# [ML NEWS] Apple scans your phone | Master Faces beat face recognition | WALL-E is real

## Метаданные

- **Канал:** Yannic Kilcher
- **YouTube:** https://www.youtube.com/watch?v=gFkBqD2hbnU
- **Дата:** 13.08.2021
- **Длительность:** 30:28
- **Просмотры:** 10,711

## Описание

#mlnews #apple #nolamarck

Your update on the latest news in the AI and Machine Learning world.

OUTLINE:
0:00 - Intro
0:15 - Sponsor: Weights & Biases
3:30 - Apple to scan iDevices for illegal content
14:10 - EU approves chatcontrol
15:20 - Machine Learning FAQ book
17:40 - TimeDial & Disfl-QA Conversation Datasets
20:30 - VoxPopuli Speech Dataset
21:00 - Google Tensor chip coming to Pixel 6
21:30 - Pentagon uses AI to predict events
23:10 - Sketch your own GAN
24:45 - Can a Fruit Fly learn Word Embeddings?
26:00 - Master Faces beat facial recognition system
27:25 - PyTorch profiler 1.9
27:55 - 0 A.D. gets reinforcement learning interface
28:40 - BeatBot cleans up cigarette butts on the beach

Sponsor: Weights & Biases
https://wandb.ai

References:
Apple to scan iDevices for illegal content
https://techcrunch.com/2021/08/05/apple-icloud-photos-scanning/
http://tylerneylon.com/a/lsh1/

EU approves chatcontrol
https://european-pirateparty.eu/parliament-approves-chatcontrol/

Machine Learning FAQ book
https://rentruewang.github.io/learning-machine/layers/emb/emb.html

TimeDial & Disfl-QA: New datasets for conversational NLP
https://ai.googleblog.com/2021/08/two-new-datasets-for-conversational-nlp.html

VoxPopuli: Giant partially labeled speech dataset
https://github.com/facebookresearch/voxpopuli

Google's Tensor chip coming to Pixel 6
https://blog.google/products/pixel/google-tensor-debuts-new-pixel-6-fall/

Pentagon uses AI for predicting relevant events in advance
https://www.engadget.com/pentagon-ai-predicts-days-in-advance-135509604.html?utm_source=pocket_mylist

Sketch Your Own GAN
https://peterwang512.github.io/GANSketching/

Can a fruit fly learn word embeddings?
https://arxiv.org/pdf/2101.06887.pdf

Master Faces for attacking facial recognition systems
https://arxiv.org/pdf/2108.01077.pdf

PyTorch Profiler v1.9
https://www.marktechpost.com/2021/08/06/pytorch-releases-pytorch-profiler-v1-9-with-new-features-to-help-diagnose-and-fix-machine-learning-performance-issues/

0 A.D. adds Reinforcement Learning interface
https://play0ad.com/media/screenshots/
https://trac.wildfiregames.com/wiki/GettingStartedReinforcementLearning

BeachBot cleans up cigarette butts on the beach
https://news.yahoo.com/beachbot-rover-uses-artificial-intelligence-130031052.html

Links:
TabNine Code Completion (Referral): http://bit.ly/tabnine-yannick
YouTube: https://www.youtube.com/c/yannickilcher
Twitter: https://twitter.com/ykilcher
Discord: https://discord.gg/4H8xxDF
BitChute: https://www.bitchute.com/channel/yannic-kilcher
Minds: https://www.minds.com/ykilcher
Parler: https://parler.com/profile/YannicKilcher
LinkedIn: https://www.linkedin.com/in/yannic-kilcher-488534136/
BiliBili: https://space.bilibili.com/1824646584

If you want to support me, the best thing to do is to share out the content :)

If you want to support me financially (completely optional and voluntary, but a lot of people have asked for this):
SubscribeStar: https://www.subscribestar.com/yannickilcher
Patreon: https://www.patreon.com/yannickilcher
Bitcoin (BTC): bc1q49lsw3q325tr58ygf8sudx2dqfguclvngvy2cq
Ethereum (ETH): 0x7ad3513E3B8f66799f507Aa7874b1B0eBC7F85e2
Litecoin (LTC): LQW2TRyKYetVC8WjFkhpPhtpbDM4Vw7r9m
Monero (XMR): 4ACL8AGrEo5hAir8A9CeVrW8pEauWvnp1WnSDZxW7tziCDLhZAGsgzhRQABDnFy8yuM9fWJDviJPHKRjV4FWt19CJZN9D4n

