I think we are all throwing wrong questions at wrong entities. What we should ask is what the hell is going on and what is forcing everyone to implement backdoors in this organized manners.
China. Specifically, gradual capitulation to China.
"Apple's earnings for Greater China in Q2 2021 were up 87.5% from this time last year, to $17.7 billion. During its latest earnings call, Apple has announced dramatically increased revenues from Greater China for the three months ending March, 2021."
China has cracked down hard on domestic Internet companies over the past few weeks (deliberately crushing their tech stock market to rein in these companies and enforce governmental data surveillance/control). They're not going to leave Apple out.
Apple literally cannot lose that market. Its market cap would be halved. Saying they're going after child abuse in the US using a new algorithm is the perfect cover for gradual entry into enabling mass surveillance for China. No one can argue with the child abuse use case, but there will be plenty of consternation when this is used to scan for messages critical of Xi and the boys.
The coffee shop hacker culture belives there is such thing as good and bad companies, hence why Google has been able to fool them with "do no evil" crap.
I still don't see the why though. It seems obvious to me that nothing is to be expected from corporations, other than a hopefully nice product at a reasonable price. Anything other than that sounds like wishful thinking to my ears, but I might be philosophically wrong.
This is all pure speculation. Everyone in china is using WeChat anyway. China have this capability already. No one is sitting around a table thinking: "What do we do about Apple Messages", and if they were their solution would be: Block Apple messages. NOT: Ask an American company to implement spying for us and trust that they'll do it accurately... non sensical.
As pointed out this feature isn't even being launched in China.
But sorry to derail your narrative: China are the bad guys and all bad things are because of china.
That’s right let’s ask for the source of the extremely believable claim of only launched in US[0]. But no one sourcing the “China is pressuring Apple to do this”.
As stated in the article Apple have said it is US only and will be switched on country by country… so surely if this was “BeCAusE ChIna!!!” It’d be switched on there first right?
Not at all. But the consistent “China are evil, and that is the reason These pure US companies do bad things” is infuriating. Then when you point out the fallacy of this kind of thinking getting one word: “source” adds to the frustration.
Even if it was launched globally it didn’t at all invalidate my point. They would ban the entire App in question, not back door it. See Facebook/Twitter as a well known example.
“China are evil, and that is the reason These pure US companies do bad things”
Literally no one is saying this. You're getting incredibly sensitive over a regime that just thwarted investigation into a pandemic that has killed more than 1 million people and making irrational arguments to defend it.
"hey would ban the entire App in question, not back door it. See Facebook/Twitter as a well known example."
Ban *which* app?? The iPhone is not an "app" LOL. It's a hardware device with both software and hardware privacy constraints antithetical to the Chinese government's desire for pervasive surveillance.
Apple is gradually shedding its hardcore privacy stance to retain its fastest growing market. It's not difficult to see if you take off your "ANYTHING BAD ABOUT CHINA IS RACIST!!" goggles.
TLDR: China is bad. This change is probably not because of china, but china will certainly use it.
> China are evil, and that is the reason These pure US companies do bad things
China (the gov) is evil.
> is the reason These pure US companies do bad things
The companies are not pure. China certain does things to coerce them them to do bad things that wouldn't otherwise do. Some things are very bad. Some things aren't bad inherently, but are very unlike apple. Examples:
[1] Hong Kong app removal
[2] iCloud CN being run by another company.
> They would ban the entire App in question, not back door it
China already does this, except it's a phone not an app. They already monitor in-flight data [3], so likely not a huge concern for them, but considering the monitoring they do, why wouldn't this be a nice perk for them. Personally, i doubt that china required apple to do this since they already get what they want. I'm sure they'll love to (ab)use this though. I'm confident that a government somewhere wants this (new UK/EU anti-e2ee laws?).
China can't ban the iPhone, apple actually has that much political power. They are a huge poster child of chinese manufacturing power. Every time a senator asks tim cook to move manufacturing stateside and he says that only china is capable, it pumps china up.
> Personally, i doubt that china required apple to do this since they already get what they want.
Then we agree. That is exactly what I said.
Re Chinese gov is evil - ra ra ra.
No they aren’t. Well no more than any other country. They just see the world and their place in it differently to you. But they haven’t invaded anyone since Ghengis Khan … yet they’ve been invaded by most of their neighbours and most of the American and European powers. In that context their view and action looks tempered, not evil.
“they just see the world and their place in it differently to you.”
You’re so right. For instance, the Chinese government sees that nothing of importance happened in Tiananman square in 1989 while the rest of the world sees a massacre.
This is pure BS. "Everyone in China is using WeChat anyway."
Really? Chinese citizens don't use their iPhone cameras to store photos locally? They only use WeChat to take pictures and store them? Gee, you should tell Apple AND Tencent this! It would dramatically shift their product development path.
Where did Apple Messages come into play? What does that have to do with locally stored photos?
"This feature isn't even being launched in China" -- yup. Apple has definitely never launched a feature first in the US then rolled it out worldwide.
"But sorry to derail your narrative: China are the bad guys and all bad things are because of china."
Who said that? Seems more like you've got a bias to apologize for the regime than anyone else has a bias to impugn it.
My point was the gov can already track everything because they are hooked into WeChat. So yeah… they don’t care what Apple do, cause as soon as it’s on WeChat they can see it.
That’s why I mentioned Messages… because that’d be the alternative.
Literally the OP said: “it’s China that is causing Apple to do this”… so in answer to your question: the OP.
Not apologising for the Chinese government. Do you call Biden administration a regime?
So you think if Apple announced a new algorithm that would be used for mass surveillance of the Chinese, there'd be some kind of mass outrage. And to avoid that mass outrage, they're starting with mass surveillance against Americans instead.
None of that makes sense. Why would using the system only to target child abuse in the US make people change their mind about using it against political dissidents?
Well, speaking broadly: that’s not how politics works.
If you go for a thing directly you show your hand and get a lot of backlash.
Case in point: the British NHS (because we can see it happening in real time).
Add the capability to do something for a good reason (NHS spending should be more efficient; we need approved suppliers // do it for the children) in order to make the further move of what you really want without much resistance (privatise parts of the NHS; eventually much of the NHS // back door every terrorist, dissident, detractor)
>If you go for a thing directly you show your hand and get a lot of backlash.
In this context, it is exactly how politics work, and you have described shifting the Overton window or even floating the Trial balloon.
re: NHS.
The case you are making doesn't fit your reasoning. As for privatisation in general, the current government is following a very basic rulebook:
1. Sabotage/kneecap an institution/
2. Offer a solution involving cronies/
3. Achievement Unlocked
1. For example, some Tory MP's (the elite that make the decisions for the plebs) don't need to rely on NHS for healthcare exclusively, hence they have a callous attitude towards it. They deploy all manner of subterfuge, replete with claps, lies and smiles, to starve out a public service funded by taxpayers.
2. The ultimate goal; offer a solution to the problem you manufactured (1) and share the spoils amongst yourselves, by awarding/rewarding and looking after each other's interests.
You're deliberately ignoring the use case, which makes your argument look silly.
Scenario 1: Apple announces Orwellian system to thwart child abuse in the United States.
Scenario 2: Apple announces Orwellian system to thwart Chinese dissidence.
Which one sounds more palatable to you? To the world?
Apple *has* to take an orthogonal approach to giving China the surveillance capacity it desires. It can't openly enable a regime that just covered up and obfuscated investigation into perhaps the greatest human tragedy of our generation.
Apple wouldn't unlock a single iPhone for the FBI in a terrorism investigation... but it will deploy mass on-device privacy invasion for people who aren't even suspects to thwart child abuse?
Ask yourself: What changed?
If you believe Apple suddenly shifted their privacy stance on a whim, and isn't being subtly pressured by the Chinese government to develop new means of device access and control, I don't know what to tell you...
>Which one sounds more palatable to you? To the world?
Your claim is that somehow scenario one makes scenario two suddenly palatable. Like people will say "oh, they ran an allegedly limited surveillance program for the US, so who cares if they run an unlimited one for China?"
>Apple wouldn't unlock a single iPhone for the FBI in a terrorism investigation..
Apple willingly offered to help unlock that iPhone. They're methods were blocked due to police mishandling of the device, and they were unwilling to pay to develop a backdoor for their own product.
>If you believe Apple suddenly shifted their privacy stance on a whim, and isn't being subtly pressured by the Chinese government to develop new means of device access and control,
This thread is about the FBI getting Apple to continue allowing easier access to devices. You brought up the example of the FBI trying to force Apple to allow them to access their devices. And the most recent event is Apple's surveillance of American devices. Yet somehow, you think the only possible reason Apple may be changing their stance is China.
2. Apple has always been less pro-privacy than you claim.
3. Everything mentioned here involves the US wanting more access. You claim that is proof of Chinese influence, rather than the obvious US influence.
I'm not seeing a multitude of spelling or grammar mistakes either, though I will admit that one sentence was poorly constructed. And I see a wrong "they're" I blaim on auto complete, though still my fault.
> This really is something Tim needs to address before he again stands on stage and give lip service to Privacy with a capital P.
Cui bono?
Why does Tim Cook need to address this? To benefit Apple shareholders? To assuage the doubts of Apple customers who bought the false claims that Apple has made regarding their respect for users privacy?
Truth be told I don't think that Tim Cook as CEO of one of the richest and most powerful organizations in history needs to do anything because Apple has their customers by the balls. What are the few Apple users who even care about this issue going to do? Switch to Microsoft? Linux? Hah!
Face it, Apple users have made their bed and now they have to lie in it. People have been warning them for years about the Faustian bargain that they were making and how it was corrosive to society to entrench an entity like Apple and now here we are.
Every claim that Apple makes about respecting user privacy is false because Apple does not allow users the means to independently verify the claims made by Apple regarding security. Additionally Apple does not allow users the means t control the hardware that they purchase by for instance, installing whatever software that they want on their devices.
Apple has been using some dark patterns to force people to use iCloud. Telling them they haven’t finished setting up their phone. It notifies you until you sign up for the free tier, and then when that’s filled up it pesters you again
> Face it, Apple users have made their bed and now they have to lie in it.
Well said. They now finally realise that Apple Inc. was never their friends in the first place, like I have always said.
They cleverly used privacy as a marketing trick to lure them to buying into their ecosystem and to cover their suspicious acts under the reason of 'protecting the user's privacy'.
Given there are lots of Apple users buying M1 Macs, it is more likely that they would need to back up / restore from iCloud as they already do this on their iPhones.
So yes, they are so entrenched and locked in the Apple ecosystem, they won't move and will stay there for good, no matter how many times Apple screws them over. They are not your friends and only on the side of profit.
As I've mentioned in another thread, Apple has been marketing itself so strongly as the leader in privacy that it now speaks about how it now treats privacy as a "fundamental human right". Their executives started using this phrasing when discussing privacy.
It is an extraordinary claim that requires extraordinary commitment and action. To me, at least, that means privacy without compromise - and for everyone. ("Fundamental human rights" apply to all of us, right?)
Privacy with a bunch of disclaimers attached to it indicating all of the conditions under which your privacy will be abridged is not privacy. And it's certainly not the behaviour of a company that treats privacy as a "fundamental human right".
Apple needs to get a grip when it comes to dealing with and living up to this self-stated core value. I think that given the waves created by this CSAM on-device hash checking announcement and the questions many have about how to square this with their privacy talk, Apple's executives should say something and they should be unequivocal in what they say.
Apple is doing the right thing. About 1 in 4 girls and 1 in 13 boys experience child sexual abuse in the US at some point in childhood (underreported) [1].
What's more important? Your right to "privacy" (which you can still invoke by simply not using iCloud) or their right to a normal life?
And yes, their CSAM detection has lots of false-positives, but it will evolve. It will be doubleplusgood.
>What's more important? Your right to "privacy" (which you can still invoke by simply not using iCloud) or their right to a normal life?
My right to privacy of course because the other option is a strawman. What you are doing is the typical slippery slope of selling out something for everyone because of a small minority of criminals.
"Should criminal Mr. X be allowed to do Bad-Thing-At-Level-10 to Small-Amount or should we do Bad-Thing-At-Level-1 to Everyone?" None of these are correct. Both are or should be illegal.
Did you look into this? Because those who know how this system work says that not only will Apple's system not work it is also clearly illegal:
This is getting rolled out in the US, with one of (if not the) biggest populations of innocent people being put in prison in the western world. Where mass-surveillance is, well, massive. If this hasn't specifically been made to be abused as a backdoor it will quickly any way.
25% of all girls (officially). That's not a small minority of criminals, that's a national tragedy.
Americans must use every legal and constitutional tool in their arsenal to fight abuse and protect their children. The numbers make clear that the old rules no longer work.
And it's "clearly illegal" because of... what? Because his (unnamed) attorney claims it's a felony? What if a different attorney claims it's perfectly legal?
It's just a CSAM detector for content you upload to iCloud. We're willing to shut down schools and shops to save lives but if there's a theoretical .000001% chance that some rando might look at my beach photos, it's suddenly mass-surveillance backdoor China stuff? Come on. We live in a society.
How is this general and decontexualised number, with no definition of what is considered "sex abuse", relevant to the matter of scanning for pornographic images on iPhones?
You're trying to play to people's emotions by emphasizing the perceived gravity and prevalence of the problem of sex abuse in general, and then trying to use that emotional momentum to argue for something largely unrelated.
> Americans must use every legal and constitutional tool in their arsenal to fight abuse and protect their children.
They could start by regulating guns. That would prevent the death, injury, and traumatisation of many children[1]. As a bonus, it would do the same for adults[2].
Or they could deal with the “urgent and preventable crisis” of having 1 in 6 children living in poverty[3].
People in these discussions aren’t against protecting children. Rather, they’re questioning the ulterior motives behind specific policies. If governments and companies could be trusted to keep their promises and not overreach, no one would be batting an eye at the recent Apple announcement. But historically, the inverse has been true: they’re pretty much guaranteed to try to abuse the system.
> Please don't use Whataboutism to derail this thread.
Please take my reply in full. The third paragraph addresses your larger point—consider it in isolation and the argument stands. The first two are there to provide context—they cover the notion that many in power only care to “protect the children” when that slogan helps them reach their own goals.
Your posts were downvoted to grey; there’s nothing to “derail”. I’m pointing out to you that the larger discussion isn’t about CSAM, but about the very real possibility that CSAM is being used as an excuse for a stepping stone to a system which will be abused for unrelated matters.
Why? They keep claiming being earth loving green hippies while mandating shredding of perfectly repairable/reusable products. https://www.youtube.com/watch?v=IBqSOA9wRPk Doesnt seem to bother too many of their clients.
> On-Topic: Anything that good hackers would find interesting. That includes more than hacking and startups. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual curiosity
Because someone found it interesting and curious with the state of things.
The point is that offline content detection on data that will be uploaded to iCloud feels like a prelude to offline detection of all content on your device.
In fact, given that Apple do not E2E encrypt backups and already implement CSAM functionality by scanning data in iCloud [1] it's not clear what the purpose of the new PSI/CSAM system is. Which leads many to speculate that it's only purpose is as a prelude to scanning all offline content.
Some have speculated that with the introduction of the PSI/CSAM system Apple will enable E2EE backups. Given the lack of an explicit statement on Apple's part and their history regarding E2EE backups (this article, and other statements). It seems really unlikely to me that Apple will enable E2EE backups.
Under E2EE, assuming the device key is randomly generated, if you have one device (as many users do) and you lose that device you would lose all your data. The alternative is the key is derived from your iCloud password, in which case, if you forget your password, you lose all your data.
Right now, you can browse your photos online. There's been no statement that this is going away. Implementing this functionality with E2EE backups seem highly problematic.
These are huge changes to iCloud functionality that Apple would surely announce...
There are many open questions. And given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.
There is a third option, which is to use secure elements in the datacenter to encrypt the device key with the user's screen lock code. The secure element prevents brute force attacks even with a low entropy passcode. The user can restore their backups on a fresh device only knowing their screen lock code, but backups remain end-to-end encrypted.
Google has done this for Android backups. Apple has actually done it too, but only for Keychain passwords and a couple of other things. So Apple actually already has an implementation of the right solution and intentionally prevents you from using it to secure your backups, reportedly because they failed to stand up to the FBI. Which is strange given their public stance in the San Bernardino case.
This still seems like it would require a significant change in functionality, which they would likely announce. I.e. lose your lock code, lose all your data. Also, are you going to enter your lock code online to browse photos in a browser? What about syncing between devices?
In the absence of an explicit announcement regarding these changes in functionality it seems unlikely to me.
You're right, Apple is definitely not going to secretly enable end-to-end encryption without announcing it.
If this client side photo scanning thing is part of an ongoing plan to eventually enable end-to-end encryption of iCloud, then Apple made a huge blunder. They should have waited until end to end encryption was ready first so that they could announce it simultaneously.
Reverse engineers can examine the snitch to see what it's looking for. Without semi-E2E, Apple could hand over every photo of every account to China and we would be none the wiser.
The problem is when local law requests data on someone from another country. Then everyone in the world's iCloud data is only as private as the least private country with influence over Apple (the US isn't that country IMO).
> if you have one device (as many users do) and you lose that device you would lose all your data. The alternative is the key is derived from your iCloud password, in which case, if you forget your password, you lose all your data.
That's a really interesting link, thanks. I'd not seen that. This statement:
> The service requires Apple to maintain access to your data to help you recover it. For your privacy, Apple can’t access or help you recover your end-to-end encrypted information, such as Keychain, Screen Time, and Health data.
Seems to suggest that there is no change to end-to-end encryption on iCloud.
> Purely coincidentally, the imminent next release of iOS adds new account recovery options
The scariest thing about this update to me is that it makes one's iCloud account incompatible (permanently?) with iOS and Mac devices that are not on iOS 15 or Monterey.
Also if Apple did enable E2EE backups then law enforcement would put tremendous pressure on them to expand what they're scanning for in this new client side CSAM layer.
A viable alternative is multiple LUKS-style key slots, one per registered device that can be unlocked with a device keys, and one that is by default encrypted with a key derived from your iCloud password. If you lose all your iDevices _and_ your password at the same time, you lose your data.
They could also make this opt in (add another escrow key slot by default, but allow you to promise that you've written down a recovery key and then destroy the escrow key slot).
Online browsing would use the iCloud password to decrypt the images client side. Thumbnails could be generated client side and stored alongside the images under the same key.
> If you lose all your iDevices _and_ your password at the same time ...
I don't know how this is with iPhones (I don't own one), but with Android these events are almost 100% correlated for many people. That's because you never get prompted for your Google account password on your phone. If you don't use the same Google account on your phone as on your desktop, or don't really use your Google account on the desktop that much to begin with (both apply to me and plenty of others I'm sure) then you might never need to know your password. I've seen people not even realise that they have a Google account, despite using one every day on their phone. Is there anything significantly different with Apple accounts?
In case it seems unlikely that someone would not use their phone account on their desktop, remember that plenty of young people today don't even have a non-phone device.
Right, because there isn't the end-to-end encryption scheme that we're currently discussing. You seem to have missed the point of the conversation:
Comment 1: The problem with adding end-to-end encryption is that password reset is no longer possible (or it's possible but your data is lost)
Comment 2: You can come up with an end-to-end encryption scheme where you can reset your password and keep your data so long as you still have your phone (or when you lose your phone so long as you remember your password)
Comment 3 (mine): But if you lose your phone you often don't have your password any more, so that doesn't really help
By "Is there anything significantly different with Apple accounts?" I really meant does it often ask you to retype your password or otherwise force you to remember it.
> “That's because you never get prompted for your Google account password on your phone. […] then you might never need to know your password.”
This is so true. 1Password silently changed their UX on iPhone app 4 years (?) ago and the primary password was not required between app-quit. I had tweaked my password after using it every minute one weekend installing a new system. When I finally needed the master password, the new password was not accepted. Evidently I misremembered the tweak. That experience still burns me. Not forgotten, not forgiven.
iPhone requires iCloud for purchases, but I use touch password and bypass this. I never need to use iCloud password.
WhatsApps 'pin' method is a good one to prevent users forgetting passwords.
It periodically asks you for your password. If you get it right, it will wait longer before re-asking. If you get it wrong first time, it'll ask again more frequently (and let you pick a new one IIRC). Works pretty well against forgetful humans.
>If you lose all your iDevices _and_ your password at the same time, you lose your data.
This is the risk most non-tech Apple users aren't willing or even expecting to take. No way Apple would enable this, even as opt-in, because many would misconfigure it, lose their data and blame Apple that failed them.
And good luck explaining they need to buy another iPhone and guard the two instead of one to be truly secure.
At this point, with Apple introducing a feature for law enforcement the general public had no opinion on or interest in, I'd argue Apple is more likely to expand what the new system does than improve E2EE.
Pretty insane that one needs to kowtow to illegal spies to be able to publish software.
Seems like a 1A battle they don't want to fight, because the actual retaliation for the 1A exercise would come in the form of regulation or antitrust that is unrelated to the publication of the objectionable software.
Apple (or whomever) could sell a "backup box": a simple embedded device with RAID 1 (mirroring) storage and the usual data/charging port(s). First time you plug an iphone into it you are asked to verify using the connected device to store backups.
The user then uses the "backup box" as their regular home charger. Backups happen automatically while charging. The user doesn't worry about keys; attack surface is limited to physically local risks (no network!). People already understand how to protect a physical device: lock in in a safe, move it to a safer location, etc. Instead of trying to solve the security problem for the user, give the user tool they can understand that allow them to protect themselves.
An obvious solution would be to allow third-party storage services where you can dump your device data pre-encrypted and restore from those services. Only you would have the key. It isn't hard to implement.
The hard part would be getting the US security apparatus to allow it. ALL major storage providers DON'T support end-to-end encryption for this reason. Not Google. Not Microsoft. Not Apple. Not Dropbox. Isn't this interesting?
Furthermore, talk of supporting end-to-end encryption is basically NOT in the Overton window in these companies as far as I know. Discussion of it is met by silence from management. It is weird when you begin to see the spider webs of power in society.
All those people positing that it this is an effort by Apple to push for end-to-end encryption are either disingenuous or wrong headed. If Apple even thought about end-to-end encryption, the whole US government would come down on Apple like a ton of bricks.
Apple has shown no recent indication of even leaning in this direction. Not only does Apple not directly support end-to-end encrypted backup on iOS devices to third parties, it precludes it from happening. You are stuck backing up to your Mac or jailbreaking.
EDIT: There seem to be a few small movements in this area. Dropbox has their Vault with pin based protection. Seems incredibly and intentionally weak.
> The hard part would be getting the US security apparatus to allow it. This is why ALL the major storage providers DON'T support end-to-end encryption.
I don't think so. The reason is there's no money to be earned with being simply a storage provider. Additional processing, indexing, workflow tools etc. is what people pay for. That's not possible with E2E encryption.
This isn't the kind of "storage provider" we were talking about. As long as you simply put blobs in there, you don't need end to end encryption, you can simply do the encryption yourself (like people do with these services).
>Some have speculated that with the introduction of the PSI/CSAM system Apple will enable E2EE backups.
For me it seems that latest changes do not change anything, FBI will still object with the same reasons as in the past, because they will have a legal obtained warrant and they need the user backups/phone content. I do not see Apple fighting this in courts especially now when they also have a big fight vs Epic and a fight vs right to repair.
> I do not see Apple fighting this in courts especially now when they also have a big fight vs Epic and a fight vs right to repair.
Apple already gives up data on tens of thousands of users and accounts each year in response on requests from governments. Apple keeps statistics about those data requests here[1].
For reference, Apple gave data on over 31,000 users/accounts based on FISA requests and National Security Letter requests in the first half of 2020 alone[1].
During that same period, Apple provided data to the government's requests (non-FISA or NSL) about 9,000 times, and responded to requests for data with the data about ~85% of the time, and 92% in cases of "emergencies"[1].
Yes, so I do not see Apple implementing true end to end encryption and telling to the FBI/NSA to fuck off. The fact that Apple can catch some CP now won't convince the government or some judges that is fine to stop the collaboration. In fact I can see it more likely that in secret or with a judge approval new hashes would be added into the secret database(maybe someone leaked some stuff to the press and some gov want to catch the involved people)
Just fyi the new acronym CSAM (Child Sexual Abuse Material) is much more fitting.. CP just makes it seem like dudes getting off on pictures and not evidence of a crime having taken place which is how I had it explained to me.
I'm sorry it offends you, but if you listen to a decent explanation it makes much better sense. There's more to it than printed material (definition of pornography). It's photographic evidence of a crime scene.
This is like giving into terrorists. FBI/NSA/local cops won't be happy until they have software regularly scanning everything on your computer for "criminal" activity and uploading it for them to review and add to your "social score" much like China is already implementing. I wouldn't be shocked if this wasn't built in anticipation of China cranking down the thumb screws and Apple wants to be able easily comply with spying on citizens in those nations whose government desires to do that.
> It seems really unlikely to me that Apple will enable E2EE backups.
And even if they did, how would we verify that the code they instruct our hardware to run does e2ee correctly, without bugs or backdoors? Apple doesn't seem to be in the habit of opening much of their code or (on mobile) allowing users to install unapproved builds. Unless that changed, I would be skeptical, just as I am of all "e2ee" software that cannot be independently audited by anyone at any time.
Out of curiousity how are you auditing the pre compiled binaries of otherwise open source software?
I spent 2 months going through the signal code base checking it and now I need to audit the production code on their servers as well as the binaries they have compiled. Any tips?
I find it's much easier to audit the source code, and build the binaries yourself from that code.
Also, it's a collaborative effort. If you build your binaries from the same sources that other people use, then you can split up the work, and you all benefit from anyone's discoveries.
Obviously, we don't have perfect verification of the code we run. People can overlook things. Compilers can be subverted. Operating systems can be pwned. Malicious hardware can undermine all of our efforts. But let's not let perfect be the enemy of good, and let's not fool ourselves into thinking that faith in a corporation is a substitute for transparency.
> There's been no statement that this is going away. Implementing this functionality with E2EE backups seem highly problematic.
No more problematic than WhatsApp offering WhatsApp web (web.whatsapp.com) or Signal offering its desktop client while being fully end-to-end encrypted and routing communications through the phone.
I don't think it's highly problematic to browse end 2 end encrypted photos online. You need to decrypt them on the browser, but it's nothing WebCrypto or WebAssembly can't do.
I played a bit with crypto in a web browser using Rust and WebAssembly, and it works perfectly fine.
> if you have one device (as many users do) and you lose that device you would lose all your data.
Apple has given that excuse before, but they could just provide the option with a serious warning, or make you jump through a couple of hoops first.
Apple is known for not bifurcating user experiences by giving users many options to choose from, but they are also known for their stance on privacy. I don't see why they wouldn't allow for this, maybe at first to trial it on the few that want it before deciding to roll it iCloud-wide.
If I were Apple, from a legal standpoint, I'd prefer not to have the ability to decrypt my users' data. Only in that light does it make sense to introduce the PSI/CSAM system on Apple devices, so you can claim you don't host such content, even if you allow users E2EE backups.
Yep when apple releases this monstrosity there is literally no way around it unless you encrypt your files before they ever hit your iphone or mac computer. Then they'll just be scanning encrypted data which is theoretically protected. Technically they will (at their discretion) only scan stuff headed for icloud. Theoretically it is still very possible for them to scan things on your phone and report you no matter whether you use icloud or not. 100% if you are using icloud everything will be scanned that's considered a "photo" before uploading it. Eventually (I predict with 99% probablity) this will be slowly extended to scanning everything on your iphone and imac equipments for other "criminal activities" such as financial transactions, all documents, etc for whatever the government at the time considers "criminal"
Some also the introduction of the PSI/CSAM system to Apple means anything they do can no longer be considered E2EE as there is a built in backdoor to the encryption that allows a 3rd party to scan communications, as such it should not be considered a End-to-End Encryption system
I don't know why anyone would assume this changes anything with regards to E2E at all.
