181 comments

[ 2.8 ms ] story [ 217 ms ] thread
Spoiler alert:

“There is no evidence that local images on a Mac have identifiers computed and uploaded to Apple’s servers when viewed in Finder windows.”

For the record I don’t believe Apple is collecting that info - having said that I think the biggest issue with Apple is that it is not possible to fully audit and determine what they collect and what they don’t. Just because they aren’t constantly sending hashes over the internet after viewing each photo in finder doesn’t mean that similar data isn’t collected at all over the many encrypted connections apple maintains with their servers and Mac computers.

It would be colossally stupid for them to betray user trust in that way as it would almost certainly come out eventually, but that doesn’t change the trust problem they ultimately do have.

It's freaking annoying that you can't use an Apple device without being connected to Apple.

There should be a law against that sort of thing, for hardware that you fully paid for.

While not specifically that, the EU's Digital Markets Act is moving things in that direction. I recommend reading the full text of the legislation, it has many gems.
You can wipe it and install Linux and use the hardware you paid for unencumbered.

So do you mean use the software you paid for? (Fair)

Or am I missing a nuance.

Edit: Or are you referring to iDevices.

Running Linux on it is not the solution, as there is no documentation. Volunteers have been reverse engineering the GPU, but they still don't know whether their assumptions are all correct.

Also, is the Linux support actually official? Considering the above, I think not. I can't vote with my wallet for a company that has no clear map for the future, for my particular usecases.

Yes, iDevices are another problem. And yes, paying for the software when you use only the hardware is a problem too.

Too many problems with this company. I honestly can't understand why so many other hackers are happy being tethered and parent-controlled by Apple.

> I honestly can't understand why so many other hackers are happy being tethered and parent-controlled by Apple.

Obviously it varies from person to person.

Some just don't care about this at all and/or don't consider it an issue.

Some are just really used to it, or invested in the platforms, and don't want to waste time moving.

Some will just find much worse experiences for their taste anywhere else.

There are likely other personas in this story, these are just off the top of my head.

I haven't used Apple in 5-8 years. I prefer to build my desktops and don't use my phone much, so Android is sufficient.

Frankly, I do not understand the disdain for Apple. They built their stack. That should be admired. Also, it's one ecosystem in the market.

Don't like it? Buy something else.

Amazing, isn't it - people love to act like if you don't buy an Apple device they will send jack booted thugs to confiscate your non-Apple tech. Sigh...
Yes, fair, thanks for the reminder.
> You can wipe it and install Linux and use the hardware you paid for unencumbered.

Not all the hardware, or at least not yet if you're on Apple Silicon.

Asahi Linux works decently well on Apple silicon Macs today.
Better than Linux on the vast majority of Windows laptops due to hardware stability and less variability.
I was responding to this:

> You can wipe it and install Linux and use the hardware you paid for unencumbered.

My point is, it works. In fact, it works fairly well. Some people use it as a daily driver.

Not all drivers are finished though, which is what I meant by "not all the hardware". By installing Asahi you are deliberately choosing to not use the GPU, not having brightness control and a few other things are missing.

With that in mind, my point stands: by installing Linux on an Apple Silicon machine, you cannot "use the hardware you paid for unencumbered."

Apple doesn’t place any restrictions on doing this, in fact they have set it all up to make install Linux as convenient as possible without directly adding drivers to Linux.

Mainline Linux can now run all the critical features of apple silicon laptops and the remaining stuff like power management is really just waiting on someone to work out what the best way to modify Linux to support it would be.

I agree, that's why I don't buy them. All of my computers are 9+ years old and run fully up to date Linux or Windows.
I’m not sure what would make you think that Windows is even in the slightest better.

In fact it is proven that not only is Microsoft deeply in bed with the whole US Government, but the amount of vulnerabilities and flaws and outright back doors that have been publicly exposed in Windows is wildly larger.

I don’t even understand this immense focus on criticizing Apple, as valid as it is, when people use Android and Windows and Google services that are all shown as clear hangar door sized vulnerabilities.

It really kind of boggles my mind. Apple is constantly being out under pressure by the government and is constantly pushing increasing security and privacy features, as imperfect as they may be, but that is in comparison to Windows and Android, folks.

I use Linux but have a barebones Windows 10 install for one stupid stressful game that doesn't work on Linux due to anticheat. I audibly groan when rebooting to Windows to play.

With that said I can still use Windows without a Microsoft account.

> With that said I can still use Windows without a Microsoft account.

Only because you are a power-user and know the magic trick to perform when installing Windows to avoid signing in with a Microsoft account.

> With that said I can still use Windows without a Microsoft account.

It sounds like you may not realize that you have never needed an Apple account (i.e. an Apple ID, which might call an "iCloud account") to use macOS. No magic tricks are required, although some Apple services will naturally not be avaiable.

Can you install homebrew without an Apple account? The last time I owned a mac (some years ago) it seemed as though I was required to have an Apple account to download the 'developer tools' required for homebrew to operate.
The CSAM thing did irreparable damage to Apple’s reputation. We foolishly trusted them as benevolent dictators of the walled garden. They demonstrated why that can’t work. Everyone is fallible, nobody deserves absolute trust.
They announced their plans, people objected and they listened. I don’t get what the problem is?
People wanted to believe they were incapable of considering or even conceiving of such a thing, so anti-thetical to the narrative they built sparring with some US law enforcement agencies...
And by "listened" you mean "postponed until people forgot", right?
The problem is that Apple considered it at all. They could have easily not listened and then we'd be stuck with no alternative. We know these things happen in secret, the fact they even suggested it publicly means that internally at least part of their leadership thinks it is ok.
Not sure why you think this only extends to Apple: https://www.microsoft.com/en-us/photodna

and I'm sure if I searched I could find the same thing for Google, Facebook and others too.

I didn't say it only extends to Apple. They differentiated themselves on privacy. That's a difficult position to hold because you can't ever make a misstep. Apple did, and they can never recover.
Can you name/link even one such backdoor?
Wow! Did you know you can run Linux on modern hardware? It's faster that way, and doesn't change the amount of telemetry reported.
Modern hardware has backdoors that can't be disabled.
Is there any proof that such potential backdoors are practical and not theoretical? Have you considered non x86 hardware. If you were made of money for example Talos II or other more reasonable priced options?
So does older hardware, nothing was gained here.
Why? They all still accomplish what I need them to.
For a given task, newer computers are more efficient than old computers. My 20 watt Intel NUC easily fills a role that I used to fill with a 200 watt surplus PC.

Whether or not an upgrade for efficiency is worth it is subjective though.

Modern hardware isn't much faster.
2023 hardware is much faster than 2014 hardware.
So much so that 2023 laptops often trounce 2014 desktops, with a fraction of the power budget and cooling capacity.

It was true that power stagnated for a long time but it's finally back on the upturn.

The Windows installer won't even proceed without an internet connection and creating a Microsoft account, how is that any better?
Maybe that changed with 11, but disconnecting all networking on setup was the easiest way to set Windows 10 up without being pestered to enter your Microsoft ID.
Current versions of Windows 11 installer require modifications (for example with RUFUS) to be able to install without internet
I don't think more government regulation for such a specific reason is a good idea. Just don't buy their products.
At some point this "voting with your wallet" argument gets ridiculous. How realistic is going through life without one of these slaveware devices? (defining slaveware as hardware or software that treats you as a slave to the corporation that made it) Most people are coerced to using it, not even knowing the difference, forcing you to use the slaveware as well.
Do you really think the general consumer knows about any technical details of the products they buy, and if they did, they would care enough to chose the less-comfortable option for no perceived gain? This almost never works, and I think you know that.
Do you really think the general consumer knows any medical details of the vaccines they buy? Should we regulate misinformation?
We regulate vaccines, don't we? If you're so opposed to government regulation, vaccines are a very strange example to bring up.

  > There should be a law against that sort of thing, for hardware that you fully paid for.
Why? That sounds like exactly the type of issue that the market will fix, by buying from a different vendor.
It seems the market isn't what you tink it is. At the same time, people also don't understand that the issue isn't what they think it is.

There is a vocal minority on most of these things:

- Powerusers and "learnt just enough to be dangerous" users complain about products not being targeted towards their wishes

- Privacy alarmists don't like what they can't control

- Commercial interests don't like having to pay for things, but do like getting paid for their own things

Technically all correct, but in practise this is nearly all in the same bucket as fastfood, sugar, air pollution etc. It's something that affects everyone, but it's much easier to deny it, ignore it, and just go with the nice, easy, comfortable, and profitable paths.

  > It seems the market isn't what you tink it is.
Then what is it?

I think that the market is an opportunity for companies to compete on features, price, service, and quality. Is that incorrect?

If Apple is not competing on features, then shouldn't the market provide an alternative company that does? Specifically, Apple requires a network connection to its servers to used basic functionality yet consumers do not like this. Other companies provide devices that do not require a network connection to its servers to used basic functionality, though possibly at a higher price (doubtful) or lower quality, or worse service. But the opportunity does exist.

I'm happy to hear where either my understanding is wrong, or where the market is failing.

Just look around you, do you see any critical mass on both the vendor or consumer side that does something the way you describe it?

Every time someone comes up with some confident theory on markets or how things should be, or how bad the things are as they currently are, they forget that the reality is 'the market' (whatever their definition happens to be at that time) did not, in fact, change due to either supply or demand.

