> Let’s give all your data to governments under the guise of protecting children
But that's precisely what Apple's CSAM implementation doesn't do. It compares on-device image hashes with hashes of known CP images. It affords more privacy than other methods, which Apple is probably using anyway and which other cloud services are definitely using.
Then the myriad other tech companies that scan the images uploaded to their platforms will be alerted of supposed illicit images being uploaded. This isn't new. No one's lives have been ruined by this and it's been practice for years now.
This is a strong claim with zero evidence. The social costs of defending an accused perpetrator of this nature are insanely high.
While we're making unsubstantiated claims, I assert that intelligence agencies routinely exploit this. My only substantiation is that it's obvious and I would if I worked for them.
Ian Freemen is a controversial political activist whose pro-liberty, pro-bitcoin radio station was raided by the FBI in 2016 and had their equipment confiscated. It was widely covered in the news, he was kicked out of at least one community organization, and last I heard, they still didn't have all their equipment back.
No charges were ever filed, and the media outlets didn't bother to update their articles.
I think false accusations happen, especially to controversial figures, and assume most victims just don't want to call much attention to it.
Isn't this a separate issue to the one the grandparent was complaining about? I can't see anything about child porn related to this person, just a lot of talk about money laundering.
Also, are you sure there were no charges filed? Some cursory googling turns up articles including a PDF of the indictment [1] and more-recent articles seem to refer to an ongoing process [2].
The same is true of the technology that can find photos of cats on your device. It can be abused, but smartphones and cloud services are packed with technology that could be abused by a motivated bad actor. If you're worried about it, you're better off not using a smartphone at all.
Why would they want to entrap people with fake child porn images? What would even be the point of getting people flagged? They would never be convicted anyway, since they are not actually storing illegal images.
What matters is that the person is arrested, that their name is leaked to the mainstream news media, and that they're dragged through the mud - the same as seems to happen in literally every other child porn case.
The actual guilt or innocence doesn't matter at that point. Their lives have been sufficiently ruined, and, if they are actually innocent, the message has been clearly sent.
Do you have any examples of that happening, innocent people getting arrested for child porn? Never heard of it.
In any case, the police will not arrest anyone because they have only been flagged by the automatic system. As soon as Apple reviews the images that triggered the flagging, they will see that they aren't actually child porn, and hence they won't even contact the police.
>It compares on-device image hashes with hashes of known CP images.
No, it compares against hashes supplied by a government agency (NCMEC). Apple has no way to verify the hashes are in fact CP, as it is only re-hashing hashes.
But once it reaches some non-defined threshold, it's Apple who reviews the content not the government. They don't have a way to verify the hashes, but they would have a way to verify the content which matches the hashes.
Presumably at this stage is where malicious hashes would be detected and removed from the database.
> it's Apple who reviews the content not the government.
An unaccountable "Apple Employee" who is likely (in the US and other countries) to be a LEO themselves will see a "visual derivative" aka a 50x50px greyscale copy of your content.
There is no mechanism to prevent said "employee" from hitting report 100% of the time, and no recourse if they falsely accuse you. The system is RIPE for abuse.
>Presumably at this stage is where malicious hashes would be detected and removed from the database.
Collision attacks have already been demonstrated. I could produce a large amount of false positives by modifying legal adult porn to collide with neural hashes. Anyone could spread these images on adult sites. Apple "employees" that "review" the "image derivatives" will then, even when acting honestly, forward you to prosecution.
Yes but no one wants the finger pointed at themselves. Even if innocence is proven, someone will go through your files and you will have to deal with the law.
The recourse should be before this reaches the law.
You're misunderstanding the proposed system. The entire system as-described only runs on content that's in the process of being uploaded to Apple -- it's part of the iCloud Photos upload system. Apple stores all this content encrypted on their servers, but it's not E2E so they have a key.
This entire system was a way for Apple to avoid decrypting your photos on their servers and scanning them there.
Hypothetically, if Apple implemented this system and switched to E2E for the photo storage, you'd be more private overall because Apple would be incapable of seeing anything about your photos until you tripped these hash matches, as opposed to the status quo where they can look at any of your photos whenever they feel like it. (And the hash matches only include a "visual derivative" which we assume means a low res thumbnail.) I say hypothetically because Apple never said this was their plan.
You can argue about whether or not Apple should be doing this. But it does seem to be fairly standard in the cloud file storage industry.
I never heard that Apple was decrypting the original content at all. That implies that there is a team at Apple looking at child pornography all day. Not sure how that's even legal. It was my understanding that CSAM systems were simply hash based and 'hits' were reported to authorities. Do you have a source for them decrypting information?
I suspect the key would be that there'd be a team verifying that something is actually child pornography, because the system is a perceptual hash rather than a strict comparing-bytes so before someone looks at it they're not certain.
That's incorrect. That's the Apple reviewer. After that, it goes to further review by NCMEC, where it's verified. NCMEC is the only one legally capable of verifying it, fully, and they're the ones that file the police report.
So, to get flagged, you need many hash collisions destined for iCloud. Then, to get reported, some number must get a false positives in the Apple review, and then some number must somehow fail the full review by NCMEC.
You’re assuming quite a bit here. I never claimed to have faith in the system, and there could be problems with the review process, but it’s best to talk about how things are, from an informed perspective.
If we can, then, hypothetically we need to get non-CSA images onto important people's iPhones so they get arrested, jailed for years and have their lives ruined by Apple.
I have another problem with this. In a lot of jurisdictions virtual CSA images are legal. i.e. cartoons and images created entirely in CG.
These images can be 100% indistinguishable from the real thing. Without knowing the source of the images that they are putting in the database, how do they know the images are actually illegal?
That's an interesting question. I have no idea who "owns" hashes. Does the copyright on a photo transfer to hashes of the photo? Is a hash a derivative work? Regardless, I am sure that somewhere in the terms and conditions you give Apple the right to copy, move, and process your photos and probably hashes of them too.
If Apple kills the program they deserve some positive attention, but realistically the governments of the world will want this capability to scan people's data for things and will get it developed one way or the other.
It has gotten so cheap to run dragnets that the only rational responses are pessimism or demand for privacy by design.
> but realistically the governments of the world will want this capability to scan people's data for things and will get it developed one way or the other
Sorry to burst your bubble.
But all of the photo/cloud providers including Apple have been doing CSAM scanning for many years. And will continue to do so for the foreseeable future.
The US government, and probably others, scan through everything on the internet. That has been a generally accepted matter of fact since around 2015. I doubt there are any secrets on iCloud.
I don't like it, but I'm still going to complain glumly if things get worse. And at least I don't own the servers involved.
Problem with something like this is the cat's out of the bag.
The code has been written, tested and merged etc. The project has reached a point where it's ready to ship.
Apple have done their homework and they will not release ANYTHING unless they think they'll either make money from it or at the very least, not LOSE money from it. It's all about money, nothing else.
It's coming whether we like it or not now :(
And you can be sure that others will follow. It will be in Android at some point and possibly Windows and MacOS too.
I try not to be negative and cynical these days but the tech oligarchs make that incredibly difficult.
The "scanning" feature that underpins this has been deployed for years, and I dare say wouldn't even be considered unique for photo library managers. If you can search for "cat" and get photos of cats, then your photo library already has the tools necessary for CSAM detection.
I feel the fears about this implementation are largely overblown - equivalent features are not being misused on Google and Meta/Facebook's properties, despite having a much larger audience and less procedural oversight. Rather Apple is the outlier here for being not just late, but also by having minimum thresholds that must be passed and an unskippable step of human review.
I'm yet to hear a coherent argument about the potential dangers of the system that understood the implementation, nor the state of image scanning amongst cloud providers - even this thread seems to believe that Apple is the first here. Apple's approach was the most conservative, Google's goes much farther: https://support.google.com/transparencyreport/answer/1033093...
> The "scanning" feature that underpins this has been deployed for years
Yes, I agree that your phone has the ability to find stuff like this based on ML etc. However, if their algorithm finds something that matches a hash of child porn, you'll be reported (after notification or something, can't remember).
Can you imagine what that would do to people? The risk of fucking this up and destroying someone's life is far too high. It's a stigma that will never go away even if it's proven false.
And what if the government decides that they want to ruin a political adversary? The technology is there to report them, rightly or wrongly, for child porn on their phone and ruin them. Again, proving that it was false will not be enough if it leaked out in the first place.
In my opinion, it's my phone (yes, yes, I know they all dial home to the mothership, I only lease it etc.) and I should have complete say over it and this is one more step away from that goal.
> matches a hash of child porn, you'll be reported
After 30 hits (so 30 false positives), and then the photos are manually reviewed by a human being. How did people never understand this? How on _Earth_ would people's live be randomly destroyed by this? The reviewer would take one look (or 30) and immediately realize it's not illicit. Crisis averted. But the chances of those 30 false positives actually all being in someone's iCloud was like astronomically unlikely.
> And what if the government decides that they want to ruin a political adversary?
Then you're already fucked, and the child porn scanning software won't be what makes it possible to ruin your life.
This falls under the "you're already fucked" part of my argument. If it becomes illegal to have a file, or a book, or an image, then the entire tech ecosystem we all use everyday is completely untrustworthy.
Is that an issue? Sure! Is it a new issue, or specific to Apple's implementation? Nope.
> If it becomes illegal to have a file, or a book, or an image
This is already true in certain circumstances.
> then the entire tech ecosystem we all use everyday is completely untrustworthy.
This depends on what tech you use. The degree to which you cannot trust it, or need to understand that it is actively working against you, varies by platform. Nearly all platforms undermine you in different ways. Some of those platforms do so in a way in which you're ok with.
> Is that an issue? Sure! Is it a new issue, or specific to Apple's implementation? Nope.
Agree to disagree. I don't mind cloud services (someone else's computer) scanning my data and working against me. I do mind my computer scanning my data and working against me.
>After 30 hits, the photos are manually reviewed by a human being. How did people never understand this? How on _Earth_ would people's live be randomly destroyed by this?
Many people here simply assume all governments and corporations are simultaneously that evil and that incompetent. The aggressive cynicism of this forum and its reticence to engage with content before commenting undermines its pretense at informed technical acumen and civil discussion in many ways.
>After 30 hits (so 30 false positives), and then the photos are manually reviewed by a human being. How did people never understand this? How on _Earth_ would people's live be randomly destroyed by this?
Don't be naive, the governments will demand that matches on the "special" hashes will be reviewed by local government people.
There is a similar feature in the "child safety" package that scans for stuff in chat messages and probably (maybe soon) in documents that are received ), so the code is in place to have an uninstallable "antivirus/antiCSAM/antipiracy" on your device that you must trust both Apple and your goverment that does what is promised but 100% you can't just delete the executable to have piece of mind.
> Don't be naive, the governments will demand that matches on the "special" hashes will be reviewed by local government people.
Seriously, if a government is after you, they will get you regardless of the content of your phone. In a country with decent laws, just a match is woefully insufficient to demonstrate someone’s guilt, and they will need some proof. In other countries, laws do not matter so they can just get you without issue. They have done it for quite a long time and are doing it today.
All of this also points to the complete absurdity of this mass hysteria: it is insane to ruin someone’s life just because they have a picture on their device. It is just thoughtcrime, at this point.
>All of this also points to the complete absurdity of this mass hysteria: it is insane to ruin someone’s life just because they have a picture on their device. It is just thoughtcrime, at this point.
But it happened, some guy was falsely accursed because someone made a typo in an Ip address, he lost his job and he was forcefully kept away from his wife and children.
>Seriously, if a government is after you, they will get you regardless of the content of your phone
That is false, for example before 1989 listening to a certain radio station was illegal here in Romania but the government could not ask the guys the made the radio to give them a list with all people that listened to this radio station.
Your claim is that the govberment knows my name and what I did they can fuck me up, that is true but this imnplies the gov already knows and has the proof, in this case without the file scanner they won't know I own political/religions materials that is illegal but after the file scanner runs and reports me , only then I am on the gov list.
I hope is clear, tech makes the job of the bad gov easy, so in this case you as a random user you gai nothing from your device scanning for CSAM but many lose from this, the question is why if you gain nothing and this can be done with a simple iCloud scan? (because for sure it will be extended to private messages and documents)
> so in this case you as a random user you gai nothing from your device scanning for CSAM
This makes it seem like there is no upside at all to the CSAM scanning. There is: we stop more folks peddling child porn, hopefully making a dent in the problem.
>This makes it seem like there is no upside at all to the CSAM scanning. There is: we stop more folks peddling child porn, hopefully making a dent in the problem.
Apple could have scanned iCloud from the start and prevent this problem if it is so big. If they are already scanning then there is no use for scanning on device only if iCloud is on and if they are not yet scanning iCloud then you should ask Tim why is he ignoring the problem, Google and Facebook already reported a lot of abuses, does Tim love CP?
> After 30 hits (so 30 false positives), and then the photos are manually reviewed by a human being.
As much as I think the panic is way overblown, this bit is simply unacceptable, and they need to get nailed just for having thought this was a good idea. Nobody is to review personal photos; this is an insane breach of privacy.
There's a fundamental difference between you sending files to a company server which are then scanned, and your own hardware constantly monitoring you for illegal activity so that it can report you to the authorities.
> equivalent features are not being misused on Google and Meta/Facebook's properties
The objections come when such systems are to be run not on corporate property, but on end user property. I don't see anybody objecting to corporations scanning content uploaded to the corporation's own computers. Scanning content on the user's computer, which is the user's property, is what unnerves people.
Furthermore, while Apple may have implemented this feature in a relatively safe way (I don't fully understand it so I'm not confident of that, but smart people here think it so I'll assume it for the sake of argument), I believe that the general public does not really understand this nuance and Apple normalizing the practice of scanning personal computers will clear the way for other corporations to implement scanning in shittier way. If Microsoft were to start scanning all documents on a Windows computer by uploading those documents to their own servers, is that a distinction that would necessarily be made clear to the general public? I don't think so. The rhetoric will be "Apple does it and that's fine, so Microsoft can do it too". The technical differences in the two implementations will be understood in forums like this, but not by the general public at large.