## Содержание

### [0:00](https://www.youtube.com/watch?v=gFkBqD2hbnU) Intro

apple scans your phone for illegal content master faces are able to bypass almost any facial recognition software and wally is real welcome to ml news it's monday

### [0:15](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=15s) Sponsor: Weights & Biases

all right before we get into things this video is sponsored by weights and biases is of course the one-stop shop for any machine learning researcher or practitioners weights and biases can track your experiments with a single line of code it lets you reproduce and analyze your experiments it lets you understand your data it's with you all the way from conception idea research development up until deployment today i want to talk to you about a feature called sweeps now a sweep in weights and devices is a hyper parameter optimization search if you will the cool thing is you define your experiment you define the range of parameters you want to search over and then the system does the rest for you can even run this in a distributed fashion you can have lots of agents at lots of different places they're all going to pull the code from the central server pull the new hyper parameters try them out and then report back in the background there is a bayesian optimization algorithm going on deciding what parameters to try next to optimize your objective they even have early stopping so you don't waste resources on runs that are clearly going nowhere and have i mentioned you can run this in a distributed fashion so here's one of my sweeps as you can see you get your output as you're used to from weights and biases in a neat dashboard you get an overview over all your runs but in addition you're able to see the progress of the sweep which ones succeeded and which ones didn't it will analyze directly how important each one of the parameters is individually so here it tells me that the learning rate is the most important parameter and it has a positive correlation with my objective function one of the coolest views is this one here that tells me which of the combinations of hyper parameter ended up at a certain place so i can filter for runs with particularly low validation loss and then i can see what are the learning rates what are the epochs like in this particular runs now there's obviously much more you can do in terms of analyzing sweeps you can run this much larger you can look at individual samples of your best runs pretty much everything you're used to from weights and biases so if until now you've tuned your hyper parameters manually try this out let it do the work for you go to bed and in the morning come back to find the system has found the best possible hyper parameters for your problem not only is it easier but you'll understand more about your problem once you see it in this light of course this is only one of the features of weights and biases they have many more including ways to analyze your data ways to export your models ways to keep track of everything that you're doing and ways to send reports around to other people or generally work in teams personal accounts are free with unlimited experiments for you if you're an enterprise that'll cost a bit of money but hey you're an enterprise and there are three options for academic teams there are even options to self-host if you need to be compliant with any sort of regulation so give it a try go over to weights and biases that's 1db i think at least that's how you pronounce it 1db. ai and have fun ciao

### [3:30](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=210s) Apple to scan iDevices for illegal content

all right our first story today is not a particularly fun story techcrunch writes apple confirms it will begin scanning icloud photos for child abuse images this has caused quite a bit of stir in the community especially since apple had all these adverts in the previous years about what happens on your phone stays on your phone was very privacy related end-to-end encryption friendly and all of these kinds of stuff and now all of a sudden it seems like they're gonna scan all your data for things they don't like of course it's not a case in favor of child abuse images or any kind of illegal content people are worried about privacy more generally so i think it's important to say what exactly is gonna happen here or at least from what we know apple will scan your photos that you are about to upload to icloud as i understand it icloud itself is encrypted so apple technically has no way to scan the icloud photos because they are encrypted with your key that rests on your devices however they can scan content that's on your phone now i'm gonna guess there might be a legal reason for it in that they might sort of kind of be responsible for that content once it goes to their online service however that's not something i know but of course once the technical methodology is in place to scan the photos that are about to be uploaded to icloud from your device you can use the same technology to essentially get access to any data of any user there's no technical limitation after all why only these photos should be scanned and just because apple promises that it won't do it doesn't mean they won't do it in the future or they can't do it and that already tells you a little bit why some people say it is a problem because of course there is also no technical limitation that says that it can only scan for child abuse images or any sort of illegal content and for that it's a little bit important to dig into what the system actually does so the way this works is there's no classifier essentially in there to classify child abuse images from non-child abuse images there is a database so the police essentially collects databases of these materials which means that those are individual photographs or movies that are sent around by certain people that are illegal and the police keeps track exactly of the files that go around so this is the first important thing they only want to detect if you on your phone have one of the files that they already have in their database classified as illegal content and the way they do it is by comparing hashes now traditionally a hash would only match if the file is exactly the same bit for a bit so what you do is your phone would download the database of hashes would hash all the photos on your device that are about to be uploaded to icloud wink and then it would compare those hashes to the database of bad hashes and if one matches it would upload it to the police alternatively it could just hash all the contents upload that to the police and then the police could do the comparison in any way if these are actually true hashes they're unlikely to reveal what data you have on your phone and that's likely the argument that apple's gonna make right here in that just because you upload the hashes of what's on your phone you can't necessarily reconstruct the images from that so your personal photos are safe even more so if your phone downloads all of these hashes and then compares them locally and only sends if in fact there is a match however there are multiple problems with this first of all you don't know what's going in this database technically some political party could simply enter things into that database that they know are likely the opposition or some rebel group is likely to share around amongst themselves they could even instigate such material and then they could just wait and see what phones blip up so you confiscate one phone from your political opponent you run all these hashes and you put them in the database and all the phones of the associates of that person would then be automatically reported by this system so the potential for abuse here of the people who control what's in the database is enormous second as i understand it the hashes that are used right here aren't like classic cryptographic hashes they are what apple calls neural hash but what is in effect a locality sensitive hashing algorithm so here's an article by tyler neylon about locality sensitive hashing which explains the concept fairly well and it makes sense to use a locality sensitive hash in this case because what you want to detect is if two images are the same meaning display the same thing for example if i take an image and then run some sort of jpeg compression on it still shows me the same thing however the bits have all changed so a classic hash would not be able to recognize that image anymore however a content aware hash would or should at least be able to recognize that this is the same image youtube has been doing this for a long time with their content id system detecting when someone re-uploads a video by someone else even if that video has been re-encoded so as far as i understand it what apple does is they train some kind of neural network that gives them a representation of what is in an image and then they run that through a locality sensitive hashing procedure locality sensitive hashing is essentially a system that allows you to find neighbors in very high dimensional space very efficiently so the neural network would produce a space of images and place each image somewhere with the intention that images containing similar or the same thing would fall very close to each other and you can do that with neural network the question is you don't want to run an inner product search over this whole space all the time like that would fry your phone probably so what locality sensitive hashing does essentially it divides up the space into buckets so here it's straight buckets and then these kinds of buckets once you combine all these buckets you get sub buckets so you get sort of a division of space and for each point you can check is it to the left or to the right of a particular line and if two points match in being to the left or to the right or up or down respectively for any particular line that means they're in the same bucket and probably very close together at that point then you can actually go ahead and check if they are actually close together or not this is a good way to find approximately nearest neighbors in high dimensions so real lsh algorithms are a bit more sophisticated but that's the essential concept they work by so is this going to help well i would say yes in first instance but then i think very quickly you'll realize that adversarial attacks for example can be crafted against these kinds of system given that the system computes the hash on your phone that means you have access to the model on your phone and having access to a model is a very very good target for crafting adversarial attacks technically there could now be an entire market of systems that perturb images on your phone automatically such that they just scramble the lsh because most of these hashes aren't going to be in the database so if i just assign my image some random hash meaning i run an adversarial attack such that it is just going to be somewhere in this space most likely i won't hit any of the hashes in the database and therefore all my photos are not going to cause any hash collisions and therefore i completely evade that system now the question is of course uh how easy is this going to be especially given that it is supposed to circumvent detection of illegal content there's going to be a bit of resistance but there's definitely quite easy ways it seems to circumvent this system and we have to ask ourselves are we really ready to give up uh basic privacy let the companies build in these giant back doors that have massive potential for abuse for what is essentially a method that can be pretty easily evaded when it's used for what it's really supposed to be used for i don't have the answers but um i would err on the side of user privacy so that's my take on it tell me what you think in the comments all right a quick afterthought here we now also have the technical summary of apple there's a lot of content in here notably it goes into a lot of detail on how exactly the technology works what neural hash is supposed to do for example you can see that the left and middle image have the same neural hash whereas the right image does not have the same neural hash so the neural hash is supposed to be robust to certain transformations that you might do with the image while still preserving its content therefore as i said you couldn't just compress the image or change its color saturation a little bit and evade the neural hash apparently though after the neural hash is computed there is also this blinding step which means that it essentially goes through a classic hash function and therefore the adversarial attacks on the system become a little bit more difficult now since this is all still on device it's absolutely possible to evade the neural hash using an adversarial attack what is less possible is to frame someone meaning that you send someone an image that is specifically crafted to hit the neural hash filters as illegal content but it's actually just kind of a normal image that you have adversarially crafted now with an untargeted adversarial attack you can evade the filter but if you want to trip the filter you really need a targeted adversarial attack and because of this blinding step you don't know what to target so the only way to actually craft such an adversarial image to frame someone is if you yourself already have an illegal image that you can target with the adversarial attack so there's a lot more in this technical report right here and i invite you to read it if you are interested and i might actually do a full video on this if this is interesting enough to people it's not necessarily machine learning it's more cryptography and systems design but still is pretty cool