So when you were to say "the market demands offline devices, and the big companies are failing because they don't deliver that", you're either talking about a theoretical market, or about a different market, but not about the mass consumer electronics market. Because the big companies aren't failing, and regardless of the demand, no significant portion seems to be supplied.

  > Just look around you, do you see any critical mass on both the vendor or consumer side that does something the way you describe it?
Yes, I do. I personally want a phone with a stylus. Samsung makes one. Somebody else wants a phone with a good camera - Apple and Samsung both make phones with terrific cameras. Somebody else wants a small phone. That's where Palm Phone and Unihertz fill the niche. Others want inexpensive phones, there is a flood of inexpensive Chinese phones. Others want security, or battery life, or E-ink screens. All of that is available. What segment do you feel is underserved?
You're missing your own point: none of those do what you described in your reply. I'm not talking about what is there, I'm talking about what you proposed should be there but isn't there.

> If Apple is not competing on features, then shouldn't the market provide an alternative company that does? Specifically, Apple requires a network connection to its servers to used basic functionality yet consumers do not like this.

So where is this proposed product? Where is the significant contender that satisfies all alarmists, privacy advocates and commercial interests, making this 'problem' not a problem?

There can't be conflicting truths, either we have a problem ("lack of product-market fit" or however we name it), or we don't ("market supplies products that fit").

Yes consumers have so much power against cartels /s
Then that's a failure of this particular market, not markets in general, no?

Or do you dispute that a market-based economy is the proper form for designing, selling, and buying goods and services?

Consumer choice doesn't work to affect shit.

For example many people want smaller phones. However manufacturers all decided to make them bigger instead.

To function in society I need a phone, so I either buy one that needs 2 hands to be operated or be an outcast and have major problems having a normal life with no access to banking, communication and so on.

What's wrong with the Unihertz Atom, or the Palm Phone for that matter? They are both solid devices. They're not Samsung or Apple, but that's the point. The large manufacturers decided that you are not their target market, so stop buying from them. There exist smaller manufacturers that supply what you want.
> There should be a law against that sort of thing, for hardware that you fully paid for.

So, if Apple were to say you didn’t fully pay for the hardware, it would be OK?

You can. It's just if you do disconnect from Apple entirely, then certain features like Visual Lookups break - unsurprisingly.

Not sure why there is this persistent myth that you can only use Apple tech if "connected" to Apple.

> It would be colossally stupid for them to betray user trust in that way

Yes. Unless, of course somebody is pointing a gun to their heads and forcing them, like the US government was already caught doing to other companies.

Interesting. Do you have any more info I could read regarding that.
Ever heard about the CLOUD Act? Or the PATRIOT Act?
I can think of lots of examples where the US gov secretly forced companies to hand over data they were already collecting, but not really any situations where the gov secretly forced companies to start collecting data they weren’t already. Are there examples of the second?
"For the record I don't believe Apple is collecting that info - having said that I think the biggest issue with Apple is that it is not possible to fully audit and determine what they collect and what they don't."

This begs the question why is it not possible. I monitor the traffic on the computers I own which means I have sometimes to decrypt traffic from applications and then re-encryot before sending from the loopback to the local network I own and then over the wire onto "the internet". I like to know what data applications are sending or trying to send. I like to have control over it. That's not unreasonable in the slightest.

Yet, in the "tech" company model of computer network use, the computer owner is discouraged, e.g., scary browser warnings, SSL errors, connection failures, etc., from placing any trust in themselves. Instead it advocates, if not effectvely mandates, placing trust (and fees, i.e., for "domain names") in some other entity, e.g., Apple, other "Certificate Authorities", etc. The mere act of questioning this model is often attacked by "tech" workers commenting online. Watch it happen in the replies.

Under this model, it is as if the the computer and local network owner does not also own the traffic. Who owns the computer. Who owns the local network. Who own the data. Who should be allowed to view it and control it. If anything, one would think the computer and network owner should be allowed to prevent any third party, including Apple, if they so choose, from initiating remote connections and sending data from the computer owner's computer.

Even after purchase Apple believes it is entitled to collect data from someone else's computer, over someone else's network. And it also believes no computer purchaser ever has an interest in seeing what data is being collected, by monitoring the traffic, let alone an interest in preventing these connections. There is no option provided to globally disable all phoning home to Apple, to indicate "No, thank you."

It was not always like this, folks. I owned older Apple computers that never made such assumptions. The computer belonged to the purchaser. Generally, firewalls were not used to block software pre-installed on the computer by Apple. The so-called "tech industry" has moved the needle and tried to normalise what is IMHO an entirely different scenario.

> I like to know what data applications are sending or trying to send

Good luck with that. Unless you are running a Commodore 64 it is unlikely that a single person can understand, inspect and make decisions on modern operating systems or even individual applications.

