25 comments

[ 0.21 ms ] story [ 50.2 ms ] thread
This must be the biggest PR blunder the last 20 years. I haven’t seen a tech company undermine their brand like this before.
Apple is learning their lesson about announcing these changes publicly. In the future they're likely to just roll out invasive features quietly behind their users' backs, like the rest of big tech does.
This is how Google operates. "We've updated our privacy policy to give you more control over how your data is used". And then it sounds like they are introducing privacy, when in fact they are taking it away, and you're lucky if the option they've given you restores the prior behavior. These privacy policies are written by lawyers and are a masterclass in simultaneously being vague as hell while being completely defensible in court and also as broad as possible. They go right up to the edge of the law on what they can do with your data and then fall back on "we don't sell your data to other companies". That's technically true. They just buy the other companies or start competing with them and hide it all behind "huminah huminah make our products better". The updates even sound completely innocent and unless you can intuit the technical architecture behind the product, you have no chance of really understanding what this clause really means for your privacy. By design.

Having read the actual privacy design docs behind some of these products....well, I'll just stop there.

> This is how Google operates.

Well, even though they don't hide the fact that they scan not just your photos but also all other content, they don't report what they learned to the police on their own accord - the police needs to explicitly ask for it.

Come to think of it, why to stop at child porn? Are photos of rape and murder less reprehensible (and if so, by who's morality)? If you follow this logic, Apple should have an army of people analyzing terrible images and in the end needing psychological help.

It's a blunder within the tech community, but how are common people viewing it?

I haven't talked to anyone about this within my social circle so maybe someone who has can chime in. I would suspect there would be a lot of "wait so you're against catching child abusers?"

I see no blowback in mainstream media in NL.
No blowback here in US media either, but our mainstream sources have been buddying up to all of our little authoritarians especially as it pertains to COVID, so running a story about your rights being infringed upon wouldn't jive with the rest of their recent messaging.
Of course not. Child Pr0N today, "hate speech" tomorrow.

For media, hate speech is anything that deviates from the propaganda of the day.

I'm amazed at how many people don't see the pattern, especially in our post 9/11 world. This stuff never stays contained to it's original purpose - it ALWAYS expands.

The only way to control it is not let it get established in the first place :p

> Once the CSAM hash scanning for photos is built into Apple products, the company will face enormous pressure, and possibly legal requirements, from governments around the world to scan for all sorts of images that the governments find objectionable.

At the risk of sounding cynical, isn't the cat kind of out of the bag on this tech now? Even if they hypothetically rolled this feature back (they won't) all the parties who would love to see it implemented now know that it's possible and can strong-arm Apple or any other vendor into doing it.

A valid concern, but I'm not sure the cat is out of the bag completely.

There are different degrees of everything, and simply pushing for a new set of image hashes to be added to the database is a lot smaller in scope compared to pushing for a feature to be rolled out to all phones.

Nothing in this system makes scanning photos on Govt request any easier, though. That is to say, it is exactly as straightforward as an (authoritarian) Govt to demand and for Apple to implement specific photo scanning & reporting functionality.

Anything particularly new in this system is the privacy-preserving part with safety vouchers and stuff; none of that would be relevant if Apple were to be strong-armed by a Govt to do scanning of whatever photos.

I get the fear of Govts demanding on-device scanning of private photos, however I fail to see how any of this CSAM stuff makes that scenario more or less likely. The same slippery slope applies already since everybody with an iPhone is executing arbitrary code from Apple all day, every day.

As I understand, government can't force a company to implement on device content scanning. However, once company creates such functionality voluntarily, they can make company to scan all sorts of things and lie about it.

This is where Apple is crossing the line.

I guess it depends on the government. Many have some kind of "you can't operate here unless you meet certain criteria" rules that require implementing special software. Usually those rules center around copyright (e.g. must allow moderator deletion to respond to DCMA requests) or safeguarding or other kinds of government-mandated moderation. But it is certainly possible for any government to force any company to develop any software as a price of doing business in that country.

So yes, now that the technology exists and they have proven that it can be integrated with their system, the damage is kinda done. Of course, if Apple now has to publish a different version of their software for, say, the Afghanistan market than they do the surrounding areas, that's a big red flag to people in Afghanistan that Apple have done something shady, likely at the behest of the current Afghan rulers. If that spyware is distributed on every iphone globally, and it's merely picking up on geolocation or some kind of network indicator, there is no smoking gun - so the first time people will know that this has been tuned immorally is when people start disappearing.

That's why a lot of the battle should probably now be "Make this software illegal in your country", because then the countries distributing "custom" versions are likely to be infected with this spying capability.

Interesting phrasing. You could say that they implemented a process that has a exploitable judicial bug and one would like to avoid exploitable processes. The question for the future is, what is needed to have a process (Software, Laws, Norms,..) for minimising CSAM as much as realistically possible (with net positiv effect for society) but without being exploitable. As the current processes seem not to be adequate.
> what is needed to have a process

The thing is, once there is a capability to search customer device without a warrant, why would you want to limit it only to CSAM? For example, this would be a great way to catch drug users, dealers (someone taking photo of using or their stash / stock), illegal weapon holders, tax evaders (someone posing with wads of cash while being poor on paper) and so on. Then you have countries with strong anti LGBT laws and they would certainly want to prosecute these groups. It's madness.

> However, once company creates such functionality voluntarily, they can make company to scan all sorts of things and lie about it.

Is that actually true, though?

Apple can literally execute any code they want on any of the devices users are licensing from them.

Those that exchange money for Apple devices are under the very mistaken impression that they own them or have any reasonable expectation of privacy on them.

Why don't Apple customers start a class action for misleading ads? From Apple's ads: "Privacy. That's iPhone."...
The ads are sorta true --- within the context and confines of the vendor/sucker relationship and terms of service agreement.

But once you do anything that Apple does not approve of, they'll cut you off, lock your phone and your data and throw you to the wolves.

Oh, and by the way, they have full access and will be watching and checking everything you do with your device.

Too late, the shit is already out the ass hole. Eat it and enjoy.
Thanks Apple for proving once again that you don't really own the phone you paid $1k USD for.

AOSP and derivatives for the win.

They'll mouth words and backpedal, pretend to do something.

And that Russian proverb should blared right back at them: trust but verify.

It just boggles my mind that people are OK with being treated as if they are a criminal by default.

I mean if I'm not a criminal, then why the need to sift through my stuff in the first place?