Preimage attack against NeuralHash 💣 (by anishathalye)

Neural-hash-collider Alternatives

Similar projects and alternatives to neural-hash-collider

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better neural-hash-collider alternative or higher similarity.

Suggest an alternative to neural-hash-collider

Reviews and mentions

Posts with mentions or reviews of neural-hash-collider. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-09-17.
  • Under pressure from Russian government Google, Apple remove opposition leader's Navalny app from stores as Russian elections begin | 2021-09-17
  • Apple delays iPhone photo-scanning plan amid fierce backlash
    That assumes the hash is base 26 which would be fun, but most hashing systems including NeuralHash are hexadecimal. NeuralHash also outputs 24 character hashes so there are 1624 possible NeuralHashes. However all of that ignores that NeuralHash is designed so that visually similar images will return the same hash on purpose. You can even provide two images of your choosing to this library and it will make them collide
  • Delays Aren't Good Enough–Apple Must Abandon Its Surveillance Plans | 2021-09-03
    This is incorrect.

    The images in this link [1], are completely different. One is a cat, one is a dog. Same hash produced for both.


  • GitHub - anishathalye/neural-hash-collider: Preimage attack against NeuralHash 💣
  • The All-Seeing "i": Apple Just Declared War on Your Privacy | 2021-08-26
  • Tell Apple: Don’t Scan Our Phones
    And here:
  • Apple Just Gave Millions of Users a Reason to Quit Their iPhones | 2021-08-22
  • Apple Just Gave Millions Of Users A Reason To Quit Their iPhones | 2021-08-22
    Also, Apple’s NeuralHash is rather prone to hash collisions, i.e. false positives, so you should absolutely expect at least some of your on-device pics to be viewed by unauthorized Apple/government personell.
  • Is Signal affected with Apple’s on photo snooping on iDevices? | 2021-08-21
    It should be clear that a neural hash is very different from your typical hashing algorithm. In your typical hashing algorithm you change a bit and you change the hash. A neural hash is different in that it is more like an identification key. These are supposed to be resistant to minor changes and tell you if images are similar (e.g. you change the top left pixel value). A perfect neural hash would essentially tell you if the images are the same despite minor modifications (rotation, flips, blitting, encoder loss, cropping, inpainting, etc). Basically if you gave it it a human and said "do these images contain the same content" then that's what a neural hash is supposed to do. Unfortunately that's not what they do and you can algorithmically create collisions. It is disingenuous to call these hashes. We actually know that Apple's implementation is using MobileNetV3 and we actually know that it isn't resistant to rotations (meaning they didn't do proper augmentations while training, which is embarrassing because random rot is one of the most common augmentations in image classification models).
  • Bay Area doctor found with 2k images, videos of child pornography on iCloud
    Step 2) run neural hash collider on the image and any image hash from the CSAM database
    This one from Apple is not just a hash algorithm. It uses AI to make a signature that can be the same if minor modifications appear. It's been already reverse engineered and a collider exists. See this and this.
  • We built a system like Apple’s to flag child sexual abuse material — and concluded the tech was dangerous | 2021-08-19
    Calling this a "hash" can be misleading, perhaps purposefully so by Apple. It's really a semantic/perceptual embedding. There's already at least one open source library to purposefully generate NeuralHash collisions, and it's very very easy: | 2021-08-19
  • Apple urged to drop plans to scan iMessages, images for sex abuse It's not going to be difficult to fool the system if you can already generate adversarial examples that gold the neural hash system.


Basic neural-hash-collider repo stats
22 days ago

anishathalye/neural-hash-collider is an open source project licensed under MIT License which is an OSI approved license.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
Find remote Python jobs at our new job board There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.