First I’ve heard of StopNCII… what’s to stop it from being abused to remove (say) images of police brutality or anything else states or “participating companies” don’t want to be seen?
Literally nothing. It will be applied more nefariously after it’s been proven capable.
You guys are all acting like this “technology” is new lol. It’s the exact same way that all of the big companies detect CSAM - they have databases of hashes of known CSAM images, and every time you upload a file to their servers they hash your image and compare it to their database. If your uploads get a few matches, they flag your account for manual investigation.
All this is doing is applying the same process for other types of images - non consensual intimate images, or “revenge porn” as it’s more commonly known.
CSAM has systems in place to prevent abuse in the way you mention, as it uses databases managed by separate companies all over the world, and it has to match on multiple databases precisely to stop it from being abused that way. I would assume this is the same.
Their policy to not be evil.
The one they dropped years ago?
Thats the one!
Yes, I, too, understood the point of the comment.
Ah yes—the only known force weaker than gravity.
Where do internal investigations fall?
So anyone care to expound on this?
I know hash marks are a one way communication video games made you use to combat pirating. I do not think they should be allowed to force you to do such things for video game unlocking but I am sure they have gotten worse not better.
With the caveat that I haven’t read how google is implementing this I can provide some high level context on how hashes work from a security perspective.
Anyone else feel free to correct anything I get wrong here.
So, once upon a time someone came up with something called md5 for encrypting things. This didn’t end up being a very effective way of encrypting files, but people did find that encrypting files this way was a great way to predictably create a value that would be unique to that specific file.
So if you take an md5 hash of a .txt files with “goat testicles” in it, called goats.txt, and someone sends you a file called goats.txt, you should be able to take an md5 hash of the file before opening it, and if they match up they’re the same file. If someone adds a “z” to the end of goats.txt the md5 hash will change so you’ll know it’s not the same file.
Becaue hashes are known to work great with images 🤦♂️
They say to use PDQ for images which should output a similar hash for similar images (but why MD5 for video ?). So probably it is only a threshold problem.
The algorithm is explained herehttps://raw.githubusercontent.com/facebook/ThreatExchange/main/hashing/hashing.pdf
it is not an hash in the cryptographic sense.
There was a github thread about this when it came up for CSAM, they managed to easily circumvent it. I’m rather confident this will end up similarly
🤔🫣