There was a small window in which you had the option to use your computer as a 'digital typewriter' and 'sometimes send a fax', but expected and supplied functionality this day and age relies on many small components being heavily interconnected, much in the same way that social circles are interconnected, social networks (the digital variant) are based on critical mass (not technical prowess, legal status or privacy) and the amount of people that have narrow/well-defined use cases for their computers are at an all-time low making them less and less significant to cater to.

If you had a Apple computer with 10.3 or newer, this was the norm. If you had macOS 9 with iTools, it was the norm as well (for a bit until it got dropped in favour of MobileMe).

The old times weren't better, just different (and much less feature-rich). Great for a few power users, bad for everyone else.

Eh… it depends on what you think is good and bad. It’s not clear to me that surveillance capitalism will be a long term good. Gadgets and social media are fun, but digital feudalism will be (is?) a lot less fun and rewarding.
No, it doesn't. The case here is "buy a consumer device, get consumer results". If you were to expect different results, that doesn't mean that the world is wrong, it means that you bought something you didn't want.
> Good luck with that. Unless you are running a Commodore 64 it is unlikely that a single person can understand, inspect and make decisions on modern operating systems or even individual applications.

This is defeatist, and ignores the second-order advantages of Free and Open Source software. You don't need a Commodore 64, you need a decent GNU/Linux distro.

In practice, it's far less common for FOSS to contain code that works against the user's interests, as the vendor/developer has no veil of ambiguity and no deniability. Only one person needs to find the troublesome code, and they can make the rest of us aware. Everyone knows this, so FOSS malware is rarely released in the first place.

FOSS isn't a silver bullet (see Firefox's telemetry) but it's not the case that there's nothing you can do but use user-hostile proprietary software for everything.

> This is defeatist, and ignores the second-order advantages of Free and Open Source software.

That's both a gross misrepresentation of what I wrote, and completely wrong too. It doesn't matter how open your software sources are if you run it on closed hardware. And unless you go back to ancient hardware, it will be closed enough that you do not get what you think you are getting.

At the same time, it's also just realistic: if you buy something that is made to cater to a market segment that expects a lot of complex systems to appear to work together in a seamless way, supporting many features requiring many thousands of top-tier engineers to build and maintain for many years, then you, a solo user, are not likely to be able to contain the same amount of knowledge and time to see every detail and component of such a system. So no, the product, the context and biology will not allow you to contain such a system in a single mind.

Same goes for what you call user-hostile. If you ask a user which OS is more user-hostile out of a list that contains any Linux-distribution, but also Windows and macOS, it doesn't matter what is technically measures, what matters is that the user will call out that Linux distribution for being user-hostile. Again, it's not about wat is technically possible, what has been done, or what some individual does for themselves, it's about the giant user base that the commercial giants are targeting with their products.

As for telemetry: just because alarmists alarm about it all day long doesn't mean it's universally bad. What is bad is going it for user profiling and not telling about it, but if I need to know how my software is performing, I know ahead of time that asking my user base is a waste of time. Either I'll need automated reporting of things like crashes, performance measurements and spindumps, or I can't do much to make the software better. There are too many configurations and situations out there to realistically cover using some imagination and testing. Even on Debian, popcon is super useful, and people who complain about their stuff not making it on disk 1 are usually also the ones not submitting. You get what you pay for, and if you don't supply how you use the product, chances are you're not going to get an improvement you like. That is a choice to make, but removing it completely "because telemetry bad" is kinda dumb.

> It doesn't matter how open your software sources are if you run it on closed hardware.

It matters a great deal. This thread is about the behaviour of Finder, a proprietary software application.

More broadly, while it's true that most modern hardware prevents the user from having full control, it's also the case that much is won by using only Free and Open Source software.

(Last year the FSF got their servers onto fully Free Software BIOS software, but this took considerable effort as well as the use of hardware from 2012. [0])

> So no, the product, the context and biology will not allow you to contain such a system in a single mind.

Agreed, but while a total understanding of the system is one way to achieve confidence that it isn't built to work against your interests, it isn't the only way.

> If you ask a user which OS is more user-hostile out of a list that contains any Linux-distribution, but also Windows and macOS, it doesn't matter what is technically measures, what matters is that the user will call out that Linux distribution for being user-hostile.

Again this is defeatism. Free Software desktop operating systems have some usability issues, but in my experience they're much more approachable than many people seem to think. This is especially true now that a web browser is enough to enable most of what desktop computers are used for. It's not as if the non-Free operating systems are perfect either.

FOSS operating systems aren't in such a good place on mobile as they are on desktop and server, unfortunately.

> As for telemetry: just because alarmists alarm about it all day long doesn't mean it's universally bad. What is bad is going it for user profiling and not telling about it

Yes, I don't think anyone disagrees. HackerNews folks give Firefox a hard time over its telemetry precisely because the user isn't given a choice. They aren't even told it's going to happen, as I recall. It's particularly grating considering Mozilla's self-promotion as being uniquely pro-user.

