View Single Post
Old 08 November 2017, 11:15 AM
Richard W's Avatar
Richard W Richard W is offline
Join Date: 19 February 2000
Location: High Wycombe, UK
Posts: 26,403

Yes, I agree that "hash" in the strict sense is the wrong word, but it's the word the article used.

I guess that if it's going to work, it would have to work on some ratio between identifiable points on the specific photo that's sent in, that won't alter even if all the colours are changed or it's resized or rotated or whatever. Face recognition works in a similar way. You could call the resulting number a hash but it wouldn't be the traditional sort. And I'm sure it would still be possible to get round it with a bit of experimentation to work out what they were looking at.

They're not trying to identify nude photos in general, ganzfeld - the idea is that it would block the specific nude photos they'd been sent. They also wouldn't (at least, in their ideal world) be keeping the photos themselves, UEL, although obviously that is an issue in itself since the "ideal" there is one that's easily broken...! A data breach under those circumstances would be embarrassing for Facebook because it would be presented as "Facebook loses customers' nude photo data!!!!!" but it wouldn't actually contain the nude photos, or any way to recreate them, in itself. The distinction always gets lost, though; whenever there's a data breach at a retailer the news reports always make a big deal of "credit card data!!!" even though, except in the most egregious cases (Lush a few years ago, for one) there's no usable data or card numbers in there, assuming the company complies with the regulations and common sense standards. It's the idea of it that worries people.

The last company I worked for held secure customer data (not credit card numbers; we were PCI compliant and not stupid), and although most employees aren't meant to have access to the customer data and purchase records and so on, there are plenty that need them in specific cases, for example support staff and even developers who are trying to reproduce an issue that's only been seen on one specific order. Ideally support can identify the feature of the customer or order that caused the problem and send dummy data to the developer that also causes the issue, but sometimes (read: often because they don't always know how to and can be quite lazy - or busy, being charitable) that's not possible and it's easier and quicker for the developer just to use the actual data itself.

Anyway, the possible ease of getting round it is not the first of the problems I can see with the idea, and even Facebook employees hijacking the data, or a data breach, isn't the extent of it! What about third parties taking advantage of the idea to harvest photos through a fake submission service? What about the bizarre idea that it would normalise having to send nude photos of yourself to organisations, in order to avoid being blamed when they display the same photos against your will?

Last edited by Richard W; 08 November 2017 at 11:27 AM.
Reply With Quote