Privacy

34218 readers

1265 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

771

Apple opts everyone into having their Photos analyzed by AI (www.theregister.com)

submitted 1 month ago by [email protected] to c/[email protected]

182 comments fedilink hide all child comments

I have never liked Apple and lately even less. F.... US monopolies

you are viewing a single comment's thread
view the rest of the comments

[–] deranger 13 points 1 month ago* (last edited 1 month ago) (34 children)

It's not data harvesting if it works as claimed. The data is sent encrypted and not decrypted by the remote system performing the analysis.

From the link:

Put simply: You take a photo; your Mac or iThing locally outlines what it thinks is a landmark or place of interest in the snap; it homomorphically encrypts a representation of that portion of the image in a way that can be analyzed without being decrypted; it sends the encrypted data to a remote server to do that analysis, so that the landmark can be identified from a big database of places; and it receives the suggested location again in encrypted form that it alone can decipher.

If it all works as claimed, and there are no side-channels or other leaks, Apple can't see what's in your photos, neither the image data nor the looked-up label.

[–] [email protected] 8 points 1 month ago* (last edited 1 month ago) (14 children)

Wait, what?

So you take a pic, it's analysed, the analysis is encrypted, encrypted data is sent to a server that can deconstruct encrypted data to match known elements in a database, and return a result, encrypted, back to you?

Doesn't this sort of bypass the whole point of encryption in the first place?

Edit: Wow! Thanks everyone for the responses. I've found a new rabbit hole to explore!

[–] deranger 5 points 1 month ago* (last edited 1 month ago) (5 children)

I'm not pretending to understand how homomorphic encryption works or how it fits into this system, but here's something from the article.

With some server optimization metadata and the help of Apple's private nearest neighbor search (PNNS), the relevant Apple server shard receives a homomorphically-encrypted embedding from the device, and performs the aforementioned encrypted computations on that data to find a landmark match from a database and return the result to the client device without providing identifying information to Apple nor its OHTTP partner Cloudflare.

There's a more technical write up here. It appears the final match is happening on device, not on the server.

The client decrypts the reply to its PNNS query, which may contain multiple candidate landmarks. A specialized, lightweight on-device reranking model then predicts the best candidate by using high-level multimodal feature descriptors, including visual similarity scores; locally stored geo-signals; popularity; and index coverage of landmarks (to debias candidate overweighting). When the model has identified the match, the photo’s local metadata is updated with the landmark label, and the user can easily find the photo when searching their device for the landmark’s name.

[–] 31337 4 points 1 month ago* (last edited 1 month ago)

That's really cool (not the auto opt-in thing). If I understand correctly, that system looks like it offers pretty strong theoretical privacy guarantees (assuming their closed-source client software works as they say, with sending fake queries and all that for differential privacy). If the backend doesn't work like they say, they could infer what landmark is in an image when finding the approximate minimum distance to embeddings in their DB, but with the fake queries they can't be sure which one is real. They can't see the actual image either way as long as the "128-bit post-quantum" encryption algorithm doesn't have any vulnerabilies (and the closed source software works as described).

load more comments (4 replies)

load more comments (12 replies)

load more comments (31 replies)