> You get what you pay for

In terms of spying on their users, Debian is far better behaved than Microsoft, despite that Debian's offering is available free of charge and Microsoft's is not.

[0] https://www.fsf.org/blogs/sysadmin/closing-in-on-fully-free-...

> Good luck with that

A couple years ago I was able to intercept every connection on an Android with a mirrored switch port and Wireshark+ a root certificate. We shouldn’t be discouraging people from controlling their own machines. Certificate pinning might be trickier, I haven’t played with it yet.

It's not a case of what is technically possible, it's a case of swimming against the current while you could also choose to swim somewhere else. If you choose something that is not what you want, and you also accept that the world isn't static, but is constantly moving and due to the way it is interconnected you have to keep up at least a little bit, you will be unhappy no matter how hard you try to turn the thing you didn't want into something you did want.

It might make much more sense to just get the thing you wanted in the first place, right?

> you could also choose to swim somewhere else

Agreed, we have to pick our battles. Personally I pick this one. We should exercise as much control as technically possible over these devices that are intimately linked to every aspect of our lives.

>Even after purchase Apple believes it is entitled to collect data from someone else's computer, over someone else's network.

They are collecting data on how their software in used. Also this article is talking about a visual search feature that uses Apple's servers to search for things in your images. Apple is just as much entitiled to do this as a multiplayer game connecting to game servers. You choose to use the software and you choose to permit it onto your network.

>e.g., scary browser warnings, SSL errors, connection failures, etc., from placing any trust in themselves

These tech companies are trying to improve the security of their ecosystem. TLS is paramount in them modern world to protect people from MitM attacks.

It may be disingenuous to claim that Apple only seeks to know how purchasers of their computers are using them.

The first reason is that Apple does not ask purchasers for permission to do this surveillance. It just makes it a default.

The second reason is that if purchasers applied the same standard to Apple, it is unilkely Apple would agree to such surveillance of its own computers.

Imagine hypotethically that purchasers shared data with Apple but every time Apple used the data, Apple computers would automatically make outbound connections from Apple's computers, over Apple's internal local network, through Apple's firewalls, over the internet, to purchasers computers so the purchasers could "understand how Apple was using their data".

Imagine further that Apple had no control over these connections, and that Apple was not allowed to "MiTM" the outbound connections made from Apple's computers to purchasers' computers to see what data/information was being sent.

What if purchasers argued that by using TLS certificates they controlled they were "only trying to protect the security of their ecosystem", e.g., the collection of entities with whom they share data. What if purchasers argued they were only trying to protect Apple against "MiTM attacks"^1 where, e.g., a third party might learn about Apple's activities, namely how Apple uses the data Apple gathers from Apple computer purchasers.

The point is that Apple might have concerns about others, including its hardware customers, knowing when and how it is using its own computers. Similarly, purchasers might have concerns about others, including Apple, knowing when and how how they are using their own computers.

1. "Tech" companies, acting as intermediaries, will claim they are using TLS to protect web users from third parties, the "MiTM", but curiously the "MiTM" never includes the "tech" companies themselves. In practice the "MiTM" actually includes the web user. WTF. In response to a web user who does not portray himself as a "developer" nor a "security researcher"^2 stating they wish to "MiTM" their own connections, a "tech" worker commenting in response might be dismissive.

2. https://www.bounteous.com/insights/2016/11/17/using-charles-...

Sort of, but this article seems to be specifically a response to a recent blog post that said that the answer was "Yes": https://sneak.berlin/20230115/macos-scans-your-local-files-n...
Thank you. I much prefer Sneaks stance on Apple than eclectic light's. Both post enough useful public information to remind people that Apple are not as different to other giants in underhand software tech shenanigans. Eclectic often make us aware of Apple updating software without permission, which is bad enough, and commonly known on this forum. But Sneak will present reasons why Apple users should not become complacent, and for that I am grateful.
The problem is that Sneak tends towards conspiratorial thinking so you need to read posts through the lens of separating what’s factually established from what hypothetically could be done in the future.
I do, as everyone should, filter. I find his writing straightforward, moreso than the twisted language of an average Apple 'event'. Conspiratorial may sound sensational to some, but saying one thing and doing another is apt and proportional for walled garden tech. It's a wide net cast. That's all.
I mentioned it mostly because their posts have enough reach that I not uncommonly see people repeating the hypotheticals as if they’d been verified.
Caveat:

"Images viewed in apps supporting VLU have neural hashes computed, and those are uploaded to Apple’s servers to perform look up and return its results to the user, as previously detailed[1]." (but not for CASM reasons)

1. https://eclecticlight.co/2022/03/25/how-visual-look-up-works...

