Yes, but cryptographic hashes are irrelevant here because they'd allow to easily bypass CSAM by modifying/appending a single byte.

Apple is claiming to have a visual equivalent to a cryptographic hash -- one which won't change with a single byte, but only if the image is substantially different.

At least their security analysis relies on that.

From their whitepaper: "The threshold is selected to provide an extremely low (1 in 1 trillion) probability of incorrectly flagging a given account"

If your claim is that their hash algorithm isn't cryptographic, their security analysis is incorrect.

Their security analysis is obviously incorrect.

"equivalent to a cryptographic hash" "change... only if the image is substantially different"

Both are not true, cannot be true.

It's trivial to cause a neural hash non-match-- either imperceptibly with a little noise, or by adding an overlay on the image.

If you downsample and quantize an image before sha256ing it you get a bit of robustness to accidental false-negatives. While both schemes are trivially bypassable.

If I found one collision by accident, would that be any significant?

Yes, absolutely. It's technically possible to find SHA256 collisions accidentally, but it's so unlikely, that if you found one, it would merit serious investigation. People would not believe your statement that you found them accidentally, and "oh, I guess mlajtos really just found the colliding pair by chance" wouldn't be declared until after a very thorough investigation. In the meantime, major stakeholders (e.g. Bitcoin) would probably move away to another hash function, just in case.

Dwyer calculated 1431168 NeuralHashes and found two collisions. Humanity collectively calculates over 120000000000000000000 SHA-256 hashes every second. Still, we're reasonably sure that this immense brute-force search will not lead to any collisions in any reasonable amount of time.

A good perspective on how big the SHA-256 hash space is: https://youtu.be/S9JGmA5_unY