Slashdot Mirror
Google Spots Explicit Images of a Child In Man's Email, Tips Off Police
mrspoonsi writes with this story about a tip sent to police by Google after scanning a users email. A Houston man has been arrested after Google sent a tip to the National Center for Missing and Exploited Children saying the man had explicit images of a child in his email, according to Houston police. The man was a registered sex offender, convicted of sexually assaulting a child in 1994, reports Tim Wetzel at KHOU Channel 11 News in Houston. "He was keeping it inside of his email. I can't see that information, I can't see that photo, but Google can," Detective David Nettles of the Houston Metro Internet Crimes Against Children Taskforce told Channel 11. After Google reportedly tipped off the National Center for Missing and Exploited Children, the Center alerted police, which used the information to get a warrant.
The great things google can offer, 1984 saves the children!
(Yes it's good that pedophiles get hurt - But there is a very very bad precedent here...)
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I would have gotten first post, but I needed to delete some emails...
This is chilling, not for pedophiles, fuck them, but for the average citizen. While, I absolutely believe it's google's job to report illegal activity they accidentally uncover to the police, this appears google is actively searching your e-mails for things to forward to the police, and that's a chilling thought for free speech, freedom, and prevention of abuse of power.
I don't want ANYONE looking in my email and I don't want to require my friends and email to have to set up security just to read emails from me. What's the best email service offering end-to-end encryption?
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
How does Google do this for one person? If they suddenly started scanning images for this, you think they would uncover a few thousand people at a time. Are we supposed to believe that they specially targeted him, or that he is the only person to ever send naked pictures of children through gmail?
Troll is not a replacement for I disagree.
Both to the pedophile and to the illusion of privacy people had when using Gmail.
(They have an obligation to report child porn if they find it, but they don't have an obligation to look. My suspicion is Google is not happy about what happened.)
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Bet that it was the NSA that tipped Google, that tipped Huston PD.
Agreed. Even good outcomes do not justify bad behaviour. We should not be happy that Google is perusing the content of our E-mail with anything but automated tools (for advertising, etc.)
An automated tool probably flagged the image, hopeful it wasn't simply probable nudity but probable nudity combined with some other alert, maybe something in the body of the text. Humans probably only review flagged images. The system is working as google has always intended, go read the terms of use. Working with local law enforcement when google deems it appropriate or legally required probably falls under what you refer to as "etc".
I can't agree more. I think more people should be up in arms over what Google has just done. I'm also sure someone is going to point out that in Google terms of service has some type of clause in it that states that they can search your emails and do anything they want to with them. I personally think Google has crossed the line. I'm not sure when Google went from being a corporation to being in law enforcement, but this really seems to me to be a very bad precedent.
This is type of search to me is how United States government has done an end run around the fourth amendment. All law enforcement has to do now is ask companies like Google, Facebook, Microsoft, or Yahoo to do searches and report back.
All I can say is "Fuck You Google!!"
Gmail allows for dot address matching. This is a *huge* problem that has never been addressed.
Apparently my first letter, last name gmail address happens to be pretty popular. So popular, I receive emails from at least 5 other people in my inbox. One from PA, another one in Florida, still another in New Zealand... I could go on and on, but you get the idea. Apparently, this seems to happen a bit to people.
Sadly, Google has no fix for it, no way to get it to stop. Their support address and site are useless, imho.
I have since moved all of my email off to my own domain and mail services not controlled by Google. I still keep the account open and forwarding to my new email address, so I still get their email, too. I do what I can to minimize problems by auto-deleting everything that hits my inbox that's obviously not for me.
Stories like this scare the shit out of me because, at any time, if one of those people I happen to receive email for suddenly decides to go into full-creep mode, I could be put in prison for a very, very long time. Not for anything that I have done, but for how gmail has been setup to allow for this.
Shouldn't two persons have been arrested? ie. both the sender and the receiver of the emails?
You find your own anatomy disgusting? How do you live with yourself?
Microsoft has something called PhotoDNA which scours Bing, Outlook, etc. for child porn. I believe they also make it available to other companies. In fact, given the difficulty of getting images to train on, I wouldn't be surprised if Google was using Microsoft's PhotoDNA technology.
This implies *much* more than the simple scanning of email and image recognition. After all, is Google also reporting innocent pictures people take of their babies in, e.g., the bathtub to send to daddy while he's in China on a business trip? Or is it more likely that Google knew the guy was a sex offender and targeted the scanning of his email specifically?
--Jim (me)
With legal (or cracked) access to anyone's email account (sex offender or not) lets see how easy it is to plant evidence.
1. Access account, add a folder or label (preferably hidden buy being buried in default sort order or under another folder).
