Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There is zero AI classification involved, it’s a lookup vs hashes of known child porn images. You would need a hash collision, misidentified photo in the dataset, or legitimate use case to end up with a false positive.


Ok. Hashed-based image rec. Where are the hashes? Is the comparison done in my phone against a downloaded database, or is a hash of every image on my phone uploaded for comparison on a server? Could this program then be expanded to other classes of images? Animal abuse imagery? Terrorism? Hashes of known bomb-making instructions? How about people sharing illegal pdfs and text files? Will the MPAA be allowed to submit hashes of their copyrighted material? In short: What other warrantless government inspections of my files will Apple allow?


It’s done on Apple’s servers using your iCloud backups. For good or ill this lets people opt out by disabling iCloud.

I would hope most privacy conscious people disable iCloud, but that’s another story.


Most of the process is done on customer's devices.[1]

[1] https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...


I was answering this: “Is the comparison done in my phone against a downloaded database, or is a hash of every image on my phone uploaded for comparison on a server?”

To be clear each image, the image’s NeuralHash, and a visual derivative are uploaded to iPhoto. This allows for the inspection of the NeuralHash algorithm used which I actually prefer.

The phone isn’t downloading the hash database.


From that same page: "Apple further transforms this database into an unreadable set of hashes that is securely stored on users’ devices". The phone is downloading the hash database.


If apple really cares about security then those images in iCloud should be stored in an encrypted form that makes hash comparisons impossible. If they are hashing them then they have access to them in plaintext. If I used iCloud I would be more worried about the wider implications that creates.


iCloud needs to allow people to restore backups on a new iPhone after losing their old one.

You can setup secure encrypted backups, but the customer losing the key means losing the back so that’s not what consumer focused companies are going to do. In other words any backup service that doesn’t have big warnings that losing your key loses your backup means they can read your data.


https://blog.cryptographyengineering.com/2012/04/05/icloud-w...

"The mud puddle test: You don’t have to dig through Apple’s ToS to determine how they store their encryption keys. There’s a much simpler approach that I call the ‘mud puddle test’"


The article says that Apple calls this system neuralMatch. I'm not sure why that name gives you confidence that there is zero AI involved?


Also, we've seen more and more AI hardware being shipped built-in to phones.


I hope it's hash-based and not AI. Training that NN would be one of the worst jobs I could imagine, you're adding commercial value to child porn and all the misery it entailed.


They trained a neural net to perturb images. Not classify them.[1]

They did add a classifier to iMessage. But it's designed to prevent children seeing any sexually explicit images.[2] There wouldn't be a reason to train it on images of children specifically.

[1] https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...

[2] https://www.eff.org/deeplinks/2021/08/apples-plan-think-diff...


They are using AI techniques as part of perceptual hashing. In other words it’s trying to match files with specific images rather than abstract concepts.


I’m pretty sure you don’t know what you’re talking about. Perceptual matching is not image matching.

Perceptual matching is used to sort categories of images. A quick DuckDuckGo will turn up many results. No stretch of the imagination will turn this into a bit for a bit comparison. This is a machine learning algorithm used to categorize images. https://www.ibm.com/blogs/research/2019/10/learning-implicit...

Matthew Green is tweeting about this: https://twitter.com/matthew_d_green/status/14230711866160005... and mentions that it is "preceptial hashing”

9 to 5 Mac article, in which they restate that it is not a classical bit-by-bit hash:

https://9to5mac.com/2021/08/05/scanning-for-child-abuse-imag...


Perceptual hashing has a very specific meaning. It’s for verifying one file is directly related to a different file not an overall classification.

“Perceptual hashing is the use of an algorithm that produces a snippet or fingerprint of various forms of multimedia.[1][2] A perceptual hash is a type of locality-sensitive hash, which is analogous if features of the multimedia are similar.”

https://en.wikipedia.org/wiki/Perceptual_hashing

The goal is to verify a black and white copy of an image is identical to a colored original. Search algorithms want a similar thing so they can validate an image contains a blue car. However, a perceptual hashing algorithm must differentiate between different images containing a blue car while matching a photoshopped copy of the same image.


If they're using perceptual hashes, which they almost certainly are at least some of the time, then there's a huge space for false positives for each perceptual hash.


Don't worry, some poor traumatized souls will be tasked with reviewing visually all those positives. I hope they have good mental care.



It’s perceptual hashing not AI classification. “NeuralHash is a perceptual hashing function that maps images to numbers.”

The perceptual hashing is based on AI techniques. “The system computes these hashes by using an embedding network to produce image descriptors and then converting those descriptors to integers using a Hyperplane LSH (Locality Sensitivity Hashing) process.”

The difference is AI classification is based on defining something as say a “Cat” and then the AI spits some association with how cat like the image is. This extracts features from an image then compares lists of features to specific images.


It sure sounds a lot like AI to me. Saying its just hashes seems misleading to me.

From the PDF:

"The system generates NeuralHash in two steps. First, an image is passed into a convolutional neural network to generate an N-dimensional, floating-point descriptor. Second, the descriptor is passed through a hashing scheme to convert the N floating-point numbers to M bits. Here, M is much smaller than the number of bits needed to represent the N floating-point numbers. NeuralHash achieves this level of compression and preserves sufficient information about the image so that matches and lookups on image sets are still successful, and the compression meets the storage and transmission requirements.

The neural network that generates the descriptor is trained through a self-supervised training scheme. Images are perturbed with transformations that keep them perceptually identical to the original, creating an original/perturbed pair. The neural network is taught to generate descriptors that are close to one another for the original/perturbed pair. Similarly, the network is also taught to generate descriptors that are farther away from one another for an original/distractor pair. A distractor is any image that is not considered identical to the original. "


It’s closely related to AI, but it’s not image classification. The important thing is your trying to match specific files to hashes rather than features to an image so the output doesn’t need to be human readable.

Image classification on the other hand cares about if the image contains say a stop sign or a trash can. That’s useful for self driving cars etc.

Aka classification you might want to match two different bands playing the same song as identical. Where perception hashing would want them to be classified differently.


You are wrong. It is not a numerical Hash of the exact image.

It is a perceptual Hash of the images characteristics and perceived continent by the algorithm, that’s the “neural” in neuralmatch.

Apple, for yours has been building-in machine learning dedicated chips into their builds so this shouldn’t affect battery life.

Matthew Green is tweeting about this: https://twitter.com/matthew_d_green/status/14230711866160005... and mentions that it is "preceptial hasing"

9 to 5 Mac article, in which they restate that it is not a classical bit-by-bit hash:

https://9to5mac.com/2021/08/05/scanning-for-child-abuse-imag...


Zero AI involved? Simple hashes? Source needed. From what I read, you are making false claims.


The concern is less false positives, and more if the Chinese government tells Apple "find everyone who has this picture on their phone in Hong Kong"


The PhotoDNA platform doesn’t offer the participating organization raw photos, just hashes. The AI part is stitching photos with matching edges together, incase someone cropped them into different parts.

Again, Apple nor any company, have access to the source data, just hashes.


My point was that it can’t be “simple” hashes, as that is easy to defeat. I never said anything about Apple having the source images.


And they aren't going to act on a single hash collision. People who have these images likely aren't going to have one or two.

People can argue against this approach for privacy reasons, but I think the false positive argument is a relatively weak one.


There won’t be any collisions. It’s not a bit-for-bit Comparison. The algorithm uses machine learning to categorize images using perceptual match.

There will be many false positives, they will be reviewed by people. When there’s more than a few false positives, you will be investigated by the FBI.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: