Last year, Apple introduced a mechanism to identify landmarks and places of interest in images stored in the Photos app on customers’ iOS and macOS devices, apparently enabled by default without explicit consent. did.
Apple’s customers are only just beginning to realize.
The feature, known as Enhanced Visual Search, was called out last week by software developer Jeff Johnson, citing Apple’s lack of explanation about the technology, which is believed to have been introduced in iOS 18.1 and macOS 15.1 in October. , expressed their concerns in two articles. 28, 2024.
In a policy document dated November 18, 2024 (which will not be indexed by the Internet Archive’s Wayback Machine until December 28, 2024, the date of Johnson’s original article), Apple announced that this feature It is explained as follows:
Apple described the technology in a technical document published on October 24, 2024, around the time that Enhanced Visual Search is believed to have debuted. A local machine learning model analyzes photos to look for “areas of interest” that may depict landmarks. When the AI model finds a likely match, it calculates a vector embedding (an array of numbers) that represents that part of the image.
The device then scrambles the embedding using homomorphic encryption, allowing it to be run through carefully designed algorithms that produce a similarly encrypted output. The goal here is to be able to send encrypted data to a remote system for analysis without the person operating the system knowing what’s in the data. They just have the ability to perform calculations on it, and the results remain encrypted. It is claimed that inputs and outputs are encrypted end-to-end and are not decrypted during mathematical operations.
The dimensionality and precision of the embeddings are designed to reduce the high computational demands (possibly at the expense of labeling accuracy) of this homomorphic encryption in order to “meet the latency and cost requirements of large-scale production services.” It has been adjusted. In other words, Apple wants to minimize cloud computing costs and mobile device resource usage for this free feature.
With the help of server-optimized metadata and Apple’s Private Nearest Neighbor Search (PNNS), the relevant Apple server shard receives the homomorphically encrypted embedding from the device and performs the aforementioned encrypted embedding on its data. Perform calculations to find landmark matches from the database. Returns results to client devices without providing any identifying information to Apple or its OHTTP partner Cloudflare.
Therefore, Apple unilaterally analyzes image details (on a purely visual basis, without using location data) and creates values associated with potential landmarks in each photo. We started running people’s photos through machine learning algorithms running locally. That value is then used on a remote server to check an index of such values stored on Apple servers and label within each snap the landmarks and locations found in Apple’s database.
More simply, you take a photo. Your Mac or iThing will locally snap an overview of what it thinks are landmarks or places of interest. Homomorphically encrypts the representation of that part of the image in a way that can be analyzed without decrypting it. It sends encrypted data to a remote server for analysis, allowing landmarks to be identified from a large database of locations. They then receive the suggested location again in an encrypted format that only they can decipher.
If everything works as claimed and there are no side channels or other leaks, Apple can’t see what’s in your photos, neither image data nor searched labels.
Apple claims that this homomorphic encryption, along with so-called differential privacy (a method of protecting the privacy of the people whose data is included in a data set), eliminates potential privacy issues.
“Apple is (in theory) thoughtful about doing this in a way that protects privacy, but I don’t think the company is living up to that ideal here,” said software developer Michael. Tsai said in an analysis shared on Wednesday. “Not only is it not an opt-in, but if you start uploading metadata about your photos before you use the search feature, you cannot effectively opt out. Even if you have already opted out of photo uploads, this ” iCloud. ”
Tsai argued that Apple’s approach is even less private than the abandoned CSAM scanning plan, saying, “It applies to photos outside of iCloud, and it removes information about all photos, not just those with questionable neural hashes.” It claims to be for uploading.
Nevertheless, Tsai acknowledged Apple’s claims that data processed in this way is encrypted and disassociated from a user’s account or IP address.
While there is no evidence to support Apple’s privacy claims at this time, the community’s concerns revolve around the way Apple has implemented this technology.
Matthew Green, an associate professor of computer science at Johns Hopkins University’s Information Security Institute in the US, said: “When I found out about the service two days before New Year’s and found out that it was already enabled on my phone, I was shocked. , it’s very frustrating.”
Apple gives fans a delete button for The Sweetest Thing: U2 album
flashback
The Register reached out to Apple for comment, but as usual, Apple has not responded. We recognize that lack of communication is the essence of community dissatisfaction.
“My objection to Apple’s Enhanced Visual Search is not a technical detail that is difficult for most users to evaluate, but rather the fact that Apple took the choice out of my hands and enabled an online service by default.” said Johnson. His second post.
He told The Register that it’s unclear whether any photo library data/metadata will be uploaded before disabling the opt-out setting.
“I don’t think anyone knows, and Apple hasn’t said it,” Johnson said. ®
