Trusting Facebook with your sensitive data

#23
Left face ache over two months ago, my phone battery last over 24 hours now, :)
There are other sites I use that don't use data, tumbler is one , you even pick who or what you see
 
#24
Facebook wants your naked photos to stop revenge porn.

'Who will see my naked photo?

'Facebook's Global Head of Safety Antigone Davis told Newsbeat that photos will only be seen by "a very small group of about five specially trained reviewers".

'They'll give the photo a unique digital fingerprint - something called hashing.

'That code will then be stored on a database. If anyone else tries to upload the same photo, the code will be recognised and it'll be blocked before it appears on Facebook, Instagram and Messenger.

'The original photos will not be stored.'


Of course they won't, 'cos they'll get someone like Cambridge Analytica to do it for them. ;)
I’m going to send them this one and see what they make of it

BC8F63B5-B610-4188-B9B5-D771B22BC826.jpeg
 
#25
There is urban myth is was really set up by the CIA
I genuinely was shown this video on a course.

It made us chuckle, in a rather malevolent way.


@jinnandtonic

I tended to refer to FaceTube as "Operation Low hanging Fruit".

As with most data, the law of 4 V's is a problem with FaceTube. The volume and velocity of data can make it difficult to process into useful material. Especially when it is 'just' Wayne and Waynetta Slag screeching at either other.
 

Sarastro

LE
Kit Reviewer
Book Reviewer
#26
Planning to use hashing you say? MD5, SHA-1 and SHA-2 have all been broken. Moore’s Law about processing power suggests that anything Facebook can come up with will get broken sooner rather than later. Plus a repository of nude pics will becomes an excellent target for hackers to focus on. Simple answer, keep your pics to yourself or don’t take them in the first place.
This guy is worth following if you’re interested in security, blockchain etc.
https://www.linkedin.com/pulse/what-hashing-method-gas-slow-you-want-buchanan-obe-phd-fbcs
Er...not sure you understand an image hash. This isn't a password hash where the purpose is to provide a two-way translation - i.e. from string (e.g. the image) to hash (e.g. an alphanumeric sequence) and then back from hash to string. This is one-way translation, that only goes from string to hash and not back.

There's no point in having an image hash which is the same size as the original data. Almost all image hashes are only fractions of the original data. That can either be done by a reduction algorithm, which takes all the original data and reduces it to a smaller fingerprint, or by a sampling algorithm, which takes particular bits of the original data as a fingerprint. Each is used for different purposes, depending on the need: videos and illegal images often use sampling because the ability to ID particular frames or pixel areas throughout a video / image is more effective at identifying the file when someone has deliberately altered it to try and avoid detection.

Most images hashes are one-way translation: they don't need the ability to "reverse-engineer" the hash to re-create the original data. The purpose is simply to establish that when you take data A and run it through process B, the result is hash C. If data A = 1 for that, then you have identified the same image. It's also fairly easy, and plenty of algorithms do this, to combine this process with a one-way function (i.e. two prime numbers multiplied to make a very large number, that is trivial to calculate by multiplication but impossibly difficult to find the original two primes), for additional security.

Also when you say various algorithms have been broken, first you are talking about password hashes, and second that's like saying someone, somewhere in the world, has a key to a Yale lock. Yes, of course they have. That doesn't mean that your lock is vulnerable, because the keys are different. If basic public encryption principles are used (e.g. secure enough one way functions) then the fact that someone somewhere has broken a SHA-1 has doesn't necessarily make it any easier, less time consuming, nor effective to break.

@tommikka is correct that this is an automated way for people who know particular images have been compromised to be able to ban them en masse. Facebook are just taking an approach that law enforcement has used successfully for years. Agreed, I'm not sure I'd trust Facebook to do it well, but the request is not as insane as it seems at face value.
 
#27
@Sarastro

Facebook are probably trying to replicate the known hashfile system that enables bulk sorting of indecent imagery and national level webfiltering.

All indecent images are hashed, so when devices are seized and examined all the "known" images are detected and enumerated. Thus a quick search can reveal x number of images on the A-C scale (or the 1-5 scale when I last had anything to do with this).

URL's hosted such imagery can then be blocked at national ISP level.

Groups such as the below help to keep this off the net.

Homepage

As ever, such material can be reported and targeted via CEOP (a command with the NCA).

https://www.ceop.police.uk/safety-centre/

It does sound a good idea on a purely technical level to keep stuff off their platform. But, I re-watched Ghostbusters the other day, and obviously when you keep the ghosts in a vault in the basement - someone can always let them out.....
 

Sarastro

LE
Kit Reviewer
Book Reviewer
#28
@Sarastro

Facebook are probably trying to replicate the known hashfile system that enables bulk sorting of indecent imagery and national level webfiltering.
Indeed. Their request is actually an interesting unintentional leak that the cooperation one might assume happens or has happened between law enforcement and large social media companies like Facebook and Google, so that they have access to the national hash databases rather than having to build their own, is not or no longer happening...
 
#29
Indeed. Their request is actually an interesting unintentional leak that the cooperation one might assume happens or has happened between law enforcement and large social media companies like Facebook and Google, so that they have access to the national hash databases rather than having to build their own, is not or no longer happening...
I rather assume that post-Snowden, social media companies have stopped being as helpful as they may have been to law enforcement.

It is interesting* to read the transparency data and Mutual Legal Treaty Assistance data published.

Transparency

But voluntary co-operation must be a bit more tricky now, for solely political and presentational purposes.

*I just realised how nerdy I sound.

If you are a intermediate stage geek, can I recommend OONI which is a crowd sourced censorship detection project. Built by the nice people who brought you TOR.

It is funny to read what websites are banned in countries. You can tell a lot about people by what they don't want you to read. Sometimes perhaps justifiable, sometimes hysterically funny.

I got red-carded during a demonstration for jotting down the URL of a lesbian wrestling site. It's not like I was going to the website on work time.
 

Sarastro

LE
Kit Reviewer
Book Reviewer
#30
If you are a intermediate stage geek, can I recommend OONI which is a crowd sourced censorship detection project. Built by the nice people who brought you TOR.
You know exactly what stage geek I am. Or at least, you should do. Glad to see someone was listening to the 4Vs thing, even if it wasn't the students!
 
#31
You know exactly what stage geek I am. Or at least, you should do. Glad to see someone was listening to the 4Vs thing, even if it wasn't the students!
It was more a rhetorical device for the audience!
 
#32
Whiffs of tokenism: only works in terms of particular images and not even always if those images have been manipulated.

So yes can be of use but suspect it is more being seen to do something rather than overall effectiveness.

Rather like Governments then.
 
#33
Whiffs of tokenism: only works in terms of particular images and not even always if those images have been manipulated.

So yes can be of use but suspect it is more being seen to do something rather than overall effectiveness.

Rather like Governments then.
Well, but the same is true of signature based malware detection.

If the malware is known, it is blocked.

New or polymorphic (ie, changing signature) malware is not detected.
 

Similar threads

Latest Threads

Top