1. 14

  2. 5

    One thing that hasn’t been mentioned is that moving scanning to endpoints makes it technically voluntary. Clients can choose not to scan images, or report fake images for scanning. Effectiveness of this depends on abusers using unmodified software with the scanning built-in.

    1. 3

      Clients can choose not to scan images, or report fake images for scanning.

      I don’t think this is necessarily true. The network could refuse to facilitate a data transfer (i.e. message exchange) unless you can prove (presumably without revealing the message) that the message has been the subject of some multiparty computation. I believe (in a very handwavy way) that this to be feasible with known algorithms.

    2. 5

      I have to say, reading this post was pretty cathartic; about five years ago I brought up the general idea (classifying encrypted images) to a software engineer friend of mine over drinks and he became extremely agitated that it was simply impossible on a mathematical level. Started condescending to me that I didn’t understand encryption and all that. Truly an immensely frustrating experience which damaged my enthusiasm for interacting with other software engineers in general.

      Software engineers like to put themselves in the shoes of the expert tasked by idiots with drawing seven mutually perpendicular lines[0], but really they’ve just never considered spaces with more than two dimensions.

      [0] https://youtu.be/BKorP55Aqvg

      1. 3

        Your friend is wrong that it is mathematically impossible. I’m not terribly surprised that they didn’t know about homomorphic encryption, or that they didn’t know that they didn’t know ;)

        I studied it a little, but the takeaway was that this was interesting but currently useless, like quantum computing.

        That may be changing, though: https://juliacomputing.com/blog/2019/11/22/encrypted-machine-learning.html

        1. 2

          You may have seen (D. Scott Williamson, Expert)[0]. This is very much what this comment reminds me of. Many experts are somewhat expert, but really have not gone all that deep or wide, especially in software engineering.

          [0] https://www.youtube.com/watch?v=B7MIJP90biM