2. Set filter with obscure rule to automatically route certain emails to said folder.
3. Send "illicit" or "evidentiary" messages that match said filter. These can be sent from self or whatever generated entity seems appropriate.
4. Access account again from various public IP addresses (or from target's own wifi). Read already read email, plus messages in target folder.
5. Remove filter. Have Google 'find' the evidence. Arrest wrongdoer.
This is not that far fetched. The chain of evidence doe not prove that the target is guilty, but can be made to look enough like it to convince a judge or jury. From the vantage of Google or a jury, it looks as though the subject sent or had sent, expected, and read the messages.
Just about anyone here could do this with the creds to an account - which in most situations are not terribly hard to garner.
Before you say you would notice the folder in your account, think of this. I have over 100 folders in my email account, some rarely opened, and never all visible on the screen. I wouldn't have noticed - but I may have enough knowledge to fight - a little anyway. How about a novice, when a folder named 'Archived Messages' appears. Would he/she even think twice?
I did not RTFA, but I know google uses their image search algos for blocking known child porn sites. It is not a hard step to run that against email messages. How about when the NSA/CIA/FBI tells google (via a NSL) scan all messages for x terms. How about when said terms are sent to and from hacked accounts as a matter of course?
It is important to realize that absolutely no communication that is unencrypted is private, but how about whe forged open communications can make you a criminal?
Silence is a state of mime.
If they can do this for this cause, they can do this for any cause, or for no cause at all.
I can't say I am surprised.
I thought Google has said for years that it can't automatically identify copyrighted material and is therefore legally exempt from being required to block objectionable material. But now that it appears their algorithms can search email images and make the determination, then it proves Google is now capable of identifying pretty much anything, correct? Wow, this is going to open them up to a ton of liability!
Read the fucking article. NCMEC identifies the content, they give their list of hashes to Google.
Were they really snooping around this guy's email for no reason or do they check your attachments against a list of hashes of known child porn?
RTFA....
The Google rep said:
The U.S. Justice Department is almost certainly giving Google the MD5 tags of the images they have in their child pornography database and those of new images that are discovered by law enforcement, and Google is using them to identify such images in web pages they index and in the e-mails and report it to law enforcement. They do maintain one, you know.
It's really quite a simple choice: Life, Death, or Los Angeles.
Why can't they just remove the sexual areas of pedophile brains rather than jail them for 20 years (as an option)? Often they are otherwise normal people who abide by the law, show up to work on time, and pay taxes. Their craving is very specific such as to be relatively easy to "short circuit".
As a tax-payer, it would probably be cheaper to snip around in their brain than house them for 20 years.
Table-ized A.I.
- You sir didn't mention your favourite meal in your emails for a while. What's changed? Don't you like steak any more? Would you like to see some adverts for burgers instead?
- Hey! You can't invade my privacy like that!
- Wait a minute! What did you say? Privacy? Boys! This guy hates children and he's probably a paedo too!
- No, no! Wait! That's not what I...
- And he probably hates charity! See? That's why we need those snooping laws! To stop pervs like this one! Who's with me? Who's with me?!
- This is madness! I know my rights and I...
- We cut off this man's internet access so that he can't spread his filthy evil lies any more. Freedom triumphs again! America! This is a real proof that democracy works! Now, go write about this in the papers for those who are not up to date with the latest propaganda dissemination services.
Suddenly I could care less if Tor usage invites gov't scrutiny.
Then you're anti-freedom and have no business living in any free country. The desire to sacrifice fundamental freedom and privacy for safety makes you no better than those who support the TSA, the NSA's mass surveillance, etc.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Just my thoughts. This person was carefully selected from a long list to make sure nobody has any sympathy with him. Of course the law-enforcement "success" here is completely insignificant in comparison to what was done to the public to achieve it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
What about false positives? We know hash collisions are a thing. If they find a positive, do they actually check it out? do they compare metadata? Like, hash matches, but the size and filename are wrong.
I'd hate to get some random binary blob(zip, mp3, etc.) emailed to me only to have Google flag it because it matches some kiddy porn.
Non impediti ratione cogitationus.
Comment removed based on user account deletion
So the copyright owners could just easily give them hashes...
Comment removed based on user account deletion
I ordered flowers and candy for the wife, but not much else. OTOH, I do discuss politics with friends via e-mail. It concerns me that the IRS could simply ask Google to inform them who discusses X issues in e-mail and then start the audits flowing.
So what else is Google looking for? Google confidential documents? Pictures of guns? Info about arms shipments?