I agree that there is a need for such changes to be public and debated - my grind comes from those which makes arguments which are neither factual, nor pay attention to the status quo. (Thus leaping to fantasy assumptions which are without basis.)
For example Google and Meta both scan all material that is on their services, both of these providers actually go further by utilising AI to hunt imagery which may not be identified yet. So the idea of this compelling others to scan is false: Apple is last here.
Similar to Google and Meta, Apple's CSAM processes only come into play when the material is uploaded to Apple's servers. The minutiae of where the scanning occurs is irrelevant because Apple's implementation is merely a way of performing the function without giving up the user's privacy (by scanning locally rather than sending all of your photos to Apple's servers for review.)
The scanning process is merely the addition of verified hashes to a system which already uses this same technique to categorise ones photos into searchable images ("waterfalls" "dogs" "bicycles" etc.), because this is an existing system there is no impact to performance/device usage.
> The minutiae of where the scanning occurs is irrelevant because Apple's implementation is merely a way of performing the function without giving up the user's privacy (by scanning locally rather than sending all of your photos to Apple's servers for review.)
This is where you and I part ways. I don't think that's an irrelevant minutiae, because it normalizes on-device scanning. This implementation or others may change in the future and opposition to those future implementations will be hampered by "Apple was already doing it" arguments, which will sound fairly plausible to the non-technical public.
Maybe I'm making a 'slippery slope' argument here, but I've become comfortable with such lines of thinking. My cynicism has been rewarded too often before.
> I don't see anybody objecting to corporations scanning content uploaded to the corporation's own computers.
That depends on how "BYOD" the company is. There's an awful lot of companies that provide work machines that most of their employees reasonably use for some sort of personal work, be it checking their bank statements to see if they got a deposit or logging into a handful of services so their settings sync. In my opinion it is unreasonable to expect people to not do this, especially given that the alternative is quite painful with modern software. Corporate searches have a problem of not really having clear limits like a legal search might, so going through e.g. your synced web history when trying to find evidence of credential abuse (check your own audit logs!) is common.
My understanding is that the EU has stronger privacy protections for employees using their employer's computers. Personally, I keep all my private business off my company laptop, if I want to check my bank statements I use my phone (which is not enrolled in any company system, I refuse those offers.) I don't sync a single thing between my personal computers and work computer. But yes, I see your point. Maybe there is some merit to stronger privacy protection laws in this circumstance, since so many users of corporate computers lack the inclination, awareness, discipline to keep their personal stuff off computers they use but don't own.
Photo classification takes place on device as well. The models are generated on Apple's side, but the photos on your device are classified by your device while it sleeps and charges. Check the last line on this page: https://support.apple.com/en-us/HT207368
The difference is that there is only 1 IF statement or local/remote config flag that will enable this scanning on your device even if you don't use the iCloud photo sharing feature.
It is super well documented that Apple ALWAYS follows the laws of the land, so the scenario is that a government adds some new hashes that might not be CSAM as you and I define it but might be political stuff(but the citizens can't check).
Also now that the code is there Apple can't refuse to add this hashes or enable the feature forcefully when a legal warrant for that territory is presented.
some more config changes and it can start scanning for text in documents too.
Until recently you had a lot of freedom on your OSX device, you could install and uninstall whatever you wanted , you could have a firewall that blocked applications. On iOS and slowly on OSX this freedoms are lost, already when you open your computer, open an application Apple is notified (for your safety), only a few more steps are needed until you will get laptops with iOS like lockdowns and maybe a PRO expensive version for the ones that want the key for the gates.
>You can blame them when that happens but it’s odd to blame OS X for being locked when clearly OS X is not… locked.
OSX is getting more and more locked, iOS is locked so why shouldn't people complain when things get worse.
I was just explaining that the excuse "OSX is 20 years old and it was not locked yet so it will never be locked q.e.d " , this is wrong, you can see clearly how things get more locked in steps and you don't have to wait untill last step to complain.
Keep in mind that you have better keyboards on Apple laptops today because people complained, the CSAM shit was delayed because people complained, the Apple tax was lowered in some cases because developers and Epic complained, so complaining sometimes works.
This argument falls exactly into the point I make about not understanding the implementation or the status quo.
Here's what would need to change about the system to fulfil your requirements.
1. The local government would need to pass a law allowing such a change
2. The hashes would then need to come from the government. Instead of the two intersection of two independent CSAM databases.
3. The review process would need to redesigned and deployed to provide a lower threshold and permit the reviewers to see high resolution images. Neither of these changes are trivial.
4. The reports would then need to go to the government.
5. What's stopping these same governments from requesting such things from Google and Meta - both of which have comparable systems with lower oversight?
Apple don't "ALWAYS follows the laws of the land", one can read into this with the recent "secret" agreement between Apple and China which detail the various ways that Apple hasn't complied with Chinese requests (e.g. the requests for source code.)
I see that you don't live in Turkey. Or Lebanon. Or Egypt, or the United States, or Brazil, or any of tens of other nations where this exact scenario is not only plausible, but is of real concern.
Then you should already be gravely concerned because, as I've stated: Apple is last to the game here. Google and Meta each with significantly larger audiences than Apple are already doing this. Since Meta in particular is social media and the main source of casual political dis/information for the masses this would be the low hanging fruit that you're worried about.
The vague "this is a serious concern because my government is shit" requires a person to ignore a lot in favour of a little.
>Which apple device is now scanning client side for CSAM?
I think you missed OP point, the grandparent found a bad excuse for Apple, that Google and Facebook do the same so nothing is wrong, but the OP responded correctly that this is false, those companies don't install file scanners on your device so the excuse is bullshit.
> those companies don't install file scanners on your device so the excuse is bullshit.
They don’t install file scanners on iOS because they cannot. They are happy with scanning my contacts and doing who knows what with my photos if I let them, though.
>They don’t install file scanners on iOS because they cannot. They are happy with scanning my contacts and doing who knows what with my photos if I let them, though.
Nobody says that Google or Facebook are good/saints, but there is a difference, my phone did not had Facebook or WhatApp installed, so journalists or activists can just don't install this crap.
What is the alternative? Companies deciding that the law does not apply, just because?
Reverse this for a moment: would it be acceptable that a Chinese tech behemoth decides US law does not apply to their American operation, because they are convinced that western democratic values are dangerous?
This is also a real concern. If you think that rule of law is a good thing, then companies must comply with local laws. The alternative is not a humanist utopia; it is the rule of unaccountable corporations.
>If you think that rule of law is a good thing, then companies must comply with local laws. The alternative is not a humanist utopia; it is the rule of unaccountable corporations.
In this case there is no law to force Apple to scan on device, they can scan iCloud only if the law forces them to do that, or scan only iCloud images that are public or shared if the law forces to do only that.
Before 1989 listen to a specific radio station was illegal , but the good part was that the radio device could not snitch on you , if someone would have invented snitching radio then I am 100% only those radio devices would be legal to be sold in my country at that time. So if you create a snitching device then you invite the bad governments to add the laws after to profit from that and make their lives easier.
> two intersection of two independent CSAM databases.
I don't think that offers meaningful protection. A malicious government could acquire or produce real CSAM, or at least a convincing fake of it, then modify that image subtly to match the hash of the political content they were targeting (I believe such engineered collisions have already been demonstrated.) They would then be able to get that manipulated CSAM into as many independent CSAM databases as they wanted, simply by uploading it to the web then reporting it to all those independent databases.
1. Forced hash collisions are fragile in comparison to the genuine material. CSAM hashing is devised in a way to allow change in the image without significant variation to the hash. Forced collisions however don't possess that property as their true hash is different.
2. It's trivial to detect images with false hashes, and different hashing methods will not produce collisions.
3. The task you're proposing, in itself is not pragmatic nor effective: dissenting political materials are easily created fresh (i.e. no colliding hash) and exists in many forms that go well beyond an image.
4. Human reviewers again would see the pattern and adapt the system accordingly
5. CSAM database holders aren't idiots. They understand the significance of their hash libraries and work against manipulation from CSAM peddlers.
Points 1 and 3 assume any government wouldn't choose to target people who had a specific document, I think this is a poor assumption. Hash fragility doesn't seem relevant if both the hashing algorithms and the target content are known to the government
Point 2 and 5 I don't understand, could you expand on it? If the government produced manipulated CSAM that didn't exist in any other pre-manipulation form, how would the manipulation be detected? And supposing it were detected, would CSAM database holders choose not to add that image to their databases just because it was manipulated? If that were the case, it would give pedophiles a way to exempt their images from the database too.
Point 4 is neutralized by the government demanding local human reviewers for phones located in their country. China already does this with iCloud, they could demand the same for the CSAM reviewers, then coerce those reviewers or simply select them for party loyalty in the first place.
Oh you mean apple didn't bend over for China when it involved not giving up their source code but when it didn't involve them losing their IP they did it easily? Great job Apple, stand up move that I can trust.
>1. The local government would need to pass a law allowing such a change
Sure, it is not hard, but already laws can apply, did China had to pass a law like "any company has to update their maps software to conform with our local maps?" or China just showed Timmy a graph with profits from China dropping and then Apple said "yes sir!!!" .
> 2. The hashes would then need to come from the government. Instead of the two intersection of two independent CSAM databases
Yeap, the government will demand for a local database to be used and since the crimes are local you need to send the reports o the local police and a local Apple employee will have to check, not some cheap random contractor.
Funny that you mention maps, because mapping information in China is heavily censored, and has been since 2002[0]. They even wrote their own coordinate-obfuscation algorithm so that you can't mix Chinese and western map data or GPS coordinates and get accurate positions on both sides.
Apple's response to the "what if governments force you to abandon the hidden set intersection stuff you wrote" thing is, "well we'll just say no". Which, unless Apple plans to pull out of hostile jurisdictions entirely or levy their own private military[1], holds no weight. Countries own their internal markets in the same way Apple owns the App Store market.
Did you miss the reality where Apple says yes to China all the times? Including maps and storing the iCloud data in China?
The CSAM scanner does not scarry me as it is today, but the fact that is a step, next year will scan more files, then Google will copy Apple (willing or not) and then most PCs will do the same thing.
Apple just normalized that is fine you have an proprietary file scanner/"antiviruys" installed on yoru device with the properties:
1 it can't be stopped or removed
2 it get's hashes from some government agencies over online updates
3 matches will be reviewed by someone that it said are trustworthy and might get sent to your local police
4 the stupid scanner has stupid excuses to exist, where would have been extremely simple to implement and non controversial to scan the fucking images after the upload and not before.
How do you know that there isn't already a secret order in place to look for a particular list of hashes? Perhaps something that has been sealed due to national security?
If it's triggered, send the details to a particular group of individuals with certain clearance to view and verify.
If they have the ability to do this, they will definitely do this!
Why would apple have released a whole white paper on the feature if the plan was… to do it in secret? Clearly they could have gone the google route, start scanning and not tell anyone about it.
It’s so odd to blame them for something they haven’t done.
Of course they could decide later to implement it! Just like any company could choose to do that! It’s the whole point, your phone is closed source. But clearly apple didn’t pick that route, they announced it BEFORE shipping and asked for feedback! And you’re blaming them for that?!
>Why would apple have released a whole white paper on the feature if the plan was
Isn't obvious ? Some guy using an exploit would install a debugger on his iPhone and find this scanning process, Apple PR would be hit. But Apple could do this and gain PR by pretending is a safety feature, the guy with the debugger will see that files are scanned and hashes are sent to the server but he can't prove that the config file won't be updated in the future for everyone or some and the hashes will be pulled from a different database, the threashdold will change and the is iCloud enabled flag will be ignored.
What makes no sense and Apple failed to explain and fanboys also failled to convince me with any evidence, why the fuck not scan the images on iCloud only since we are pretending that only if iCloud is enabled the images are scanned. (there is no credible evidence that this is part of any plan to offer some kind of super encryption that Apple has no keys for)
"See that hashing thing you have, this secret gov. order that you can't tell anyone about says you need to look for this list of hashes too. If you find them, you have to let these 5 people know and if you tell anyone you'll accidentally shoot yourself three times in the back of the head to commit suicide!"
It seems that many of the arguments against this system rely on believing governments (or similarly powerful groups) will strong-arm Apple and fabricate evidence.
I fail to see how this system (which I'm not a big fan of, to be clear) makes it easier if you assume governments can and will fabricate evidence. Doesn't seem you need an iPhone, smartphone, or to have owned or done anything at all in that case.
> Apple have done their homework and they will not release ANYTHING unless they think they'll either make money from it or at the very least, not LOSE money from it. It's all about money, nothing else.
> It's coming whether we like it or not now :(
Um, I think the public outcry showed them pretty clearly that they will lose customers and money precisely if they go ahead with this. I think the people championing this inside Apple (some rumors say Cook himself) were expecting this to be some kind of feel-good, "we're thinking of the children" PR piece - not the shitstorm it turned out to be.
I have a feeling it already came in 15.2. They are scanning texts for “nudity” in images. Not that they are the same thing. Or being used in the same way. But I have a feeling CSAM scanning just needs it’s flag turned on to work.
Thank you for your “feelings”. Except your feelings have no basis in reality.
Why would you blame a company for something that they clearly haven’t done?
Well, their gonna push it at some point. Do you think they’ll tell you when they do, given the backlash.
Tell you what, put up 20k USD and I’ll go through the formal process of verifying binaries and whatnot. Otherwise, I think my “feeling” still contributes to the discussion. I don’t need to put in 200 hours to prove something I’m not misrepresenting as fact.
