I've read this https://news.ycombinator.com/item?id=28083838 and agree. Added to my favorites. Very good points.

>.. it would still be an extremely bad move.

My view that this should be considered not only as "bad move" but as "criminal activity" Reasons I've described here: https://news.ycombinator.com/item?id=28096948

> They talk a lot about complex crypto to protect privacy but the primary thing it's doing is hiding what apple is matching against, which shields them against accountability.

NCMEC partners are not allowed to share the raw hashes, and I imagine Apple's contract with NCMEC to create a photo-comparison tool that will have auditable code (well, compiled code, but still) includes such a provision to slow or stop CSAM sharing enterprises from completely reverse engineering and cheating the system.

What they are making available is sufficient to 'cheat' the system in the sense that if you have an image you are concerned might match in some database you can modify it until the 'perceptual hash', which you can compute on your own, changes. The novel changed image is then unlikely to be a match in the database.

You don't have to have a copy of the database to be fairly confident that your modifications have made a target image non-matching. You would have to have the database in order to gather evidence that the matching was beginning to be used for unlawful, rights violating purposes, such as collecting targets for genocide.

I think it's a safe assumption that this sort of system is only effective against idiots-- which isn't an argument against it: lots of effective anti-crime measures mostly work against idiots. Adding functionality which destroys accountability which at most improves the system against non-targets, however, doesn't seem like an acceptable trade-off.