### [14:10](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=850s) EU approves chatcontrol

all right while we're on privacy the eu parliament approves mass surveillance of private communications from the european pirate party writing today the european parliament approved the e-privacy derogation allowing providers of email and messaging services to automatically search all personal messages of each citizen for presumed suspect content and report suspected cases to the police the european pirates delegation in the greens efa group strongly condemns this automated mass surveillance which effectively means the end privacy in digital correspondence so this sounds kind of the same but it is slightly different while apple announced that it will do something this is simply the eu saying that you can do something however what you can do now seems to be a pretty big breach of privacy now of course just because companies now are allowed to do something doesn't mean they will do it but probably it means so yeah but what are you gonna do use signal well then just apple swoops in and scans your messages before you send them so i guess we'll just go back to sending pigeons around

### [15:20](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=920s) Machine Learning FAQ book

all right on a bit on a lighter note i stumbled across this book by rancho wong that explains machine learning as answering two basic questions so this accompanies a machine learning class and explains machine learning in the essentially answering faqs this is a big faq of that class and it's quite good uh it's explained very concisely what do embedding layers convert a token an integer to a vector a list of floating point numbers that's fairly concise and then you say when do you use embedding layers when you want to process text can be converted to integers but because neural networks are don't directly understand integers there's a bit of a typo here i guess could i change this i can make a pull request suggest edit fork check cool i was pretty stupid and actually the recording you're seeing is the second recording in fact i forgot the first time to record my screen and what happened is pretty funny in that so i was presenting this book and i actually saw a typo in the book and then i immediately opened the pull request and fixed the typo and the pull request got approved and i was like yay ml news and all and i thought that would make for some pretty good content and i was really happy with myself and it was really neat and all and then i realized i forgot to record the screen so now i'm just going to show you a compilation of me being absolutely self-congratulatory for finding a typo have fun good job ml news community we did something give yourselves a pat on the shoulders this is unplanned by the way uh yeah ml news improving the world story by story so as you can see it is not entirely thorough or particularly technically accurate or anything like this if you're a beginner if you're new into a particular subfield of machine learning that's treated here this might be a good place seems fairly concise way to learn about the fundamentals of given subfields okay we have some new data sets coming

### [17:40](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1060s) TimeDial & Disfl-QA Conversation Datasets

out two data sets by google both are for nlp is especially for conversation one is called time dial and it tests the model's understanding of sort of the sequence of things whether or not it understands uh the flow of time and especially if the participants in the conversation talk about things that happen one after another if the model can correctly infer things about this so here you can see uh what's the date today is september 28 2007. i have a meeting this afternoon when will it begin it'll begin at three o'clock what's the time now and then the model is asked to fill in this blank it is something and then continues i have to go now i don't want to be late the model says don't worry time is enough what's the most likely filling in the blank so you'd have to reason k meeting is this afternoon it will begin at three yet after that it says okay i have to go now but time is enough so maybe it's a bit before three you know not like one to three or something like this but it also not the day before or so out of the four options you have here the first ones would be okay because they fit the constraints uh the last ones would not be okay and in fact in this uh absolutely not cherry-picked example i'm sure uh the t5 both t5 and bird assign uh most mass to the last examples the data set uh is essentially made up of all kinds of these conversations and giving you options to fill in and you have to determine the ones that fit the constraints most the other data set is called this full qa and tests disfluent questions so it takes the squad data set which is a question answering data set and it rewrites it into questions where the speaker just kind of turns around mid question or corrects themselves or inserts something or says like oh no that's not what i meant this other thing and this can get quite complicated because you can start with an entity and then say oh no no but then still refer to that entity when you rephrase your question so the data set is supposed to test the model's abilities to handle that data sets like this in general are pretty cool because they test sort of human aspects of conversation however state of the art on these data sets is probably going to be reached by models that just heavily over fit to whatever the problems the data set construction mechanism is so if you evaluate things on these data sets what i think should be done is you should just train like your regular model without these things in mind and then evaluate on them as sort of one of the things maybe we can add those two to the super glue suite or something like this which gives us a more accurate picture than simply releasing them and then have a leaderboard for them that's just my

### [20:30](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1230s) VoxPopuli Speech Dataset

opinion in other dataset news uh facebook research releases vox populi which is a speech data set so there's speech data from the european parliament event recordings some of them are even annotated or translated interpreted into other languages so this is a very big data set unlabeled and labeled speech data so if you work with speech this might be something interesting for you

### [21:00](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1260s) Google Tensor chip coming to Pixel 6

next news google tensor debuts on the new pixel 6 this fall google tensor apparently is some sort of hardware i don't know this is a giant marketing piece it just says the google tensor chip will make everything very fast and machine learning and the new ui and then on the essentially and it'll actually say anything about the chip so um your phone is going to be able to do number numbery crunchy way faster than it used to be able to do it that's all i can say for now

### [21:30](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1290s) Pentagon uses AI to predict events

the pentagon believes its precognitive ai can predict events days in advance machine learning could help the military make proactive decisions rights and gadget so this is an article and it sounds a bit like out of a dystopian movie but apparently the us military has very large efforts into using ml to sort of predict icky situations that are about to happen and once you read into it it's apparently not that different from what they've done so far they just had like a whole bunch of people analyze all kinds of satellite imagery or emails from people that they just found on their computer like people sent it to them their private emails that's why they can read them legally um and they just had all these people go through all this data essentially manually maybe with some assistance and now ai is supposed to just be able to go through this data a lot quicker and flag any information that might be relevant for the human reviewers the technology itself seems fairly neutral and actually pretty useful in certain situations given that it's the military using it might have a bit of a bad rep but again it demonstrates that most technology doesn't really have a sort of moral underpinning by itself it's uh mostly in most cases about the deployment of any type of technology like you could use the same thing to predict days or minutes or hours in advance when icu patients will become unstable people actually do it and the underlying core technology is not gonna look very different from what is done here

### [23:10](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1390s) Sketch your own GAN

so researchers from mit and cmu release sketch your own again which is a paper and the method in the paper is essentially you take a gan that you have trained on some sort of data set here for example on a cat data set and you're able to additionally input a sketch as you can see right here and the system will adapt the game such that the outputs sort of match that sketch of course there's quite a number of hyper parameters in here a lot of engineering decisions but in essence it's a pretty cool way to control the output of gans and this is quite a hard thing to do and it's not entirely clear how to do it a lot of people research sort of disentanglement of features in gans so you can control individual dimensions directly but that kind of requires you to have either a data set of these individual dimensions so you can actually really take them apart or you just end up with some dimensions and you have to figure out what they are in order to control seems like a pretty cool thing you can give the gan a sample and in this case not even a sample of real data you can actually give the gan sort of a steering direction directly of what you want it to output so i can see this has many more applications beyond images and sketches technically you could apply this to a lot more stuff where you need to control the output of a generative model by some sort of demonstration which doesn't even necessarily have to be in the same space as the things you're trying to produce so overall very cool check it out

