[HN Gopher] Security Threat Model Review of the Apple Child Safe...
___________________________________________________________________
Security Threat Model Review of the Apple Child Safety Features
[pdf]
Author : sylens
Score : 18 points
Date : 2021-08-13 19:10 UTC (3 hours ago)
(HTM) web link (www.apple.com)
(TXT) w3m dump (www.apple.com)
| magicloop wrote:
| I think is this a good document and it also brings to the table
| the threshold images count (around 30) and the alternate neural
| hash they will keep private (to guard against adverserial images
| trying to create a false positive on-device).
|
| FWIW, I actually did an amateur threat model analysis in a
| comment in separate HN thread. I always thought this was called
| for because the initial document set was just the mathematics,
| not the people/process/implementation/policy risks and threat
| model that was the source of widespread concerns.
| sylens wrote:
| I think this is the first time they have mentioned that you will
| be able to compare the hash of the database on your device with a
| hash published in their KB article. They also detailed that the
| database is only the intersection of hash lists from two child
| safety organizations under separate governmental jurisdictions.
|
| My immediate thought is that this could still be poisoned by Five
| Eyes participants, and that it does not preclude state actors
| forcing Apple to replicate this functionality for other purposes
| (which would leave the integrity of the CSAM database alone, thus
| not triggering the tripwire).
| shuckles wrote:
| It's pretty lonely over here in technical discussion land. Have
| we considered Reuters's intern's take on this?
___________________________________________________________________
(page generated 2021-08-13 23:00 UTC)