Comment removed based on user account deletion
Comment removed based on user account deletion
How is he in "possession" of these images? Isn't the data on Google's servers, as in their actual physical possession? Not like they kicked down his door and found it on a Google Mail server in his closet.
that this was discovered via a known hash of known child pornagraphy images.
it seems to me that google must keep a hash table of alot of things sitting around on it's drives,
using hashes to reduce redundant storage requirements means that this very well have been discovered AUTOMAGICALLY, and thus required google to act on it.
i don't think the spin being placed here as it being an 'invasion' of privacy is accurate here considering my prior statement
you should thank google for helping to stop people invading the child's privacy by putting a stop to sharing of images like this
the methods potentionally employed in the discovery of this image are both automated and reasonable
and the reaction of google is not only reasonable and actionable, it's also commendable.
we all can keep our privacy if all they're doing is storage reduction through hash comparison.
fin.
It seems National Center for Missing and Exploited Children has a database of hashes, or "fingerprints" of known child porn images. When you use Gmail, it checks attachments against a database of viruses and also apparently against this CP database.
A distinction can be made here. What the database does NOT do is any kind of image analysis to see if the picture LOOKS like child porn. It checks only against known, reported child porn, apparently.
And if that facility exists for "the children", then it exists for "the terrorists". Terrorists who pirate videos to support their terrorist agenda!
Seriously, it means that media companies and record companies probably do the same, provide hashes of their 'claimed' works and get tip offs for those. NSA probably has a nice little data feed from that.
These mass surveillance things always start 'for the children' or 'for your safety' and just creep from there.
Think about it, it shouldn't be hard to figure out your error.
There was no error that I see. If that person was intending to be sarcastic, then they should have picked something that real people would never believe, rather than something that actual people say all the time. I respond to such sarcasm as if they're not being sarcastic because there's a real chance that they're not being sarcastic, and because there are plenty of people who agree with it anyway.
If it's something else, then I don't know what you're talking about.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
No, you don't have to prove innocence! The prosecution needs to prove guilt beyond a reasonable doubt. The fact that Google snooped brings up questions, so if this is the only evidence they have the guy will walk (assuming he goes to Jury trial and does not accept a plea).
The intent to distribute you just make up out of thin air, stop with the hand waiving and stick to the case.
Based on the arresting officers comments, they were tracking this guy because he was previously convicted. They were not able to catch him doing anything wrong, which should bring up even more questions about Google finding something when investigators could not. I don't believe it would have been difficult for a cop to get a warrant on the guy if there was actually suspicion.
If this was a random Google employee that was accidentally mailed the photo I may feel differently. I have been working on Servers for over 25 years, and I have never gone though people's mailboxes or files. I have complied with warrants and provided copies of data, but never gone though someone's crap. With no warrant, I think Google did wrong. I'm not biased, I think any company that volunteers your data to law enforcement without a warrant is at least violating the trust of their customers.
Before you "but but.. murder" how would you like to be arrested because you sent a still image from Saw2 to a friend (or any of the millions of murders depicted on tv or in movies, and a measurable percentage of those are children being murdered)? I personally am not into movies so don't worry too much about that one, but I know people that are.
Anyone that trusts a Government known for parallel construction (framing people) or Google (a company known to be handing 3 letter agencies private data) should have their head examined. On this site, I should not have to mention how easy it is to forge file ownership, date stamps on files, email, chat, and logs for the latter two. In case you are not a techie, it's pretty damn easy.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
While MD5 has been broken, to my knowledge none of the more recent commonly used hash algorithms have known collisions. If we are talking about SHA512, than simply finding two images with the same hash would probably a result worthy of an academic publication.
Also, of course, the image would likely be verified by a human to actually be a bad image. But it's literally more likely that the hash was computed wrong due to a cosmic ray than that it's actually a good image matching the bad image's hash.
Funny, when I'm searching youtube for boobs and penises, all I get is IT-related stuff!
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
I thought Google lived by their "Do no evil" motto, but I guess "Think of the Children!" is more important.
Good thing I only use my gmail as backup. My real mail is handled by my very own private mailserver. Of course a MITM attack is possible against traffic to and from the server but then they need to be explicitly investigating me and then I guess it's okay.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Nice strawman you got there.
Where is the straw man? He made it perfectly clear that he's willing to sacrifice freedom and privacy for safety: "Suddenly I could care less if Tor usage invites gov't scrutiny." Do you know what a straw man is? It seems not.
By the same token you are no better than those who support jihadists.
Only if I support jihadists, but I don't. The common unifying theme between people like him and people who support the TSA and NSA surveillance is that they all support trading fundamental liberties for security. Try to keep up.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
It knows it's evil stuff because it matches one of the MD5 tags. They don't have to look at it. I suspect that it's more of an automated process they have which spots these things and sends off info to the DOJ that then looks at it. Why do law enforcement's job more than is necessary?
It's really quite a simple choice: Life, Death, or Los Angeles.
I am more worried about the risk of this being used for framing someone. Perhaps especially those who have served their sentence and are in public registers.
A prior conviction for which a person has served the sentence should never be enough justification on its own to warrant a search, whether it's done by a person or by software. There must be probable cause, or we've made a farce out of the 4th amendment. What's next? Are algorithms listening in through your phone and PCs microphone okay?
Easily worked out. The list has been around for a long time, so it may well be using an obsolete hash like MD5 rather than a newer SHA. So let's assume it's a 128-bit hash. That's 2^128 possibilities. I don't know how many files go through google, but let's go for something huge - say, a trillion per year. That's a massive overestimate, i expect, but that's fine.
Which comes up to... no idea. I've tried three different ways to work it out. The math itsself isn't really hard, it's evaluating that's the problem: I keep hitting a need to raise something to the power of a trillion, and even dc chokes on that one. Pretty slim though.
Kind of like Australia's decision to ban explicit artwork of children. The surest way to make sure courts would approve was to make sure that the first to be charged for possession of such images (Specifically, it was some rule 34 art of Lisa Simpson) was a previously convicted child molester. Juries loathe someone like that so much, of course they'd find guilty, and so so most judges. Then the precident is set, and can be cited in future cases.
Nice job pointing out the error.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
All right, there's been the NSA gaffs already, Julian Assange has talked about it, and Google here even plainly looked through someone's email without a warrant.
What is it going to take for people to stop using Gmail? Why don't people understand that cribbing about a free (as in beer) service is not going to help. You have the choice to stop using it.
Entia non sunt multiplicanda praeter necessitatem.
We are definitely going into dark ages again. And unfortunately, those bringing them about have learned all the lessons about manipulating the public, with the law an effective tool helping them. At the same time, the public is just as stupid and easily manipulated as ever.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If we are talking about SHA512, than simply finding two images with the same hash would probably a result worthy of an academic publication.
This isn't true. Finding an incidental collision is not newsworthy. But giving an algorithm which constructs an image for a given hash would be worthy of publication.
Philadelphia is wrong on many levels. Thus, good on Google. However, there is a lot to think about here. Namely, what if some spammer sends me photos of minors and Google sees it? Will I be reported? Or more realistically, what if someone that I have a poor relationship with sends me illegal images and Google sees it? Will I be held accountable for my that person's actions too?
is commercial IT services in USA should never be used as you are playing Russina Rulette with your life using them.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
for letting us know how Google check hashes for child porn image so that anyone can frame anyone who uses Gmail with child pronpgraphy. I'm sure no one will ever exploit this now.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
So all I need to do is get an image that Google knows to be child porn and send it to people I don't like. Political assassinations have just become very easy.
I have been vary of Google for a while but now they have gone too far.
What is next? Calling the police because I send someone a mail about cannabis, sex with men or anything that is illegal in some countries.
Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
Birthday attack. For 128 bits of hash, a trillion files (10^12) the probability of two files randomly matching is less than 10^-12 = 0.000000000001. If there's collision attacks you can create a false flag using a specially crafted file, but I assume either Google or the police will verify what it really is before proceeding. If you wanted someone framed that badly, I imagine It'd be easier to find a real image and send it to their gmail address. Make the sender, subject and body look like spam so they won't open the file and you could probably ruin somebody's life quite thoroughly.
Live today, because you never know what tomorrow brings
I'm excited at the endless possibilities of this! I bet soon your Android phone will tip off the police if you exceed the speed limit.
If someone won the lottery, was struck by lightning and hit by a meteor on the same day, that would be newsworthy. The likelihood of finding an incidental SHA512 collision is much, much lower than that even if you dedicate every computer on the planet to the search.
So yeah, it would be worthy of publication, and it would indicate that there is a flaw in the hashing algorithm.
mp3? Be wary they wont be reporting you to the RIAA using a database of known song signatures...
So do they have an index of known child porn images, how did they know this image was here?
Did they get a tip off? Does someone just randomly peruse attachments from time to time? Was the filename "child_porn.jpg"? What's the deal here? What happens when your wife is on holiday and emails you a picture of.... well who knows what? Yes I know they CAN see it, my question is, what flags people to look / investigate?
This is a very very bad precedent, save the children or not.
It's obvious that someone checks it at some point, at least by the time it gets to court. "Yes, your honor, the defendant had child pronography in his email account. The images? Well, we have those, but nobody's actually looked at them. Not the prosecution, nor the defense. No, your honor, you can't see them either. In fact let's just proceed here without examining any evidence..."
A better question is, who looks at the pictures and at which points in the process? My guess is that Google stays as hands-off as possible while complying with the law and whatever the officials ask them to do. It probably goes something like:
(1) Google's automated scanning matches your email attachment to the hash of child pron,
(2) Google notifies law enforcement and/or relevant government agencies,
(3) Law enforcement obtains the warrant,
(4) Law enforcement notifies Google of the warrant and gets access to the email account.
Once they have the warrant and access to the email account, their ass is covered legally, and they begin law enforcement work. The first thing is probably checking that the email account doesn't belong to a senator or financial CEO. After that, a law enforcement official working on the case is probably the first one to actually check that the picture is in fact pornography. If they examine the picture to find out it's a cat meme, not CP, the "case" as it were would stop there and you'd never even know it happened.
Hash collisions are certainly possible, but they are also exceedingly rare, so the amount of false positives will be little-to-nothing. Even if the hash matching gives a false positive, a human will review the photos before it's announced publicly and charges are filed.
I do want to be clear I'm not trying to defend the system. In this scenario you still end up with the government rummaging in your email account - that's ripe for abuse. Not to mention the CP law being enforced is dubious to start with. The point I'm trying to make is that the system, in absence of malice or gross incompetence, will not indict you because of a hash collision.
Wouldn't matter, anyway. Even if there was a hash collision, one glance at the flagged file would be enough to determine it isn't what the hash suggested.
Looks like the wikipedia calculation ran into the same problem of ridiculously huge numbers, and solved it by using an approximation.
What's next? Are algorithms listening in through your phone and PCs microphone okay?
Yep, there is the slippery slope we're all worried about. And since most mobile devices are now listening to you talk by default, waiting for a keyword, they're certainly capable of doing that right now. Just add in some more keywords during an update, bing bang boom your phone is even more of a snitch.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
IOTW, a malevolent person can screw anyone (on gmail) by sending an email with a child porn image attached. Normal reaction (99% of people) will be be to immediately delete the mail, but that probably isn't enough to avoid prosecution (because google doesn't delete it immediately).
I understand your concern about corporations breaching your 4th amendment rights, but your reasoning is misplaced. In fact, this case is a great example of the 4th amendment being followed, not circumvented.
The 4th amendment does not guarantee protection against search and seizure; it limits when and how searches and seizures can be exercised. Here's a portion of the 4th amendment for you: "...no Warrants shall [be] issue[d], but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” In this case, Google's tip was not used as evidence to convict this man of a crime. Google's tip was used by police to justify probable cause that a crime had been committed. (This does not mean he's guilty of the crime, only that there's a greater likelihood that he committed it than he didn't.) The police used this information to obtain a search warrant. I'm sure that the evidence they used to convict him was gathered through the exercise of that warrant.
Google's tip is no different than a tip coming from any other source. Say a bank teller (for association's sake, let's say the bank was incorporated) was just depositing some money for a customer who drove up to her window, and she saw in her security camera what she believed to be a missing child. She calls police and reports what she saw. The police go to the bank and look at the recorded camera footage and agree that the image captured does resemble a missing child. They grab the license plate number from the footage, trace the registration to its owner, obtain a search warrant, go to the owner's residence, search the premise, find the child, confirm it's the missing child, and convict the individual of kidnapping (and probably a host of other charges to boot). In this circumstance, private information (whether an e-mail sitting on Google-owned servers or a bank's CCTV DVR) shared with police is used to meet probable cause and obtain a warrant. And in both circumstances, a search and seizure is warranted.
If you want to minimize your risk of a warrant being issued against you, don't display evidence of a crime outside of your own home. (And when the police come knocking on your door and politely ask you, "May we come in?", unless they flash a warrant in your face, don't be polite back.) And while IANAL, for more information about the 4th amendment and warrants as written by one, I strongly recommend you read The Illustrated Guide to Law. Very, very informative.
Finding an "incidental collision" (that is a collision that happened in a case other than people deliberately setting out to construct a collision). is most certainly noteworthy. Lets run some ballpark numbers.
There are less than 2^33 people in the world. Most of them probablly don't use google but lets assume that they do. Further lets make a wild ass guess that each one has 2^17 files in googles database (from some googling i'm pretty sure this is an overestimate). That would mean a total of 2^40 files.
Lets further assume that the hash functions are ideal "random oracles".
With 2^40 files there are approximately 2^79 pairs of files. With a 128 bit hash (like md5) then assuming it's ideal the probability of a pair of files having colliding hashes is 1 in 2^128 so with our 2^40 files the probability of a collision anywhere in the set is approximately 1 in 2^49.
For comparison the chance of winning the lottery in the UK is about 1 in 2^24 so 1 in 2^49 is like winning the lottery every week for 2^25 weeks
An incidental collision even in MD5 either means something incrediblly unlikely happened or (far more likely) there is a serious flaw in the uniformity of the hash function's output. That is certainly newsworthy.
In SHA1 and higher any collision even a deliberately constructed one would be noteworthy (the MD5 ones certainy were when they were first found, they are old news now of course).
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
This is cool information to know about, however the knowledge of it by everyone probably means that it will become a less effective means of catching persons that are doing illegal/wrong things. This is where I think that reporters need to use some judgement in reporting information. Does getting the information out there for readership outweigh the benefits of not reporting the information. It doesn't sound like Google is doing anything illegal. In fact, it appears that Google is doing something proactive to catch wrong doers. The courts will have to decide if this is an illegal use of the information that Google has access to.
Yes, they saved half a dozen children from a child molester. Though abhorrent on several levels, those children would probably survive and recover and return to normal lives.
They sentenced several billion other children to a totalitarian Big Brother state with no privacy, no personal expression without monitoring, fear of arrest / detainment for any infraction that's not even yet defined, because Google remembers what you did twenty years ago.
What kind of world do you want your children to have? It's being chosen now ...
if you have an Android smartphone you are REQUIRED to have a GMail account
That hasn't been the case for years. I think it stopped being the case when Android Market became Google Play Store in March 2012, soon after the release of Android 4.0 "Ice Cream Sandwich". Android Market required a Gmail account; trying to use any other Google account resulted in a "chester@example.com does not use Gmail" message followed by the "Add Gmail to your Google account" flow. Google Play Store requires only a Google account with an e-mail address at any domain.
If you don't read incoming e-mail without first exchanging addresses out of band, then how should someone get in touch with you to license the copyright in one of the works of which you are the author?
So, in light of this, I figured out an easy, sure-fire way to screw pretty much anyone with a Gmail account over: using a library computer, copy of Tails, and throwaway email, send some known CP to anyone you don't like's Gmail account, then call Google and tell them you suspect the person has it. Done deal.
Let me guess your next question: How do you get the CP without getting caught yourself? Well, therein lies my point - what social group is expected to and known to have access to tons of that garbage?
If you guessed "Law Enforcement," you win a cookie.
'Fruit of the poisoned tree' is an appropriate reference here, I think.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
This is why I only speak pig latin on the cell phone.
You are welcome on my lawn.
And I hope it stays that way.
You are welcome on my lawn.
If Google has a method of identifying and reporting one file that violates a law why shouldn't it be expected to use that same method to identify files that violate other laws, particulary if the hashes of those other illegal files are provided to Google?
Time is what keeps everything from happening all at once.
Even if the innocent recipient deletes it as irrelevant spam, the Great and Wize Google has already seen it and alerted police. It's well demonstrated that even an unfounded charge of pedophelia can destroy someone's career and relationships.
That's the last straw. Goodbye gmail.
Finding an incidental collision in SHA512 is newsworthy. SHA512 is an iterated hash function (more specifically, a Merkle-Damgard construction). Any iterated hash function has the property that a single collision can be leveraged to produce arbitrarily many collisions. A single collision would destroy the entire utility of the hash function for almost any application that depends on collision resistance.
Why are they surprised? They thought google scans their email to match ads to them. Surprise, surprise, that's just a ruse.
They will never reveal the true reasons why email is being scanned (violating constitutional rights, by the way), but we can assume it is to build a detailed profile/database of all its customers.
I agree that the act of scanning email is pretty big brother-y...but a lot of people have activated Google Now which is MEANT to scan your email and other communications and data for information gathering.
If this perv piece of trash had Google Now turned on then what do you expect?--or any of you fine folks have it active? That no human will ever come across data that is freely accessed by their software?
Just saying.
he demonstrated by A plus B minus C divided by Z that the sheep must be red, and die of the rot
If the person is a paedophile as reported then it is up to law enforcement to do what they get paid to do catch criminals. The trouble with Google Gmail is we know from the Guardian http://www.theguardian.com/wor... that GCHQ, and the NSA were attaching pictures to emails to discredit people by sending those emails with the pictures attached to the persons contact list. Homo pictures and child porn were the most popular sent by GCHQ, as they say in the document discredit and blackmail. I'm not a television type of person but I think there was a film with Arnold Schwarzenegger, called the running man? when they make it appear that he has killed people when he had not. Fantasy turned into reality in today's world. You cannot believe companies like Google or English speaking authorities. Add Russia, to that one as of yesterday they are threatening people but unlike the English speaking ones they are not threatening them with indefinite prison without trial yet.
For comparison the chance of winning the lottery in the UK is about 1 in 2^24 so 1 in 2^49 is like winning the lottery every week for 2^25 weeks
I screwed up, this statement is incorrect.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
You are confusing freedom with getting away from accountability. Tor being monitored by law enforcement is a very good thing in general. That simply enables them to do their job. Therefore for civilized countries it's definitely helpful.
Unfortunately not everywhere law enforcement is doing just that, catching criminals that is. In many countries they are used to maintain questionably legitimate governments and their established regimes. In those cases Tor and VPN services are the tools of freedom and their lack of transparency helps to spread information that otherwise would've been blocked.
Now think about it, do you as a citizen of a free country think that a) pedofiles, hitmen, large drugs distributors and all credit card thieves should be totally safe doing their business right under noses of law enforcement who you're paying your taxpayer's money while they can't do shit with that encrypted traffic; or b) provide an unreliable communication channel to the rebels or oppressed opposition of some other countries while their government would in the end just block everything by default (hint: China)?
The thing is, HTTPS and VPN are mainly used to protect your privacy and they have been working really well. While Tor is mainly used to avoid accountability.
I would imagine that things that go through the spam filter and get dropped in your spam folder probably do not get as closely looked at. You would not have opened it and spam folder empties itself every week or so.
Also the case could be made that you technically didn't possess it, google did since you never downloaded it to your computer.
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused
"There are few better measures of the concern a society has for its individual members and its own well being than the way it handles criminals."
US Attorney General Ramsey Clark, 1967
You are confusing freedom with getting away from accountability.
No, I mean what I said. Unconstitutional spying is wrong. I'm not confusing anything with anything.
The fact that Tor could be abused means absolutely nothing. I would rather 'criminals' get away en masse and have freedom and privacy than surrender freedom and privacy. That's what it means to live in 'the land of the free and the home of the brave.'
Tor being monitored by law enforcement is a very good thing in general.
Most of their methods are unconstitutional, so it can't be a good thing. Fuck you. You obviously don't understand the importance of privacy and ignore the hundreds of millions of innocents throughout history that were abused and/or murdered by governments. You think the 'democratic' governments are full of perfect angels, and you couldn't be more wrong.
That simply enables them to do their job.
You know what else would do that? Allowing law enforcement to break into any houses they wanted without a warrant. We place restrictions upon our governments because they can't be trusted with much of anything, and that's how it should be. The prime concern is not and never should be to make the government's law enforcement job easier.
Now think about it, do you as a citizen of a free country think that a) pedofiles, hitmen, large drugs distributors and all credit card thieves should be totally safe doing their business right under noses of law enforcement who you're paying your taxpayer's money while they can't do shit with that encrypted traffic;
I'm not the least bit scared of terrorists, pedophiles, hitmen, or any other bogeymen you mindless drones can think of. I'm more afraid of losing freedom and privacy because cowards like you insist that everyone surrender it in the name of security.
Seriously, are you parodying someone? Because this is Poe's law material right here. It looks like your post was constructed just to make me think you're utterly devoid of intelligence, what with the mentions of authoritarian nonsense "accountability" in the context of Tor, how Tor is so evil because Bad Guys use it, and how we should all be afraid of the bogeymen. You're like the average mindless drone personified.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Also, China's little schemes aren't as effective as some believe. You're also ignorant of the technological aspects of Tor. I think it's time for you to move to North Korea.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
It's probably not something like MD5 or SHA1 since they're dealing with images. More like http://research.microsoft.com/... which says:
The algorithm uses randomized signal processing strategies for a non-reversible compression of images into random binary strings, and is shown to be robust against image changes due to compression, geometric distortions, and other attacks.
or
http://www.hackerfactor.com/bl...
Every perceptual hash algorithm that I have come across has the same basic properties: images can be scaled larger or smaller, have different aspect ratios, and even minor coloring differences (contrast, brightness, etc.) and they will still match similar images.
Isn't 2^33 times 2^17 equal to 2^50, not 2^40 like you stated? I think you need to redo your numbers. The conlusion will be the same, but your numbers are all wrong.
2^33 x 2^17 = 2^50 ... And if winning the lottery is 1 / 2^24 then 1 / 2^49 is much closer to winning the lottery (only) twice in a row, not 2^25 times in a row!
Slashdot, fix the reply notifications... You won't get away with it...
If I want to have google snitch on someone I don't like, I just send that person an email with child porn attached from an anonymous eastern europe email address and google does the work for me??
Are you sure you replied to the correct post? I'm sorry, but your comment doesn't follow Joe and the AC's comments. You talk about previous convictions, while they're talking about the comprehensiveness of the system in catching CP images.
IE the system is limited, it can only find old known images.
I don't read AC A human right
If Google can see this, maybe they can see the XXX photos my legal-aged wife/girlfriend* and I are sending each other, which frankly is none of their business.
This is yet another reason to encourage widespread adoption of end-to-end encryption.
*okay, okay, HYPOTHETICAL wife/girlfriend - this is news for nerds, after all.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Not bothering to do the math, but assuming you're correct, that's still damned rare. Setting aside this being a precedent and the possibility of the slippery slope, the fact that this accidental collision only brings about a search warrant and possibly short term arrest, combined with its rarity, seem to make it not a huge problem. If you get hit with the rare collision, once they find out that the picture in the email was your kid at a theme park rather than child porn, you'll get your computer back and no prosecution will occur. That one person a year (a high side estimate) will be annoyed, maybe spend a night in a local jail, and be without their computers for a few weeks is hardly a horrible, horrible thing.
There are less than 2^33 people in the world. Most of them probablly don't use google but lets assume that they do. Further lets make a wild ass guess that each one has 2^17 files in googles database (from some googling i'm pretty sure this is an overestimate). That would mean a total of 2^40 files.
Check your arithmetic.
This is a good reason to host your own email server with domain name. There are plenty of howtos out there. Hosted vms can be had cheap too.
2 things:
Lets further assume that the hash functions are ideal "random oracles".
seems like a flawed assumption do you have evidence of this being true, just because its hash and generates a number that appears random doesn't mean it is. If it wasn't random then that could massively impact the numbers.
silly example: hash(x) = 1, the 1 is 128 bits, I'm dumb, so I can't see the pattern there
The calculation is incorrect as well (I am not saying the chances are not minute, I haven't done the calculation).
1 if 2^33 people had 2^17 files that would be 2^50 not 2^40 (assume all are unique which of course they wouldn't be there would be loads of duplicates)
the calculation should go like this 1 - (1/2^128)^2^50*(2^128*(2^128-1)*...*2^78) (Birthday problem)
Aye, Google's is also matching part(s) of the image and not the whole pic.
I tried to find a larger version of an old poster I have. It was from a fair or something so seemed reasonable there might still be copies around. It was actually done as a manipulated photo. Anyways, Google found a zillion matches where someone recreated(and a thousand people copied) that photo in photoshop for iPhone screensavers, impressive and correct. It also found a bunch of photos like the main subject but the entire photo/context is very different and that subject is only 10% of my photo.
It never did find info on the actual photo partly because the free screensavers buried everything else. I had to take it out and search with the photographers name, etc to find out it's not as common as I thought. I seem to have a lot of things Google doesn't have a clue about. Too bad rare doesn't always mean Insanely Expensively :(
This thing is going to happen again and again. Data you put there isn't really yours anyway, no matter what the T&Cs say.
No wonder personal LAMP servers with Postfix/Dovecot are springing up everywhere again.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
The one used in this case is a database of in images where they know who the kids are. So not just "obviously underage", but "that's Megan Smith, who is 9 years old". More in info can be found here:
http://www.missingkids.com/CVI...
Other systems exist for "looks like probably". They are mostly useful when you don't want any porn, so Facebook and YouTube could use them. YouTube uses such a system as a pre-check, then has him humans manually confirm. At least, they DID. They could have stopped using it an hour ago and I wouldn't know.
Make the sender, subject and body look like spam so they won't open the file and you could probably ruin somebody's life quite thoroughly.
sigh. if it was really that easy, don't you think it would have happened by now?
no one is getting locked up because they were sent a spam email with child porn. it hasn't happen and it won't happen. google's not that stupid and even the FBI isn't that stupid.
Border security (and the post office as well, I believe) have the authority to search certain suspicious types of packages. Part of those tests are automated, and many generally involve machine scanning (X-ray with pattern recognition, residue detection, etc). The machine can flag a suspicious package for further (human) investigation, and then a human can involve authorities for further investigation and possible prosecution.
In this case the "package" is an email message, but the process is in many ways similar. Saying it will be used for speeders an tax evaders (how, exactly, does one fingerprint a tax-evader or speeder's email?) is a pretty far stretch.
There are opportunities for abuse in pretty much any industry. I don't see the post-office flagging "potential speeders" if they order a radar-detector in the mail. Currently I don't see Google doing such either.
And it can't detected trivially encrypted images, I suspect.
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.
Not only that, but, unless you obfuscate the original address strongly enough, I am quite sure the sender will run into legal issues also.
It's not the years, honey, it's the mileage. - Colonel Henry Walton Jones, Jr., Ph.D.