Ask HN: What Apple alternatives are you switching to?
My choices:
- Desktop: Manjaro Gnome, because it feels like macOS. It even does the 3 finger swipe up to see all your apps with Apple's Touchpad. My wireless Apple Keyboard also works fine.
Screenshot: https://imgur.com/a/UYPfgkC
To install it on my older MacBook Pro from 2014, but I had to use Android internet tethering to install the WiFi driver. To install it on my super new desktop, I had to use an ISO with a newer Kernel (5.13) due to the Radeon 6700 XT graphics card. I got that one from https://github.com/manjaro/release-review/releases/ instead of the Manjaro main website.
- Phone: I considered a Pixel with CalyxOS, but ended up buying a OnePlus 8T with microG variant of LineageOS from https://lineage.microg.org
Alternatively a Pixel phone would also run this version of LineageOS. MicroG (https://microg.org/) re-implements some parts of Google Play Services, while safeguarding your privacy, like push notifications. It also has some other Google-specific features re-implemented. I have over 40 apps and only found 1 that didn't work so far (which is Uber Eats, because they seem to require Google Advertisement ID). I pushed a modified Google Camera app to it (from https://www.celsoazevedo.com/), so my camera is better supported. I think only 3 out of 4 cameras are working, but I don't care.
- Watch: Amazfit GTR 2e with the official app. Alternatively it should work with Gadgetbridge if you don't want to use the offical app ("Zepp"). Amazfit GTR 2 is a better option if you want it to have WiFi and want to store music on it. Alternatives I considered: OnePlus Watch and Fossil Hybrid.
Apple features that I gave up:
- Apple Carplay: Because I don't want to use the Google ecosystem, Android Auto is not an alternative. I'll use my car's own GPS system, or I'll end up using my phone's offline maps.
- Apple Pay: My bank luckily has a contactless payment app for my phone, but I won't be making payments with my watch anymore.
492 comments
[ 2.9 ms ] story [ 350 ms ] threadManjaro Linux has rolling releases, so you get updates more swiftly than with other Linux flavours. LineageOS (regular or microG variant) get weekly updates if I recall correctly.
Pixel is a solid hardware choice in my book.
https://mjtsai.com/blog/2020/02/17/the-paywalled-garden-ios-...
A Google Pixel has far fewer ads than an iPhone these days.
https://grapheneos.org/
A big kicker was opening the default Weather app on my Samsung Galaxy S9 and seeing an inappropriate ad that took up 1/3 of the screen. Absolutely shameful that they would be so desperate for cash to include such ad space in their flagship phone.
Although the recent news about Apple has me questioning the switch...
- cloud backups: testing iMazing Wi-Fi daily backups to NAS. Tested a clean restore to an iPad that was perfect. The daily backups aren’t running consistently yet but likely has to do with power save settings.
- Photos: syncing with Synology Photos. Backup seems fine (40k of 65k pictures so far). The app leaves a lot to be desired vs Apple Photos.
Will test Calyx / Graphene on a Pixel at some point but not likely to pass the wife test.
I feel like that's still more secure than the other options / effort involved. I still think privacy wise Apple is the better play vs all non custom alternatives.
I use Apple because I have other things to do with my life now, and it's the best of the big ones. They still are.
I’m considering a Librem 5. Which has more cpu power and battery.
The appeal to me is really getting off any major tech platform. Further, you can disconnect the components via switches — iE unplug the microphone. That being said, I can’t even use Signal on them without some major configurations.
https://forum.pine64.org/showthread.php?tid=13728
I have also considered the “freedom phone”. But my understand is it’s just Graphene + process isolation on a slightly modified hardware. Until it’s heavily vetted I wouldn’t use it though.
And ugh yeah, that’s about it.
Sadly bridging Signal into a matrix home-server and just using a matrix-client from the PinePhone/Librem is probably the simplest option.
No, it's not. You may be confusing it with another company with a similar name selling devices with GrapheneOS and various apps installed. Both are not associated with GrapheneOS, by the way.
Matte screen that actually works outdoors, removable long-life battery, unassuming vintage design (“let’s not rob that guy, he can’t even afford a new computer”). I haven’t investigated the Linuxability of this thing yet, but it’s super-light and impressive as a mosh terminal (especially with built-in 4G LTE!). Tough magnesium body, super comfy keyboard that’s easy to swap out if you beat it up. Made in Japan!
I have a fully loaded MacBook Pro, and couldn’t imagine doing design work on anything else, but I somehow end up getting lots of work done on the Letsnote. It’s at a point where I don’t think I’ll be excited about the long-awaited new 14-inch MacBook Pro, as I doubt it’ll have a matte screen and a durable exterior (and, I much prefer to look like a sad worker stuck with a dorky computer from 2006, than a moneyed tech guy).
I think it’d be great to see more overseas business pick up for these computers — it’s one of those classic bits of Japanese technology that looks hopelessly outdated until you use it, and then you hope it never changes. My label for such things is “In-N-Out Burger Technology,” for reasons that should be obvious to my fellow Californians...
Meanwhile they also stick with old fashioned non-isolated keyboard. It's great.
Oh man, I kinda wish I felt different, but this thing gets a hard no just for its aesthetics. Notebooks are both way to omnipresent in my life and manifold to revisit something mid-90s. I do not want my home & life to feel like an old X-Files episode.
Only ironically. See: vaporwave.
Checked Amazon.co.jp and doesn't seem like they ship to Europe. I'm actually interested in trying one of these out.
I like the retro look. I had a Panasonic years ago and adored it. It was huge, but did everything, even had a tv tuner. And it was easy to work on. Used it 10 plus years.
How do you suggest getting one of these things or getting support for it? I'm not against foreign market hardware but they can be a real pain in the ass for many. Last japanese laptop I had was almost 20 years ago, an ultraportable Sony. It was interesting but finding drivers online back then was a challenge.