CSAM scanning will come. Apple probably won’t tell you.
I see where you're coming from, but Apple brought this on themselves by annoucing this invasive spyware garbage. This is what you get when you undermine your user's trust.
Yes, local only as far as I understand. But how many additional steps does it take to turn the process into CSAM scanning? It looks really close, even without squinting. Caveat that I have no certain info though.
> But how many additional steps does it take to turn the process into CSAM scanning? It looks really close, even without squinting.
It’s a different feature that works in an entirely different way. There’s plenty of descriptions of how both features work out there, there’s no need to guess at what they might do.
It's local only and they already scan your photos on-device anyway. All the images have been processed for content and you can do content aware searches on the images.
It hasn't gotten as much coverage so far but that could very well change. A lot of people aren't happy that iMessage now has an easily exploitable backdoor built in.
I don't care. I already switched my business to Linux Boxes. The last Mac OS in use is Catalina. All of my critical software runs under Linux. Figma is in the browser. Affinity Designer is running perfectly under Isolated Windows VM. If I ever use Apple computer again it will be with Linux.
After 20+ years of using Apple computers I don't find them interesting enough to risk my data and be scanned, categorized and processed by third party criteria.
Think different. Use Linux.
Android have plenty of open source distributions without such features. They don't save you from baseband backdoor, but at least OS itself isn't your enemy.
It is not about the implementation either. It is about hostile attack towards user privacy after years of advertising: What Happens on your iPhone, stays on your iPhone. Privacy is King. Privacy. That's iPhone.
The most people have misunderstood how this system actually worked. I read every paper carefully, and this was very innovative system to protect your privacy IF we compare to existing CSAM solutions. Of course the best option is to not scan at all, but that is not really option.
Only those pictures which were about to be uploaded iCloud, would have been scanned, and Apple would get information about image contents only if it is flagged. The phone is blackbox and it scans your files anyway all the time, sending metadata to Apple e.g. because of the spotlight feature and photo albums, or simply syncing your data to cloud. There is massive AI behind that spotlight feature. Nothing would have changed, just the different kind of information would have been flagged, but this time encrypted.
The major improvement was E2EE like system for Photos. Currently they are not E2E encrypted in Cloud. They are plaintext for Apple.
iOS 15 beta had also encryption for backups, but it never reached public reach after CSAM was delayed. So we lost yet another feature which would have increased the privacy. "But it happens in my device", is not really valid argument since most people don't understand what happens in their devices in the first hand. Even AV engines sends all your data to cloud, and you can't opt out in most of the cases and it is for every file.
It is not scanning all of your files, only those which will be send to iCloud. Scanning for part of pipeline in sync process, so it even can’t scan other files.
But yes, currently Apple can access all your images on the cloud, but with this change they would have been E2E encrypted, hence improving privacy.
What exactly does one achieve in nailing the local pedo for old content? If he's stupid enough to be uploading it to iCloud he's stupid enough to get himself busted in all manner of other ways. The real problem is of course criminals who are currently engaged in the production of CSAM. Which Apple's scheme does nothing to address.
It is essential to stop sharing those files no matter what. It might not help on getting them caugh, but those who buy these pictures or find elsewhere, might try to share them as well. They might not be tech guys, so they might try to use some familiar service. And yes, there are many people like that. iCloud would be flooded if no action is taken against sharing.
> I read every paper carefully, and this was very innovative system to protect your privacy IF we compare to existing CSAM solutions
I did the same and I agree with you with one small caveat. For someone like me, who does not use iCloud or any other cloud service, on device scanning seriously compromises my privacy. I want to be clear that I am not doing anything that is currently illegal in my home country, but that could change under a more oppressive government. I know my opinions would definitely get me in trouble in some countries if I happened to live there.
> Of course the best option is to not scan at all, but that is not really option.
Why isn't it an option? I know of no legal requirement anywhere that mandates Apple has to scan fro CSAM.
> I did the same and I agree with you with one small caveat. For someone like me, who does not use iCloud or any other cloud service, on device scanning seriously compromises my privacy. I want to be clear that I am not doing anything that is currently illegal in my home country, but that could change under a more oppressive government. I know my opinions would definitely get me in trouble in some countries if I happened to live there.
At least in the current solution scanning was integrated part of the iCloud sync pipeline, and therefore this would not have affected you.
> Why isn't it an option? I know of no legal requirement anywhere that mandates Apple has to scan fro CSAM.
Apple is too big and they try to foresee politicians behavior. With "good will" solutions they can adjust the way how they scan or implement this. With regulation it would be more specific and might even restrict encryption in some cases totally. This is quite difficult topic at Apple's scale and I don't know if anybody really knows what exactly is already required and why
>So we lost yet another feature which would have increased the privacy.
With all the respect, there is one small detail: The search criteria is provided by third party organisation (funded by DOD), without option of public oversight due to nature of "sensitive" data set. This data set would be defined by similar "organisations" per country bases.
In my humble opinion this "privacy related solution" is Stasi wet-dream on steroids.
CSAM didn’t allow that, they only included hashes provided by multiple governments.
The backlash was obvious from the outside, but it’s clear someone spent a lot of time building something they felt was reasonable. Even if Apple presumably just implemented the same system in iCloud, at least people became aware governments have access to such systems.
I'm not sure I can agree that it's clear someone spent a lot of time building something they felt was reasonable.
The entire technical underpinnings of this solution rely on essentially neural image embeddings, which are very well known to be susceptible to all sorts of clever attacks. Notice how within a day or two of the announcement of this whole system and it's symbols, people were already finding lots of 'hash' collisions.
In the space of people and places that can train and implement/serve such embeddings, these issues are pretty widely known, which makes it very non-obvious how this happened IMO. Someone that understood all of these issues seems to have directly ignored them.
The government image hashes are supposed to be secret information, any crypto system is vulnerable if you assume the secrets are suddenly public information. I am sure plenty of crypto currency people would object to saying the system is insecure because anyone can post a transaction with your private key.
More importantly hash collisions result in manual review by humans at Apple, hardly a major issue. This is also a safety measure protecting users from political images being tagged in these database.
All cloud platform scan for CSAM. Apple was going to move the scanning task off their servers, where it is now, onto apple devices only as the devices upload to apple's cloud. If you use cloud services, info does not stay on your phone, does it?
> I can ditch my iPhone at any time, but Apple wanted CSAM to be part of Mac OS and this is unacceptable.
It is already on MacOS. It sends hashes from every unknown file on ”virus protection purposes”. Only name and hash database is different. How that changes your privacy?
And to be fair, they never said publicly that it would come to Mac OS.
> The whole process was about getting feedback on it.
What a load of BS. Apple told us it was going to happen, and then quietly canned it when there was backlash. There was no intention of "consultation" or "getting feedback" at all.
I doubt it. It will be quietly implemented. If a techie digs in far enough with RE to prove it, general society will treat them like they wear a tinfoil hat.
No, the specific controversy was about on-device hash scanning which used child porn as cover, when in fact it is exactly the feature that China et al. wants in order to make sure people aren’t sharing any political memes etc.
> It only applies when you have iCloud Photo Library enabled.
For now. There are no technical limitations to Apple's proposed solution that preclude it from being always on. It's a policy decision only, and you can be sure there would be immediate pressure to force it to scan full time.
This is such a silly strawman. First, it is not related to the parent's point at all. Second, it is perfectly possible to run AOSP based OSes not tied to google.
>> First, it is not related to the parent's point at all
The post was about switching away computers. My (badly implied) point was, a lot of the effort is wasted unless if you still use an Apple iPhone...
If you skip using an iPhone, then fine, but the other options out there are likely worse.
>> Second, it is perfectly possible to run AOSP based OSes not tied to google
You can build your own Google-free etc version but again most people won't because of the effort and the need to redo for updates again and again. The Parent post author probably has the means to do it, but it's another endless task they have to stay on. All other options (to my limited knowledge - plz share if you know more) mean compromises in apps, and functionality - unless you're happy to spend hours each wee/month troubleshooting and setting up workaround and working with specific compatible hardware.
It can be done. But how much of your life will you want to spend on that? Reading other comments maybe it is a solved problem now - it hadn't been last time I tried.
If I assumed too much from the parent post then sorry.
LineageOS has near-nightly binary releases, you don't need to build or "redo" anything to keep up to date, other than a 5-10 minute update over adb about once a week.
I agree that most of this requires conscious effort. I think I was needlessly harsh too. My point was that if someone is making the conscious effort of changing their devices/OSes etc., then they have shown the interest and ability, and at least for them, there are reasonable options (i.e., not just theoretical ones).
How is not the parent comment a shallow reaction to the post, which was my point? It was the usual empty response that gets the top comment post and sets the tone for the thread.
I beg you pardon, my responses can be categorized as provocative sometimes, but they are never empty. I always state clearly my point and give factual data.
I can't speak to the person you're asking, but I very much have eliminated Apple products from my daily use as a result of CSAM - though it was on top of a range of other things (mostly China related) that told me I can no longer really trust Apple.
I've scrapped out a perfectly good (and exceedingly nice to use) M1 Mini, I no longer use a 2015 MBP, I've shut down my iPhone (not quite for good, I still have to figure out how to move my Signal root of identity off it), and I no longer use an iPad for work reference PDFs.
I've replaced these with far less functional "But I'm making them work" sort of devices. An AT&T Flip IV for phone stuff (KaiOS, handles basic calls and texts, and not much else, though it does have GPS and maps, and can do email if you let it), a Kobo Elipsa + KOReader for PDF support, and I've spent a good bit of time tweaking a PineBook Pro into my daily driver laptop.
The general view I have of Apple at this point is, "Oh, we know what kind of company you are, now we're just haggling over details."[0]
To whine about Apple doing stuff and continue to use them says, "Yes, it's important enough to complain about online, but not important enough to alter how I use their products - therefore, not really important at all."
It's funny, the Apple CSAM issue got me to de-google and de-MS as much as possible. I didn't use Apple, but I figured the others won't be any better. That worked very well in private life, professionally it is Windows and will be for the foreseeable future. That leaves Windows machines for the kids to run MS Office and Teams for school.
Not really. It's forced me to evaluate what I actually need (not much) vs what I'd prefer (fancy, nice, expensive systems because... well, why, of course I need them!).
I'd love an ODroid N2+ with 8GB RAM, though. Twice the CPU performance of a Pi4 but it's pretty RAM choked with only 4GB.
I've had Mac desktops in my office for about 20 years at this point, to include a mirror door G4, a G5, a sunflower iMac, a 27" iMac, a 2018 Mac Mini (what an absolute turd for anything more complex than a static desktop, the GPU was horrid), and the M1 Mini. At no point did I really evaluate that my needs over time have changed, I just always had a Mac desktop, and, through most of that time, a Mac laptop. It was my default computing base, plus a range of Linux boxes.
The CSAM thing was the final straw for me with Apple, and as it turns out, my needs have rather significantly decreased over time, as the lower power hardware has increased in capability, though... sadly not as much RAM as I'd find useful.
It turns out that I don't actually need Apple hardware to do that which I now care to do with computers. And one of those replacements was a N2+, which, while a bit sharp around some edges, is actually a tolerably usable little Linux desktop.
You can call it what you want, I'm just describing what I've done in response to the changes in how Apple has chosen to treat their users.
The nature of the computing ecosystems have changed around me, such that I chose to make changes. I don't particularly regret the decision any more than I would selling a vehicle that no longer suits my needs when I move.
> “Update: Apple spokesperson Shane Bauer told The Verge that though the CSAM detection feature is no longer mentioned on its website, plans for CSAM detection have not changed since September, which means CSAM detection is still coming in the future.”
Please don’t retroactively edit your comment to make the comment that follows it look misplaced.
It is a dishonest tactic that makes you look like a bad faith commenter. Who can trust that anything you have written hasn’t been altered after the fact?
There is no reason you couldn’t have included that quote as a reply to my question instead of silently editing it in to make it look as if it has always been there.
I'm not sure why you're flying off the handle when I'm quite obviously not the poster above. I have no intentions of re-formatting my comments here, just informing you of the status quo right now.
> Is it? What makes you think that?
The Verge reached out to Apple[0] and Apple confirmed that their CSAM scanning feature is still coming.
> When reached for comment, Apple spokesperson Shane Bauer said that the company’s position hasn’t changed since September, when it first announced it would be delaying the launch of the CSAM detection. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the company’s September statement read.
So yes, they still fully intend to push the update. You should probably take this less personally too, your arguments are only suffering by attacking people who are just trying to chip in their two cents.
You are in fact the one who dishonestly edited your comment. That’s what I was pointing out, and it was you and not the commenter before that I was replying to. We can see your name.
Trying to pretend otherwise is either delusion, or more dishonesty.
I agree that the update provided by the verge suggests that apple has not abandoned this plan yet.
I don’t need to refute your response. In fact after seeing the update I agree that CSAM is not yet defeated.
That doesn’t change the fact that your commenting tactics are dishonest. That is the problem here. You cannot be trusted not to edit upthread comments.
At no point did I ever edit that comment. It's contents were, since the time of posting, a quote and simply "It's still coming."
I legitimately have no idea what you're talking about. This is either an extremely confusing attempt to gaslight me or you're mistaking me for someone else. In any case, I don't really know what else to add here. Do you remember what was supposedly the original contents of this comment? We're really getting nowhere here pointing fingers.
Affinity Designer is running perfectly under Isolated Windows VM.
Share more details about how you set that up please? Good graphics software, or the relative lack of it, is one of the few things still holding us back from shifting several daily use machines to Linux. Affinity would be OK for that but the only reports we found suggested it wasn't happy running virtually and performance was poor.
The truth is that nobody has a right to use Apple products. It's good that Apple listens to criticism but if they had decided to steamroller this through, they would have been within their rights to do so.
Please, don't insult me and judge me so quickly. Read all my responses. You can check my posts back in time (If you wish).
