Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
graemep 2 days ago

What apps can access can be restricted by the OS.

All you need to do to avoid it would be to encrypt outside the app, something most people would not bother to do, but criminals would be motivated to do.

skeezyboy 2 days ago | parent [-]

whats that got to do with whatsapp scanning the photo youre about to send?

ivan_gammel 2 days ago | parent [-]

1. Client-side scanning of the content that is externally encrypted is impossible. So if you are a criminal, you just don't share the photo, you share the encrypted file to circumvent this restriction.

2. Reliable client-side scanning of images is impossible (you cannot download illegal content to client devices for exact matches, so it will be only signatures and collisions are possible), so there will be false positives that will be reported, which will inevitably result in violation of privacy, possibly persecution etc.

skeezyboy 2 days ago | parent [-]

1. Of course its possible, youd just get back encrypted data. This doesnt make it impossible

2. You mean "Reliable classification of client-side scanned images is impossible", although you dont actually define reliable. This is besides the point, Im not talking about the actually feasibility of this on a political level, Im asserting a specific technical point that client-side scanning is 100% possible for e2e apps

ivan_gammel 2 days ago | parent | next [-]

That specific technical point is trivial and is not worth discussing it. Of course you can „scan“ a data stream, but what’s the point if it doesn’t yield any meaningful results?

The only acceptable scanning process here is the one that produces only true positives, no collateral damage. This is what I call reliable.

skeezyboy a day ago | parent [-]

> The only acceptable scanning process here is the one that produces only true positives, no collateral damage. This is what I call reliable.

well then reliability is impossible, you must accept errors

ivan_gammel a day ago | parent [-]

> well then reliability is impossible, you must accept errors

Nobody should accept errors. Client-side scanning simply must not happen. It’s mathematically dumb idea.

fluoridation 2 days ago | parent | prev [-]

1. If the client application is hashing ciphertext, its hash will not match any known offending hashes, even if the plaintext is a known file.

I don't understand why someone would go through the trouble of using WhatApp to pass around separately-encrypted files instead of using anything else, though.

2. It's also "technically possible" to do the scanning server-side, on the encrypted stream, and flag anything that by chance matches a known hash.