A bit hard to believe that VLU's NeuralHashes aren't also passed through CSAM detection, when NeuralHashes were first announced to the world in the context of CSAM detection: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...

That said, to reiterate the OP, there's no evidence that VLU executes when using Finder or QuickLook alone.

Are you sure? Because in a prior article on the same source your parent linked it would appear that it is being used with QuickLook[0].

"While VLU is taking place, the image being looked up is opened in the floating window of a QuickLook preview."

[0]https://eclecticlight.co/2022/03/23/how-visual-look-up-works...

Hmm, there is some ambiguity in the author's writing style. I interpreted what you quoted above as "if you are in Safari.app or Preview.app and activate VLU explicitly, it displays the image in a QuickLook window." The author does say in https://eclecticlight.co/2023/01/18/is-apple-checking-images... that:

> Although the original description given was ‘Finder browsing’, for some that might include the display of images as QuickLook Previews, by selecting the image and pressing the Spacebar... [The process triggered from this] is consistent with the briefer task used in Live Text, and quite different from VLU. There is thus no evidence of the generation of neural hashes or any search query by PegasusKit typical of the later stages of VLU...

> Local images that are viewed in QuickLook Preview undergo normal analysis for Live Text, and text recognition where possible, but that doesn’t generate identifiers that could be uploaded to Apple’s servers.

Understood. My own personal take-away, is that even with all the digging those folks have done it is not possible to know what Apple is actually doing. Which kind of reinforces your original point in the comment that I was responding to.
In the comments on the main article, the author says:

>It’s perhaps worth pointing out here that VLU is nothing like Apple’s proposals for CSAM recognition. The neural hashes used to look up images in VLU are ‘low resolution’. They’re good for distinguishing specific images of paintings, breeds of dog and cat, and so on. But – as you can read in my detailed account of the proposed method – they fall far short of what would have been required to detect CSAM. Another big difference is that initial CSAM detection was intended to be performed locally, using a database of ‘positive’ neural hashes stored locally. Apple recognised that looking them up online wasn’t feasible, but that’s exactly what VLU does, because it works differently, with a much larger database and forming less robust and more inaccurate matches. So VLU ≠ CSAM detection, not by a long way.

I'm still not super sure it couldn't be misused, though. A tool that is good enough to be able to reliably detect things like dog breeds (as the author also points out) seems like it should reliably enough also do things like detect drug paraphernalia, pictures of tankman, banned religious symbols, or whatever thing that people were more worried about being oppressed by a potentially authoritarian government. That's also why it seems, to me, like the more worrying vector for an authoritarian government to force abuse wasn't the higher resolution neural hashes matched against known images but the ML labeling of images for searchability.

I don't know how someone can make such a detailed analysis and apparently not understand the limitations of the same analysis. How can such a broad statement be posted otherwise?

There could be all sorts of explanations why a connection might not have shown up in their analysis, rate limiting, batch upload, regional settings. It would have been much better to say: "in my tests I could observe any evidence..." or something similar.

The phrase 'there is no evidence' can be interpreted in two ways, one being that it is highly likely but unproven, and the other being that it has been disproven and should not be believed.

I'm afraid we are still in the first version territory given what we know about big tech and Apple's recent behaviour.

This ignores the possibility that the scan results could be collected and uploaded at a later time, possibly obfuscated within the payload of some other benign process. I fully accept that the sum of engineering and thought by Apple is much smarter than either myself or the average security researcher, and in an adversarial situation such as this, it's far from an impossible scenario. Ultimately, with a closed source OS, we will never really know more than what Apple wants us to know.
> scan results could be collected and uploaded at a later time

The images could also be analyzed and uploaded by software installed remotely on your computer overnight. If you actually consider yourself to be in an "adversarial" relationship with Apple you should not use their products -- they have uncountable opportunities to attack you.

(comment deleted)
Isn’t that “possible” for any computer or device connected to the internet?

I feel like “possible” is doing a lot of work here that applies everywhere.

It's wild that you need a firewall just to stop OS features from phoning home every file you preview on your computer.
Or just turn off "Siri Suggestions" in System Settings as stated in the article.
I'd probably stick with the firewall just to be safe, thorough, and future-proofed...
Well... macOS is hardly the worst IoT offender. Roku is unbelievable. ;) Many good reasons to set up a Pi-Hole...
Apple allows itself to bypass the OS firewall so you will need something at the network level.
.. on every single network you connect your computer to.

Maybe there is such a thing as a portable battery powered wireless travel router with proper firewall rules, that can also do VPN etc. Must admit that's something I never looked into.

You’d need a network level firewall for that - the OS can circumvent any firewall you run on your computer. That would imply that you’re unprotected once you leave your home network. The firewall would also need to inspect all network traffic, including TLS secured connections.
(comment deleted)
Using a firewall to protect your privacy from the company that designed the hardware and wrote the software for your computer is kind of like putting on a raincoat before going swimming.
Why do they deserve any trust when they're phoning home?
The person you are replying to is saying that at some level you have to trust someone and “open source” is not the answer.

There have been plenty of latent bugs in Linux that took years to discover that could have led to information extraction

"Every platform has RVEs eventually" is a pretty lazy answer.

The answer is to stop normalizing telemetry and data exfiltration even if it's 'the good guys' doing it. It's not your "cloud" therefore it's not your data.

So if you are not going to trust anyone are you going to stop using computers?
No. Just don't use "cloud" "services" like this or LassPass.
No, that's not what I'm saying. I think it's conceivable that with a great deal of effort you could build an open source system that is highly trustworthy. What I'm saying is that the gradient between "highly trustworthy" and "untrustworthy" is extremely steep.

To use another analogy, someone using a firewall to keep a MacBook from phoning home is like a person who invests in a really high-quality lock on their jewelry box to keep their housecleaner from stealing from them.

How much “effort” do you think it would take to build a system that is completely open source down to the firmware?
Why do you have any less trust for what they're doing with your data on their servers versus what they can already do with it on yours? If you don't trust them to have access to your data, you should not use their hardware and you should not use their software.
I believe the firewall is not supposed to be protection against Apple doing an attack on you, but against them collecting data because you forgot to change some setting to opt out somewhere.
You actually have to opt in to this, but most people do because they don't care or understand what it is they are doing. In some cases, data shared features have to be re-opted-in during major OS upgrades (maybe because the processes that process the data are divided differently or using different API endpoints.. who knows).
If you don't trust Apple with your data, a firewall will not protect you. They can collect data at any time and have many options for extracting it from your computer. A firewall will only really help with "above the table" behavior.
That's what I said.
What if an auto update adds something similar new, and defaulted on like this one was?
Just replaced my router with OPNsense and starting to get some sense for all the egress traffic.
Simple instructions how to do this?
I recommend browsing the install guide here to get an idea of how opnsense works: https://docs.opnsense.org/manual/hardware.html

You'll need to make a few choices and gather some details before you can start. First of all, hardware:

Simplest, but most expensive: buy an opnsense device that comes preloaded with the right software

Cheaper, but still not too hard: buy one of those aliexpress routers that are supported by opnsense

Harder, less efficient, and requires the right hardware: find an old computer that's supported enough by FreeBSD, chuck in a few ethernet cards supported by FreeBSD, and install opnsense.

Installing opnsense and setting it up as a basic ethernet to ethernet router is relatively straightforward. You can run it from a flash drive if you want, but a small SSD won't wear out as far if you enable logs and such (16GiB will be far more than enough for an install without additional packages!).

If you're planning on replacing your ISP router, you'll need to find the documentation your ISP or random forum users provide for connecting. If you have a separate modem you may need to find PPPoE credentials somewhere, or you may just be able to use basic DHCP to get it to work.

If you don't have a separate modem, your best bet is to put your router+modem into bridge mode; that will often be enough to get the basics up and running. If your ISP doesn't provide such a mode, you may use addin cards to get the right connector into your system (RJ11/fiber/whatever) but you'll need to find devices with FreeBSD support so I would use this as a last resort.

Also of note: many opnsense solutions don't include great WiFi. You can likely reuse the ISP modem as a wireless access point, but if you can't, consider investing in a separate access point to keep your WiFi coverage.

The kind of hardware you need will depend on your wishes. If you just want a router with some customisable routes and if you don't have fiber Internet, chances are a cheap aliexpress box will be more than enough to get you going. If your Internet connection is faster than 100 or 200mbps, you should check the ratings (and be sceptical of the price). If you also intend to go full deep packet inspection/security monitoring/etc, you will likely need desktop class hardware with plenty of RAM, CPU horsepower and storage. If you're really going high-end, a server chassis may also work.

For simple routing, small router boxes are often way more energy efficient than full desktop power supplies because of hardware accelerated routing supported on some chipsets. I personally run a full desktop as a router(+server etc) and it works quite well, but it eats at least 10 times the energy a small router should need.

Lastly, if you're planning on running a home lab already, you may be able to virtualise opnsense if you add (a) dedicated network card(s) forwarded to the VM. Setup sill be a bit trickier, but it can save on costs if you're planning on buying them together.

This is so helpful thank you. I'm assuming opnsense competes with OpenWRT? What are the pros and cons?
I believe OpenWRT is intended as alternative firmware for your average off-the-shelf router, whereas pfSense/OPNSense are more intended as enterprise firewalls/network appliances. Take a look at the official OPNsense store (https://shop.opnsense.com/) to get an idea about the types of devices and customers this tool is oriented at.