The whole reason for my HN post activity (reading in the shadows from 2008-10) is CSAM. In the beginning of this issue nobody cared and tons of Apple fanboys down-voted every possible negative reaction.
Apple is industry leader. Everyone will copy what they create.
You can read "I don't care" as an emotional reaction of an individual who had invested tons of money in Apple, used Apple products and evangelized thousands of friends and customers. Only to realize that The Beauty is actually The Beast.
We do care. However, what can we do about it? Can we somehow make the billion dollar corporation do what we want? Unlikely. Better to use systems that we actually control so that we don't have to suffer their tyranny.
Hey I just want to let you know that you're not alone and there are other sane people out there that aren't just grumbling but keeping on with the boiling frog.
Even though the new mbps look really nice, I've got a Framework laptop sitting at home that I'm in the process of migrating to (that's $4k of MBP max that apple have missed out on).
And early next year, I'm moving off the iphone platform onto probably a pixel and switching the OS to something like Graphine. It's going to be fun and experimental.
I'm also looking to hire some developers next year, provided laptops will be Linux too.
My business operation is small. I wisely postponed buying new computers for the office. I admit that M1 chips were the primary target. Apple lost from my business north of 80k euros, now redirected towards Lenovo ThinkPad X1's and custom build PC's.
a) CSAM scanning only ever applied to photos being uploaded via iCloud Photo Library. It was never applied to photos that you weren't giving to Apple nor any other files.
b) The "but they could expand it to anything else" logic is baseless and frankly stupid. Why ? Because they wrote the operating system. They could implement this feature in any of the 100+ daemons that are currently running as root and no one would ever know.
c) It was a better solution for user privacy than what exists today i.e. Apple secretly scans your photo server-side. Which you gave them permission to when you agreed to the EULA for iCloud.
So what happens when China sends Apple some signatures of anti-Party memes? "Sorry, you can't view the actual photos to verify they are of abused children, that's illegal".
>CSAM scanning only ever applied to photos being uploaded via iCloud Photo Library
Which is everything in your camera roll, and last I checked, you can't pick and choose which pics. Additionally, saving a photo from the internet, or in some apps, merely receiving one (WhatsApp does this, at least), automatically puts it there.
So let's amend A to reflect reality:
a) CSAM scanning is applied to all photos an average iOS user will interact with if they have iCloud Photos turned on, which is the default
which boils down to:
a) CSAM scanning is applied to all photos an average iOS user will interact with
So far all the comments are predictably negative and imply that Apple will at some time in the future attempt to covertly implement the feature in secret.
Another take would be that they took on-board the extensive public criticism, and changed their minds.
I don't believe that they'll slip it under the radar at all. I think they'll brand it as something awesome and magical and just add it anyway. People, for the most part, don't scratch the surface EVER, so they'll just think it has a cool scanning feature built-in now.
They already scan your photos but the reason for scanning is important. Type 'cat' into the search and they'll show you the pictures you've taken of cats.
However, they can't just go through your photos and use it for any purpose they want. They have to give a specific reason.
If Apple would like us to believe they changed their mind, they might consider telling us they changed their mind. They haven't told us that, so why should we assume it?
They’re still a company with a PR and Legal team. Letting it die quietly means it stays out of the news cycle (as in, there are less articles about it being removed compared to if they publicly announced they were wrong).
All the more reason to not give them the benefit of the doubt with shit like this. If they say something flat out, that has some weight since there could be legal repercussions for lying (in theory anyway.) But not saying anything and letting people infer whatever they want? That's how companies with PR and Legal teams like to cover their asses instead of outright lying. The company says nothing and lets their supporters invent whatever headcanon is most flattering. I don't go in for that.
Edit: The same thing happened when they let Apple fans infer that this feature was preparation for enabling proper E2EE. As far as I'm aware Apple never actually said that and their supporters decided to believe it without evidence, just a lot of wishful thinking.
I would respect more company and people that can admit to mistake and apologize and commit not doing the same mistake again. In this case Apple simply keeps people in limbo - you cannot be sure what they are planning to do with it without any public statement. They might as well tweak it a little bit, rebrand with different name and push it again as wrapped with different package.
Another possibility (or way to look at it) is that it worked poorly enough, and it was poorly received enough, that the internal factions within Apple that opposed it had enough leverage to kill it.
Sometimes, the right way to kill a project (politically) is to let it publicly fail. Killing a project before it fails requires much more of a fight. It could also mean that the very public failure of this project gave Apple leverage over whichever spooks were pushing for it in the first place.
>Sometimes, the right way to kill a project (politically) is to let it publicly fail.
I feel this is definitely true most of the time, but in this case the cost to their public image/perception among the tech crowd was so high it was a mistake.
It may have been a mistake for Apple as a company to make this decision, but I think we can understand why the individuals within Apple might choose to let decisions like this play out and fail in public, even if they know it is going to fail.
Well Craig Federighi seems to be happy with it. Their software engineers leads of the features seems to be happy with it. i.e I dont believe there were significant objection to the feature within Apple. At least not those in power. And that is why they went with it. The objection obviously came later after it was reviewed to the public.
> The objection obviously came later after it was reviewed to the public.
Why is this obvious? Normally, when you have an objection to a company policy, you voice those objections in private to people within the company. This seems "obvious" to me, but to explain--(1) it's against company policy and often considered a fireable offense, (2) employees have an interest in presenting a united front, (3) those who want the project to fail publicly want it to happen without interference from inside the company.
There is a big difference between happy with it and not unhappy enough to quit publicly when part of your job is to spread koolaid and look happy.
If i were against something like this, but not powerful enough to squash it (especially if a gov had a hand in getting it pushed through), then i'd make sure to do a press tour and get it in every newspaper for all the wrong reasons, while making an all/nothing stance to torpedo the project.
I can think of no other reason beyond utter incompetence why they'd announce it how they did. Apple is known for being secretive, but why did they do a press interview and say "sure other 3-letter gov agencies may need to add to the illegal photos database in the future" unless you wanted to really make sure the project would fail? Why else announce it in the same press release as scanning messages for similar content? It seems like the rollout was designed to be as suspicious as possible tbh.
Never assume 4D chess when simple incompetence can do the job, because 4D chess is rare, and tends to fail when it confronts the unexpected. If you were trying to sink the project this way, how would it work out if some other, unrelated scandal had popped up and distracted the general public?
> If [i were not influencial enough to sink it internally, so i] were trying to sink the project [through bad publicity]
Therefore, the answer to your question is "darn, it didn't work. that sucks but at least i tried".
Also...
> Never assume 4D chess when simple incompetence can do the job
In this context, its very likely that a government is somewhat behind it. We know the FBI and apple didn't get along. We know apple has been doing things quid-pro-quo for china to stay on their good side. So it seems like we're already sitting at a 4d chess board, but no one is sure who's playing.
If a government says you have to do X on the DL, and you don't want to because its bad, then a logical solution is to get general population + news media to say "X is bad! We really hope X doesn't happen." Because then its easy to show the government why you can't do X.
> it could also mean that the very public failure of this project gave Apple leverage over whichever spooks were pushing for it in the first place.
This is my guess. I imagine it went something like this.
Congressman: "So tim, FBI talked to me and want some help. Please find a way to check all pictures on iphone"
Tim: "or no?"
C: "We'll make it worth your while"
T: "This goes against our marketing and history, it'll take a really big push. My team says we can manage X but we need to work with CSAM agency to handle optics.
C: "Great!"
T: "I was right, the public hates it and doesn't care about children, we're going back to our privacy stance in marketing because the backlash would out-due the political reward. We'll throw you under the bus if you push again on this. We totally want to help for real and not just because politics is a game and we have to play, but this cost is too high, even you can see this backlash and recognize we can't go threw with it. BTW thanks for giving us excuse to hire a few new expensive ML scientists from google or wherever. They got to write some nice papers."
C:"Gotcha. See you next week for gulf when we try again at something new? There is this israeli company i want you to meet"
We all know who it was -- NCMEC was getting on Apple's case because their CSAM reporting numbers were orders of magnitude lower than the other big tech companies. Someone in NCMEC upper management even wrote Apple nauseatingly perky congratulatory letters celebrating Apple for actually trying to save the children, and calling detractors braying mules or somesuch.
This is the reaction the tech industry has bred with the only options ever being "Yes, now" or "Later". People are used to the industry not taking no for an answer, and so this pattern matches to every other time the industry has "backed off for now" (see also: MS pushing edge as default browser, Apple boiling the frog with gatekeeper, Whatsapp/Facebook data sharing, Google+ account migrations for YouTube accounts)
I have been literally spammed in the last month on my iPhone (even though still using iOS 14) with apple notifications asking me "Do you agree to new terms of agreements? <Yes> <We will ask you later>" (that's regarding new iCloud terms). I was always careful not to miss click and not to agree. No matter what few days later I kept giving the same notification. The stopped for some reason after few months and now I don't know if:
1) I agree by accident
2) They thankfully stopped nagging me
3) Or they buggy implemented it and even though I kept cancelling after few tries they assumed I agreed.
At the moment Facebook bought them I started researching alternatives and I am happy to say that a couple of hundred friends and family of mine have switched and not a single person has tried to reach me on WhatsApp for months until I uninstalled it.
I don’t think cloud services realistically can do something else than forcing all users to accept the latest license.
If they don’t, they end up having data from different licenses. If you have many of those, figuring out what you can and cannot do with data becomes a nightmare.
You could get questions such as “Can you make a backup in country C for user U? He’s under the 2019 terms, so in principle, yes, but alas, user V has shared content with U, and V still is under the 2017 terms. Also, U has been in the EU for the past weeks, so EU regulations apply, at least as far as we catered for them in the 2019 terms”
Not changing the terms isn’t an option, either, as they have to be changed to cater for changes in laws. If you operate in 100+ countries,
> If they don’t, they end up having data from different licenses. If you have many of those, figuring out what you can and cannot do with data becomes a nightmare.
That's their problem to figure out. If they can't then they should terminate customers who don't agree and ship them their data.
Obviously they'll never do that since it would be a terrible look and they'd lose customers, because they want to have their cake and eat it, too.
I am not sympathetic to how hard it would be for a corporation to do something. "It's too hard" is not an excuse, not least of all if they're a multi-billion dollar corporation.
We don’t use that kind of reasoning with other service providers.
If, for example, your bank changes their terms, your electricity provider increases prices, landlords increase rent, etc. they will inform you and often silently enrol you in the new scheme. Cancelling the agreement always (and maybe not even that) is an option, but that is opt-out, not opt-in.
My bank grandfathered me onto an account TOS for a decade before giving me a "move to our modern accounts or close" ultimatum, my electricity provider has legal limits to what the the unit rate and landlords are limited to one rate increase every 12 months, which in my city also has its amount limited. If my phone, internet or TV company wants to increase prices that voids any contractual lock in period I may have been held to otherwise. I work for a B2B company and we do gate features depending on which revision of the TOS the client has agreed to.
In short, other countries outside the US _do_ hold other service providers to similar standards.
This isn't a revenue generating initiative. It is different than your examples. Apple is trying to make two groups happy, governments and customers. Governments don't like like encryption(assuming Apple starts encrypting iCloud photos with device based keys) and consumers don't like governments snooping on them. If you're were the CEO of apple who would you favor knowing either group could cost you money. Governments could prioritize antitrust initiatives against apple and consumers could stop buying apple products.
I'm not a businessman, but I believe Apple's main customers are not governments, so I suppose that it's not good business for Apple to ignore their users' preferences. Governments in most of Apple's marketplaces change every few years, after all.
Why they pulled the scanning was because of customer backlash. Fallout is yet to be seen what governments especially when Apple switches to not having access the keys to decrypt iCloud photos and documents. And moves iCloud backups to being encrypted. One high profile crime especially involving children and we’ll see government propose escrowed keys. UK is already proposing it. I am not saying it’s right or wrong. I do believe consumers anger at Apple is the wrong target. If they want change, get governments to pass laws that guarantee encryption as a “right”.
You could ship a mechanism that scans your documents but doesn't report anything.
Or do something equally pointless, but just as signally.
I feel like so many of these unstoppable force meets immovable wall situations warp both functionality and discourse (on all sides) on said functionality.
This comes about because everything is getting so centralized. The government wants to be in everything, and Apple (stand in for all big tech) does too. This pits them against each other, with the consumer only acknowledged when there is vast consumer agreement and motivation.
Similar to App Store, Apple wants total control, then governments use Apple's control to cut of access to particular apps. Consumers that understand the severe loss of freedom this creates (for them and developers) both immediate and in lost innovation don't like it. But there isn't a huge consumer uproar on that one ... so freedom wilts.
Bundling these basic features (cloud backups, app stores) with operating systems is creating an unholy government/platform axis that wins every time consumers are unable to drum up the motivation to speak as coherent allies pushing back.
I'd venture to say ease of use. I mean AT&T had everyone's emails but still Facebook makes it much easier to infer and understand and expand surveillance. Getting targeted information might be doable in hardware, but mass surveillance might be much easier if implemented a little higher up, by a dedicated dev team which issues bug fixes and feature extensions, which can turn over a request by you in a fraction of the time and whos capabilities are far more mutable. Hardware is more capable but it's a lot more work
I would have thought they continue the practice but because of the bad publicity will remove all mentions of it. Is it confirmed they won't scan user files? Because I would assume that they still do.
As for the negativity. That is based on experience with large tech companies.
Apple has stood up to unreasonable government invasions of privacy before. And won. They have the means. They have the skill. They have the incentive (their entire brand is arguably built around privacy) and their users have been pretty clear in voicing their opposition to CSAM.
Some nebulous political references in opposition to encryption aren't the reason Apple did this in the first place. They had and continue to have plenty of choice in the matter.
> Update: Apple spokesperson Shane Bauer told The Verge that though the CSAM detection feature is no longer mentioned on its website, plans for CSAM detection have not changed since September, which means CSAM detection is still coming in the future.
Absent an on-record commitment that this surveillance has been abandoned, I don't put it past Apple to deploy it silently in a minor point-update and then reveal it later, similar to how they secretly converted iOS end-users' filesystems to APFS in versions prior to its official release. They could then point to nobody noticing the deployment as purported evidence that privacy concerns were overblown.
My prediction is that client-side CSAM scanning is indeed dead, but Apple will make the “easy” decision to perform server-side scanning. The problem is that this decision will lock them out of offering an (increasingly standard) E2EE backup capability. I don’t know that the Apple execs have grappled with the implications of this, long term. But at least it’s an improvement.
The system they proposed would only have scanned images in the process of being uploaded—so, the opposite of your 2nd sentence.
There was some reporting that Apple does server-side CSAM scanning, but based on the volume of matches they report, it must be extremely limited.
Apple never said it this way, but many people assumed that Apple designed this client-side scanning system so that they could then encrypt iCloud data with client-side keys, which would provide end to end encryption for customer backups… and prevent any server-side scanning. This is likely what Matthew is referring to.
From a read of the expert opinions on the CSAM topic when this blew up. From that, it seemed like you had to be all in, or keeping out of active CSAM scanning/monitoring for legal reasons. They noted the match volume and came to the same conclusion.
With the attention I don't see how Apple can delay taking some action here. A new external liability that can be attacked in different ways. Either they need to level up the CSAM scanning server-side to increase compliance, or they need to reimplement the client-side approach. The latter approach is probably much better from their perspective for various reasons.
Ultimately, they might have been better giving this a lower profile overall and effectively have sought public attention of law enforcement to provide some cover. The authorities are going to get this in some fashion eventually.
> but based on the volume of matches they report, it must be extremely limited.
For reference:
> According to NCMEC, I submitted 608 reports to NCMEC in 2019, and 523 reports in 2020. In those same years, Apple submitted 205 and 265 reports (respectively). It isn't that Apple doesn't receive more picture than my service, or that they don't have more CP than I receive. Rather, it's that they don't seem to notice and therefore, don't report.
I’m hoping they’re just going to announce it alongside e2ee rather than not doing it at all in favor of server side unencrypted scanning.
It was a mistake to announce it in isolation as seen by this blowback because most people don’t understand or care about the actual details and just loudly complain.
Similar to the dismissal of the privacy preserving Bluetooth exposure notifications. Dumb knee-jerk dismissals imo that end up with worse outcomes for everyone.
The only acceptable solution is full E2EE for all Apple services. Nothing else is satisfactory at this point. They need to make this step to regain their user's trust.
No law is on the books blocking encryption. Apple needs to nut up and ship full E2EE, daring the politicians to do anything about it. Let's see how big they talk when it's their political careers on the line.
You're forgetting the last option, which myself and others use:
d) encrypted offline backups that never touch iCloud
I don't use iCloud for anything at all. Any sort of client-side scanner seriously compromises my privacy for no good reason. I am not a criminal. I don't deserve to be treated like one.
I strongly believe that this feature could have broken Apple’s brand irreparably. %99.9 of us are not pedophiles but personal devices that snitch you to the police(with extra steps) is something that most people will not accept.
The proposed database for snitching was CSAM but once the system there, the devices become the pocket police that can receive any kind of scan-match-snitch instructions. This would be the point where humanity embraces total control.
That said, an offline version might be workable. Think 2E2 encrypted devices that can be scanned against a database with physical access to the device upon approval from the device owner. Imagine a person being investigated through standard police work, it can be used to prove the existence or the lack of the existence of the materials without exposing unrelated and private information if the person accepts to cooperate.
I never understood the big deal about this. If you use most cloud file synching services you are already being scanned, and if you don't, this (CSAM) thing wouldn't have affected you anyway.
The main rebuttal is that people claimed that Apple could expand the scanning to photos you aren't sending to iCloud. If you believe that though, then not using Apple devices (regardless of whether they implement CSAM or not) is clearly the move.
tldr: if you trust apple, this doesn't matter, and if you don't, you shouldn't use apple devices anyway.
Many people were upset or annoyed at the idea of their own device spying on them. I can understand that.
However, the major issue for me is the database of "forbidden" neural hashes which you are not permitted to have on your phone. Who controls what goes into that database? Right now, it's only CSAM and Apple have said they pinky-swear that if they're told to add other things they will refuse.
Any maybe they will. Maybe Tim Cook will fight tooth-and-nail to avoid adding non-CSAM hashes to that list. But then maybe Tim retires in five years time and his replacement doesn't have the appetite for that fight. Or maybe Apple gets court order saying "you MUST also report this sort of content too". Maybe that list of forbidden hashes now includes political imagery, the picture from Tiananmen Square, known anti-government memes, etc.
Once the technology is created and deployed, the only thing preventing that sort of over-reach is Apple's resolve against governmental pressure; even if you'd trust Tim Cook with your life, I can completely see why that would give people pause.
> However, the major issue for me is the database of "forbidden" neural hashes which you are not permitted to have on your phone. Who controls what goes into that database? Right now, it's only CSAM and Apple have said they pinky-swear that if they're told to add other things they will refuse.
This isn't what was being proposed. What was being proposed was that if you had a photo that resolved to a "forbidden" hash, upon being uploaded to iCloud data would be sent to Apple. Presumably after some arbitrary amount of times this happens, information would then be sent to the local government.
If you were not using iCloud to store photos then it wouldn't matter either way (according to Apple).
I don't think anything I've said contradicts that. Although Apple said they would only scan content which was uploaded to iCloud Photos, scanning still takes place locally on-device.
I’m not saying you made a contradiction - I’m saying that the files in question would’ve been scanned either way. The question is simply whether or not you trust and believe Apple. If you don’t it doesn’t make any difference whether it’s being scanned on device or not.
>Maybe Tim Cook will fight tooth-and-nail to avoid adding non-CSAM hashes to that list.
1) Tim Cool will have no knowledge of this when the government inevitably expands the hash list
2) Apple gets a list of hashes, not content, from NCMEC which is an unconstitutional quasi-governmental agency created by congress and funded by the government to bypass the 4th amendment.
3) Apple will simply get an updated list of hashes and has no reasonable means to verify what the hashes from any given government are.
> However, the major issue for me is the database of "forbidden" neural hashes which you are not permitted to have on your phone. Who controls what goes into that database? Right now, it's only CSAM and Apple have said they pinky-swear that if they're told to add other things they will refuse.
The problem with this is that we already know "National Security Letters with Gag Orders" exist, and we know that the US government, at least, doesn't mind using those.
"You will do this thing and you will tell nobody that you've done this thing."
Seems bizarre that this is what people take issue with and yet they're happy otherwise to hand over their data to FAANG companies.
If you're concerned about privacy / data misuse you shouldn't be using these services at all and you should have been pointing out the issues years ago.
> Apple has quietly nixed all mentions of CSAM from its Child Safety webpage, suggesting its controversial plan to detect child sexual abuse images on iPhones and iPads may hang in the balance following significant criticism of its methods.
OR more likely suggests that Apple prefers to continue its program in secret.
I still don't understand what's the goal here? It certainly isn't about catching child abuse. Any non completely stupid predator will have switched to Android already. Who is paying Apple to develop this feature that has zero (or negative!) value to the end user?
Is it governments that want to scan end user devices for content declared forbidden by them?
I don't get why they ever green lit this "feature". It's unpopular with at least some users, it flies in the face of their big push for privacy and it increases their liability. Who approves such a request!?
Probably. It's not just about 1 in 8 billion people having taken the time to look, it's also about 1 in (what I'm guessing is) at least 100 people at Microsoft not leaking it. Apple had a leak before it was even released. Secrets are hard to keep.
That may have been simple ignorance instead of whataboutism. The person asking it may genuinely not know how much easier it is to inspect Android (both the device and the open source). They may not know you can build custom images of Android either.
I haven't reverse engineered iOS itself because I've never had any reasons to, but I have reverse engineered third-party iOS apps (dumped from a jailbroken device) and some parts of macOS.
People like us who do not want this kind of intrusion have other things to do and lives to live. People driving such initiatives do such things to make their living. They will keep pushing for it and eventually we will be too busy/forgetful/tired to stop it. Unfortunately these issues are never prominent points in the political discussion and get sidelined either by vested interests or people's ignorance/lack of information or combination of such factors. I wish I had the optimism to see hope in these matters.
407 comments
[ 3.4 ms ] story [ 306 ms ] threadhttp://www.libertyclick.org/propaganda-for-government-contro...
http://jonikcartoons.blogspot.com/
But that's precisely what Apple's CSAM implementation doesn't do. It compares on-device image hashes with hashes of known CP images. It affords more privacy than other methods, which Apple is probably using anyway and which other cloud services are definitely using.
https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...
This is a strong claim with zero evidence. The social costs of defending an accused perpetrator of this nature are insanely high.
While we're making unsubstantiated claims, I assert that intelligence agencies routinely exploit this. My only substantiation is that it's obvious and I would if I worked for them.
Also, there's the fun "you can't sue us because you have no standing/can't show harm, and showing harm to prove you have standing would be illegal".
Yes, here you go: https://en.wikipedia.org/wiki/Burden_of_proof_(philosophy)
No charges were ever filed, and the media outlets didn't bother to update their articles.
I think false accusations happen, especially to controversial figures, and assume most victims just don't want to call much attention to it.
Also, are you sure there were no charges filed? Some cursory googling turns up articles including a PDF of the indictment [1] and more-recent articles seem to refer to an ongoing process [2].
[1]: https://manchesterinklink.com/fbi-descends-on-keene-and-surr...
[2]: https://nymag.com/intelligencer/2021/08/bitcoin-ian-freeman-...
What matters is that the person is arrested, that their name is leaked to the mainstream news media, and that they're dragged through the mud - the same as seems to happen in literally every other child porn case.
The actual guilt or innocence doesn't matter at that point. Their lives have been sufficiently ruined, and, if they are actually innocent, the message has been clearly sent.
In any case, the police will not arrest anyone because they have only been flagged by the automatic system. As soon as Apple reviews the images that triggered the flagging, they will see that they aren't actually child porn, and hence they won't even contact the police.
https://nymag.com/intelligencer/amp/2021/08/bitcoin-ian-free...
No, it compares against hashes supplied by a government agency (NCMEC). Apple has no way to verify the hashes are in fact CP, as it is only re-hashing hashes.
Presumably at this stage is where malicious hashes would be detected and removed from the database.
An unaccountable "Apple Employee" who is likely (in the US and other countries) to be a LEO themselves will see a "visual derivative" aka a 50x50px greyscale copy of your content.
There is no mechanism to prevent said "employee" from hitting report 100% of the time, and no recourse if they falsely accuse you. The system is RIPE for abuse.
>Presumably at this stage is where malicious hashes would be detected and removed from the database.
Collision attacks have already been demonstrated. I could produce a large amount of false positives by modifying legal adult porn to collide with neural hashes. Anyone could spread these images on adult sites. Apple "employees" that "review" the "image derivatives" will then, even when acting honestly, forward you to prosecution.
Of course there is. The judicial system.
(Although, to be clear. I don't live in America and I might be more worried about this if I did.)
The recourse should be before this reaches the law.
1) Spent who knows how long in jail
2) Lost your job
3) Defaulted on your mortgage
4) Been divorced
5) Had you reputation ruined
Money can't fix everything, and trusting the courts to make you whole years after the fact is a foolish strategy.
How, if 1) the original content is never provided to Apple, and 2) the offending content on consumer devices is never uploaded to Apple?
This entire system was a way for Apple to avoid decrypting your photos on their servers and scanning them there.
Hypothetically, if Apple implemented this system and switched to E2E for the photo storage, you'd be more private overall because Apple would be incapable of seeing anything about your photos until you tripped these hash matches, as opposed to the status quo where they can look at any of your photos whenever they feel like it. (And the hash matches only include a "visual derivative" which we assume means a low res thumbnail.) I say hypothetically because Apple never said this was their plan.
You can argue about whether or not Apple should be doing this. But it does seem to be fairly standard in the cloud file storage industry.
I suspect the key would be that there'd be a team verifying that something is actually child pornography, because the system is a perceptual hash rather than a strict comparing-bytes so before someone looks at it they're not certain.
As a taxpayer and customer, I concur. I'm glad someone is doing that job. But I don't want it to be a corporation.
A "third party" paid by apple who is totally-not-a-cop who sees a 50x50pz grayscale "image derivative" is in charge of hitting "is CP" or "Is not CP".
I don't understand how anyone can have faith in such a design.
So, to get flagged, you need many hash collisions destined for iCloud. Then, to get reported, some number must get a false positives in the Apple review, and then some number must somehow fail the full review by NCMEC.
https://www.theverge.com/2017/4/12/15271874/ai-adversarial-i...
If we can, then, hypothetically we need to get non-CSA images onto important people's iPhones so they get arrested, jailed for years and have their lives ruined by Apple.
Disclaimer: I buy Apple products.
These images can be 100% indistinguishable from the real thing. Without knowing the source of the images that they are putting in the database, how do they know the images are actually illegal?
It has gotten so cheap to run dragnets that the only rational responses are pessimism or demand for privacy by design.
Sorry to burst your bubble.
But all of the photo/cloud providers including Apple have been doing CSAM scanning for many years. And will continue to do so for the foreseeable future.
Apple actually tried to give users more privacy.
I don't like it, but I'm still going to complain glumly if things get worse. And at least I don't own the servers involved.
The code has been written, tested and merged etc. The project has reached a point where it's ready to ship.
Apple have done their homework and they will not release ANYTHING unless they think they'll either make money from it or at the very least, not LOSE money from it. It's all about money, nothing else.
