Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The private set intersection is part of the protocol to shield Apple (and their database providers) from accountability, not to protect the users privacy.

They could instead send the list of hashes to the device (which they already must trust is faithfully computing the local hash) and just let the device report when there are hits. It would be much more CPU and bandwidth efficient, too.

The PSI serves the purpose that if Apple starts sending out hashes for popular lawful images connected to particular religions, ethnicity, or political ideologies that it is information theoretically impossible for anyone to detect the abuse. It also makes it impossible to tell if different users are being tested against different lists, e.g. if Thai users were being tested against political cartoons that insult the king.



The list of hashes is confidential. Good luck getting NCMEC to sign off on an implementation which lets clients infer which photos are matching their database.

The database is embedded into iOS. There are at least three primary sources which say that users will not receive different databases, and it should be easily confirmed.


I am well aware but that is exactly the point. If Apple can't provide an accountable implementation they should not implement this at all. This should be table stakes that all users should demand, at a minimum.

Otherwise there is no way to detect if the system is abused to target lawful activities.

The fancy crypto in the system isn't there to protect the user, it's to guard the system's implementer(s) against accountability. It protects Apple's privacy, not yours.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: