Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The files that iCloud Photos stores are encrypted to your account and Apple can't access them. Apple scans the images on your phone so that this can continue to be the case, but they're doing a perceptual match - i.e. determining if this image looks like a modified version of the original image (e.g. if it's just been resized or re-encoded or something).

This way Apple can scan for CSAM without having to actually violate privacy by scanning a user's images themselves.



> The files that iCloud Photos stores are encrypted to your account and Apple can't access them.

This is false[1]. Apple can decrypt them, and they can decrypt them and send them to law enforcement should they get subpoenas. They're encrypted at rest with keys that Apple has.

[1] https://www.bbc.com/news/technology-51207744


This article is about iCloud backups. It doesn't say either way whether or not iCloud Photos are encrypted.


Apple’s website clearly states what components are e2e encrypted. iCloud photos is not one of them:

https://support.apple.com/en-us/HT202303


I recall a court case where a police officer was convicted of possessing CSAM on his computer. The files were encrypted so the prosecution was not able to view them, but they were able to demonstrate that the encrypted files contained known images, I believe by encrypting a known image with the same public key and demonstrating that the result was binary identical. Obviously this wouldn't work except for unmodified files including cropping, scaling and editing metadata.


Interesting. Can you link to the case?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: