[HN Gopher] Security Threat Model Review of the Apple Child Safe... ___________________________________________________________________ Security Threat Model Review of the Apple Child Safety Features [pdf] Author : sylens Score : 18 points Date : 2021-08-13 19:10 UTC (3 hours ago) (HTM) web link (www.apple.com) (TXT) w3m dump (www.apple.com) | magicloop wrote: | I think is this a good document and it also brings to the table | the threshold images count (around 30) and the alternate neural | hash they will keep private (to guard against adverserial images | trying to create a false positive on-device). | | FWIW, I actually did an amateur threat model analysis in a | comment in separate HN thread. I always thought this was called | for because the initial document set was just the mathematics, | not the people/process/implementation/policy risks and threat | model that was the source of widespread concerns. | sylens wrote: | I think this is the first time they have mentioned that you will | be able to compare the hash of the database on your device with a | hash published in their KB article. They also detailed that the | database is only the intersection of hash lists from two child | safety organizations under separate governmental jurisdictions. | | My immediate thought is that this could still be poisoned by Five | Eyes participants, and that it does not preclude state actors | forcing Apple to replicate this functionality for other purposes | (which would leave the integrity of the CSAM database alone, thus | not triggering the tripwire). | shuckles wrote: | It's pretty lonely over here in technical discussion land. Have | we considered Reuters's intern's take on this? ___________________________________________________________________ (page generated 2021-08-13 23:00 UTC)