Like you've said, Apple haven't announced anything, and I don't see what the business case is from their perspective when most people don't know or care what that means (but surely will care if they lock themselves out of their data forever).
I was patiently waiting for the M1 16in MacBook Pro to come out. After reading all these revelations, I am now considering not buying the new MacBook Pro and instead, just stick with Linux.
I am an app developer who was thinking of upgrading to the next M1 Mac mini coming out later this year. For my work, I pretty much need an Apple hardware. However after this whole privacy debacle, I have started looking into Hackintosh and whether I can build one to for building my apps.
If anyone has experience with developing for iOS/MacOS on hackintosh, please let me know your experience.
You can build one. Lots of guides out there and compatibility lists for components. It’s going to be a science project though with only community support for an adversarial operating system.
If you plan to use it for work then buy a Mac. It’s a tool for a job.
I don't particularly need macOS for anything else except the app development work. Other stuff, I can get done on Ubuntu. I am looking into whether I can run MacOS in a VM on Ubuntu.
Mostly because I don't particularly need macOS for anything else except the app development work. Other stuff, I can get done on Ubuntu. I am looking into whether I can run MacOS in a VM on Ubuntu.
You can run Linux as a host, macOS as a guest[1] under QEMU, buy a second GPU that is supported by Apple (e.g., Sapphire Radeon RX 580 Pulse 4GB) and pass that GPU in its entirety to the guest macOS. The same for one of the USB controllers on your motherboard. Effectively, you get native macOS performance under Linux. A bonus: you can use the iptables firewall with the FORWARD ruleset to control guest macOS network access. The overall setup process is involving, but nothing that an intermediate Linux user would not be able to handle. Please note that it might be actually illegal (?) in some (?) countries to run macOS software on non-Apple hardware.
I had already decided to switch back to Linux. I was planning on continuing to use an iPhone but after the news stories of the past week I might even ditch the iPhone too.
I just placed a preorder due to this as well - I wasn't going too, but then I felt worried that my Monterey Beta might start scanning photos I was using for an ML project.
I'm 99.999% percent positive there's nothing to worry about, but imagenet did have CSAM in it, so you can't be too careful. Really excited to build my own expansion cards. There's really affordable full SMD assembly these days from places like easyeda.
You can't even use Linux on Intel Macs properly, no chance it'll work on the M1 anytime soon. The kernel might boot in some form, but last time I checked, even the SSD wasn't working on Intel Macs under Linux.
It runs well if you have the time, patience and expertise. There's no fundamental technical barriers. It's purely a matter of enough development resources being committed to the project. I think Apples recent moves would motivate more developers to work on it.
What to make of this whole thing? Hard to say. But here’s an amusing thought.
Before I start: I’ll invoke dang’s rage for a moment and say this is yet another burner account due to my previous ones being flagged/banned - not for anything actually illegal or low brow or whatever, but for going against the orthodoxy. Trite and cliche statement, yes.
This whole thing is yet another nail in the coffin. Maybe Apple will back out, maybe not, but really it doesn’t matter. Could be any other company, I don’t particularly care.
What does matter is how HN treats its members and how moderator(s) handle things when we bring these possibilities up. This is where I think the ball has been dropped. You can also substitute HN for other technophile forums, again, doesn’t matter.
You need to learn that shunning us when we are telling you what’s going to happen isn’t the way to go about this. You deplatform us on these topics because you think you know better and we are the trolls and conspiracy theorists with our unsubstantiated claims, lack of evidence, data, and so on. To us, you can’t see the forest for the trees nor the train wreck approaching. I think most of us just stopped caring.
You can say every so often that a broken clock is right twice a day. But I am pretty sure both Assange and Snowden shake their heads at such a statement here and wonder if it’s true naïveté or if you’re trying to guile others.
But, for the time being you can believe what the news and Snopes say and continue to shitpost HN. Eventually it’ll be you on the chopping block.
I'm actually curious, are they allowed to encrypt backups if FBI requested them not to? I thought as American company you have to comply with the law as well. Not sure though
Edit: damn downvotes, is this reddit? I'm literally asking because I don't know. nothing is controversial here
Right.. yeah because some laws like anti terrorism or money laundering etc stated that tech companies has to save the data and share with the gov if the gov requested.
No not that, what I meant was that you have to be able to provide when requested. Meaning that you have to be able to decrypt it if requested. Not just 1 way encryption
No, because AWS is not providing financial services. If you are and you upload encrypted data to S3, then you'd better have the ability to decrypt it if required by the financial regulators, otherwise you are breaking the law.
If you work in finance and are subject to AML/KYC (anti money laundering, know your customer) laws, then it's not whether or not you encrypt data. You cannot encrypt the data in a way that is not accessible under those laws for the transactions you perform.
So that has nothing to do with the mechanism of securing data and everything to do with the finance organization compliance with the laws.
"Fintech" is a fancy word for a company doing financial applications, not a copout on financial regulations by using the "tech" word as an excuse.
There are a bunch of standards requiring encryption at rest and encryption in transit of PII and other data in finance. That does not mean that authorized users do not have access to it.
It's legal to do e2e backups; Google does for android.
Apple knows which way the wind blows. If they piss off the USG spies, there are lots of "unrelated" ways to make them hurt, including but not limited to additional regulation or antitrust enforcement against their anticompetitive moneymaker App Store.
What this means is that if you are big enough, the 1A doesn't actually apply to you and you can't publish any legal software you like, because the FBI/IC/military will cause you to suffer even though you haven't broken the law.
Is there any icloud alternative backup, that doesn't involve connecting to a computer?
It seems that it's possible for third party apps to backup certain data, like photos and contacts, but to do a full device backup you either need to use icloud, or connect via USB to a computer.
I'm confused, twofold, first of all being that usbmuxd means you need to connect to a computer, second of all being that it seems usbmuxd works on various platforms, not just macOS?
usbmuxd is responsible for wifi sync. However, it appears there is usbmuxd2 which is compatible with Linux and support wifi sync. I think you may be in luck! If you figure it out, please let me know.
Doesn't matter; everyone you iMessage with is sending the plaintext of all of your conversations and attachments to Apple in their device's non-e2e iCloud backup. SMS too!
Local backups won't get you privacy when the other end of the chat is still doing cloud backups.
It's sort of like moving email providers and continuing to send and receive email from people with gmail addresses. Google is still reading all of your mail and attachments, just out of your friends' gmail boxes.
When un-backdoored e2e messaging becomes illegal, Apple will pull apps like Signal from the App Store.
Additionally, if the iPhone scans your local data for verboten files, anything you receive or have available to send via Signal would still get picked up and reported on.
In the first half of 2020, Apple gave data on over 31,000 users/accounts based on FISA requests National Security Letter requests[1]. Apple provided data to the government's requests roughly 9,000 times.
About 85% - 92% of the time, according to Apple, they responded to data requests from the government with the data that was requested.
I don't see why Apple would turn about face and make it impossible to respond to the requests that they choose to respond with data about 85% of the time.
I love how outraged people get when a company responds to a court order like in the fantasy world they live in Apples lawyers are running into court, screaming 'Objection Your Honor' while Tim Cook is furioulsy shredding your papers for you.
Court orders are part of basic auditing of a service. Seeing what they have to hand over on request (they will hand over everything) tells you exactly what information they have.
Apple specifically says that it gives customer information and customer data when responding to data requests. Given that delineation, I'll trust Apple when they say they gave customer data away instead of just information like account name or creation date.
Yeah, it looks like there were "0-499" "National Security - FISA Content Requests" for "20,500-20,999" "Users/Accounts" and that Apple responds to those "with information obtained from iCloud".
> FISA - Foreign Intelligence Surveillance Act. It's for foreigners.
FISA can spy on Americans, and does spy on Americans[1]. Not only that, PRISM and other domestic surveillance programs are based on the Protect America Act of 2007 and the FISA Amendments Act of 2008[2].
Is this where US intelligence watches a foreign target and the foreign target talks to an American? How do you prevent that other than halting all foreign intelligence collection?
I'm not sure how I feel about it, and I don't have a better alternative, but this sounds a lot less alarming than you make it seem. Do you know a better alternative?
These people really hate you and think low enough of you that they feel they have a right to rummage through your personal belongings anytime they wish. America feels like its over. The dream is dead. The supreme court full of weak people that will rubber stamp the rot. People feared AI, and they got laughed at. But its literally AI bots manufacturing consent on twitter and social media to this authoritarian slide.
Note that this won't include certain categories that are stored unencrypted on Apple servers, for example iCloud backups and other data in iCloud (files, photos, calendars, contacts, etc).
I was quite surprised to see that even excluding all the data they (often) have from peoples iCloud accounts, there is still a bunch of stuff they collect.
Aside: I really wish Apple would spend more time on end-to-end encryption, for example of iCloud calendar and contact data as well as (obviously) the backups.
They should also have developer guides for app developers, on how to build it into apps: common patterns (group E2E patterns, multi-device E2E, open-source data sync servers that apps could use to arbitrarily synchronize E2E encrypted data between devices, etc).
