https://x.com/babadookspinoza/status/1802442068125516148

  • git [he/him, comrade/them]
    ·
    5 months ago

    This was a form of attack against Apple's on-device CSAM detection that they scrapped, so it's been possible for a while.

    • Neural hash collider: https://github.com/anishathalye/neural-hash-collider
    • Example collision: https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX/issues/1
    • Script to generate collisions: https://gist.github.com/unrealwill/c480371c3a4bf3abb29856c29197c0be
    • Tainting the client side CSAM database: https://blog.xot.nl/2023/10/11/tainting-the-csam-client-side-scanning-database/index.html
    • TrudeauCastroson [he/him]
      ·
      edit-2
      5 months ago

      Edit: wow I didn't realize md5 matching a picture was that easy, looks like you can make any image look enough like that twitter-deboonked one to generate a fake match. How has no one done this yet.

      Thanks for the links, it's pretty interesting stuff I haven't kept up with for a while.

      I didn't hear about that potential apple attack, I wonder if you could generate a collision with a pic that looks close enough to the twitter image they auto-deboonk and a pic that's completely unrelated, got twitter to add your new similar image to the auto-deboonker, and then troll on twitter by posting the unrelated image.

      That'd be similar to that apple attack you linked, but it depends on how twitter auto-deboonking works and how easy you could get them to add a similar-but-different pic to their deboonker database.