It seems that US keyboard model is sold as "Asia Model", but sold only for corporate. Hopefully you can find used one. Possibly it's also available in asian marketplace. https://biz.panasonic.com/jp-ja/products-services/letsnote/l...
https://us.vaio.com/collections/vaio-z
[1] https://us.vaio.com/pages/vaio-made-in-japan
There are decent custom ROMs for Pixel already mentioned, and the ThinkPad line even ships with full Linux support now so not too bad at all there.
As for cloud services, I'm still stuck on Google. I've been putting off switching because it's a lot of work.
Any people here with experience with one?
My only other question is Linux driver support. There was a brief mention about fingerprint scanner in Linux, but I really appreciate that Thinkpads under something like Fedora just work out of the box. Hopefully Framework will have similar support - it seems like the sort of laptop linux hackers would like to be using!
My plan is to use it as my daily-non-work development computer. I just started playing around with NixOS on the server side and will likely use NixOS on my Framework laptop.
It’s an exciting concept and appears to be well executed. I’ll reserve full judgement til I’ve used it for a while.
I haven't owned a PC laptop in several years - the last one I tried was a System76 with an abysmal keyboard. Turns out I need to type to have a functional laptop!
I ordered one of these Framework machines today, should ship in September. Seems promising. I am hoping that things just work after I install Linux on it and I can get down to writing code with minimal setup and configuration.
Apparently Linux runs everything out of the box except the fingerprint reader. It's still unknown whether there'll be an official fix and when.
It's a choice. You might wholly disagree, but recent events aren't enough to get me to switch yet, because I think the competition has too many tradeoffs.
I can get my photos scanned against a CSAM database... or I can have Google tracking my location constantly regardless of what they say (as they've been proven to be misleading in the past)... or I can use a Linux phone and say goodbye to battery life and useful apps I need. I'll pick CSAM Scanning over my Location data being in the hands of Google, sorry.
And as for my laptop, macOS doesn't scan, and the M1 is too impressive and has me spoiled. And I have too many horror stories with both Linux and Windows and can't stand either of them. (Don't tell me switch to Linux - I've tried over a dozen distributions over the last decade. It's just not there yet.)
To make AOSP "usable" for my life, I need to install the Play Store. At which point I've already lost and would prefer an iPhone for my privacy.
To be fair you don't need to, I use Aurora Store, they have a guest mode where you don't need to register any account.
That said, if I had to chose between a Google Android phone and an Apple phone, I'd still pick the Apple one. Luckily there are more choices these days.
* The Clock app doesn't let you set a snooze length? Seriously?!
* Not having a notification LED or some other indicator really sucks. I might set my phone on the counter while I'm doing other things, and with Android, it was nice to be able to look up and see if I've gotten something without walking up to the phone and checking. (I know Apple will likely never implement this because it's a great pitch for their watch.)
* Face ID is slow and inconsistent compared to a fingerprint reader (especially during COVID), and I'm bummed that Apple ditched the latter. It works well about 80% of the time, and the other 20% I'm that crazy-looking person that's making faces at his phone trying to get it to unlock.
* If you had any sort of media app open previously and then connect some Bluetooth headphones, the media controls for that app open up and take up most of the lock screen, and there is no way to swipe them away; you have to kill the app to get them to disappear.
* I miss the inline notification controls. On Android, apps can give their notifications extra buttons, so you can do things like delete an email right from the notifications bar without having to open the app.
* My friend and I regularly send each other voice memos. First of all, the built-in voice memo feature in iMessage is atrocious (no seek and you have to restart from the beginning if you leave the screen), so we use the Voice Memos app to send each other audio files. Except, when you play an audio file inline through either iMessage or Mail, the screen will still turn off and lock, which pauses the file. You have to save it to Files, then open it via the Files app to ensure that it continues playing in the background. How are you supposed to know this?!
* If your iCloud storage is close to full, Apple will continually notify you every few days via your phone and email, and there is no way to disable these notifications.
* Needing a special charger sucks. Everything else I own is either USB-C or microUSB at this point, but my iPhone needs its own charging cable that nothing else uses.
* All of the special treatment that only Apple's apps get is frustrating. For instance, why does only Apple's Clock app get a special timer UX on the lock screen, and everyone else's has to use a notification? Why does only Safari support ad blockers? And why is the camera button on the lock screen limited to the built-in Camera app? They really push their own apps with these artificial benefits, which detracts from the plethora of apps in the App Store.
* Syncing files (in both directions) without iCloud is a pain, and I'm not going to pay for an iCloud subscription. There are lots of different ways to achieve this, but none of them are as easy as simply using SyncThing on Android.
Even though Android is lacking in certain areas, I find the UX to be a lot more consistent than that of iOS, and I would take the consistency and flexibility of Android over all of Apple's corner cases and attempts to predict how I will use my device. But again, that's my personal preference, and to each their own.
(Sorry, this turned out to be much longer than I expected. I guess I'm more frustrated by iOS than I realized!)
That's the nice part of Apple's ecosystem - its pretty simple and requires minimum intervention.
For similar reasons, I don't self-host important services like email despite having my own domain. If shit goes wrong, I want the company I'm paying to have their people take care of it. I don't want to have to rush to fix it myself.
I purchased my first iPhone since the 3G this year, and it is currently for sale on swappa. I am willing to compromise on a slightly less polished UI and subpar camera to get the UX of android back; at least for me, iOS was lacking many features I could consider essential.
Also, as an iPhone user, contrary to the recent Hacker News fight, I actually view this CSAM scanning with a sign of hope, because this hints that we could get end-to-end encryption on iCloud Storage. The CSAM scanning is rumored to be just a prerequisite to get the government to shut up with their biggest critique of E2E, so that Apple can then turn it on.
If I can get E2E storage from iCloud but accept CSAM scanning on my device to satisfy the law... I'm OK with that choice. You might not, in which case, Android (and I'll probably buy a backup Android phone "just in case").
What good is E2E encryption when they can scan your client with a backdoor? All Apple is doing with this hashing is giving themselves plausible deniability when this access gets abused down the road. "Oh we didn't know they would use those hashes to arrest those protesters, we couldn't have foreseen this"
Also you are aware Google Photos, Facebook, etc. do scanning anyway and have for almost a decade?
On iOS and iPadOS, they will implement the iCloud Photos CSAM scanning, but Apple left out macOS as having that for now. Rumoredly according to GitHub reverse-engineers of the system, it's due to the mathematical precision of the NeuralHash algorithm being processor-dependent on ARM and not Intel.
> These features are coming later this year in updates to iOS 15, iPadOS 15, watchOS 8, and macOS Monterey.
For now, the security experts looking at this say that the nudity detection model is on all platforms, but the database matching in iCloud Photos is only on iOS and iPadOS and it's unclear whether it will come to macOS.
> iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online
"Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy."
That implies macOS isn't getting the CSAM scanning stuff (yet?).
If true, it's highly probable that Apple can just port it to macOS and have it work especially for the Apple Silicon line up rather than Intel.
But only Apple knows. But so far, it seems like ignoring the M1 hype was the smart thing do.
Of all the things in the world to get worked up over, this is ridiculous.
I get it, the mechanism they're using has apparent flaws, and maybe some whacko could somehow get access to your phone and start uploading things that trick the algorithm into thinking you have CP.
But, that alone is such a ridiculous phobia, if someone has that level of access to your phone, they could upload real CP and maybe even upload it to your Facebook for good measure.
Despite this having been a possibility for almost a decade... there's a suspicious lack of headlines of this attack occurring.
No, only the ones designated for upload to iCloud.
> [...] it’s about governments forcing Apple to do things with this new weapon
Governments can already force Apple to do any kind of scanning, "weapon" being built already or not.
> No, only the ones designated for upload to iCloud.
How do you verify that?
If Apple really is trying to sneak in a CSAM database on your phone with iCloud disabled, someone WILL catch it and raise so much hell we'll all hear it.
The biggest complaint here is clearly this is not where it'll end, and it's not a unique hash, so there will be false positives. And since it's publicly announced, this is very unlikely to catch any producers of CP, and would only catch the dumbest consumers. So it's an invasion of privacy with very little chance of having a noticeable impact.
They aren't, but the blame is misguided. This isn't a problem with Apple. What is Apple going to do if they do detect something identified as CSAM on your device? Refuse to sell you another? Oh well. The real worry is what other parties will do if they get ahold of the information. That is what needs to be fixed. Apple is exposing the underlying problem, not causing the problem themselves.
If a pedophile uploads CP to the internet and the host finds CP they call the police.
Both seem like reasonable responses to me.
The general sentiment does appear to be that the laws are misguided. That does not necessarily mean repeal is necessary. Augmentation may also provide a solution that satisfies their concerns. However, that is moving well beyond the topic at hand. There is no indication I can find that some kind of change is controversial. There is clear worry about the status quo based on the potential outcome of what information Apple may glean.
What remains is that Apple isn't anyone's real concern. An inanimate corporation can't do much to you. Apple is simply bringing attention to what actually concerns people, which is something that was already there all along.
This will violate my IT device usage policy! Apple is not my IT department!! We have a ZERO TOLERANCE IT device usage policy. By not calling the local police department after one violation, we violate the policy. There is also a form which must be signed before HR (Girlfriend) so they can be present on the call to LE or else be subject to disciplinary action up to and including termination.
There is no technical reason why this needs to exist. If they want to scan iCloud photos for something, they can do that on their servers. iCloud is not end-to-end encrypted. Law enforcement can do whatever they want with the data you send there. Since they chose the client-side route, they have to be up to something, and it all smells very fishy. Today, they say it's for CSAM. Tomorrow, it will be for any discontent against whatever government wants to oppress its people this week -- and as time goes forward, that is not just third-world countries where you don't live, it could be your own.
Do you really want to explain to the police at your door at 3:30 in the morning why you read a website called Hacker News? This is the first step towards that reality.
Imagine I wrote a program that contained the phone numbers of people I don't like. The database is encrypted, and the only way to see if you're on that list is to install the app on your phone. The app does two things -- nothing if you're not on my list, or it sends me your location (at your expense!) if you are. Would you install that app? Absolutely not, that would be crazy. But that is basically what is bundled into iOS now.
I really like my iPhone and iPad Pro. I like how Apple handles privacy in general. But I can't accept this. It's a step too far. You don't have to draw the line there, but I draw the line there.
Yet. Have you considered that this might be a necessary precursor to making iCloud e2e?
This is what you were arguing. It is false.
It was clearly a technical statement not a privacy statement, so only superficial reading might lead one to believe it meant something that it did not.
That is why I replied that the person who replied to my comment, where I said I had argued something different, but that what he wrote was an excellent point.
So, what on earth are you so invested in that you feel the need to argue minutiae that don't apply?
That doesn’t change anything. It may be a pre-requisite from the perspective of their business. You replied to me and I didn’t constrain my point to just technicalities.
> So, what on earth are you so invested in that you feel the need to argue minutiae that don't apply?
It does apply. I’m simply pointing out that what you said is not correct.
Sure. All the statements about why it’s not ok are also just speculation.
> why not release both features at the same time
That’s not how Apple typically works. They release a feature, try to make sure it works as expected and only then release the features that depend on it.
It’s as if USPS invented a new type of envelope that is physically impossible to open for anyone whose name is not written on the outside of it. Just one caveat: before they’ll give you any of these envelopes, you must allow them to read the letters being put inside.
If your concern is someone intercepting your mail before it gets to its intended recipient, this is great news. If your threat model involves federal agencies reading your mail, you’re no better off than you would be without these fancy new envelopes.
Yes, but this isn’t snooping.
Okay.
> We have no idea what hashes they're checking images against; we can't see the raw data, and we can't see the hashes, and we can't see what they're sending to their servers.
Apple is getting the entire image regardless, this happens as part of the iCloud upload process.
> There is no technical reason why this needs to exist. If they want to scan iCloud photos for something, they can do that on their servers. iCloud is not end-to-end encrypted. Law enforcement can do whatever they want with the data you send there. Since they chose the client-side route, they have to be up to something, and it all smells very fishy.
It's a hell of a lot cheaper to distribute the load onto the device than to do it on GCP. However, this whole line of thinking is ridiculous, iOS is your operating system, it can send what it likes where it likes without you knowing about it. Why does this particular thing cause concern?
> Tomorrow, it will be for any discontent against whatever government wants to oppress its people this week -- and as time goes forward, that is not just third-world countries where you don't live, it could be your own.
> Do you really want to explain to the police at your door at 3:30 in the morning why you read a website called Hacker News? This is the first step towards that reality.
https://www.txstate.edu/philosophy/resources/fallacy-definit...
> Imagine I wrote a program that contained the phone numbers of people I don't like. The database is encrypted, and the only way to see if you're on that list is to install the app on your phone. The app does two things -- nothing if you're not on my list, or it sends me your location (at your expense!) if you are. Would you install that app? Absolutely not, that would be crazy. But that is basically what is bundled into iOS now.
Again, your overlooking the fact that this app is already coming from Apple the company that made iOS. They already control your phone, why would they need some additional app?
Umm... that happened.
Then I guess it's not my operating system after all.
So turn off iCloud photos?
This service exists so Apple can E2EE your data while still placating DOJ.
It's a cop in your phone.
What they actually do is what is important. And what they actually do is publicly disclosed so you can make your choice appropriately.
Edit: The point here is that even if Apple tries very hard to make this be only about photos about to be uploaded to the cloud, if the percentage of phones that turns off iCloud storage increases as a response to this new "snitch-on-me" feature that will be a very good argument for law enforcement to ask for a list of IMEIs that are not using iCloud, and it will also tempt them to demand that Apple start scanning all files.
It's very simple. You want to upload images to iCloud? Then let your phone scan it and upload it. You don't want your images scanned? Don't upload them to iCloud.
I also get the slippery slope thing since you don't really have any control over what your device does but that's been true since forever. Running some scan() method and posting matches to a URL is something that literally could have been done in the last 10 years. It's not like this tech is magically enabling something that wasn't possible before.
And I do get the using your resources argument but iPhones have had integrated DRM since forever.
The thing I don't get is why now? Surely you should have left ages ago?
You know, I could respect your opinion that this is where you draw the line, but you ignore all of Apple's history if you think this is the first step. This isn't the first step, this isn't the first chapter, this is at best the middle of the book where the plot twist happens.
No, this is clearly no the first step. This is the first step you chose to see the reality of the situation. You'll look back and you'll see how everything was paved with good intentions and how people sounding the alarm were ignored.
This isn't the first step.
If that is what is supposed to happen, then it makes no sense for any new code to run on the device!
> Of all the things in the world to get worked up over, this is ridiculous.
Well, it is not crazy to get worked up over Apple saying they will check uploads to iCloud by checking what's on your phone - instead of simply adding code to iCloud. That seems obvious not ridiculous.
The new code calculates the hash as part of the upload process. The comparison of the hash against known CP hashes happen on the server.
> Well, it is not crazy to get worked up over Apple saying they will check uploads to iCloud by checking what's on your phone - instead of simply adding code to iCloud.
They're still doing the checks in iCloud, but the hash is being computed on the client.
Mystery solved?
I work in data engineering and I can tell you what I'd rather do. Having Apple's servers check hashes rather than the entire image means you can segregate the original images from the CP-checker data processing pipelines. That's a much simpler and more secure security scenario.
Many messengers, including Whatsapp, save all the incoming pics into camera roll by default.
The actual problem is that they've created a great surveillance tool which will inevitably get broader capabilities and they are normalising client-side data scanning (we need to eradicate terrorism, now we need to eradicate human trafficking, and now we need to eradicate tax evasion, oh, we forgot about gay russians, hmm, what about Winnie memes?).
One random article of many: https://money.cnn.com/2016/02/25/technology/apple-fbi-respon...
Edit: but through regulations they could probably say 'you're not allowed to sell phones without x backdoor' but maybe the government didn't want to spell out specifically what capabilities are required.
Many of the arguments/fears about CSAM is that it can be widened to be a generic backdoor, but as you point out in the arguments Apple has already argued in court Apple doesn't seem to think a generic backdoor is a good idea and have strongly fought against it and CSAM seems to be entirely designed to not be capable as backdoor, and especially not a generic backdoor.
I absolutely understand the fears of false positives and whatever processes the FBI and other TLAs choose to do with the results from CSAM (though many of those concerns apply to everything the TLAs do regardless of what technical tools they have at their disposal), but I'm not sure that I understand all the fears that CSAM is a generic backdoor (in the making) given what Apple have revealed about how it is built and what Apple's quite explicit reasons seem to be to build it to entirely avoid building a generic backdoor and that everything about it seems a "thumb your nose at the FBI by doing what they ask explicitly for but not what they really want to build" by entirely building something that can't be used as a generic backdoor and is very specifically built to only a tiny explicit use case the FBI has asked for. At least from what I've seen so far.
Whatsapp by default adds all received images into Photos. So all it takes is to send you few dozens of pictures while you're sleeping.
Maybe include children so that on first glance the reviewer will just forward to the authorities.
You get these images, store it, then you get flagged.
Now what? What’s your recourse when the FBI insists that you’re guilty, and your reputation is ruined?
There absolutely is a problem of pedophiles, but the process that Apple is using seems ripe for abuse.
I don't think it computes a hash of the image, it's a tad more involved than that.
Simple hashing is easily evaded. They must be computing an identifier from the contents of the images in the CSAM database. This requires computational analysis on the handset or computer. If that's all that were happening that would be no problem, but of course there are management interfaces to the classifer/analyzer, catalog, backend, &c
The contents of the identifiers are purposefully opaque to prevent spoofing of the identifier database. I don't know what is included in the images; what if I take a picture at Disneyland with a trafficked person in the frame? Will that make it into the qualifier database? What is added to the CSAM signature database and why? What is the pipeline of hashesfrom NCMEC and other child-safety organizations->Apple's CSAM image classifer alarm?
>I get it, the mechanism they're using has apparent flaws, and maybe some whacko could somehow get access to your phone and start uploading things that trick the algorithm into thinking you have CP.
The CSAM analyzer could be subverted in any number of ways. I question how the CSAM identifiers are monitored for QA (I actually shudder thinking there are already humans doing this :( how unpleasant.) and the potential for harmful adversaries to repurpose this tool for other means. One contrived counterfactual: Locating pictures of Jamal Kashoggi in people's computer systems by 0-day malware. Another: Locating images of Edward Snowden. A more easily conceived notion: Locating amber alert subjects in people's phones, geofenced or not.
To my eyes, it appears we will soon have increased analysis challenges. Self analysis of device activity and functions for image scanning malware (for example) is slightly harder, we have added a blessed one with unknown characteristics running on the systems. Does this pose a challenge to system profiling? How/does this interact with battery management? Is only iCloud scanning, or is everything scanned and then only checked before being sent to iCloud? (this appears to be the case[X])
There should be user notification too. If some sicko sends me something crazy somehow, I would surely want to know so I can call the cops!!
All in all this makes me feel bad. There is not a lot of silver lining from my perspective. While the epidemic of unconscionable child abuse continues, I question the effectiveness of this approach.
I would not consider jailbreaking my iPhone but for this kind of stuff. I would like to install network and permissions monitoring software on my iPhone such as Bouncer[0], Little Snitch[1], although these are helpfully not available for iOS.
I feel grateful that I am unlikely to be affected by this image scanning software, I'm planning to continue my personal policy of never storing any pictures of any people whatsoever. I don't even store family photos this way. My Life is not units in a data warehouse.
[0] - https://play.google.com/store/apps/details?id=com.samruston....
[1] - https://www.obdev.at/products/littlesnitch/index.html
[X] - Apple's Whitepaper: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...
So apart from every Apple user being treated like a proven-until-innocent owner of CP, at all times, this will (yes, a matter of time) be used for political purposes, to find and silence activists, journalists, to discredit opposition leaders, to prosecute Uyugur/Muslims/women/palestinians etc.
Do we really believe that CP owners store their collections in iCloud / google cloud / Dropbox and view them on their phones? And that this is an issue on a massive scale?
Please.
These are the most expensive phones on the market, with an incredible profit margin for Apple. The part of these devices that we actually own is a shrinking territory.
Why not have the mics on all the time in case “someone says something related to a CP ring?”
That's a false dichotomy. There are competitors offering various levels of maturity and functionality. Jolla exists, PinePhone, Xiaomi, Librem 5, dumb phones, POTS landline, no phone...
And yes, Linux on the desktop is also a valid choice. It most likely won't track you either.
I don't think you know what you are talking about when you mentioned Xiaomi as an option. That would be among the dumbest options you could possibly choose.
Linux on the desktop is a valid choice, but as I said above, don't tell me to switch to it, it's just not practical in my life. I've tried over a dozen distributions since 2011 and probably over fifty releases of them, and Linux isn't there.
Tried that yesterday on CalyxOs with anonymous MicroG account and my banking app works fine. No problem with contactless nfc payments.
Also you can't use any paid apps with this method.
Regarding the second point - that's true. I've heard there are some plans to add payments to the Aurora store/F-Droid (which are alternative app stores) but right now you can't use paid apps.
I consider this to be a plus though - gives me a chance to switch to open-source / self-hosted apps.
For Desktop, if I have to choose between macOS CSAM spyware of paying users or the Linux ecosystem and its tiny userbase of unpaid users I would go for using and targeting the paid users since they are the ones paying the bills and thats where the money is.
For smartphone alternatives, the phones themselves are still immature as well as the Linux phone software ecosystem which is again still light years behind. If they can't even run the same Android apps on modern Android devices, then it is close to no chance.
If they don't hurry up, Google Fuchsia will steam-roll them silently.
> I've tried over a dozen distributions since 2011 and probably over fifty releases of them, and Linux isn't there.
Likewise, with the GUI software I'm writing, 'Defining Linux support' is something that is not worth doing given that there are tons of distros out there and by selecting one or two distro's there will always be an endless amount of people asking to support X distro or Y distro.
There was a major game developer (sadly forgetting the name) who decided to support Linux as a test around 2018ish. The Linux users were only a few percent of their users but ~20% of the support tickets. They said never again.
You don't get to dismiss others' concerns by saying "it's a choice", and at the same time dismiss choices others present...
Now, it's only logical that you may share certain interests, so why not show ads for things they bought/googled for to their contacts?
watch words are simple to listen for, generalised transcription is far harder.
macOS does _something_ related to this system. It's unclear what though.
I agree with how impressive the M1 is. I've replaced my 16" fully specced i9 with a 13" M1 Air. The only thing I sometimes miss is the larger screen but not by much.
Picking a Chinese phone based on financial circumstances, however, is understandable IMO.
Wait what? You’re 180 degrees wrong.
China, on the other hand, does not seem to give a single f* about foreigners, only about their own citizens. Most people are not so are not really endangered even if chinese spyers do know what they handle on their phones. So in battle between US spyers/China spyers I'd better give my data to Chinese, if I don't have a choice not to share my data at all.
China, as well, don't try to make extraterritorial laws (like financial regulations), so it's harder to even be targeted by CCP if your are a foreigner.
https://www.dw.com/en/china-sentences-swedish-publisher-to-1...
But rather in the context of those in America that largely only deal with American government officials and those outcomes.
And to my knowledge. China isnt abducting people or conduction renditions on american soil.
As I said - I agree that China's government is worse. In fact my previous employer had a policy that company devices just didn't cross that border, even when traveling for work. But it's still not a factor in which devices I purchase myself.
But that's not what the original comment said.
The Chinese secret police don’t present a threat to me, whereas the NSA has the means, motive (at the leadership level) and opportunity to violate my natural rights.
I have a KDE edition Pinephone that I intend to use more overtime but primarily an Android user.
Also I get super annoyed when Android bundles stuff on your phone. I realize you can get rid of it/the cheap phone has to get paid somehow... but like having notifications that you can't slide away... things like that. Want more control over I realize Linux phones are lacking in software, pretty bad... Plasma looked really nice, Phosh not so nice (home screen) but it works out of the box though particularly detecting external screens. Anyway I'm looking forward to it improving over time, a cheap Samsung Dex-like experience is my desire.
The Pinephone modem is partially open already:
https://linuxsmartphones.com/hackers-develop-open-source-fir...
Edit: another thing to my parent comment, ads in your voicemail... the visual voicemail app in Android. Omg that annoys me so much, thankfully I have not been getting many voicemails anymore.
However, as one who's moved from an iPhone to a Nokia 8110 with KaiOS, which I in no way argue is as secure as iOS:
It has less on it. It has far less on it. It has my phone calls, a handful of text messages, and while it has email access right now, I'm experimenting with if I actually need that, or can remove it (leaning towards removing it). And my calendar.
The camera is horrible, so I just carry a pocket digital camera with me now if I care to take photos, which don't end up on the phone.
If I don't give it wifi privileges (which it currently has, but I've been running with wifi off and cell data off to see how that works, and the answer so far is "quite well"), there's simply not much it can really do to my accounts or network.
I believe there are some Google Authenticator apps for KaiOS, just not in the main app store, and I've not gone through the process of working out sideloading yet.
Google Authenticator is sort of a crap option for doing TOTP, all things considered.
I'd love to go feature phone, but would be missing two essentials for work purposes:
- A 2FA application (eg Google Authenticator, Authy)
- A password manager (eg BitWarden, KeePass, etc)
I can do without emails etc but not those two, yet whenever feature phones try and be more feature-some they do the same old emails, FB, WhatsApp etc instead.
However, after this backlash you can bet other manufacturers will continue to hide what their actually doing.
However, the perception was very different.
You're financially supporting the creation of an Orwellian dystopia.
Linux is incredible... and still unusable for many everyday apps and workflows, and simply not an option for many people including myself. I've tried Linux distributions since 2011, they aren't there yet.
Support the continued freedom you enjoyed in your youth for future generations.
I have actually totally dumped Windows recently (I have tried it past 5 years), because now Linux is getting very close for everything I need, and this same applies for many people. Can you give some examples which aren't there yet?
The whole premise is that Google and Facebook and everyone else are just doing this on the unencrypted photos you upload, in their cloud, with their own (presumably, but correct me if I'm wrong) undocumented algorithms and datasets.
Now here comes Apple, documenting almost everything except the dataset itself, and everyone is freaking out because it's happening on your own device. But then it's encrypting the whole thing and uploading it to Apple where they presumably do no additional scanning.
What is the actual difference if it's being looked for on-device vs. by the provider? Supposedly in preparation for a bigger push of encryption of the photos themselves, if they are not already encrypted in the cloud.
Am I missing something more than "but it's happening on-device!"?
Also, it's actually pretty easy to mess with Android and get it un-googled. Google don't make most Android phones, so there's less hardware-level enforcement of rules, and more independent alternatives. This is less so for Apple devices. If Apple decides to do something you don't like to your phone, you are SOL; you can only accept it or ditch Apple and switch to Android/something else.
Well, technically this is still true. Files you are putting to iCloud by yourself voluntarily are not staying in your iPhone in the first hand. Everything which is against this, is only speculation currently.
If you don't trust that, that is another story. System is full black box.
Am I missing something more than "but it's happening on-device!"?
Your answer is "no".
It's not whether it happens on-device, off-device, in the cloud, in the tubes, or anywhere.
It's that Apple said that they would not do this, and now they're doing this. You can make technical quibbles that what they promised was slightly different to what they're doing, but they're irrelevant. The core promise of "what happens on your iPhone stays on your iPhone" is being broken. It's that breaking of the promise that people are angry about. Does that make sense?
People think that this kind of capability was not there already, while it was. The simplest example case is normal iCloud sync. It scans your files and gets metadata, finally comparing to cloud to know which files to sync.
Other concern is, that this can be easily expanded to other kind of content, or whole device (outside of iCloud files). While, this sounds like valid concern, government who can force this change, could have forced it already. "Technology does not exist" is not valid excuse, never was. There are pretty expensive consults used by politics to prove these excuses otherwise.
Respectfully, it is there. You are not. Which is fine - I prefer a Mac for general purpose computer use, word processing, web browsing, that sort of thing. But Linux can do these things just as well, it just requires you to configure them, which is strictly a "you" constraint and not a failure of the system.
Linux is not necessary a bad system, but usability (degree of effort, burden of knowledge, misuse risk) are absolutely a core determination on where or not a piece of technology is "there yet"
I don't understand what you mean. My non-technical relatives use Linux just fine. There is no "burden of knowledge".
I believe that, for example, anticorruption activists and gay people in Russia who may be subjected to state-imposed surveillance won't agree with you. Apple won't leave even the russian market in case the government demands to expand capabilities of the system. And they will never leave chinese market.
> macOS doesn't scan
I'm afraid I have some bad news for you:
"Features to detect child abuse material stored on iCloud coming in updates to US users iOS 15, iPadOS 15, watchOS 8, and macOS Monterey."
Who will? Google? Microsoft? HP? Dell? Huawei or Xiaomi or Lenovo (lol jk)? Which computer or phone manufacturers or service providers refuse to do business in Russia and China?
Fortunately for now you have some escape hatches.
I believe that it would be a smart move for everyone to stop paying for nooses for their own gallows and start investing into privacy. There are some realistic ways to do it, just buy a damn Fairphone for a no-brainer start.
I know they did briefly after some attacks, but I also know that they had very little market share to lose at the time and have subsequently worked to get back in. Do you have a good summary of their current position there?
Nope, why would I? Also I'm pro-google, just pointed to a fact I know.
For me it boils down to ecosystem and integration. I can have a fragmented set of devices and tools, or I can deal with CSAM having literally zero impact on me.
I also have an M1 laptop, it's insane that this little MacBook Air with 16GB ram is walking all over a 16'inch Macbook Pro with 64GB ram.
I don't any hardware or software developer... I don't really care if the US is reading my emails, images, chats and whatnot. I choose not to worry about those sort of things.
My product choices are more related to functionality and basic ROI.
What simplifies in my life if I'm moving away from any ecosystem that tracks me to the OSS way, do I have to compile my own Chromium over the night? "oh, my Linux segfaulted, let's reinstall the OS"
time. Saving time on these operations is worth more than some X-company sniffing my network traffic. Yes, I care about privacy, I always decline the cookie pop-ups, always ask for GDPR contract before handing over my phone no./email to recruiters et. al. I'm doing my best without breaking usability & affecting time spent on these operations.
I try to use open source software where possible and after the endless stream of depressing news about working conditions and environmental impact of our juicy tech I'm ready to pay more for less to get (relatively) fair and open hardware too.
Edit: Considering Linux phones like Pinephone or Librem too, but they seem not ready to me yet and they emphasise much more on technical freedom and less on fair production.
I can live without free GPS navi but I'm wondering what to do about the few cases where you need a "trusted" device (a misnomer if there ever was one), such as banking push TANs or other mobile banking TFA apps, TOTP apps, vaccination pass apps or Covid contact tracing/registration apps (I've managed to evade the latter kind of apps until now).
The contact tracing apps in europe interoperate, you can get the CCTG app from F-Droid and it works on AOSP (also includes vaccination pass storage). There are also others available.
Many of these already do something like this but they just don't actively tell you or document it.
Also, and please correct me if I am mistaken, Apple's CSAM is limited to iCloud for Photos. It does not just work against your local photos.
It seems like a needless waste of time do do all this as opposed to disabling iCloud for Photos...Source: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...
(edit)I was planning to buy a new MBP/iPhone/Watch in Q4, so this made it easier to decide on those purchases earlier.(/edit)
It's correct that the CSAM scanning is currently only effective when iCloud is enabled - and for US customers only. For me, this detail is irrelevant. The backdoor might be inactive for now, but there would still be a backdoor on my phone.
Love it or not, we live in a police state enforced by surveillance. Most Americans are just waking up to this because they’re not a member of a population actively oppressed by the police. Socialist / anarchist / labor communities that are more than shitposting groups meet almost exclusively in-person because their communications have long been targeted by law enforcement.
If you look to other societies, this happens there too. There is a symbiotic relationship between mass media and government at a fundamental level. There’s a reason that the first things you do after a coup are to lock down the Internet and sieze the TV / radio broadcast infrastructure.
Companies have always tried to run parallel, unelected governments. Whether it’s “company towns,” banana republics, or social media restrictions doesn’t matter.
No, I think the root of the problem is that the ability to disseminate information widely across a population is not a good thing. I do think there should be real regulation on mass speech that is proportional to the audience size. If you have 100k followers on Instagram, that should come with some responsibilities.
I don't know what your point is. Even if this is true, (which it definitely isn't), should they continue to hold unlimited powers? Blood has been shed over centuries to limit the powers of the government and to get the rights we have.
I am not sure where you get the idea that free speech means speech without consequences. If I have a million followers and a sell something dubious, people would sue me for befrauding them
Nope, you can use a degoogled android. There's still a matter of hardware that's not open but there's not much we can do that without sacrificing a lot of usability.
https://twitter.com/Snowden/status/1175430722733129729?s=09
The key (from Apple's POV) is that this is done on your device, so the model can be audited, and users will know if it changes or is suddenly enabled where it wasn't before. Apple has documented the entire threat model and their design decisions realted to each threat vector.
It's worth reading the document, as it becomes pretty clear that this is a step towards enabling E2E for iCloud Photos.
The alternative to what Apple did is cloud-based scanning, which is less transparent, permanently disallows E2EE, and is more vulnerable to being changed by national decree. If CSAM scanning is going to (or is already) mandatory, I vastly prefer Apple's method here.
[1] https://www.apple.com/child-safety/pdf/Security_Threat_Model...
This is such a good point. The US government has been heavily pushing for backdoors, and can gag discussion under threat of national security.
It also seems counter productive to punish the one corporation who is apparently being transparent about this. Nobody here likes marketing BS, but this reaction here on HN is why we get marketing BS instead of technical details.
Edit: Legally, these searches do not violate the 4th amendment because the government pretends hash scans are entirely voluntary. Most ISPs and email companies "voluntarily" choose to hash match. I can't remember the specifics, but ISPs that refuse to do this have been threatened with legal action.
https://www.bjcl.org/blog/hashing-it-out-how-an-automated-cr...
I hope not.
If hashes are uploaded to devices, they can be extracted and images that clash against it can be created.
I think they're going to be creating hashes of images locally that are being uploaded and send it with the image. Then if the hash is found to match one on their database, that's flagged.
The problem then is, if they're matching on their side, what prevents them from receiving some order that forces them to match for other images?
Many organizations have the hashes, so they could leak nonetheless. Either way, I don't think that's a major problem. If the system interprets a picture of a pineapple as CSAM, you only need to produce the picture of a pineapple to defend yourself against any accusations. If clashes are too commonplace, the entire system would become unreliable and would have to be scrapped.
In any case, I have looked it up. The database is indeed on the device, but it's encrypted:
https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...
> Instead of scanning images in the cloud, the system performs on-device matching using a database of known CSAM image hashes provided by NCMEC and other child-safety organizations. Apple further transforms this database into an unreadable set of hashes, which is securely stored on users’ devices.
Overall, after reading the PDF, here is my understanding of the process:
1. Apple gathers a set of "bad hashes"
2. They upload to each device a map from a hashed bad hash to an encrypted bad hash
3. The device runs an algorithm that determines whether there are matches with hashed bad hashes
4. For each match, the device uploads a payload encrypted using a secret on-device key, and a second payload that contains a "share" of the secret key, encrypted using the neural hash and encrypted bad hash.
5. The device also periodically uploads fake shares with dummy data to obfuscate the number of matches that actually occurred. Apple can't tell fake shares from real ones unless they have enough real shares.
6. Once Apple has enough real shares, they can figure out the secret key and know which hashes caused a match.
The main concern I have, and as a non-expert, is step 2: it requires Apple to provide their key to an auditor who can cross-check with child protection agencies that everything checks out and no suspect hashes are included in the payload. In theory, that needs to be done every time a new on-device database is uploaded, but if it is done, or if child protection agencies are given the secret so that they can check it themselves, I think this is a fairly solid system (notwithstanding the specifics of the encryption scheme which I don't have the competence to evaluate).
The thresholding is also a reassuring aspect of the system, because (if it works as stated) the device can guarantee that Apple can't see anything at all until a certain number of images match, not even the count of matching images. The threshold could only be changed with an OS update.
There's certainly a lot of things to discuss and criticize about their system, but it's going to be difficult to do so if nearly no one even bothers reading about how it works. It's frustrating.
If the system interprets a picture of a pineapple on your phone as CSAM,
after Apple notifies the authorities they have identified child porn on your phone,
after the police detain you with the courtesies afforded to all alleged pedophiles,
after you cough up your phone’s password,
you only need to produce the picture of a pineapple to defend yourself against any accusations,
and then point out to the folks with the guns that no, you didn’t delete the child porn from your phone, look, it’s just a pineapple,
and then explain to your captors how hashes work,
then there’s nothing to worry about.
Good luck.
Apple has a team that will manually vet the matches, so no pineapple picture or a fuzzy forced hash collision picture will cause the authorities to be notified.
So if you're worried someone will secretly send fake CSAM hash collision images to your phone to trigger the process, the worst that will happen is that some poor sod at Apple will get mildly inconvenienced.
And here's the real question, what's to stop them from using this on say: political memes instead of CSAM?
As for using it for other things than CSAM, well, for one, Apple would know, because the thumbnails would show political memes, so they'd have to be in on the conspiracy. They probably don't want that liability. Furthermore, the hashes are supposed to be auditable: a third party could check that they are what they are, a court order could order such an audit, and it would be suspicious for Apple to refuse. They wouldn't want to include anything that could piss off any sufficiently powerful government or, say, the EU, because they are likely to figure it out. And if they give different hashes to different citizens, that will also be obvious.
If they know this attack is possible, Apple, not being idiots, will cover their asses in court by saying that a match is merely strong evidence that the user may have had CSAM on their account, but that it cannot be said for certain unless the full image is obtained by the authorities, and that the full image should be where they say it is, with the voucher made by the device.
Because of that, prosecutors are unlikely to want to move forward without better evidence: Apple may very well testify for the defence if they do, and judges will ultimately chew them out. So yeah, I suppose rashness and incompetence in some parties may lead to a very uncomfortable situation, but ultimately it is likely that the police would be reprimanded for it and that it would be a lot more cautious afterwards.
As an aside, this entirely explains US politics.
The reality is, people have to trust their OS vendor.
It doesn't compel me to drop Apple. I still think they are the best of the best, but I agree in sentiment to many people here that it was a huge drop in my trust.
The lesson for me is that I cannot trust any company, and that is probably a smart approach. I will depend on myself and right now Apple, amongst all the players, is still the one that manages my privacy better than anywhere else. But I'll be watching.
Is this actually true? Is there a way to see what information Apple has on you? I'm sure it's not the full extent of what they have, but for example I can see(and hear) past voice prompts I've given to Google Assistant and their results. I can also choose to delete this information(obviously no way to know this is actually deleted though).
If anyone has suggestions for a small, minimal phone I can still run Signal on I'd love to hear it.
I think for a phone I may just drop back to a Nokia 3210 and buy a camera for family pictures. Whatsapp will be a loss, but hey, maybe it'll be nice to not have my phone as a distraction during the day.
- https://github.com/arindas/manjarno
- https://manjarno.snorlax.sh/
There are only 3 distros worth using. Fedora KDE Plasma upgrading after stabl-er point releases, Arch and openSUSE Tumbleweed.
Everything else is very unprofessional or full of technical or human issues. I'm not trying to gatekeep newbies, like, if you use elementaryOS or Linux Mint you're still using Linux. No elitism intended I'm just giving you my opinion.
For exploration or self inflicted harm you can also use NixOS or weird small distros. Although I like Nix' concepts I don't like their implementation or approach to users.
Linux is still too high-maintenance for me, though I could be convinced. I am watching https://frame.work/ closely and considering grabbing one just to support that effort. The big flaw is use of Intel chips which are total shit compared to even Ryzens on power/performance.
The M1 makes leaving Apple even harder. The performance is great and the power efficiency makes a laptop feel like it has some kind of zero point infinite energy device in it. You can do a full day's work on an M1 running real apps like large builds, VMs, and IDEs and still have 1/3 battery remaining, and it's faster than a top-end Intel Mac.
There is absolutely nothing comparable to the M1 in the x64 PC ecosystem. A latest-generation Ryzen would be the closest you could get, but it's hard to find good Ryzen notebooks due to Intel's strong-arming of that space.
In terms of SSD performance, the M1 SSD upgrade from 256 GB to 1TB cost about 500 EUR, while a 1TB Samsung 980 SSD (with very similar performance) costs about 120 EUR total.