The answer is simple. Disable iCloud/iMessage, backup/restore your files the old fashioned way, and use Telegram or something for messaging. Don’t even opt into any of the ways they can spy on you.
iCloud and iMessage suck anyways, you aren’t really losing anything of value
Signal;
-Legal requests: Signal does not keep communication histories its servers. Since there is nothing to request, Signal conversations cannot be obtained with legal requests.
-Vendor cloud: Signal does not keep conversations on its servers. Cloud acquisition is not possible.
-Local backups: Signal does not store conversations in local (iTunes) backups.
-iCloud backups: Same as above. Signal does not store conversation histories in iCloud backups.
-iCloud Drive: No stand-alone backups in iCloud Drive.
-File system: Signal database is encrypted. The encryption key is stored in the keychain with the highest protection class. Extracting and decrypting the keychain (e.g. with Elcomsoft iOS Forensic Toolkit) is required in order to decrypt the Signal database.
Telegram;
-Legal requests: Telegram keeps a comprehensive history of the user’s regular (non-secret) chats on its servers. Regular and group chats can be obtained with a legal request depending on jurisdiction. Secret chats are never stored and cannot be obtained with a legal request. Telegram is notable for ignoring legal requests in some jurisdictions, which had led the service banned in several countries.
-Vendor cloud: As mentioned above, Telegram keeps the history on its own servers. By authenticating as a user, one can retrieve those communications (except secret chats) from Telegram servers.
-Local backups: Telegram does not store conversations in local backups. Instead, conversation histories are synchronized using Telegram’s own cloud service.
-iCloud backups: Same as above. Telegram does not store conversation histories in iCloud backups.
-iCloud Drive: There are no stand-alone backups in iCloud Drive.
-File system: Telegram does not feature any additional protection to the working database. Once a file system image is captured from the iPhone, extracting and analyzing Telegram conversations including secret chats and attachments is trivial.
> Apple can reach in and turn those on and trigger a backup whenever they want.
And they can start showing ads on your springboard, but they don't because its not in their self interest. Certainly if Apple did this, it would be the end of iPhone dominance.
> However, a former Apple employee said it was possible the encryption project was dropped for other reasons, such as concern that more customers would find themselves locked out of their data more often.
Sounds more plausible to me.
Most of Apples customers are normal end-users, I can see how loosing access is worse for them as compared to data being available for a search warrant.
I suspect "risk of loosing the key" vs "risk hackers get access to the backup" is really what you want to weight here.
Almost all of the “iCloud Leaks” aka “The Fappening” occurred because hackers could infiltrate an iCloud account, then use software to exfiltrate the contents of backed up iPhones/iPads, in addition to the user’s photo streams. The backups often contained unsync’d photos, some that were even deleted.
This was a massive PR hit for Apple that continues to this day.
My guess is that they saw encrypted backups as a solution to the leak problem, but the FBI has long used iOS backups as a back door into increasingly difficult and expensive to crack iPhones. Phone analysis is the #1 most common investigative tool for federal (and now, all) law enforcement, so turning off a major tool likely required intervention at the highest levels of government.
Big brother does not like losing their spying abilities.
"Privacy is a fundamental human right. At Apple, it’s also one of our core values. Your devices are important to so many parts of your life. What you share from those experiences, and who you share it with, should be up to you. We design Apple products to protect your privacy and give you control over your information. It’s not always easy. But that’s the kind of innovation we believe in." [0]
Local encryption of backups is very easy. I could code a basic implementation in an afternoon that would lack sophisticated security features but would be "correct" and far better than nothing.
There's software out there to do it, but it tends to be geeks-only FOSS tools or obscure "advanced" settings in backup engines on things like NAS devices. None of those things are mainstream.
The fact that a feature like this doesn't come built into things like Dropbox is puzzling until you consider that large companies have probably been heavily pressured against mainstreaming this kind of encryption. The absence of encryption as a standard option (even if not the default) in things like remote storage, cloud file sharing, and e-mail tools can really only be explained this way since I know for a fact that some percentage of business users would love it.
Every time I see one of these stories I wonder why the government has a seat at the table to decrease our rights. We currently have the right to encrypt backups. Why is the government lobbying to take that away from us? This is a right the government should be protecting for us, instead of stripping away.
An enforcement agency should never be advocating against the rights of the people.
The people in society who appoint themselves as police also appoint themselves someone who is allowed superiority over those who do not.
They expect to have rights that you don't have. They expect to violate your rights in ways the inverse would be a crime.
There are always those who feel themselves above the common person, and appoint themselves decisionmaker unilaterally.
This eventually happens in every country. There have been attempts to limit the scope and scale of spying, but so far nobody has ever been able to contain it. The US intelligence agencies now have utter control over the legislature and judiciary thanks to mass surveillance. There is no way to roll it back now. It's even illegal to talk about it in public, as Wyden and Snowden (and Clapper) have so fully illustrated.
228 comments
[ 7.6 ms ] story [ 250 ms ] threadWe also need hardball journalists to start asking Tim these tough questions instead of fawning over AirPods
And we need employees to start demanding this internally
"Apple's earnings for Greater China in Q2 2021 were up 87.5% from this time last year, to $17.7 billion. During its latest earnings call, Apple has announced dramatically increased revenues from Greater China for the three months ending March, 2021."
China has cracked down hard on domestic Internet companies over the past few weeks (deliberately crushing their tech stock market to rein in these companies and enforce governmental data surveillance/control). They're not going to leave Apple out.
Apple literally cannot lose that market. Its market cap would be halved. Saying they're going after child abuse in the US using a new algorithm is the perfect cover for gradual entry into enabling mass surveillance for China. No one can argue with the child abuse use case, but there will be plenty of consternation when this is used to scan for messages critical of Xi and the boys.
I don't really see how anybody could expect something different, specially here.
I still don't see the why though. It seems obvious to me that nothing is to be expected from corporations, other than a hopefully nice product at a reasonable price. Anything other than that sounds like wishful thinking to my ears, but I might be philosophically wrong.
Any good deeds a company happens to do, is for publicity and helping sales.
As pointed out this feature isn't even being launched in China.
But sorry to derail your narrative: China are the bad guys and all bad things are because of china.
Source?
As stated in the article Apple have said it is US only and will be switched on country by country… so surely if this was “BeCAusE ChIna!!!” It’d be switched on there first right?
[0] https://9to5mac.com/2021/08/09/apple-csam-faq/?_gl=1*l17q2t*....
> so surely if this was “BeCAusE ChIna!!!” It’d be switched on there first right?
Is all of your comments on here arguments?
Even if it was launched globally it didn’t at all invalidate my point. They would ban the entire App in question, not back door it. See Facebook/Twitter as a well known example.
Literally no one is saying this. You're getting incredibly sensitive over a regime that just thwarted investigation into a pandemic that has killed more than 1 million people and making irrational arguments to defend it.
"hey would ban the entire App in question, not back door it. See Facebook/Twitter as a well known example."
Ban *which* app?? The iPhone is not an "app" LOL. It's a hardware device with both software and hardware privacy constraints antithetical to the Chinese government's desire for pervasive surveillance.
Apple is gradually shedding its hardcore privacy stance to retain its fastest growing market. It's not difficult to see if you take off your "ANYTHING BAD ABOUT CHINA IS RACIST!!" goggles.
I mentioned the app: Messages. Or do you think governments worry about people taking photos that they never share or transfer anywhere?
I was responding (see the top of thread) to this being explicitly blamed on Chinese influence. No goggles required. Just a rational mind.
> China are evil, and that is the reason These pure US companies do bad things
China (the gov) is evil.
> is the reason These pure US companies do bad things
The companies are not pure. China certain does things to coerce them them to do bad things that wouldn't otherwise do. Some things are very bad. Some things aren't bad inherently, but are very unlike apple. Examples:
[1] Hong Kong app removal
[2] iCloud CN being run by another company.
> They would ban the entire App in question, not back door it
China already does this, except it's a phone not an app. They already monitor in-flight data [3], so likely not a huge concern for them, but considering the monitoring they do, why wouldn't this be a nice perk for them. Personally, i doubt that china required apple to do this since they already get what they want. I'm sure they'll love to (ab)use this though. I'm confident that a government somewhere wants this (new UK/EU anti-e2ee laws?).
China can't ban the iPhone, apple actually has that much political power. They are a huge poster child of chinese manufacturing power. Every time a senator asks tim cook to move manufacturing stateside and he says that only china is capable, it pumps china up.
[1] https://www.nytimes.com/2019/10/09/technology/apple-hong-kon...
[2] https://support.apple.com/en-us/HT208351
[3] https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysi...
Then we agree. That is exactly what I said.
Re Chinese gov is evil - ra ra ra.
No they aren’t. Well no more than any other country. They just see the world and their place in it differently to you. But they haven’t invaded anyone since Ghengis Khan … yet they’ve been invaded by most of their neighbours and most of the American and European powers. In that context their view and action looks tempered, not evil.
You’re so right. For instance, the Chinese government sees that nothing of importance happened in Tiananman square in 1989 while the rest of the world sees a massacre.
Seems as though you’re the one feeding on a heap of freshmen-year college cultural equality propaganda.
Really? Chinese citizens don't use their iPhone cameras to store photos locally? They only use WeChat to take pictures and store them? Gee, you should tell Apple AND Tencent this! It would dramatically shift their product development path.
Where did Apple Messages come into play? What does that have to do with locally stored photos?
"This feature isn't even being launched in China" -- yup. Apple has definitely never launched a feature first in the US then rolled it out worldwide.
"But sorry to derail your narrative: China are the bad guys and all bad things are because of china."
Who said that? Seems more like you've got a bias to apologize for the regime than anyone else has a bias to impugn it.
That’s why I mentioned Messages… because that’d be the alternative.
Literally the OP said: “it’s China that is causing Apple to do this”… so in answer to your question: the OP.
Not apologising for the Chinese government. Do you call Biden administration a regime?
None of that makes sense. Why would using the system only to target child abuse in the US make people change their mind about using it against political dissidents?
If you go for a thing directly you show your hand and get a lot of backlash.
Case in point: the British NHS (because we can see it happening in real time).
Add the capability to do something for a good reason (NHS spending should be more efficient; we need approved suppliers // do it for the children) in order to make the further move of what you really want without much resistance (privatise parts of the NHS; eventually much of the NHS // back door every terrorist, dissident, detractor)
In this context, it is exactly how politics work, and you have described shifting the Overton window or even floating the Trial balloon.
re: NHS. The case you are making doesn't fit your reasoning. As for privatisation in general, the current government is following a very basic rulebook:
1. Sabotage/kneecap an institution/ 2. Offer a solution involving cronies/ 3. Achievement Unlocked
1. For example, some Tory MP's (the elite that make the decisions for the plebs) don't need to rely on NHS for healthcare exclusively, hence they have a callous attitude towards it. They deploy all manner of subterfuge, replete with claps, lies and smiles, to starve out a public service funded by taxpayers.
2. The ultimate goal; offer a solution to the problem you manufactured (1) and share the spoils amongst yourselves, by awarding/rewarding and looking after each other's interests.
3. Self-explanatory.
Scenario 1: Apple announces Orwellian system to thwart child abuse in the United States.
Scenario 2: Apple announces Orwellian system to thwart Chinese dissidence.
Which one sounds more palatable to you? To the world?
Apple *has* to take an orthogonal approach to giving China the surveillance capacity it desires. It can't openly enable a regime that just covered up and obfuscated investigation into perhaps the greatest human tragedy of our generation.
Apple wouldn't unlock a single iPhone for the FBI in a terrorism investigation... but it will deploy mass on-device privacy invasion for people who aren't even suspects to thwart child abuse?
Ask yourself: What changed?
If you believe Apple suddenly shifted their privacy stance on a whim, and isn't being subtly pressured by the Chinese government to develop new means of device access and control, I don't know what to tell you...
Your claim is that somehow scenario one makes scenario two suddenly palatable. Like people will say "oh, they ran an allegedly limited surveillance program for the US, so who cares if they run an unlimited one for China?"
>Apple wouldn't unlock a single iPhone for the FBI in a terrorism investigation..
Apple willingly offered to help unlock that iPhone. They're methods were blocked due to police mishandling of the device, and they were unwilling to pay to develop a backdoor for their own product.
>If you believe Apple suddenly shifted their privacy stance on a whim, and isn't being subtly pressured by the Chinese government to develop new means of device access and control,
This thread is about the FBI getting Apple to continue allowing easier access to devices. You brought up the example of the FBI trying to force Apple to allow them to access their devices. And the most recent event is Apple's surveillance of American devices. Yet somehow, you think the only possible reason Apple may be changing their stance is China.
2. Apple has always been less pro-privacy than you claim.
3. Everything mentioned here involves the US wanting more access. You claim that is proof of Chinese influence, rather than the obvious US influence.
I'm not seeing a multitude of spelling or grammar mistakes either, though I will admit that one sentence was poorly constructed. And I see a wrong "they're" I blaim on auto complete, though still my fault.
I see what you did there. Touché.
China could also ban manufacturing there. That would suck for AAPL too.
Cui bono?
Why does Tim Cook need to address this? To benefit Apple shareholders? To assuage the doubts of Apple customers who bought the false claims that Apple has made regarding their respect for users privacy?
Truth be told I don't think that Tim Cook as CEO of one of the richest and most powerful organizations in history needs to do anything because Apple has their customers by the balls. What are the few Apple users who even care about this issue going to do? Switch to Microsoft? Linux? Hah!
Face it, Apple users have made their bed and now they have to lie in it. People have been warning them for years about the Faustian bargain that they were making and how it was corrosive to society to entrench an entity like Apple and now here we are.
What false claim have they made?
Seems like this is still true. CSAM checking only happens when you choose to upload your photos to iCloud Photo Library.
You get downvoted around here if you make remarks critical of Apple users.
Well said. They now finally realise that Apple Inc. was never their friends in the first place, like I have always said.
They cleverly used privacy as a marketing trick to lure them to buying into their ecosystem and to cover their suspicious acts under the reason of 'protecting the user's privacy'.
Given there are lots of Apple users buying M1 Macs, it is more likely that they would need to back up / restore from iCloud as they already do this on their iPhones.
So yes, they are so entrenched and locked in the Apple ecosystem, they won't move and will stay there for good, no matter how many times Apple screws them over. They are not your friends and only on the side of profit.
If anything, this is the only thing which can actually get Apple to reverse their moves. Similar to what happened to Google.
It is an extraordinary claim that requires extraordinary commitment and action. To me, at least, that means privacy without compromise - and for everyone. ("Fundamental human rights" apply to all of us, right?)
Privacy with a bunch of disclaimers attached to it indicating all of the conditions under which your privacy will be abridged is not privacy. And it's certainly not the behaviour of a company that treats privacy as a "fundamental human right".
Apple needs to get a grip when it comes to dealing with and living up to this self-stated core value. I think that given the waves created by this CSAM on-device hash checking announcement and the questions many have about how to square this with their privacy talk, Apple's executives should say something and they should be unequivocal in what they say.
What's more important? Your right to "privacy" (which you can still invoke by simply not using iCloud) or their right to a normal life?
And yes, their CSAM detection has lots of false-positives, but it will evolve. It will be doubleplusgood.
[1] https://www.cdc.gov/violenceprevention/childsexualabuse/fast...
My right to privacy of course because the other option is a strawman. What you are doing is the typical slippery slope of selling out something for everyone because of a small minority of criminals.
"Should criminal Mr. X be allowed to do Bad-Thing-At-Level-10 to Small-Amount or should we do Bad-Thing-At-Level-1 to Everyone?" None of these are correct. Both are or should be illegal.
Did you look into this? Because those who know how this system work says that not only will Apple's system not work it is also clearly illegal:
https://www.hackerfactor.com/blog/index.php?/archives/929-On...
This is getting rolled out in the US, with one of (if not the) biggest populations of innocent people being put in prison in the western world. Where mass-surveillance is, well, massive. If this hasn't specifically been made to be abused as a backdoor it will quickly any way.
Americans must use every legal and constitutional tool in their arsenal to fight abuse and protect their children. The numbers make clear that the old rules no longer work.
And it's "clearly illegal" because of... what? Because his (unnamed) attorney claims it's a felony? What if a different attorney claims it's perfectly legal?
It's just a CSAM detector for content you upload to iCloud. We're willing to shut down schools and shops to save lives but if there's a theoretical .000001% chance that some rando might look at my beach photos, it's suddenly mass-surveillance backdoor China stuff? Come on. We live in a society.
https://www.cdc.gov/violenceprevention/childsexualabuse/fast...
You're trying to play to people's emotions by emphasizing the perceived gravity and prevalence of the problem of sex abuse in general, and then trying to use that emotional momentum to argue for something largely unrelated.
They could start by regulating guns. That would prevent the death, injury, and traumatisation of many children[1]. As a bonus, it would do the same for adults[2].
Or they could deal with the “urgent and preventable crisis” of having 1 in 6 children living in poverty[3].
People in these discussions aren’t against protecting children. Rather, they’re questioning the ulterior motives behind specific policies. If governments and companies could be trusted to keep their promises and not overreach, no one would be batting an eye at the recent Apple announcement. But historically, the inverse has been true: they’re pretty much guaranteed to try to abuse the system.
[1]: https://en.wikipedia.org/wiki/List_of_school_shootings_in_th...
[2]: https://en.wikipedia.org/wiki/List_of_mass_shootings_in_the_...
[3]: https://www.childrensdefense.org/policy/resources/soac-2020-...
Please take my reply in full. The third paragraph addresses your larger point—consider it in isolation and the argument stands. The first two are there to provide context—they cover the notion that many in power only care to “protect the children” when that slogan helps them reach their own goals.
Your posts were downvoted to grey; there’s nothing to “derail”. I’m pointing out to you that the larger discussion isn’t about CSAM, but about the very real possibility that CSAM is being used as an excuse for a stepping stone to a system which will be abused for unrelated matters.
If abuse happens at all, you've already lost. Detecting pictures isn't gonna undo anything that happened in them.
> On-Topic: Anything that good hackers would find interesting. That includes more than hacking and startups. If you had to reduce it to a sentence, the answer might be: anything that gratifies one's intellectual curiosity
Because someone found it interesting and curious with the state of things.
In fact, given that Apple do not E2E encrypt backups and already implement CSAM functionality by scanning data in iCloud [1] it's not clear what the purpose of the new PSI/CSAM system is. Which leads many to speculate that it's only purpose is as a prelude to scanning all offline content.
[1] https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-...
It was never going to stop at iCloud uploads.
Under E2EE, assuming the device key is randomly generated, if you have one device (as many users do) and you lose that device you would lose all your data. The alternative is the key is derived from your iCloud password, in which case, if you forget your password, you lose all your data.
Right now, you can browse your photos online. There's been no statement that this is going away. Implementing this functionality with E2EE backups seem highly problematic.
These are huge changes to iCloud functionality that Apple would surely announce...
There are many open questions. And given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.
Google has done this for Android backups. Apple has actually done it too, but only for Keychain passwords and a couple of other things. So Apple actually already has an implementation of the right solution and intentionally prevents you from using it to secure your backups, reportedly because they failed to stand up to the FBI. Which is strange given their public stance in the San Bernardino case.
In the absence of an explicit announcement regarding these changes in functionality it seems unlikely to me.
If this client side photo scanning thing is part of an ongoing plan to eventually enable end-to-end encryption of iCloud, then Apple made a huge blunder. They should have waited until end to end encryption was ready first so that they could announce it simultaneously.
I don’t know how much I believe that, though.
Also, a big concern that people have is what the Chinese government will want to be censored. Researchers in the US can investigate that without fear.
This is all a good point.
Purely coincidentally, the imminent next release of iOS adds new account recovery options: https://9to5mac.com/2021/08/06/how-to-use-icloud-data-recove...
> The service requires Apple to maintain access to your data to help you recover it. For your privacy, Apple can’t access or help you recover your end-to-end encrypted information, such as Keychain, Screen Time, and Health data.
Seems to suggest that there is no change to end-to-end encryption on iCloud.
> If you create a recovery key and can't access your devices, Apple won't be able to help you regain access to your account or your data.
That sounds like E2EE backups, but its impossible to know if that is truly the case until they provide more details.
The scariest thing about this update to me is that it makes one's iCloud account incompatible (permanently?) with iOS and Mac devices that are not on iOS 15 or Monterey.
They could also make this opt in (add another escrow key slot by default, but allow you to promise that you've written down a recovery key and then destroy the escrow key slot).
Online browsing would use the iCloud password to decrypt the images client side. Thumbnails could be generated client side and stored alongside the images under the same key.
You can make this pretty transparent.
I don't know how this is with iPhones (I don't own one), but with Android these events are almost 100% correlated for many people. That's because you never get prompted for your Google account password on your phone. If you don't use the same Google account on your phone as on your desktop, or don't really use your Google account on the desktop that much to begin with (both apply to me and plenty of others I'm sure) then you might never need to know your password. I've seen people not even realise that they have a Google account, despite using one every day on their phone. Is there anything significantly different with Apple accounts?
In case it seems unlikely that someone would not use their phone account on their desktop, remember that plenty of young people today don't even have a non-phone device.
Comment 1: The problem with adding end-to-end encryption is that password reset is no longer possible (or it's possible but your data is lost)
Comment 2: You can come up with an end-to-end encryption scheme where you can reset your password and keep your data so long as you still have your phone (or when you lose your phone so long as you remember your password)
Comment 3 (mine): But if you lose your phone you often don't have your password any more, so that doesn't really help
By "Is there anything significantly different with Apple accounts?" I really meant does it often ask you to retype your password or otherwise force you to remember it.
This is so true. 1Password silently changed their UX on iPhone app 4 years (?) ago and the primary password was not required between app-quit. I had tweaked my password after using it every minute one weekend installing a new system. When I finally needed the master password, the new password was not accepted. Evidently I misremembered the tweak. That experience still burns me. Not forgotten, not forgiven.
iPhone requires iCloud for purchases, but I use touch password and bypass this. I never need to use iCloud password.
It periodically asks you for your password. If you get it right, it will wait longer before re-asking. If you get it wrong first time, it'll ask again more frequently (and let you pick a new one IIRC). Works pretty well against forgetful humans.
This is the risk most non-tech Apple users aren't willing or even expecting to take. No way Apple would enable this, even as opt-in, because many would misconfigure it, lose their data and blame Apple that failed them.
And good luck explaining they need to buy another iPhone and guard the two instead of one to be truly secure.
Seems like a 1A battle they don't want to fight, because the actual retaliation for the 1A exercise would come in the form of regulation or antitrust that is unrelated to the publication of the objectionable software.
Sad state of affairs in the USA.
A user provided key, not derived from the password.
Chrome uses (used?) this for History encryption, etc.
Apple (or whomever) could sell a "backup box": a simple embedded device with RAID 1 (mirroring) storage and the usual data/charging port(s). First time you plug an iphone into it you are asked to verify using the connected device to store backups.
The user then uses the "backup box" as their regular home charger. Backups happen automatically while charging. The user doesn't worry about keys; attack surface is limited to physically local risks (no network!). People already understand how to protect a physical device: lock in in a safe, move it to a safer location, etc. Instead of trying to solve the security problem for the user, give the user tool they can understand that allow them to protect themselves.
The hard part would be getting the US security apparatus to allow it. ALL major storage providers DON'T support end-to-end encryption for this reason. Not Google. Not Microsoft. Not Apple. Not Dropbox. Isn't this interesting?
Furthermore, talk of supporting end-to-end encryption is basically NOT in the Overton window in these companies as far as I know. Discussion of it is met by silence from management. It is weird when you begin to see the spider webs of power in society.
All those people positing that it this is an effort by Apple to push for end-to-end encryption are either disingenuous or wrong headed. If Apple even thought about end-to-end encryption, the whole US government would come down on Apple like a ton of bricks.
Apple has shown no recent indication of even leaning in this direction. Not only does Apple not directly support end-to-end encrypted backup on iOS devices to third parties, it precludes it from happening. You are stuck backing up to your Mac or jailbreaking.
EDIT: There seem to be a few small movements in this area. Dropbox has their Vault with pin based protection. Seems incredibly and intentionally weak.
> By design, this means that no one (including Google) can access a user's backed-up application data without specifically knowing their passcode.
https://security.googleblog.com/2018/10/google-and-android-h...
https://transparencyreport.google.com/user-data/us-national-...
But I do stand corrected on non-Google application data.
How do you restore from a different device? Oh, you only need the passcode.
I don't think so. The reason is there's no money to be earned with being simply a storage provider. Additional processing, indexing, workflow tools etc. is what people pay for. That's not possible with E2E encryption.
https://www.dropbox.com/features/security/vault
Why only pincode protection?
What about Dropbox Password? That seems to be zero knowledge?
They are two separate attempts in the security space.
For me it seems that latest changes do not change anything, FBI will still object with the same reasons as in the past, because they will have a legal obtained warrant and they need the user backups/phone content. I do not see Apple fighting this in courts especially now when they also have a big fight vs Epic and a fight vs right to repair.
Apple already gives up data on tens of thousands of users and accounts each year in response on requests from governments. Apple keeps statistics about those data requests here[1].
For reference, Apple gave data on over 31,000 users/accounts based on FISA requests and National Security Letter requests in the first half of 2020 alone[1].
During that same period, Apple provided data to the government's requests (non-FISA or NSL) about 9,000 times, and responded to requests for data with the data about ~85% of the time, and 92% in cases of "emergencies"[1].
[1] https://www.apple.com/legal/transparency/us.html
On the other hand: Apple loves giving people reasons to have more Apple devices
And even if they did, how would we verify that the code they instruct our hardware to run does e2ee correctly, without bugs or backdoors? Apple doesn't seem to be in the habit of opening much of their code or (on mobile) allowing users to install unapproved builds. Unless that changed, I would be skeptical, just as I am of all "e2ee" software that cannot be independently audited by anyone at any time.
I spent 2 months going through the signal code base checking it and now I need to audit the production code on their servers as well as the binaries they have compiled. Any tips?
Also, it's a collaborative effort. If you build your binaries from the same sources that other people use, then you can split up the work, and you all benefit from anyone's discoveries.
Obviously, we don't have perfect verification of the code we run. People can overlook things. Compilers can be subverted. Operating systems can be pwned. Malicious hardware can undermine all of our efforts. But let's not let perfect be the enemy of good, and let's not fool ourselves into thinking that faith in a corporation is a substitute for transparency.
No more problematic than WhatsApp offering WhatsApp web (web.whatsapp.com) or Signal offering its desktop client while being fully end-to-end encrypted and routing communications through the phone.
I played a bit with crypto in a web browser using Rust and WebAssembly, and it works perfectly fine.
Apple has given that excuse before, but they could just provide the option with a serious warning, or make you jump through a couple of hoops first.
Apple is known for not bifurcating user experiences by giving users many options to choose from, but they are also known for their stance on privacy. I don't see why they wouldn't allow for this, maybe at first to trial it on the few that want it before deciding to roll it iCloud-wide.
If I were Apple, from a legal standpoint, I'd prefer not to have the ability to decrypt my users' data. Only in that light does it make sense to introduce the PSI/CSAM system on Apple devices, so you can claim you don't host such content, even if you allow users E2EE backups.
I don't want that on my phone because I'm not a criminal.
luckily, I haven't used an iPhone as my main phone in years.
I agree with this analysis
Like you've said, Apple haven't announced anything, and I don't see what the business case is from their perspective when most people don't know or care what that means (but surely will care if they lock themselves out of their data forever).
If anyone has experience with developing for iOS/MacOS on hackintosh, please let me know your experience.
If you plan to use it for work then buy a Mac. It’s a tool for a job.
There might be other build services for different languages.
How would going to a hackintosh and loading on the Apple software you are skeptical of help you?
With a Hackintosh, ask yourself if you really value your time. Couple hundred bucks for an M1 Mini feels very cheap in comparison.
You can run Linux as a host, macOS as a guest[1] under QEMU, buy a second GPU that is supported by Apple (e.g., Sapphire Radeon RX 580 Pulse 4GB) and pass that GPU in its entirety to the guest macOS. The same for one of the USB controllers on your motherboard. Effectively, you get native macOS performance under Linux. A bonus: you can use the iptables firewall with the FORWARD ruleset to control guest macOS network access. The overall setup process is involving, but nothing that an intermediate Linux user would not be able to handle. Please note that it might be actually illegal (?) in some (?) countries to run macOS software on non-Apple hardware.
[1] https://github.com/kholia/OSX-KVM
But unfortunately, there is nothing out there that "just works". And how can anything exist if Apple has the size of a small nation.
I'm 99.999% percent positive there's nothing to worry about, but imagenet did have CSAM in it, so you can't be too careful. Really excited to build my own expansion cards. There's really affordable full SMD assembly these days from places like easyeda.
It runs well if you have the time, patience and expertise. There's no fundamental technical barriers. It's purely a matter of enough development resources being committed to the project. I think Apples recent moves would motivate more developers to work on it.
Before I start: I’ll invoke dang’s rage for a moment and say this is yet another burner account due to my previous ones being flagged/banned - not for anything actually illegal or low brow or whatever, but for going against the orthodoxy. Trite and cliche statement, yes.
This whole thing is yet another nail in the coffin. Maybe Apple will back out, maybe not, but really it doesn’t matter. Could be any other company, I don’t particularly care.
What does matter is how HN treats its members and how moderator(s) handle things when we bring these possibilities up. This is where I think the ball has been dropped. You can also substitute HN for other technophile forums, again, doesn’t matter.
You need to learn that shunning us when we are telling you what’s going to happen isn’t the way to go about this. You deplatform us on these topics because you think you know better and we are the trolls and conspiracy theorists with our unsubstantiated claims, lack of evidence, data, and so on. To us, you can’t see the forest for the trees nor the train wreck approaching. I think most of us just stopped caring.
You can say every so often that a broken clock is right twice a day. But I am pretty sure both Assange and Snowden shake their heads at such a statement here and wonder if it’s true naïveté or if you’re trying to guile others.
But, for the time being you can believe what the news and Snopes say and continue to shitpost HN. Eventually it’ll be you on the chopping block.
Edit: damn downvotes, is this reddit? I'm literally asking because I don't know. nothing is controversial here
Source: I work in fintech
So that has nothing to do with the mechanism of securing data and everything to do with the finance organization compliance with the laws.
"Fintech" is a fancy word for a company doing financial applications, not a copout on financial regulations by using the "tech" word as an excuse.
There are a bunch of standards requiring encryption at rest and encryption in transit of PII and other data in finance. That does not mean that authorized users do not have access to it.
Apple knows which way the wind blows. If they piss off the USG spies, there are lots of "unrelated" ways to make them hurt, including but not limited to additional regulation or antitrust enforcement against their anticompetitive moneymaker App Store.
What this means is that if you are big enough, the 1A doesn't actually apply to you and you can't publish any legal software you like, because the FBI/IC/military will cause you to suffer even though you haven't broken the law.
Your device has become nothing more then a portal into their cloud and ecosystem. Where the fbi pretty much has free reign.
https://www.naut.ca/blog/2020/03/20/self-hosting-series-part...
This works well on Linux, and iOS 14. You can skip to the section `Compiling idevicebackup2`.
usbmuxd is responsible for wifi sync. However, it appears there is usbmuxd2 which is compatible with Linux and support wifi sync. I think you may be in luck! If you figure it out, please let me know.
Local backups won't get you privacy when the other end of the chat is still doing cloud backups.
It's sort of like moving email providers and continuing to send and receive email from people with gmail addresses. Google is still reading all of your mail and attachments, just out of your friends' gmail boxes.
Additionally, if the iPhone scans your local data for verboten files, anything you receive or have available to send via Signal would still get picked up and reported on.
About 85% - 92% of the time, according to Apple, they responded to data requests from the government with the data that was requested.
I don't see why Apple would turn about face and make it impossible to respond to the requests that they choose to respond with data about 85% of the time.
[1] https://www.apple.com/legal/transparency/us.html
Court orders are part of basic auditing of a service. Seeing what they have to hand over on request (they will hand over everything) tells you exactly what information they have.
Neither FISA/702 orders or NSLs are warrants though, and they do not require probable cause.
I didn't say they were. Apple specifies both FISA requests and NSL requests in their reports, and doesn't combine the two.
FISA can spy on Americans, and does spy on Americans[1]. Not only that, PRISM and other domestic surveillance programs are based on the Protect America Act of 2007 and the FISA Amendments Act of 2008[2].
[1] https://www.brennancenter.org/our-work/analysis-opinion/how-...
[2] https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
I'm not sure how I feel about it, and I don't have a better alternative, but this sounds a lot less alarming than you make it seem. Do you know a better alternative?
https://9to5mac.com/2018/10/17/request-your-personal-data-fr...
Note that this won't include certain categories that are stored unencrypted on Apple servers, for example iCloud backups and other data in iCloud (files, photos, calendars, contacts, etc).
I was quite surprised to see that even excluding all the data they (often) have from peoples iCloud accounts, there is still a bunch of stuff they collect.
Aside: I really wish Apple would spend more time on end-to-end encryption, for example of iCloud calendar and contact data as well as (obviously) the backups.
They should also have developer guides for app developers, on how to build it into apps: common patterns (group E2E patterns, multi-device E2E, open-source data sync servers that apps could use to arbitrarily synchronize E2E encrypted data between devices, etc).
iCloud and iMessage suck anyways, you aren’t really losing anything of value
I'm actually curious how telegram and signal deal with this, I haven't researched that yet.
End to end doesn't work if the endpoint is compromised, and apple has that baked in as a "feature".
https://medium.com/@elcomsoft/forensic-guide-to-imessage-wha...
Signal; -Legal requests: Signal does not keep communication histories its servers. Since there is nothing to request, Signal conversations cannot be obtained with legal requests. -Vendor cloud: Signal does not keep conversations on its servers. Cloud acquisition is not possible. -Local backups: Signal does not store conversations in local (iTunes) backups. -iCloud backups: Same as above. Signal does not store conversation histories in iCloud backups. -iCloud Drive: No stand-alone backups in iCloud Drive. -File system: Signal database is encrypted. The encryption key is stored in the keychain with the highest protection class. Extracting and decrypting the keychain (e.g. with Elcomsoft iOS Forensic Toolkit) is required in order to decrypt the Signal database.
Telegram; -Legal requests: Telegram keeps a comprehensive history of the user’s regular (non-secret) chats on its servers. Regular and group chats can be obtained with a legal request depending on jurisdiction. Secret chats are never stored and cannot be obtained with a legal request. Telegram is notable for ignoring legal requests in some jurisdictions, which had led the service banned in several countries. -Vendor cloud: As mentioned above, Telegram keeps the history on its own servers. By authenticating as a user, one can retrieve those communications (except secret chats) from Telegram servers. -Local backups: Telegram does not store conversations in local backups. Instead, conversation histories are synchronized using Telegram’s own cloud service. -iCloud backups: Same as above. Telegram does not store conversation histories in iCloud backups. -iCloud Drive: There are no stand-alone backups in iCloud Drive. -File system: Telegram does not feature any additional protection to the working database. Once a file system image is captured from the iPhone, extracting and analyzing Telegram conversations including secret chats and attachments is trivial.
And they can start showing ads on your springboard, but they don't because its not in their self interest. Certainly if Apple did this, it would be the end of iPhone dominance.
Sounds more plausible to me.
Most of Apples customers are normal end-users, I can see how loosing access is worse for them as compared to data being available for a search warrant.
I suspect "risk of loosing the key" vs "risk hackers get access to the backup" is really what you want to weight here.
This was a massive PR hit for Apple that continues to this day.
My guess is that they saw encrypted backups as a solution to the leak problem, but the FBI has long used iOS backups as a back door into increasingly difficult and expensive to crack iPhones. Phone analysis is the #1 most common investigative tool for federal (and now, all) law enforcement, so turning off a major tool likely required intervention at the highest levels of government.
Big brother does not like losing their spying abilities.
So hypocritical.
[0] https://www.apple.com/privacy/
There's software out there to do it, but it tends to be geeks-only FOSS tools or obscure "advanced" settings in backup engines on things like NAS devices. None of those things are mainstream.
The fact that a feature like this doesn't come built into things like Dropbox is puzzling until you consider that large companies have probably been heavily pressured against mainstreaming this kind of encryption. The absence of encryption as a standard option (even if not the default) in things like remote storage, cloud file sharing, and e-mail tools can really only be explained this way since I know for a fact that some percentage of business users would love it.
An enforcement agency should never be advocating against the rights of the people.
They expect to have rights that you don't have. They expect to violate your rights in ways the inverse would be a crime.
There are always those who feel themselves above the common person, and appoint themselves decisionmaker unilaterally.
This eventually happens in every country. There have been attempts to limit the scope and scale of spying, but so far nobody has ever been able to contain it. The US intelligence agencies now have utter control over the legislature and judiciary thanks to mass surveillance. There is no way to roll it back now. It's even illegal to talk about it in public, as Wyden and Snowden (and Clapper) have so fully illustrated.