![]() ![]() (From the report, it sounds like this scanning happens server-side, not on users' devices.) As Zack Whittaker summarized it in his excellent weekly security newsletter, "Using file hash surveillance, the messaging app takes a digital signature from files or photos it thinks are politically sensitive inside China and blocks those messages from going through to Chinese users." Millions of people who aren't living directly under China's thumb are unwittingly aiding in Chinese repression. Well, the venerable Citizen Lab in Toronto has just published a report about its research on WeChat, which discovered that WeChat is surveilling the messages sent by users outside China to train its censorship system for users inside China. ![]() I speculated that China would love an E2EE messaging system that incorporated client-side scanning and reporting, as it would further enable China's clampdown on speech. ![]() (WeChat is not E2EE.) Those messages are interdicted and censored they're never received by the intended recipient. The predictable result is surveillance and censorship, a chill on privacy and free speech." As an example, I pointed to Chinese app WeChat's prohibition on Chinese users from sending each other phrases and images the Chinese government has deemed verboten, such as "Tiananmen Square" and pictures of Winnie-the-Pooh. It would start with CSAM, but it would not stop there. My critique of this idea, last October, was: "There is no way in hell that Facebook or anyone else could introduce content moderation for end-to-end encrypted messaging without it inevitably sliding into abuse. How to keep finding that material as more and more communications become E2EE? One proposal is the client-side scanning idea: before the image is transmitted, while it's still on the sender's device, the app would take the image's hash value and compare it to a database of hash values of known CSAM if there's a match, that triggers a report to the provider for review. If what's being sent is CSAM, E2EE makes that harder for the service provider to detect. Facebook or Signal) cannot intelligibly read the text or images being transmitted only the "ends" of the conversation (the people communicating with each other) can do so. Seven months ago, I published this blog post about the idea of fighting child sexual abuse material (CSAM) in an end-to-end encrypted world through what's called "client-side scanning." Client-side scanning is a proposal for retaining the ability to detect CSAM on messaging systems where the messages are end-to-end encrypted. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |