Ask HN: What do you intend to do about Apple's invasion of your privacy?

64 points by livinginfear ↗ HN
For those —like myself— who are upset about Apple's recent decision to share perceptual hashes of your phone's private content with a third party, what do you intend to do about it? Are people changing phones to opt-out, or installing custom ROMs?

It's been very heartwarming to see that a large part of the Hacker News community shares many of my concerns regarding what I feel is a very invasive overreach by Apple. For my own part, this has been the incentive to stop procrastinating and finally get myself a phone that can run a custom Android ROM. I know this doesn't solve all of the issues of privacy on mobile phones, however it is a move much more consistent with my ethics, given my own dislike of Google's business practices.

63 comments

[ 3.0 ms ] story [ 114 ms ] thread
Nothing. Cos it's blown out of proportion.
Agree.

The computations are performed on device, but only for images that have been uploaded to iCloud.

I’ll keep on using Nextcloud for cloud storage and keep iCloud disabled as it has always been.

There’s more pressing matters right now

Nothing. It doesn't rank high in my list of things I am concerned about. It would be nice if there were other options to consider besides Android, as I don't really care it as an ecosystem.
i might buy an iphone. i read the materials they published and think it's a fine bit of engineering that balances end user privacy with abuse management for their hosted service. they don't share hashes with anyone, in fact they never leave your device, takes about 5m to grok that.
Applaud.

When I look at the alternatives (e.g., Facebook), I see pictures being stored in the cloud unencrypted, where they can be scanned for a match with the CSAM hashes.

Apple, on the other hand, is developing a system to scan for CSAM matches client side, in a way that allows pictures to be stored encrypted, and paving the way for full end-to-end encryption.

Assuming that scanning for CSAM is going to happen, which I'm generally in favor of, Apple's approach is more privacy preserving, and reinforces my happiness with their privacy direction.

If your phone thinks there is a match, your picture will be sent unencrypted to be viewed by someone at apple. How is that privacy preserving? Apple built a mechanism to pull a photo from your phone, without telling you it did so(!!!!!), based on criteria you cannot even inspect. If anything, that's worse for privacy not better - they can say they care about your privacy and yet have a secret way of downloading and inspecting any picture on your super-duper-totally-secure-we-swear™ device. At least Facebook's approach is honest.
> Apple built a mechanism to pull a photo from your phone, without telling you it did so

No, they did not. This feature is only enabled for photos that are synced to iCloud. If this applies to you, it is because you already assented to having your photos stored by Apple.

The FAQ covers this: https://www.apple.com/child-safety/pdf/Expanded_Protections_...

Again, I don't think that's honest at all.

Normally, photos are stores on the iCloud, fully encrypted, right? I always assumed that Apple had keys where they could decrypt your iCloud when complying with a legal investigation, where an actual warrant is presented.

This bypasses that privacy protection entirely - there is now a way for apple to pull your private photo out of your phone(yes, only if you were going to upload to icloud, yes), without needed an actual court order - it's matched against an unknown database, using an unknown algorithm, and uploaded for "inspection" WITHOUT TELLING YOU. So Apple just decides to break your own encryption, on your own device, uploading your data in secret for verification, because they suspect the material you have is illegal. Like, again, this is bad for privacy, not good in any possible way.

I just don't think this is at all compatible with the pro-privacy and pro-encryption stance they are taking, that's why I'm calling it dishonest.

Photos are only stored on iCloud with your assent. You can disable iCloud synchronization of your photo library with a flick of a switch. This preserves maximum privacy.

I disagree that Apple is being dishonest. The FAQ I linked to is clear and forthcoming, and explains exactly what is happening. It is true that Apple is doing something they hadn't done before and that few of us had expected, and they're no longer being absolutists about privacy to the same extent they were before, but that's not identical to being "dishonest." Dishonesty, in my view, refers to intentional factual incorrectness (1 == 2), not a disagreement about characterizations.

Finally, they're not "uploading" your photos. If this applies to you, then your photos were already uploaded to iCloud because you said they could. And they're not "breaking your encryption," they are operating in a decrypted context because you gave them your keys (albeit implicitly). Further, they're not even uploading your photo from your phone (which, again, you've already told them to do if you're using iCloud) for the purpose of analysis; they're reporting a fingerprint. Please read the FAQ in full - it's very clear.

> not good in any possible way

Many disagree, and would say that reporting child sexual abuse is, in fact, good.

>>Further, they're not even uploading your photo from your phone (which, again, you've already told them to do if you're using iCloud) for the purpose of analysis; they're reporting a fingerprint

Yes, followed by the actual photo for verification by a human, and if it's indeed a reportable picture it's then sent to authorities. It's very clear from their FAQ that's how it works. That's what I mean by apple "breaking" encryption - the photo is encrypted on the phone, and encrypted on the cloud - except that if their algorithm says it matches(or is just similar to) some hash somewhere, the actual photo will be sent without encryption to them for verification. That's the part I have an issue with. They are not saying to the authorities "hey we found something matching a known hash on this guy's device, do with it what you will"(in which case I'd expect the police to arrive with a search warrant), they do actually analyze, send through to themselves, verify and send to authorities the actual pictures from your phone.

The fact that a permission to store the pictures in iCloud was given before is again problematic, because apple repeatedly says that the iCloud contents are encrypted and they can't see them without a warrant - except in this case here, they can and they will.

>>Many disagree, and would say that reporting child sexual abuse is, in fact, good.

Beyond a doubt, yes, obviously. But the fight against child abuse shouldn't be at all costs, and every technological solution where our privacy is violated should be met with suspicion first. Not to mention the entire discussion about the dangers of this system existing in the first place, Apple saying they will refuse state request to add content detection that isn't related to child abuse doesn't really hold much water, sorry - if doing so is the condition to continue operating in a market large enough, they will absolutely do it and I have zero doubts they would.

Facebook is not the alternative. With Facebook you are making a conscious decision to share your photo with the world. Yes, the photo is encrypted but Apple is still matching the encryption to any photograph which they can identify later.

I don't have a better solution of how to protect innocent children, but you have to ask, what else is this technology able to do outside of it's intended use.

Lol.. if Facebook has them, that's because they're a sharing platform.

Meanwhile Apple's invited itself to look inside your storage device. Is this feature coming to MacOS, btw?

I thought Apple fanaticism was a 90s-00s thing.

Yes, it’s coming to macOS Monterey, as well.
This is a misnomer. Your iCloud photos are not end-to-end encrypted because they previously scanned them for CSAM. I have yet to see the announcement of a fully end-to-end encrypted photo storage service.

They haven’t even properly addressed the serious concerns for abuse of this from malicious actors (individuals, hacking groups, companies, government etc) past, “won’t happen here”.

I have a crazy idea. What if encrypted, but not scanned?
Nothing will happen, despite all the outrage. Unfortunately, it will blow over when they announce the M1X Macbooks and iPhone 13.

Given the many users who keep having a @gmail.com address, their privacy is already invaded by Google. Even switching off location on a typical Android device doesn't mean off. [0] Some people have to drastically flash a custom ROM to escape, where as most just won't bother.

As for the Linux phone ecosystem; they are not even ready yet. So for everyone outraged at Apple right now will just keep on using their Macs and iPhones as normal.

[0] https://www.cnet.com/tech/services-and-software/google-alway...

>Given the many users who keep having a @gmail.com address, their privacy is already invaded by Google

Sure, but the average Apple user is also using Googlestuff for search, or via mere browsing. Google has its hand in too much of the internet, they're unavoidable. He who swears fealty to Google need not interact with much Applestuff; the obverse is not true.

Google reads gmail to sell you shit; Apple reads your pictures to match against fuzzy hashes that are CSAM, we swear. And whatever other hashes a gag-order National Security Warrant might force them to include.

At first I intend to do nothing, and stay on iOS 14.

Then, I intend to sit back and watch the show, and see how it shakes out. I don't really expect much to change from Apple, but if anything does it's going to take time for it to happen, and it'll take time for any alternatives to surface.

Nothing whatsoever. While Apple has crossed a certain line with respect to fingerprinting of images stored in iCloud, it's at least for a good cause. If they cross another, further line, I'll have to reconsider then.
As far as I understand, the scanning is not limited to iCloud.
The CSAM scanning is only for images that are being uploaded to iCloud.
Then you, like I’m sure many others in this thread, don’t understand very far.
I stand corrected. But you don’t have to be an ass about it.
(comment deleted)
To be honest, many people on HN are being huge asses by acting self righteous about something they didn’t spend 30 seconds researching. So I think you reap what you sow.
I plan on probably selling my iPhone in favor of something dumber: maybe a lightphone or something (though its over-priced). I don’t know what I’ll do with my AirPods Max, which I love more than anything these days.

If I really reflect, I don’t really see what good a smart phone has done for me: it’s abused my attention for little in return. Of functions that make my life better, maps, a timer and a competent compact camera are essentially it. I’ll use my laptop for any other function.

The CSAM scanning isn’t alarming to me, but the general on-device photo scanning is. It’s not a question of if a state will abuse this functionality for something else, but when. It’s continuing to erode private life, and as most defenses of speech go: I’m often defending scoundrels and awful people to defend speech.

Privacy rights are taken away slowly, usually for good reasons.

I have not bought Apple in ages due to them not being power user friendly any longer, and now this seals the deal to never buy their products again.
Vote for politicians that want to address monopolies in big tech, so someday we have real alternatives to Apple and Google that I can consider switching to.
I’m not looking to immediately move from the walled garden of Apple. I’m heavily bought in with an iPad, AirPods Max, MacBook… and I’m not looking to plunk down that much money.

However, I have a planned depreciation cycle for all of my devices. During the next cycles over the next 2-5 years, I’m going to assess moving entirely to open-source (Linux laptop, reMarkable tablet, Kobo…).

Right now, my main blockers to go full open source are a lack of time and patience. Given I’m planning to head from a start-up into a doctoral program, I’m guessing I’ll be able to have a little more space to experiment. As well, the market within a two-year span horizon should be good enough to improve the smart phone market.

TL;DR: This isn’t enough to get me to sell all of my Apple gear, but it is enough for me to restart assessing alternate devices and potentially replace devices as they naturally wear out.

It's my belief that the FBI, CIA, NSA, CCP, FSB, Mossad, etc already had access to all my devices (IOS, Android, Windows). Anyone who thinks their calls, txt, computers, emails, physical mail, packages, etc are private are seriously mistaken. Everything from your Amazon orders, CC use, travel information, bank accounts, medical records, utility usage, etc is already available and fully accessible to anyone in the alphabet organizations. Apple announcing this is just them letting you know it was already happening at some level. You have zero privacy, they have been listening and watching everyone for a long time. Apples announcement basically let anyone who thought they had some level of privacy on IOS know that they don't and never did.
I think that's the wrong way if looking at it. Of course any of these agencies already have access should they need it. In fact, if want them to, provided they are actually investigating a crime and have a warrant to search my device - then it would be a bit of a joke if they couldn't, wouldn't it. What I'm not ok with is automatic scanning of all content, especially not with similarity based hashes.

To put it in a different way - I'm 100% happy for police to enter and search my house if they show at my door with a warrant. But if I had to have cameras installed in every room of my house scanning my every action to make sure I'm not maybe committing a crime, that's not ok.

Here is a use of this tech for authoritarians:

-generate hash of a meme criticizing Winnie the Pooh

-submit to Apple

-receive user addresses of every inferior citizen that would better serve the state by working in the cotton-fields of flyover country

Nothing. I think it is naive in the first place to think your data was ever safe on a closed platform. If the federal government or anyone else with influence over Apple is a serious part of your threat model, you probably shouldn’t be using a phone at all.

Did you ever read Three-Body Problem? I lead my digital life as if I am being watched and tracked all the time.

Right on. Love the reference to The Three Body Problem and surveillance. SciFi writer David Brin mentioned in conversation (a long time ago) that total surveillance was an unfortunate state of affairs, but people should push back to make sure they also have surveillance on political leaders, heads of corporations, etc. Basically end up with a system where everyone needs to keep their side of the street clean. - I hope I expressed what he said accurately.
(comment deleted)
I posted my napkin plan here on HN already, and in the time since, I've hardened my position on this. I'll migrate off and re-double my efforts to bring light to the alternatives. When I told my GF about where I stood on this, she thought about it for a while and said, "Phones are too much in our lives...", so she's onboard too.

They crossed the line, and I'm out of the Apple ecosystem. I don't think the objections are overblown, and I think they're causing real harm, in addition to the slippery slope concerns: 1) abuse is inevitable, 2) feature creep is inevitable.

I'll add this Twitter thread: https://twitter.com/alexstamos/status/1424054544556646407

(comment deleted)
I intend to move out of their ecosystem. First, they limited my phone to comply with their community standards. Then, they blocked anti-censorship apps. And now, they are deploying on-device surveillance. No, thank you!

I don't have a plan yet. I felt a lot more affinity for Apple over Google, given their security models, business models, data models, rhetoric, and OSes.

I plan on using squid to block Apple browsers on my network.
This sealed the deal for me. I always knew one day I would have to migrate away Apple. This is just where it starts. This software will be expanded and used by the US government and more totalitarian states world wide, it's just a matte of time. Wake up, the tool of your enslavement are being built. Tools of freedom like open source OSs and applications, E2EE, Bitcoin, and IPFS are the future. There is no room for compromises here. Either you create levers of totalitarianism or you don't. This is the first incarnation of one such lever and was probably inevitable.

My Apple Escape Plan

1. Backup and migrate all things caught within the Apple Ecosystem

2. Buy a Pixel 5

3. Load it with Graphene OS. https://grapheneos.org/

4. Over time replace cloud services with ones that use true and provable end-to-end encryption.

5. Delete Everything from Apple. Delete Account. Create New One pseudonymously for development use required with a duel booted Mac.

6. Migrate over time to decentralized cloud solutions on IPFS/File Coin

If you load Graphene OS or CalyxOS, can you side load apps like Kindle, Google Play Books, and Audible?

I think iPads are my favorite digital device ever (I write books, Mosh/tmux to dev servers, and great for consuming content) so the idea of leaving the Apple ecosystem is a sad idea.

You can install any free apps from Google Play through the Aurora store, however some of them may not work due to Google service dependencies not perfectly shimmed by microG. In general most things just work. It’s very likely that the Amazon ones would because they ship Android devices without Google services.
Leaving iOS. Buying a Fairphone and crying about the lack of anything like Apple Watch.
1) not buy any more apple hardware; 2) stick with AOSP until there is a pure-play FOSS phone solution I can live with; 3) run snow leopard server in a VM on a Linux box. SLS is IMO the apotheosis of what was good about Apple, and it still feels natural; 4) run separate Win 7 instances in other VMs to handle Win-only software I need.
I intend to not get taken in by hyperbolic and paranoid handwringing.

Sharing hashes with third parties? Seriously?

Personally, I found myself frustrated with Apple before this announcement. That was an odd experience because I normally find Apple devices to be frustration free. It only bothered me a little that iOS devices are so locked down, but not enough to actually do something about it. I liked everything else about the ecosystem. The thing that kept me hooked were first and foremost Apple's trackpads and display's. After that, an operating system that seemed to stay out of your way but still managed to protect you from doing anything really stupid. I even liked the keyboard on the MacBook.

Then, I bought a 2019 MacBook Air. One with the new keyboard design. It failed in six months and required three separate trips to the Apple store to get fixed. One day I couldn't get anything to load for about an hour. It turns out Apple's binary signing servers were down and that caused my self installed binaries to fail to load. I felt I had graduated from that sort of nannying by then.

Right around the time Big Sur became available my MBA refused to use my external display. It had worked perfectly for a year prior. Some searching revealed many users resolved their display issues after updating their OS. That seemed more like a coincidence but I had unplugged and plugged everything in at least twenty times by this point. I was ready to try anything. I upgraded to Big Sur and my monitor connected again. I always found it odd my system destabilized when that update became available. Probably a coincidence though.

iOS 14 killed the battery life on my iPhone 6s. It's an old phone, but I bought it new in 2019. I can get pretty reasonable battery life if I turn low power mode on, but it turns off automatically when the phone is "sufficiently charged", and I don't receive it to be much better than the battery life I got before iOS 14.

Recently, I have noticed my Magic Trackpad is much more "glitchy". The cursor jumps around the screen, for example. That was really the thing that always held me back from jumping ship. I really like the trackpad. A lot. At lead I did.

That's a long way to say already felt Apple was going backwards, not forwards. Still, Apple is pretty good. I'm afraid to pick something that I might find worse.

You have to give up a lot if you want to leave the major closed ecosystems (Apple, Window, and Android). In a way you are making yourself a digital second class citizen. You can even see the way the major close source ecosystems try to make you a second class citizen on their platform for choosing another platform. MS Office alternatives for a long time, and maybe still are, never quite fully comparable with the genuine article. If you are an Android user and all of your friends use Apple your friends get a crappy experience compared to the experience they have with others using iMessage. You're practically a burden to communicate with.

If you want to have privacy, I believe you must accept becoming a true second class citizen, or go to extreme lengths to maintain you privacy (and maybe still be a second class citizen anyway). I understand everyone is questioning what Apple is doing, but we should be questioning all of the privacy invasion we are forced to accept to be first class citizens in our society.

You must give up some privacy or accept a degree of second class personhood for the following (in the USA).

- Driver's License: Picture, address, physical description (including weight), and signature. It is very impractical to go with out a driver's license in most of the United States.

- Credit Score: This example is actually unreasonable because you can't actually opt out of having a credit score. You are also punished for not participating with a lower credit score.

- Bank Account: You need to provide personal info to open a bank account. It isn't easy to function without one, and you will pay more money to have access to the money you are paid via payroll check.

- Job: You ne...

How exactly Spotify (on desktop) invade your privacy? You can block telemtry by blocking specific url's and IP addresses (hosts, Pi-hole, etc.)
But you'll still need to create an account and share your listening preferences with them to use their service.
Sure, but it is not necessary privacy invasion.