### [24:45](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1485s) Can a Fruit Fly learn Word Embeddings?

next paper that caught my attention can a fruit fly learn word embeddings by a whole consortium of researchers of different labs working together on this paper now it's click bait let me explain the paper itself is actually pretty cool so we understand fruit fly brains fairly well they're approximately like this now when i read the title of this paper is i want to see a fruit fly learn word embeddings or at least an attempt at doing these kinds of things however it turns out that the paper constructs a sort of abstract model of the fruit fly brain and then shows that abstract model can in fact learn word embeddings much like the word embedding methods that we know from nlp again the research itself is completely valid and very cool i was just sort of caught out by how important uh a title of a paper is because had it been for a different title a technical title i probably would not have clicked on it so the lesson is if you're trying to get people to read your paper a good title can go a long

### [26:00](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1560s) Master Faces beat facial recognition system

way okay the last paper that caught my eye is generating master faces for dictionary attacks with a network-assisted latent space evolution this by the blavatnik school of computer science in tel aviv and by the school of electrical engineering in tel aviv this paper essentially uses evolutionary algorithms and i love the darwin in this picture just to make clear we mean darwinian evolution and not lamarckian evolution hashtag nola mark so this paper constructs what they call master faces and apparently just these faces just 10 faces so each of these rows are these master faces just these faces combined are able to match a vast number of facial detection algorithms so what that means is if i go out and i encounter a facial recognition system to like let me into a door or into a phone or anything like this i can just try out these 10 faces and there is a high likelihood something like 40 to 50 that one of them will actually work which is insane this shows sort of the brittleness of the identification part of these facial recognition algorithms the potential for abuse for this is large like someone could get access to all the photos that you're about to upload to icloud or something like this like imagine that that'd be terrible fix this

### [27:25](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1645s) PyTorch profiler 1.9

this all right we just have one helpful library this week high torch releases the python profiler version 1. 9 so this seems to be a rather major upgrade that includes distributed training view memory view gpu utilization view cloud storage support and jump to source code which replaces the old feature of walk to source code well in any case if you use pytorch and you ask yourself why your code is so slow maybe try giving the pytorch profiler a look

### [27:55](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1675s) 0 A.D. gets reinforcement learning interface

next news zeroad is getting reinforcement learning capabilities this is a strategy game that is kind of popular with some people the cool thing is that it has now a direct interface for reinforcement learning meaning that it exposes an api essentially compatible with the gym interface that you know from basic rl so they even go through setting up some sort of a task for you with these five spearmen fighting against these five cavalry and they take you through training a dqn agent and then evaluating it directly in their game so if you're interested in reinforcement learning as it pertains to controlling games maybe this is a good topic for you to dive in

### [28:40](https://www.youtube.com/watch?v=gFkBqD2hbnU&t=1720s) BeatBot cleans up cigarette butts on the beach

and the last news yahoo news riot beachbot rover uses artificial intelligence to clean up cigarette butts so apparently there once was an engineer whose son dug up a cigarette butt at the beach and the engineer looked around and saw all kinds of cigarette butts lying around realized that they're quite bad for the environment and also not very pleasant to step into so he teamed up with his friend and built this thing called beachbot or bibi for short so this is essentially an incarnation of wall-e it goes around and automatically picks up cigarette butts at the beach how cute is that how neat so it does that fully automatically i think the bigger goal here is to sort of develop ai and robotics applications for sustainability the project in itself is not going to save the world here they write it can scoop up about 10 cigarette butts with its grippers within 30 minutes and it has to recharge about once every hour so pretty much it's out competed hopelessly by a single chainsmoker but what can i say it's very cool but i think such a robot could be better used to actually go and just poke people who smoke at the beach in the first place so bibi will get a companion pokey bb and pokey best friends on the beach let's go stab some smokers and then pick up a cigarette butt all right that was already it for this week's ml news on this beautiful monday i hope you learned something today if you did subscribe if you did not watch the video again then subscribe please check out weights and biases and i wish you a very pleasant week i'll see you around bye

---
*Источник: https://ekstraktznaniy.ru/video/12921*