17 comments

[ 2.6 ms ] story [ 50.4 ms ] thread
There is some new information in this interview, notably that Craig actually gives a rough number to the amount of positive hashes required to flag them for review on iCloud is approximately 30 images. I don't think this had been mentioned previously and it's not something I think people creating this sort of system would normally want to share publically, given that understanding the system in place is the first step in bypassing it.

The other thing he mentions is that there are auditable systems in place, at least by security researchers. He doesn't really disclose how it is, just that there are ways for a third party to investigate any changes to the system and any sort of tampering to the hash database.

He also firmly denies that he considers this technology a backdoor.

But once again another Apple executive is saying that the primary reason for the backlash is confusion or lack of understanding of the technology, which, while there is a lot of uninformed people on the subject, fails to acknowledge that there are people that do understand the technology and still have objections to it.

It’s very unclear who he’s referring to in saying the system has “auditability”.

Be explicit Craig. Who gets to audit the source code and/or database exactly? And how is that done?

It has been discussed here and elsewhere to death, so I won't rehash it.

Suffice to say that I like privacy and I am angered that Apple would accuse me of being a pedophile. To that end:

  * I have been an iphone users for years, just listed it for sale. 
  * Bought a Google Pixel 4 XL off eBay
  * Flashing it to https://calyxos.org/
  * Goodbye Apple.

I researched other phone options, like:

  PinePhone: Long ago I used a Nokia N900, and while pure Linux awesomeness, man it required much tweaking to get basic functions working. While researching the PinePhone, I went to the Reddit support forum. One of the top posts was "HOWTO - Get MMS Working" and decided that, no, I do not have time in my life for another phone that requires that much work.

  Librem 5: Holy expensive Batman! for really low specs.
I have said this on other threads. But, I really miss nothing by having a flip phone for the last 1.5 years. Because I work in front of a computer, not having a computer in my pocket is amazing. If I am away from the computer, I am away from the internet and scrolling through stuff. I can understand how people might feel like they would miss things, but I have never once been like, oh I really wish I had "X" app right now.
Switching to iphone will be a clear signal that you are not a pedo.
> Librem 5: Holy expensive Batman! for really low specs.

This is not just specs: https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...

Also the specs are not as bad as one might think: https://forums.puri.sm/t/comparing-specs-of-upcoming-linux-p...

The i.MX 8M Quad is better than the Allwinner A64: 30% faster CPU clock speed, 140% faster RAM standard, 140% 20 better OpenGL performance, USB 3.0 and support for higher resolution cameras.

>One of the top posts was "HOWTO - Get MMS Working" and decided that, no

It's true: MMS is not well supported yet. But there is already proof of concept, so it's a matter of time until it works without tinkering.

Appreciate the details of how you took action on this.

In terms of an OS for your Pixel, I'm curious about this myself. Were there any other options you considered, and how did you evaluate them?

And regarding Pinephone and Librem, though you won't be a customer is there any other way you can support? These options seem like the long term solution, anything else just falls short.

It's not a tool to fight child porn. It's a tool for surveillance and policing, plus a current policy to fight child porn with it.

The difference matters because once they have implemented the technology, they can't respond to government demands with "we don't have the capability to report dissidents".

Apple shouldn't do this. Scan iCloud, not people's personal phones. If you work for Apple, push back. You can make a difference.

> they can't respond to government demands with "we don't have the capability to report dissidents".

> Apple shouldn't do this.

But they have already done this.

They haven't deployed it yet.
Scanning iCloud is far less privacy preserving. That means Apple “knows” about all of your photos.

With what Apple is proposing, Apple knows nothing about any of your photos unless you reach a threshold of about 30 CSAM images through the use of cryptographic safety vouchers uploaded with each image.

That is, if through cryptography, about 30 of the images can be proven to be a subset of a combination of CSAM images from multiple databases is the only time when anyone other than the user can learn anything about the photos.

iCloud is already available for lawful intercept. It's not E2EE because the FBI requested it.

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

iCloud is already available for lawful intercept. It's not E2EE because the FBI requested it.

Well, we don't know the details. But what we do know is Apple can't encrypt all of iCloud without solving CSAM first.

They can scan before sharing a file, like Dropbox does.
"It's not a tool to fight child porn. It's a tool for surveillance and policing, plus a current policy to fight child porn with it."

This is a great way to frame it, clarified a lot for me.

> During the interview, Mr. Federighi said the database of images is constructed through the intersection of images from multiple child-safety organizations — not just the National Center for Missing and Exploited Children. He added that at least two “are in distinct jurisdictions.”

I think this is quite interesting and if it was enforced cryptographically (i.e. Apple could only decrypt if there were hashes matching at least from 2 distinct datasets) and if these datasets were from different jurisdictions, then I think this could put to rest a lot of the fears about government interference.

You want a Winnie the Pooh image in our DB? Sure. As long as no other jurisdiction adds it, its a complete no-op.