contributor
  • ***
  • Posts: 1687
  • Country: aq
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #98 on: August 24, 2022, 12:57:17 pm »
Anyway, I do think those invasive surveillance measures are completely useless at defeating any kind of criminal activity anyway. This may "catch" a few idiots, but unfortunately, I'd think most criminals would know better than to put pictures or videos on surveilled phones and clouds anyway. So as always, they're just using mass surveillance and invading EVERYONE's privacy while criminals will probably continue happily doing their bad deeds while laughing at Apple and the likes.

You meant folks like Hunter Biden? and his laptop? not even encrypted FBI say....... well, FBI "not" a criminal governmental organization the fedgov say.... while a huge number of american citizens violently disagree.  :)

 

Offline Bicurico

  • Super Contributor
  • ***
  • Posts: 1816
  • Country: pt
    • VMA's Satellite Blog
Re: Apple privacy letter (Law enforcement through your phone)
« Reply #99 on: August 24, 2022, 02:23:09 pm »
If you want to share any form of ilicit data, you use regular mail and send a USB disk or an SD card.

This is quick and safe for the criminal, since the data can be easily encrypted beyond govermental decryption methods. Plus, it is easy to hide the data to start with. A regular letter with attached MicroSD that shows a Word document is all there is to be found. Run an "undelete" tool and gigabytes of files are revealed. Or just include a ZIP archive with a very long password.

And with this simple example I think I have shown how ridiculous it is to control the ENTIRE POPULATION and remove their privacy to find a few criminals who just use a more secure method.



Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf