Did you read this article? It's re: functionality that would notify a parent account if a child account had received or sent a message potentially containing nudity. It's a difficult thing to force upon folk who don't want it, as you don't have to mark accounts as being for children.
If we forbade all technology that could be used to do harm, we wouldn’t have much technology left, if any.
Hammers can and have been used to kill people, as have axes, bricks, cars, electricity, fire, gas, ropes, water, etc.
In this case, the question is whether you trust Apple to do what it says it does and not more. If you do, you can use the current iPhone. If you don’t, you can’t use any iPhone they ever produced.
By normalizing an idea they were previously rebuked for implementing (“we’ll scan all your photos for goodness!”) into a context people accept under “think of the children”.
See how readily your sibling comments accept the premise and normalization of photos on a device being scanned as long as it’s appropriately contextualized — and then you wait five years, say you need to do even more to stop CSAM, and roll out the original scanning of all photos, everywhere.
I don't believe it's based on the "same technology" in any meaningful manner. My understanding was that CSAM scanning was based on comparing perceptual hashes to known CSAM images. This doesn't seem like it would be particularly effective at preventing sexual images from being sent to minors because Apple doesn't have a collection of hashes every sexual image including ones yet to be taken.
>These two features are not the same and do not use the same technology.
but doesn't clarify the differences. Gotta imagine they're referring to the distinction I made because, again, Apple's probably not developed some sort of precognitive nudie hashing.
Just spitballing but I'd imagine they're using some ML model trained to detect generic adult images, y'know, the same technology that they're using the make the Photos app more searchable. But detecting generic adult images has been around for ages.
Can we please differentiate between "CSAM" and "not CSAM"?
They said they were going to deploy CSAM, and then they retracted (albeit temporarily). A lot of what made CSAM a concerning issue for many (including me) isn't in effect for this particular feature.
Maybe they'll redeploy CSAM, maybe they won't, but this isn't CSAM.
I routinely look at the network traffic of my iDevice and see a tonne of traffic being sent to Apple. I can't see the contents of the traffic, since 99% of it is encrypted, but I can safely say Apple is very cozy with your device. Just assume Apple can see everything, and change your behavior accordingly. If I want secure comms, I use battle-hardened things like Tails[0].
What is with the very low adoption of comsec tools like Tails? Does everyone think it's crimeware and only used by criminals? Because I do a lot of my surfing with Tor, but that doesn't mean I'm a darknet drugs kingpin does it?
I'm a bit skeptical about Tails and other comsec tools which are a full OS instead of small, separate app. I don't have the time or knowledge to inspect full OS image in detail, and it feels like "secure communications, protected from the guys you don't like" is exactly the thing the "guys you don't like", like government, would create, with proper backdoors in place. After all, that had happened numerously before. (Crypto AG, that story about CIA gaining control of some "secure messaging" devices, etc)
Apps can be observed by the host OS, so if you're looking for an app that is secure relative to the host OS, then you're looking for unobtanium and instead need a host OS you can trust.
OTOH, the big lesson of Clipper is that every OS, every app, every platform, can be hacked by nation state adversaries.
No, I'm looking for an app which will be secure, as in, lack backdoors or obvious security issues. I understand that OS can compromise it, but I more or less trust my normal OS, and it seems weird to use a "secured" OS, because that's where I'd expect all the backdoors to be. Not to mention the fact that if your threat vector is "Apple looking through you photos", you probably don't even need anything special in the first place - popular Linux disto with some Matrix client will be just fine.
I'm skeptical as well since I don't believe the CIA or NSA even use such tools. Don't they just use RHEL or Windows? Why would they backdoor their own stuff?
Probably for the very simple reasons of convenience and wanting to use a mobile device to communicate? A clunky laptop with low / no state is not that.
We all know 'it doesn't have to be this way'. There is nothing special about your personal OS needing to phone home on you. I think people are more likely to use something like LinageOS vs something like tails if they want 'more secure' communications than to drag a laptop around with Tails.
> I can't see the contents of the traffic, since 99% of it is encrypted, but I can safely say Apple is very cozy with your device.
So in reality you are too lazy to hook their TLS verification code (super easy to do with public tools), or alternatively you did do this and the traffic just wasn’t that interesting.
Not really sure what we are supposed to take away from this.
I think it’s fair and reasonable to expect a basic level of knowledge when someone is making such confident statements regarding their reverse engineering work.
Defeating certificate pinning with tools like Frida is one of the most basic and common tasks when reversing iOS/OS X applications.
I really am against these tools -- the cost is extremely high for a relatively small amount of perpetrators. And any pedophile will know about this and simply disconnect from the Cloud or do everything offline.
...meanwhile everyone else's nude/promiscuous/ all of your other personal photos will be scanned. it is a huge breach of privacy and it really makes me consider whether Apple is the company for me. apparently it is optional but that other furthers the idea - why would a pedophile accept this tool on their phone?
There are prosecutors who think minors sexting minors == pedophile minors. Hmm, yeah, this feature is a good idea -- protect your children from insane prosecutors!
Being a binational, I can't help noticing that, once again, as long as "nudity" is censored or "under control" - then the children are supposedly safe.
Not that pornography is not a true problem. I really think it damages kids and even teens in their slow awakening to their sexuality.
But if they receive pictures of teens or children killed in Ukraine with gory details, that's all fine?
Kids and teens will share dirty pictures anyway. If their phones are totally "secure", they'll print the pictures.
The true questions are, IMO:
1/ education: all parents must at an early age talk more freely about sexuality. About respect, boundaries, the difference between having sex and making love, etc, and tell the kids & teens the truth: there is plenty of pornography on the internet and this is not good for you.
Because they will watch them. Through friends or unwillingly by trying to illegally download movies or cracked games.
I'd prefer that psychologists set up officially authorized websites where teens could watch adults making love explicitly but respectfully, with romance and feelings.
They want to watch anyway and they will find a way. But they will stumble onto violent scenes with psychopathic behaviors like incest, ten males onto one much younger woman.
Of course parents ought to have a way to block those websites. But they could also parameter their teens' computers to watch things that psychologists chose for their age.
Love movies to fight pornography. Explicit but insisting on the feelings and not the organs.
If parents can't accept that, well... their kids will watch brothers and sisters making anal sex in a way presenting it as "normal".
I think parents should enlist to night courses to learn how to deal with pornography. Censorship won't work.
It looks that parents want to be able to lie to themselves, eg being able to say "we did everything in our power" while knowing perfectly well that their teens will be confronted anyway to porn.
2/ As societies, we should reflect on pornography itself. Why are we collectively allowing large corporations making loads of money by producing violent, devious, unrespectful, illegal even (under age, incest, violence) porn.
I'm sure "free speech" is so large in the US that no law would hold. But that is not so in Europe - for the better IMO. Of course, laws would be transgressed like all laws are, but that would be a minority and that can be punished.
I'm not a prohibitionist, but I don't understand why well-known companies are still allowed to shoot scenes were women are objectified to the point of dehumanization, where they are insulted, abused, raped (even if it is "fake").
I don't believe an instant that laws and cops will suffice to stop degradating porn to circulate. But at least, maybe 80 or 90% of explicit scenes will be "normal people making love" and not a bunch of 50-year guys destroying a young tern.
So teens will more likely find "explicit decent love making" and not "gang bangs". At least, they would have a realistic idea of what sex is between non-pathologic, respectful, consenting adults.
That's the only way IMO to prepare them for the inevitable, e.g. gore porn they will find if they really try to (using tor or whatever forums). At least, they will be educated enough to tell themselves that what they are watching is not "normal".
Note that my definition of "normal" is rather broad. Oral sex is normal, in the sense of a common practice. But the ways it is practiced vary a lot. It can be either showing a woman following her own desire or a girl being forced to. Not at all the same thing.
The importance is not the nudity or to see organs in action. It's all about the relationship, adults asking to each other if they feel like practicing this or that and being said "no" regularly. That's education.
This is also available in the US, I enabled this on my kid's dedicated iPad linked to a family/child Apple account. There's no real downside, and it is entirely optional.
I suspect some replies are confusing this with iCloud photo scanning (for e.g. CP), whereas this is a different feature entirely, they just happen to have been announced at the same time which caused a lot of people to treat them as a monolith.
The biggest problem with Apple's family features right now is that it literally costs more to use. If you share a parent account with a child (or multiple), all IAPs are also shared, whereas if you create a child Apple account app purchases are correctly shared (and some Apple subscriptions) but IAPs are not, resulting in re-buys for every connected device.
There is, in theory, some IAPs that share through family sharing, but they're very rare and there's no way to determine which are what before you buy.
