this post was submitted on 05 Jan 2025
794 points (97.5% liked)
Privacy
32649 readers
313 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Wait, what?
So you take a pic, it's analysed, the analysis is encrypted, encrypted data is sent to a server that can deconstruct encrypted data to match known elements in a database, and return a result, encrypted, back to you?
Doesn't this sort of bypass the whole point of encryption in the first place?
Edit: Wow! Thanks everyone for the responses. I've found a new rabbit hole to explore!
No, homomorphic encryption allows a 3rd party to perform operations on encrypted data without decrypting it. The resulting answer is in encrypted form and can only be decrypted by whoever has the key.
Extremely oversimplified example:
Say you have a service that converts dollar amounts to euros using the latest exchange rate. You send the amount in dollars, it multiplies by the exchange rate and then returns the euro amount.
Now, let’s assume the clients of this service do not want to disclose the amounts they are converting. What they could do is pick a large random number and multiply the amount by this number. The conversion service multiplies this by the exchange rate and returns the ridiculously large number back. Then you divide thet number by the random number you picked and you have converted dollars to euros without the service ever knowing the actual amount.
Of course the reality is much more complicated than that but the idea is the same: you can perform operations on data in its encrypted form and now know what the data is nor the decrypted result of the operation.
So homomorphic encryption means the server can compute on the data without actually knowing what's in it. It's counter-intuitive but better not think about it as encryption/decryption/encryption precisely because the data is NOT decrypted on the server. It's sent there, computed on, then a result is sent back.
Wait, it's called homomorphic encryption? All we'd have to do is tell MAGAs that Tim Apple just started using homomorphic encryption with all the iphones and the homophobic backlash would cause Apple to walk this back within a week.
I'm only half joking.
It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.
I don't think so, at least assuming the scheme isn't actually broken... but then arguably that would also have far reaching consequence for encryption more broadly, depending on what scheme the implementation would be relying on.
The whole point is precisely that one can compute without "leaks".
Edit: they are relying on Brakerski-Fan-Vercauteren (BFV) HE scheme, cf https://machinelearning.apple.com/research/homomorphic-encryption
IIRC, for this kind of guarantee, you need a CCA(Chosen-ciphertext attack)-security. I dunno if this scheme satisfies such a security.
Dunno either, funnily enough skimming through https://eprint.iacr.org/2012/144 I noticed authors are from KUL https://www.esat.kuleuven.be/
Why do I say "funnily enough" is because, just like with e.g. IMEC for chips, some of the foundation of modern technology, comes from the tiny and usually disregarded country of Belgium.
I'm not pretending to understand how homomorphic encryption works or how it fits into this system, but here's something from the article.
There's a more technical write up here. It appears the final match is happening on device, not on the server.
That's really cool (not the auto opt-in thing). If I understand correctly, that system looks like it offers pretty strong theoretical privacy guarantees (assuming their closed-source client software works as they say, with sending fake queries and all that for differential privacy). If the backend doesn't work like they say, they could infer what landmark is in an image when finding the approximate minimum distance to embeddings in their DB, but with the fake queries they can't be sure which one is real. They can't see the actual image either way as long as the "128-bit post-quantum" encryption algorithm doesn't have any vulnerabilies (and the closed source software works as described).
...and other sciencey-sounding technobabble that would make Geordi LaForge blush. Better reverse the polarity before the dilithium crystals fall out of alignment!
Heh though that’s all legit right?
That's the point. It's a list of words that may or may not mean something and I can't make an assessment on whether or not it's bullshit. It's coming from Apple, though, and it's about privacy, which is not good for credibility.
I don't know what a geo-signal is, but everything else listed there makes perfect sense given the context.
Maybe they "encrypt" it in jpg? XD