It's coming whether we like it or not now :(
And you can be sure that others will follow. It will be in Android at some point and possibly Windows and MacOS too.
I try not to be negative and cynical these days but the tech oligarchs make that incredibly difficult.
I feel the fears about this implementation are largely overblown - equivalent features are not being misused on Google and Meta/Facebook's properties, despite having a much larger audience and less procedural oversight. Rather Apple is the outlier here for being not just late, but also by having minimum thresholds that must be passed and an unskippable step of human review.
I'm yet to hear a coherent argument about the potential dangers of the system that understood the implementation, nor the state of image scanning amongst cloud providers - even this thread seems to believe that Apple is the first here. Apple's approach was the most conservative, Google's goes much farther: https://support.google.com/transparencyreport/answer/1033093...
Yes, I agree that your phone has the ability to find stuff like this based on ML etc. However, if their algorithm finds something that matches a hash of child porn, you'll be reported (after notification or something, can't remember).
Can you imagine what that would do to people? The risk of fucking this up and destroying someone's life is far too high. It's a stigma that will never go away even if it's proven false.
And what if the government decides that they want to ruin a political adversary? The technology is there to report them, rightly or wrongly, for child porn on their phone and ruin them. Again, proving that it was false will not be enough if it leaked out in the first place.
In my opinion, it's my phone (yes, yes, I know they all dial home to the mothership, I only lease it etc.) and I should have complete say over it and this is one more step away from that goal.
It's on the dystopian highway imo.
After 30 hits (so 30 false positives), and then the photos are manually reviewed by a human being. How did people never understand this? How on _Earth_ would people's live be randomly destroyed by this? The reviewer would take one look (or 30) and immediately realize it's not illicit. Crisis averted. But the chances of those 30 false positives actually all being in someone's iCloud was like astronomically unlikely.
> And what if the government decides that they want to ruin a political adversary?
Then you're already fucked, and the child porn scanning software won't be what makes it possible to ruin your life.
You can guarantee Apple will report you. They have to. It will be the law.
It will be used for human rights abuses. Guaranteed.
Is that an issue? Sure! Is it a new issue, or specific to Apple's implementation? Nope.
This is already true in certain circumstances.
> then the entire tech ecosystem we all use everyday is completely untrustworthy.
This depends on what tech you use. The degree to which you cannot trust it, or need to understand that it is actively working against you, varies by platform. Nearly all platforms undermine you in different ways. Some of those platforms do so in a way in which you're ok with.
> Is that an issue? Sure! Is it a new issue, or specific to Apple's implementation? Nope.
Agree to disagree. I don't mind cloud services (someone else's computer) scanning my data and working against me. I do mind my computer scanning my data and working against me.
Many people here simply assume all governments and corporations are simultaneously that evil and that incompetent. The aggressive cynicism of this forum and its reticence to engage with content before commenting undermines its pretense at informed technical acumen and civil discussion in many ways.
Not too many people get caught, review team gets downsized since it is not a revenue generator. Maybe we can replace it with ML!
How many stories do we have on HN about overworked employees reviewing horrible material? Or about how impossible it is to contact support?
Just because there is a good system in place now doesn’t mean it will stay there.
Don't be naive, the governments will demand that matches on the "special" hashes will be reviewed by local government people.
There is a similar feature in the "child safety" package that scans for stuff in chat messages and probably (maybe soon) in documents that are received ), so the code is in place to have an uninstallable "antivirus/antiCSAM/antipiracy" on your device that you must trust both Apple and your goverment that does what is promised but 100% you can't just delete the executable to have piece of mind.
Seriously, if a government is after you, they will get you regardless of the content of your phone. In a country with decent laws, just a match is woefully insufficient to demonstrate someone’s guilt, and they will need some proof. In other countries, laws do not matter so they can just get you without issue. They have done it for quite a long time and are doing it today.
All of this also points to the complete absurdity of this mass hysteria: it is insane to ruin someone’s life just because they have a picture on their device. It is just thoughtcrime, at this point.
But it happened, some guy was falsely accursed because someone made a typo in an Ip address, he lost his job and he was forcefully kept away from his wife and children.
>Seriously, if a government is after you, they will get you regardless of the content of your phone
That is false, for example before 1989 listening to a certain radio station was illegal here in Romania but the government could not ask the guys the made the radio to give them a list with all people that listened to this radio station. Your claim is that the govberment knows my name and what I did they can fuck me up, that is true but this imnplies the gov already knows and has the proof, in this case without the file scanner they won't know I own political/religions materials that is illegal but after the file scanner runs and reports me , only then I am on the gov list.
I hope is clear, tech makes the job of the bad gov easy, so in this case you as a random user you gai nothing from your device scanning for CSAM but many lose from this, the question is why if you gain nothing and this can be done with a simple iCloud scan? (because for sure it will be extended to private messages and documents)
This makes it seem like there is no upside at all to the CSAM scanning. There is: we stop more folks peddling child porn, hopefully making a dent in the problem.
Apple could have scanned iCloud from the start and prevent this problem if it is so big. If they are already scanning then there is no use for scanning on device only if iCloud is on and if they are not yet scanning iCloud then you should ask Tim why is he ignoring the problem, Google and Facebook already reported a lot of abuses, does Tim love CP?
Sounds like a great gig for a pedophile.
As much as I think the panic is way overblown, this bit is simply unacceptable, and they need to get nailed just for having thought this was a good idea. Nobody is to review personal photos; this is an insane breach of privacy.
You do know that Apple is scanning your photos server-side, right ?
Just like Google, AWS, Yahoo etc anyone that stores your photos in the cloud.
Yes.
They have every right to. It's their servers.
However, this is MY phone (ok, not mine, I don't use Apple devices but you get my point)
The objections come when such systems are to be run not on corporate property, but on end user property. I don't see anybody objecting to corporations scanning content uploaded to the corporation's own computers. Scanning content on the user's computer, which is the user's property, is what unnerves people.
Furthermore, while Apple may have implemented this feature in a relatively safe way (I don't fully understand it so I'm not confident of that, but smart people here think it so I'll assume it for the sake of argument), I believe that the general public does not really understand this nuance and Apple normalizing the practice of scanning personal computers will clear the way for other corporations to implement scanning in shittier way. If Microsoft were to start scanning all documents on a Windows computer by uploading those documents to their own servers, is that a distinction that would necessarily be made clear to the general public? I don't think so. The rhetoric will be "Apple does it and that's fine, so Microsoft can do it too". The technical differences in the two implementations will be understood in forums like this, but not by the general public at large.
For example Google and Meta both scan all material that is on their services, both of these providers actually go further by utilising AI to hunt imagery which may not be identified yet. So the idea of this compelling others to scan is false: Apple is last here.
Similar to Google and Meta, Apple's CSAM processes only come into play when the material is uploaded to Apple's servers. The minutiae of where the scanning occurs is irrelevant because Apple's implementation is merely a way of performing the function without giving up the user's privacy (by scanning locally rather than sending all of your photos to Apple's servers for review.)
The scanning process is merely the addition of verified hashes to a system which already uses this same technique to categorise ones photos into searchable images ("waterfalls" "dogs" "bicycles" etc.), because this is an existing system there is no impact to performance/device usage.
This is where you and I part ways. I don't think that's an irrelevant minutiae, because it normalizes on-device scanning. This implementation or others may change in the future and opposition to those future implementations will be hampered by "Apple was already doing it" arguments, which will sound fairly plausible to the non-technical public.
Maybe I'm making a 'slippery slope' argument here, but I've become comfortable with such lines of thinking. My cynicism has been rewarded too often before.
That depends on how "BYOD" the company is. There's an awful lot of companies that provide work machines that most of their employees reasonably use for some sort of personal work, be it checking their bank statements to see if they got a deposit or logging into a handful of services so their settings sync. In my opinion it is unreasonable to expect people to not do this, especially given that the alternative is quite painful with modern software. Corporate searches have a problem of not really having clear limits like a legal search might, so going through e.g. your synced web history when trying to find evidence of credential abuse (check your own audit logs!) is common.
It is super well documented that Apple ALWAYS follows the laws of the land, so the scenario is that a government adds some new hashes that might not be CSAM as you and I define it but might be political stuff(but the citizens can't check). Also now that the code is there Apple can't refuse to add this hashes or enable the feature forcefully when a legal warrant for that territory is presented.
some more config changes and it can start scanning for text in documents too.
And it hasn't eventuated. But yet now it is something to panic over ?
OSX is getting more and more locked, iOS is locked so why shouldn't people complain when things get worse.
I was just explaining that the excuse "OSX is 20 years old and it was not locked yet so it will never be locked q.e.d " , this is wrong, you can see clearly how things get more locked in steps and you don't have to wait untill last step to complain.
Keep in mind that you have better keyboards on Apple laptops today because people complained, the CSAM shit was delayed because people complained, the Apple tax was lowered in some cases because developers and Epic complained, so complaining sometimes works.
Here's what would need to change about the system to fulfil your requirements.
1. The local government would need to pass a law allowing such a change 2. The hashes would then need to come from the government. Instead of the two intersection of two independent CSAM databases. 3. The review process would need to redesigned and deployed to provide a lower threshold and permit the reviewers to see high resolution images. Neither of these changes are trivial. 4. The reports would then need to go to the government. 5. What's stopping these same governments from requesting such things from Google and Meta - both of which have comparable systems with lower oversight?
Apple don't "ALWAYS follows the laws of the land", one can read into this with the recent "secret" agreement between Apple and China which detail the various ways that Apple hasn't complied with Chinese requests (e.g. the requests for source code.)
The vague "this is a serious concern because my government is shit" requires a person to ignore a lot in favour of a little.
I think you missed OP point, the grandparent found a bad excuse for Apple, that Google and Facebook do the same so nothing is wrong, but the OP responded correctly that this is false, those companies don't install file scanners on your device so the excuse is bullshit.
They don’t install file scanners on iOS because they cannot. They are happy with scanning my contacts and doing who knows what with my photos if I let them, though.
Nobody says that Google or Facebook are good/saints, but there is a difference, my phone did not had Facebook or WhatApp installed, so journalists or activists can just don't install this crap.
Reverse this for a moment: would it be acceptable that a Chinese tech behemoth decides US law does not apply to their American operation, because they are convinced that western democratic values are dangerous?
This is also a real concern. If you think that rule of law is a good thing, then companies must comply with local laws. The alternative is not a humanist utopia; it is the rule of unaccountable corporations.
In this case there is no law to force Apple to scan on device, they can scan iCloud only if the law forces them to do that, or scan only iCloud images that are public or shared if the law forces to do only that.
Before 1989 listen to a specific radio station was illegal , but the good part was that the radio device could not snitch on you , if someone would have invented snitching radio then I am 100% only those radio devices would be legal to be sold in my country at that time. So if you create a snitching device then you invite the bad governments to add the laws after to profit from that and make their lives easier.
I don't think that offers meaningful protection. A malicious government could acquire or produce real CSAM, or at least a convincing fake of it, then modify that image subtly to match the hash of the political content they were targeting (I believe such engineered collisions have already been demonstrated.) They would then be able to get that manipulated CSAM into as many independent CSAM databases as they wanted, simply by uploading it to the web then reporting it to all those independent databases.
1. Forced hash collisions are fragile in comparison to the genuine material. CSAM hashing is devised in a way to allow change in the image without significant variation to the hash. Forced collisions however don't possess that property as their true hash is different.
2. It's trivial to detect images with false hashes, and different hashing methods will not produce collisions.
3. The task you're proposing, in itself is not pragmatic nor effective: dissenting political materials are easily created fresh (i.e. no colliding hash) and exists in many forms that go well beyond an image.
4. Human reviewers again would see the pattern and adapt the system accordingly
5. CSAM database holders aren't idiots. They understand the significance of their hash libraries and work against manipulation from CSAM peddlers.
Point 2 and 5 I don't understand, could you expand on it? If the government produced manipulated CSAM that didn't exist in any other pre-manipulation form, how would the manipulation be detected? And supposing it were detected, would CSAM database holders choose not to add that image to their databases just because it was manipulated? If that were the case, it would give pedophiles a way to exempt their images from the database too.
Point 4 is neutralized by the government demanding local human reviewers for phones located in their country. China already does this with iCloud, they could demand the same for the CSAM reviewers, then coerce those reviewers or simply select them for party loyalty in the first place.
Sure, it is not hard, but already laws can apply, did China had to pass a law like "any company has to update their maps software to conform with our local maps?" or China just showed Timmy a graph with profits from China dropping and then Apple said "yes sir!!!" .
> 2. The hashes would then need to come from the government. Instead of the two intersection of two independent CSAM databases
Yeap, the government will demand for a local database to be used and since the crimes are local you need to send the reports o the local police and a local Apple employee will have to check, not some cheap random contractor.
Apple's response to the "what if governments force you to abandon the hidden set intersection stuff you wrote" thing is, "well we'll just say no". Which, unless Apple plans to pull out of hostile jurisdictions entirely or levy their own private military[1], holds no weight. Countries own their internal markets in the same way Apple owns the App Store market.
[0] https://en.wikipedia.org/wiki/Restrictions_on_geographic_dat...
[1] which should scare the shit out of you even more than the CSAM scanner
The CSAM scanner does not scarry me as it is today, but the fact that is a step, next year will scan more files, then Google will copy Apple (willing or not) and then most PCs will do the same thing.
Apple just normalized that is fine you have an proprietary file scanner/"antiviruys" installed on yoru device with the properties:
1 it can't be stopped or removed
2 it get's hashes from some government agencies over online updates
3 matches will be reviewed by someone that it said are trustworthy and might get sent to your local police
4 the stupid scanner has stupid excuses to exist, where would have been extremely simple to implement and non controversial to scan the fucking images after the upload and not before.
If it's triggered, send the details to a particular group of individuals with certain clearance to view and verify.
If they have the ability to do this, they will definitely do this!
Of course they could decide later to implement it! Just like any company could choose to do that! It’s the whole point, your phone is closed source. But clearly apple didn’t pick that route, they announced it BEFORE shipping and asked for feedback! And you’re blaming them for that?!
Isn't obvious ? Some guy using an exploit would install a debugger on his iPhone and find this scanning process, Apple PR would be hit. But Apple could do this and gain PR by pretending is a safety feature, the guy with the debugger will see that files are scanned and hashes are sent to the server but he can't prove that the config file won't be updated in the future for everyone or some and the hashes will be pulled from a different database, the threashdold will change and the is iCloud enabled flag will be ignored.
What makes no sense and Apple failed to explain and fanboys also failled to convince me with any evidence, why the fuck not scan the images on iCloud only since we are pretending that only if iCloud is enabled the images are scanned. (there is no credible evidence that this is part of any plan to offer some kind of super encryption that Apple has no keys for)
"See that hashing thing you have, this secret gov. order that you can't tell anyone about says you need to look for this list of hashes too. If you find them, you have to let these 5 people know and if you tell anyone you'll accidentally shoot yourself three times in the back of the head to commit suicide!"
Didn't that only happen after a leak?
I fail to see how this system (which I'm not a big fan of, to be clear) makes it easier if you assume governments can and will fabricate evidence. Doesn't seem you need an iPhone, smartphone, or to have owned or done anything at all in that case.
> It's coming whether we like it or not now :(
Um, I think the public outcry showed them pretty clearly that they will lose customers and money precisely if they go ahead with this. I think the people championing this inside Apple (some rumors say Cook himself) were expecting this to be some kind of feel-good, "we're thinking of the children" PR piece - not the shitstorm it turned out to be.
https://petapixel.com/2021/12/13/apple-to-release-nudity-det...
Tell you what, put up 20k USD and I’ll go through the formal process of verifying binaries and whatnot. Otherwise, I think my “feeling” still contributes to the discussion. I don’t need to put in 200 hours to prove something I’m not misrepresenting as fact.
CSAM scanning will come. Apple probably won’t tell you.
Are we talking about anything that scans photos?
If so that’s pretty common… everywhere.
I have some technically capable friends who were up in arms about this situation.
Then they share their “vacation at X with friends “ Google photos album with me.
Cat isn’t just out of the bag….
My guess is it’s already quietly pushed, but the flag needs turned on.
https://petapixel.com/2021/12/13/apple-to-release-nudity-det...
It’s a different feature that works in an entirely different way. There’s plenty of descriptions of how both features work out there, there’s no need to guess at what they might do.
Not being funny, but I am not sure why this comes as a surprise. Of course everything Apple (and any other for-profit org) does is to make money.
If it’s an Android it’s probable got something similar in place.
On an iPhone all you must to use disable iCloud sync to avoid CSAM
CSAM was the last straw. Before this was that: echo 127.0.0.1 ocsp.apple.com | sudo tee -a /etc/hosts
It only applies when you have iCloud Photo Library enabled.
Only those pictures which were about to be uploaded iCloud, would have been scanned, and Apple would get information about image contents only if it is flagged. The phone is blackbox and it scans your files anyway all the time, sending metadata to Apple e.g. because of the spotlight feature and photo albums, or simply syncing your data to cloud. There is massive AI behind that spotlight feature. Nothing would have changed, just the different kind of information would have been flagged, but this time encrypted.
The major improvement was E2EE like system for Photos. Currently they are not E2E encrypted in Cloud. They are plaintext for Apple. iOS 15 beta had also encryption for backups, but it never reached public reach after CSAM was delayed. So we lost yet another feature which would have increased the privacy. "But it happens in my device", is not really valid argument since most people don't understand what happens in their devices in the first hand. Even AV engines sends all your data to cloud, and you can't opt out in most of the cases and it is for every file.
But yes, currently Apple can access all your images on the cloud, but with this change they would have been E2E encrypted, hence improving privacy.
Apple said nothing at all this would be the case. It's pure speculation from people on the internet.
What exactly does one achieve in nailing the local pedo for old content? If he's stupid enough to be uploading it to iCloud he's stupid enough to get himself busted in all manner of other ways. The real problem is of course criminals who are currently engaged in the production of CSAM. Which Apple's scheme does nothing to address.
I did the same and I agree with you with one small caveat. For someone like me, who does not use iCloud or any other cloud service, on device scanning seriously compromises my privacy. I want to be clear that I am not doing anything that is currently illegal in my home country, but that could change under a more oppressive government. I know my opinions would definitely get me in trouble in some countries if I happened to live there.
> Of course the best option is to not scan at all, but that is not really option.
Why isn't it an option? I know of no legal requirement anywhere that mandates Apple has to scan fro CSAM.
At least in the current solution scanning was integrated part of the iCloud sync pipeline, and therefore this would not have affected you.
> Why isn't it an option? I know of no legal requirement anywhere that mandates Apple has to scan fro CSAM.
Apple is too big and they try to foresee politicians behavior. With "good will" solutions they can adjust the way how they scan or implement this. With regulation it would be more specific and might even restrict encryption in some cases totally. This is quite difficult topic at Apple's scale and I don't know if anybody really knows what exactly is already required and why
With all the respect, there is one small detail: The search criteria is provided by third party organisation (funded by DOD), without option of public oversight due to nature of "sensitive" data set. This data set would be defined by similar "organisations" per country bases.
In my humble opinion this "privacy related solution" is Stasi wet-dream on steroids.
Some governments liked it so much, that they wanted it to be extended.. https://9to5mac.com/2021/09/09/csam-scan-encrypted-messages/
The backlash was obvious from the outside, but it’s clear someone spent a lot of time building something they felt was reasonable. Even if Apple presumably just implemented the same system in iCloud, at least people became aware governments have access to such systems.
The entire technical underpinnings of this solution rely on essentially neural image embeddings, which are very well known to be susceptible to all sorts of clever attacks. Notice how within a day or two of the announcement of this whole system and it's symbols, people were already finding lots of 'hash' collisions.
In the space of people and places that can train and implement/serve such embeddings, these issues are pretty widely known, which makes it very non-obvious how this happened IMO. Someone that understood all of these issues seems to have directly ignored them.
More importantly hash collisions result in manual review by humans at Apple, hardly a major issue. This is also a safety measure protecting users from political images being tagged in these database.
I can ditch my iPhone at any time, but Apple wanted CSAM to be part of Mac OS and this is unacceptable.
Anyway, I am glad that they tried. This was a wake up call with positive financial and technological outcome for me and my business.
It is already on MacOS. It sends hashes from every unknown file on ”virus protection purposes”. Only name and hash database is different. How that changes your privacy?
And to be fair, they never said publicly that it would come to Mac OS.
http://web.archive.org/web/20210807010615/https://www.apple....
The fact that they went so hard for the feature without really considering how people felt about the invasion is important.
So instead they will just continue to scan your photos server-side.
Yep, and because of that we are not getting E2E services (Photos, backup), which would have been possible with this new technology.
We’re you consulted on how google implemented it server side with google photos? You likely didn’t know!
Only one company chose transparency here.
What a load of BS. Apple told us it was going to happen, and then quietly canned it when there was backlash. There was no intention of "consultation" or "getting feedback" at all.
I doubt it. It will be quietly implemented. If a techie digs in far enough with RE to prove it, general society will treat them like they wear a tinfoil hat.
[1] https://9to5mac.com/2021/08/06/apple-internal-memo-icloud-ph...
No they didn't [0]
> When reached for comment, Apple spokesperson Shane Bauer said that the company’s position hasn’t changed since September
> Crucially, Apple’s statement does not say the feature has been canceled entirely.
[0] https://www.theverge.com/2021/12/15/22837631/apple-csam-dete...
For now. There are no technical limitations to Apple's proposed solution that preclude it from being always on. It's a policy decision only, and you can be sure there would be immediate pressure to force it to scan full time.
>> First, it is not related to the parent's point at all
The post was about switching away computers. My (badly implied) point was, a lot of the effort is wasted unless if you still use an Apple iPhone...
If you skip using an iPhone, then fine, but the other options out there are likely worse.
>> Second, it is perfectly possible to run AOSP based OSes not tied to google
You can build your own Google-free etc version but again most people won't because of the effort and the need to redo for updates again and again. The Parent post author probably has the means to do it, but it's another endless task they have to stay on. All other options (to my limited knowledge - plz share if you know more) mean compromises in apps, and functionality - unless you're happy to spend hours each wee/month troubleshooting and setting up workaround and working with specific compatible hardware.
It can be done. But how much of your life will you want to spend on that? Reading other comments maybe it is a solved problem now - it hadn't been last time I tried.
If I assumed too much from the parent post then sorry.
https://news.ycombinator.com/newsguidelines.html#comments
Comments should get more thoughtful and substantive.
When disagreeing, please reply to the argument instead of calling names.
Eschew flamebait.
Please don't complain about tangential annoyances.
Please don't post shallow dismissals.
https://news.ycombinator.com/newsguidelines.html#comments
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one-- and preferably only one --obvious way to do it.
Although that way may not be obvious at first unless you're Dutch.
Now is better than never.
Although never is often better than right now.
If the implementation is hard to explain, it's a bad idea.
If the implementation is easy to explain, it may be a good idea.
Namespaces are one honking great idea -- let's do more of those!
https://www.python.org/dev/peps/pep-0020/
Take heart in the bedeepening gloom
That your dog is finally getting enough cheese.
https://www.youtube.com/watch?v=Ey6ugTmCYMk
I've scrapped out a perfectly good (and exceedingly nice to use) M1 Mini, I no longer use a 2015 MBP, I've shut down my iPhone (not quite for good, I still have to figure out how to move my Signal root of identity off it), and I no longer use an iPad for work reference PDFs.
I've replaced these with far less functional "But I'm making them work" sort of devices. An AT&T Flip IV for phone stuff (KaiOS, handles basic calls and texts, and not much else, though it does have GPS and maps, and can do email if you let it), a Kobo Elipsa + KOReader for PDF support, and I've spent a good bit of time tweaking a PineBook Pro into my daily driver laptop.
The general view I have of Apple at this point is, "Oh, we know what kind of company you are, now we're just haggling over details."[0]
To whine about Apple doing stuff and continue to use them says, "Yes, it's important enough to complain about online, but not important enough to alter how I use their products - therefore, not really important at all."
[0]: https://quoteinvestigator.com/2012/03/07/haggling/
Given that the CSAM issue turns out to be moot, I assume you feel regret at doing this.
I'd love an ODroid N2+ with 8GB RAM, though. Twice the CPU performance of a Pi4 but it's pretty RAM choked with only 4GB.
Now you are promoting the ODroid N2+ which is completely irrelevant to this thread.
The CSAM thing was the final straw for me with Apple, and as it turns out, my needs have rather significantly decreased over time, as the lower power hardware has increased in capability, though... sadly not as much RAM as I'd find useful.
It turns out that I don't actually need Apple hardware to do that which I now care to do with computers. And one of those replacements was a N2+, which, while a bit sharp around some edges, is actually a tolerably usable little Linux desktop.
You can call it what you want, I'm just describing what I've done in response to the changes in how Apple has chosen to treat their users.
The nature of the computing ecosystems have changed around me, such that I chose to make changes. I don't particularly regret the decision any more than I would selling a vehicle that no longer suits my needs when I move.
A final straw which never actually happened. They in fact listened to users saying how unpopular this would be, and changed course.
> I'm just describing what I've done in response to the changes in how Apple has chosen to treat their users.
No, you are describing what you’ve done in response to a demonstrably false belief about how Apple has chosen to treat their users.
It's still coming.
Edit:
Please don’t retroactively edit your comment to make the comment that follows it look misplaced.
It is a dishonest tactic that makes you look like a bad faith commenter. Who can trust that anything you have written hasn’t been altered after the fact?
There is no reason you couldn’t have included that quote as a reply to my question instead of silently editing it in to make it look as if it has always been there.
> Is it? What makes you think that?
The Verge reached out to Apple[0] and Apple confirmed that their CSAM scanning feature is still coming.
> When reached for comment, Apple spokesperson Shane Bauer said that the company’s position hasn’t changed since September, when it first announced it would be delaying the launch of the CSAM detection. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the company’s September statement read.
So yes, they still fully intend to push the update. You should probably take this less personally too, your arguments are only suffering by attacking people who are just trying to chip in their two cents.
[0] https://www.theverge.com/2021/12/15/22837631/apple-csam-dete...
You are in fact the one who dishonestly edited your comment. That’s what I was pointing out, and it was you and not the commenter before that I was replying to. We can see your name.
Trying to pretend otherwise is either delusion, or more dishonesty.
I agree that the update provided by the verge suggests that apple has not abandoned this plan yet.
In any case, that's not a refutation or response to the link I sent.
> https://news.ycombinator.com/item?id=29569282
I don’t need to refute your response. In fact after seeing the update I agree that CSAM is not yet defeated.
That doesn’t change the fact that your commenting tactics are dishonest. That is the problem here. You cannot be trusted not to edit upthread comments.
I legitimately have no idea what you're talking about. This is either an extremely confusing attempt to gaslight me or you're mistaking me for someone else. In any case, I don't really know what else to add here. Do you remember what was supposedly the original contents of this comment? We're really getting nowhere here pointing fingers.
You posted “it’s still coming”, and only added the quote later after my reply.
https://news.ycombinator.com/item?id=29569782
Share more details about how you set that up please? Good graphics software, or the relative lack of it, is one of the few things still holding us back from shifting several daily use machines to Linux. Affinity would be OK for that but the only reports we found suggested it wasn't happy running virtually and performance was poor.
https://leduccc.medium.com/improving-the-performance-of-a-wi...
https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF#Is...