Honestly as it is on device, it would be quite useful for people who receive unsolicited/unwanted photos of a sexual nature as well. It is a cool feature, where as the reporting hashes remotely is...not
IAPs not being shared kinda makes sense from the perspective of the individual devs actually? The app is shared "purchased software", the account within the app probably is not.
I can see why devs don't check the IAP-share-for-family box, but ultimately the result is that fewer people are using child-specific accounts and the safety benefits as a direct result.
I understand that devs have to make a living, but how many repeat sales do they expect to make for the same family?
Regardless, it would be nice if the Apple app store told you if an IAP is shared or not within a family, it is important information for making purchasing decisions.
I am just curious about Apple watching my iPhone usage. Sometimes I tend to think, that Apple creates a profile as an applicant there just from phone usage. Apple knows about my not healthy relationship with the phone. Apple also knows about my extended lunch breaks walking with colleagues. Apple knows about my interests from photos taken with iPhone. Some days I just want to get some old used Nokia or Siemens C35 and hide from all this surveillance and profiling.
I am also curious about iPhone demographics. I seriously doubt, that German teenagers get iPads and iPhones instead of cheap (and easily replaceable) androids.
You're probably incorrect about German teenagers, who appear to have basically the same preferences as US teenagers, i.e., overwhelming preference for iPhone or the nicer tiers of Samsung devices.
This will sure stop the only 2 children in the UK that use iMessages?
I'm not sure if this is going to be rolled into other apps or the camera app itself but the main app kids use to communicate in the schools in my local area are Snapchat, TikTok and Insta DMs, and they have Facebook messenger and WhatsApp for messages from their parents.
I'm sure some of them aren't even aware there is a stock messaging app.
37 comments
[ 2.6 ms ] story [ 82.4 ms ] threadUntil it's not. See also: https://news.ycombinator.com/item?id=28309202.
Hammers can and have been used to kill people, as have axes, bricks, cars, electricity, fire, gas, ropes, water, etc.
In this case, the question is whether you trust Apple to do what it says it does and not more. If you do, you can use the current iPhone. If you don’t, you can’t use any iPhone they ever produced.
Isn't Apple already scanning, just in iCloud, like all the other cloud providers?
You either automate the search or your servers will get investigated by the FBI.
See how readily your sibling comments accept the premise and normalization of photos on a device being scanned as long as it’s appropriately contextualized — and then you wait five years, say you need to do even more to stop CSAM, and roll out the original scanning of all photos, everywhere.
Apple's got a FAQ for this at https://www.apple.com/child-safety/pdf/Expanded_Protections_... that explicitly states:
>These two features are not the same and do not use the same technology.
but doesn't clarify the differences. Gotta imagine they're referring to the distinction I made because, again, Apple's probably not developed some sort of precognitive nudie hashing.
Just spitballing but I'd imagine they're using some ML model trained to detect generic adult images, y'know, the same technology that they're using the make the Photos app more searchable. But detecting generic adult images has been around for ages.
They said they were going to deploy CSAM, and then they retracted (albeit temporarily). A lot of what made CSAM a concerning issue for many (including me) isn't in effect for this particular feature.
Maybe they'll redeploy CSAM, maybe they won't, but this isn't CSAM.
I routinely look at the network traffic of my iDevice and see a tonne of traffic being sent to Apple. I can't see the contents of the traffic, since 99% of it is encrypted, but I can safely say Apple is very cozy with your device. Just assume Apple can see everything, and change your behavior accordingly. If I want secure comms, I use battle-hardened things like Tails[0].
What is with the very low adoption of comsec tools like Tails? Does everyone think it's crimeware and only used by criminals? Because I do a lot of my surfing with Tor, but that doesn't mean I'm a darknet drugs kingpin does it?
[0] https://tails.boum.org/
OTOH, the big lesson of Clipper is that every OS, every app, every platform, can be hacked by nation state adversaries.
We all know 'it doesn't have to be this way'. There is nothing special about your personal OS needing to phone home on you. I think people are more likely to use something like LinageOS vs something like tails if they want 'more secure' communications than to drag a laptop around with Tails.
So in reality you are too lazy to hook their TLS verification code (super easy to do with public tools), or alternatively you did do this and the traffic just wasn’t that interesting.
Not really sure what we are supposed to take away from this.
Defeating certificate pinning with tools like Frida is one of the most basic and common tasks when reversing iOS/OS X applications.
...meanwhile everyone else's nude/promiscuous/ all of your other personal photos will be scanned. it is a huge breach of privacy and it really makes me consider whether Apple is the company for me. apparently it is optional but that other furthers the idea - why would a pedophile accept this tool on their phone?
Not that pornography is not a true problem. I really think it damages kids and even teens in their slow awakening to their sexuality.
But if they receive pictures of teens or children killed in Ukraine with gory details, that's all fine?
Kids and teens will share dirty pictures anyway. If their phones are totally "secure", they'll print the pictures.
The true questions are, IMO:
1/ education: all parents must at an early age talk more freely about sexuality. About respect, boundaries, the difference between having sex and making love, etc, and tell the kids & teens the truth: there is plenty of pornography on the internet and this is not good for you.
Because they will watch them. Through friends or unwillingly by trying to illegally download movies or cracked games.
I'd prefer that psychologists set up officially authorized websites where teens could watch adults making love explicitly but respectfully, with romance and feelings.
They want to watch anyway and they will find a way. But they will stumble onto violent scenes with psychopathic behaviors like incest, ten males onto one much younger woman.
Of course parents ought to have a way to block those websites. But they could also parameter their teens' computers to watch things that psychologists chose for their age.
Love movies to fight pornography. Explicit but insisting on the feelings and not the organs.
If parents can't accept that, well... their kids will watch brothers and sisters making anal sex in a way presenting it as "normal".
I think parents should enlist to night courses to learn how to deal with pornography. Censorship won't work.
It looks that parents want to be able to lie to themselves, eg being able to say "we did everything in our power" while knowing perfectly well that their teens will be confronted anyway to porn.
2/ As societies, we should reflect on pornography itself. Why are we collectively allowing large corporations making loads of money by producing violent, devious, unrespectful, illegal even (under age, incest, violence) porn.
I'm sure "free speech" is so large in the US that no law would hold. But that is not so in Europe - for the better IMO. Of course, laws would be transgressed like all laws are, but that would be a minority and that can be punished.
I'm not a prohibitionist, but I don't understand why well-known companies are still allowed to shoot scenes were women are objectified to the point of dehumanization, where they are insulted, abused, raped (even if it is "fake").
I don't believe an instant that laws and cops will suffice to stop degradating porn to circulate. But at least, maybe 80 or 90% of explicit scenes will be "normal people making love" and not a bunch of 50-year guys destroying a young tern.
So teens will more likely find "explicit decent love making" and not "gang bangs". At least, they would have a realistic idea of what sex is between non-pathologic, respectful, consenting adults.
That's the only way IMO to prepare them for the inevitable, e.g. gore porn they will find if they really try to (using tor or whatever forums). At least, they will be educated enough to tell themselves that what they are watching is not "normal".
Note that my definition of "normal" is rather broad. Oral sex is normal, in the sense of a common practice. But the ways it is practiced vary a lot. It can be either showing a woman following her own desire or a girl being forced to. Not at all the same thing.
The importance is not the nudity or to see organs in action. It's all about the relationship, adults asking to each other if they feel like practicing this or that and being said "no" regularly. That's education.
Of course, it...
I suspect some replies are confusing this with iCloud photo scanning (for e.g. CP), whereas this is a different feature entirely, they just happen to have been announced at the same time which caused a lot of people to treat them as a monolith.
See: https://www.apple.com/child-safety/
The biggest problem with Apple's family features right now is that it literally costs more to use. If you share a parent account with a child (or multiple), all IAPs are also shared, whereas if you create a child Apple account app purchases are correctly shared (and some Apple subscriptions) but IAPs are not, resulting in re-buys for every connected device.
There is, in theory, some IAPs that share through family sharing, but they're very rare and there's no way to determine which are what before you buy.
IAPs not being shared kinda makes sense from the perspective of the individual devs actually? The app is shared "purchased software", the account within the app probably is not.
I understand that devs have to make a living, but how many repeat sales do they expect to make for the same family?
Regardless, it would be nice if the Apple app store told you if an IAP is shared or not within a family, it is important information for making purchasing decisions.
I am also curious about iPhone demographics. I seriously doubt, that German teenagers get iPads and iPhones instead of cheap (and easily replaceable) androids.
https://www.statista.com/statistics/700712/smartphone-market...
https://www.statista.com/statistics/828257/smartphone-owners...
I'm not sure if this is going to be rolled into other apps or the camera app itself but the main app kids use to communicate in the schools in my local area are Snapchat, TikTok and Insta DMs, and they have Facebook messenger and WhatsApp for messages from their parents.
I'm sure some of them aren't even aware there is a stock messaging app.