That's short-sighted and self-centered.
You don't care about whether or not other people's rights are violated?
You don't see how normalizing rights violations could lead to downstream effects on you?
The whole reason for my HN post activity (reading in the shadows from 2008-10) is CSAM. In the beginning of this issue nobody cared and tons of Apple fanboys down-voted every possible negative reaction.
Apple is industry leader. Everyone will copy what they create. You can read "I don't care" as an emotional reaction of an individual who had invested tons of money in Apple, used Apple products and evangelized thousands of friends and customers. Only to realize that The Beauty is actually The Beast.
Even though the new mbps look really nice, I've got a Framework laptop sitting at home that I'm in the process of migrating to (that's $4k of MBP max that apple have missed out on).
And early next year, I'm moving off the iphone platform onto probably a pixel and switching the OS to something like Graphine. It's going to be fun and experimental.
I'm also looking to hire some developers next year, provided laptops will be Linux too.
a) CSAM scanning only ever applied to photos being uploaded via iCloud Photo Library. It was never applied to photos that you weren't giving to Apple nor any other files.
b) The "but they could expand it to anything else" logic is baseless and frankly stupid. Why ? Because they wrote the operating system. They could implement this feature in any of the 100+ daemons that are currently running as root and no one would ever know.
c) It was a better solution for user privacy than what exists today i.e. Apple secretly scans your photo server-side. Which you gave them permission to when you agreed to the EULA for iCloud.
Which is everything in your camera roll, and last I checked, you can't pick and choose which pics. Additionally, saving a photo from the internet, or in some apps, merely receiving one (WhatsApp does this, at least), automatically puts it there.
So let's amend A to reflect reality:
a) CSAM scanning is applied to all photos an average iOS user will interact with if they have iCloud Photos turned on, which is the default
which boils down to:
a) CSAM scanning is applied to all photos an average iOS user will interact with
Another take would be that they took on-board the extensive public criticism, and changed their minds.
That's what I meant.
All the more reason to not give them the benefit of the doubt with shit like this. If they say something flat out, that has some weight since there could be legal repercussions for lying (in theory anyway.) But not saying anything and letting people infer whatever they want? That's how companies with PR and Legal teams like to cover their asses instead of outright lying. The company says nothing and lets their supporters invent whatever headcanon is most flattering. I don't go in for that.
Edit: The same thing happened when they let Apple fans infer that this feature was preparation for enabling proper E2EE. As far as I'm aware Apple never actually said that and their supporters decided to believe it without evidence, just a lot of wishful thinking.
Sometimes, the right way to kill a project (politically) is to let it publicly fail. Killing a project before it fails requires much more of a fight. It could also mean that the very public failure of this project gave Apple leverage over whichever spooks were pushing for it in the first place.
I feel this is definitely true most of the time, but in this case the cost to their public image/perception among the tech crowd was so high it was a mistake.
Why is this obvious? Normally, when you have an objection to a company policy, you voice those objections in private to people within the company. This seems "obvious" to me, but to explain--(1) it's against company policy and often considered a fireable offense, (2) employees have an interest in presenting a united front, (3) those who want the project to fail publicly want it to happen without interference from inside the company.
There is a big difference between happy with it and not unhappy enough to quit publicly when part of your job is to spread koolaid and look happy.
If i were against something like this, but not powerful enough to squash it (especially if a gov had a hand in getting it pushed through), then i'd make sure to do a press tour and get it in every newspaper for all the wrong reasons, while making an all/nothing stance to torpedo the project.
I can think of no other reason beyond utter incompetence why they'd announce it how they did. Apple is known for being secretive, but why did they do a press interview and say "sure other 3-letter gov agencies may need to add to the illegal photos database in the future" unless you wanted to really make sure the project would fail? Why else announce it in the same press release as scanning messages for similar content? It seems like the rollout was designed to be as suspicious as possible tbh.
This should be re-written to say
> If [i were not influencial enough to sink it internally, so i] were trying to sink the project [through bad publicity]
Therefore, the answer to your question is "darn, it didn't work. that sucks but at least i tried".
Also...
> Never assume 4D chess when simple incompetence can do the job
In this context, its very likely that a government is somewhat behind it. We know the FBI and apple didn't get along. We know apple has been doing things quid-pro-quo for china to stay on their good side. So it seems like we're already sitting at a 4d chess board, but no one is sure who's playing.
If a government says you have to do X on the DL, and you don't want to because its bad, then a logical solution is to get general population + news media to say "X is bad! We really hope X doesn't happen." Because then its easy to show the government why you can't do X.
I don't feel like Apple cares at all about perception among the tech crowd. So many things they champion draw the ire of us.
This is my guess. I imagine it went something like this.
Congressman: "So tim, FBI talked to me and want some help. Please find a way to check all pictures on iphone"
Tim: "or no?"
C: "We'll make it worth your while"
T: "This goes against our marketing and history, it'll take a really big push. My team says we can manage X but we need to work with CSAM agency to handle optics.
C: "Great!"
T: "I was right, the public hates it and doesn't care about children, we're going back to our privacy stance in marketing because the backlash would out-due the political reward. We'll throw you under the bus if you push again on this. We totally want to help for real and not just because politics is a game and we have to play, but this cost is too high, even you can see this backlash and recognize we can't go threw with it. BTW thanks for giving us excuse to hire a few new expensive ML scientists from google or wherever. They got to write some nice papers."
C:"Gotcha. See you next week for gulf when we try again at something new? There is this israeli company i want you to meet"
1) I agree by accident
2) They thankfully stopped nagging me
3) Or they buggy implemented it and even though I kept cancelling after few tries they assumed I agreed.
If they don’t, they end up having data from different licenses. If you have many of those, figuring out what you can and cannot do with data becomes a nightmare.
You could get questions such as “Can you make a backup in country C for user U? He’s under the 2019 terms, so in principle, yes, but alas, user V has shared content with U, and V still is under the 2017 terms. Also, U has been in the EU for the past weeks, so EU regulations apply, at least as far as we catered for them in the 2019 terms”
Not changing the terms isn’t an option, either, as they have to be changed to cater for changes in laws. If you operate in 100+ countries,
That's their problem to figure out. If they can't then they should terminate customers who don't agree and ship them their data.
Obviously they'll never do that since it would be a terrible look and they'd lose customers, because they want to have their cake and eat it, too.
I am not sympathetic to how hard it would be for a corporation to do something. "It's too hard" is not an excuse, not least of all if they're a multi-billion dollar corporation.
If, for example, your bank changes their terms, your electricity provider increases prices, landlords increase rent, etc. they will inform you and often silently enrol you in the new scheme. Cancelling the agreement always (and maybe not even that) is an option, but that is opt-out, not opt-in.
So, why would cloud providers be different?
In short, other countries outside the US _do_ hold other service providers to similar standards.
I'm not a businessman, but I believe Apple's main customers are not governments, so I suppose that it's not good business for Apple to ignore their users' preferences. Governments in most of Apple's marketplaces change every few years, after all.
They pulled documents about the scanning, but we don't actually know they pulled the scanning itself.
> when Apple switches to not having access the keys to decrypt iCloud photos and documents.
We don't know that they are/were going to do that either. It's just a popular 'fan theory.'
Or do something equally pointless, but just as signally.
I feel like so many of these unstoppable force meets immovable wall situations warp both functionality and discourse (on all sides) on said functionality.
This comes about because everything is getting so centralized. The government wants to be in everything, and Apple (stand in for all big tech) does too. This pits them against each other, with the consumer only acknowledged when there is vast consumer agreement and motivation.
Similar to App Store, Apple wants total control, then governments use Apple's control to cut of access to particular apps. Consumers that understand the severe loss of freedom this creates (for them and developers) both immediate and in lost innovation don't like it. But there isn't a huge consumer uproar on that one ... so freedom wilts.
Bundling these basic features (cloud backups, app stores) with operating systems is creating an unholy government/platform axis that wins every time consumers are unable to drum up the motivation to speak as coherent allies pushing back.
https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX
As for the negativity. That is based on experience with large tech companies.
https://www.eff.org/deeplinks/2019/12/senate-judiciary-commi...
Some nebulous political references in opposition to encryption aren't the reason Apple did this in the first place. They had and continue to have plenty of choice in the matter.
Only when they knew they would win, as with Bernandino Shooter PR spectacle.
They didn’t stand up against iCloud CN being hosted by Chinese government, they didn’t stand up against unencrypted iCloud backups.
As a corporation, they have no intrinsic morals at all, and privacy is nothing but a marketing term to them.
They don't want to lose China and $$, and they couldn't use and profit from people's data if iCloud backups were encrypted.
Companies are not your friends.
> Update: Apple spokesperson Shane Bauer told The Verge that though the CSAM detection feature is no longer mentioned on its website, plans for CSAM detection have not changed since September, which means CSAM detection is still coming in the future.
First rule of scanning feature is don't talk about scanning feature.
There was some reporting that Apple does server-side CSAM scanning, but based on the volume of matches they report, it must be extremely limited.
Apple never said it this way, but many people assumed that Apple designed this client-side scanning system so that they could then encrypt iCloud data with client-side keys, which would provide end to end encryption for customer backups… and prevent any server-side scanning. This is likely what Matthew is referring to.
With the attention I don't see how Apple can delay taking some action here. A new external liability that can be attacked in different ways. Either they need to level up the CSAM scanning server-side to increase compliance, or they need to reimplement the client-side approach. The latter approach is probably much better from their perspective for various reasons.
Ultimately, they might have been better giving this a lower profile overall and effectively have sought public attention of law enforcement to provide some cover. The authorities are going to get this in some fashion eventually.
For reference:
> According to NCMEC, I submitted 608 reports to NCMEC in 2019, and 523 reports in 2020. In those same years, Apple submitted 205 and 265 reports (respectively). It isn't that Apple doesn't receive more picture than my service, or that they don't have more CP than I receive. Rather, it's that they don't seem to notice and therefore, don't report.
https://www.hackerfactor.com/blog/index.php?/archives/929-On...
Is this a given?
It was a mistake to announce it in isolation as seen by this blowback because most people don’t understand or care about the actual details and just loudly complain.
Similar to the dismissal of the privacy preserving Bluetooth exposure notifications. Dumb knee-jerk dismissals imo that end up with worse outcomes for everyone.
https://www.bbc.com/news/technology-51207744
https://www.eff.org/deeplinks/2019/12/senate-judiciary-commi...
You can pick
a) no backups
b) iCloud backups with E2EE and privacy preserving CSAM scanning as suggested by Apple (private set intersection, half client side, half server side)
c) iCloud backups, unencrypted, with CSAM scanning server side (like all other cloud services)
I know what I'd choose!
d) encrypted offline backups that never touch iCloud
I don't use iCloud for anything at all. Any sort of client-side scanner seriously compromises my privacy for no good reason. I am not a criminal. I don't deserve to be treated like one.
The proposed database for snitching was CSAM but once the system there, the devices become the pocket police that can receive any kind of scan-match-snitch instructions. This would be the point where humanity embraces total control.
That said, an offline version might be workable. Think 2E2 encrypted devices that can be scanned against a database with physical access to the device upon approval from the device owner. Imagine a person being investigated through standard police work, it can be used to prove the existence or the lack of the existence of the materials without exposing unrelated and private information if the person accepts to cooperate.
Typo of abhor?
The main rebuttal is that people claimed that Apple could expand the scanning to photos you aren't sending to iCloud. If you believe that though, then not using Apple devices (regardless of whether they implement CSAM or not) is clearly the move.
tldr: if you trust apple, this doesn't matter, and if you don't, you shouldn't use apple devices anyway.
However, the major issue for me is the database of "forbidden" neural hashes which you are not permitted to have on your phone. Who controls what goes into that database? Right now, it's only CSAM and Apple have said they pinky-swear that if they're told to add other things they will refuse.
Any maybe they will. Maybe Tim Cook will fight tooth-and-nail to avoid adding non-CSAM hashes to that list. But then maybe Tim retires in five years time and his replacement doesn't have the appetite for that fight. Or maybe Apple gets court order saying "you MUST also report this sort of content too". Maybe that list of forbidden hashes now includes political imagery, the picture from Tiananmen Square, known anti-government memes, etc.
Once the technology is created and deployed, the only thing preventing that sort of over-reach is Apple's resolve against governmental pressure; even if you'd trust Tim Cook with your life, I can completely see why that would give people pause.
This isn't what was being proposed. What was being proposed was that if you had a photo that resolved to a "forbidden" hash, upon being uploaded to iCloud data would be sent to Apple. Presumably after some arbitrary amount of times this happens, information would then be sent to the local government.
If you were not using iCloud to store photos then it wouldn't matter either way (according to Apple).
1) Tim Cool will have no knowledge of this when the government inevitably expands the hash list
2) Apple gets a list of hashes, not content, from NCMEC which is an unconstitutional quasi-governmental agency created by congress and funded by the government to bypass the 4th amendment.
3) Apple will simply get an updated list of hashes and has no reasonable means to verify what the hashes from any given government are.
The problem with this is that we already know "National Security Letters with Gag Orders" exist, and we know that the US government, at least, doesn't mind using those.
"You will do this thing and you will tell nobody that you've done this thing."
The Lavabit rabbit hole is a case study here: https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_ord...
OR more likely suggests that Apple prefers to continue its program in secret.
suggested title update as the important bit is cut off
Apple Removes References to CSAM Scanning from Child Safety Webpage
It's quite important to see what a given page wrote.
I was hoping to read "Source Code" next.
Is it governments that want to scan end user devices for content declared forbidden by them?
[1] - https://www.windowscentral.com/how-disable-smartscreen-trust...
Since the OS is proprietary, how do we know they didn't go for it anyway?
Reverse engineering is a thing.
https://9to5mac.com/2021/08/18/apples-csam-detection-reverse...