Most OPNSense hardware is likely to be more powerful than your average OpenWRT router. OpenWRT can use a variety of interfaces and has many packages you can install, but the UI is less well-integrated with tools like intrusion detection and network traffic analysis. OpenWRT is supposed to be flashed to devices with 16MB (or less) of storage whereas OPNsense can take advantage of much larger install disks.

On a technical level: OpenWRT is Linux-based, OPNSense is FreeBSD-based. This has an impact on hardware and software support, though I've rarely seen people running into software limitations with OPNSense.

In terms of pros and cons:

- Personally, I much prefer the OPNsense GUI over the OpenWRT one.

- OPNsense comes with way more software out of the box; whether you need all that is an entirely different question, though.

- OpenWRT often runs on routers you may already own

- OpenWRT is generally easier to set up and use. It's comparable to an advanced stock router UI.

- Because OpenWRT is built around WiFi-routers rather than security appliances, OpenWRT is much better for managing things like WiFi

- OpenWRT is Linux-based so it potentially has much better WireGuard support. OPNsense can also host a WireGuard server, but the WireGuard protocol was originally developed around the Linux kernel implementation. OpenVPN and IPsec+L2TP are supported in both.

- OPNsense has some very useful traffic shaping tools in the GUI for things like limiting the throughput of a guest network, though that will take some know-how to set up.

- OPNsense provides enterprise features in the web GUI like failovers and multi-WAN that require editing config files over SSH and installing packages on OpenWRT.

- OpenWRT does some quality-of-life tricks for you. For example, port forwarding is a lot easier on OpenWRT than it is on OPNsense as the necessary firewall rules are all generated for you, whereas in OPNsense you may need to add separate firewall and NAT rules depending on your setup. The learning curve for OPNsense is much steeper, however it allows more flexibility in its web UI than OpenWRT (you can pretty much get the same features through SSH on either platform, though)

- If you intend to run this stuff for a business, OPNsense has business support available whereas OpenWRT runs most off of community support. You can pay external parties to help you with OpenWRT of course, but there is no direct support contract available as far as I'm aware.

If you want to add more features to your already-owned router, I would recommend OpenWRT. If you want to drill down and experiment with networking, I would recommend OPNsense.

You can see the difference for yourself if you set up a couple of VMs. For example, set up two small Linux/Windows VMs and a router VM, attach the router VM to both your own network as well as a virtual network, and then attach the two Linux VMs to that virtual network as well. You've then basically virtualised your network and can experiment with settings, firewall rules, port forwards, whatever you need. Both OpenWRT and OPNsense can be run as virtual machines (https://www.sunnyvalley.io/docs/network-security-tutorials/h..., https://openwrt.org/docs/guide-user/virtualization/virtualbo...).

You won't be able to test support...

You already got some good answers. For me, the most inconvenient part of the transition was that I had to replace one device (a FritzBox 7590) with four devices: DrayTek DSL Modem, Protectli Hardware Firewall [1] with OPNsense, a 5-Port Netgear Switch, and a BrosTrend Wifi Plug (altogether, 21 Watts instead of only 10).

Regarding the Hardware Part: Instead of the Protectli, I would recommend looking into the Pc engines APU4d4 (or similar) [2], I had very good experiences with the predecessors of this board.

The OPNsense configuration is really not that difficult, it is possible to start slowly with the defaults and extend. I already had experiences from running pfSense for 5 years on another site.

[1]: protectli.com

[2]: e.g. dynfi.com/en/appliances/dynfi-apu4d4/

Right. Because preventing the computer from talking to Apple where it finds out if there are updates or new malware definitions in addition to the documented thing it’s doing is a much better option than turning off the option in settings.
Yes, firewalls often prevent this from happening, waiting to read about some new setting on HN does not. Firewalls also aren’t going to block legitimate traffic unless they’re badly configured.
You have to think about the problem in context: if abuse were happening, which to be clear is not true, you couldn’t trust a computer made by the company running the program you disagree with. They control the software stack and network endpoints, so they could exempt their own services from the local firewall and avoid a network firewall by using something like their network update service to receive queries.
Right. They make the hardware (including CPU), the OS (and firmware), and there is a decent chance they make the app you’re using like Preview.

Apple is the keys to the kingdom. They have full access to your decrypted data because they encrypt/decrypt it for you.

If you don’t trust them to not go behind your back this is the least of your concerns.

I’d also add that this is an area where we’re predisposed to think of technical solutions but it seems more appropriate for a regulatory one: trusting Apple is not a bad idea for a lot of people (just a single party for many things) but a robust public audit would make that easier. Unfortunately if your threat model includes the U.S. government you’re basically hoping that the EU is willing to apply pressure.
I recognize the author’s use of Scapple for the flowchart diagram. One of my favorite visual mapping apps appropriated from the writing, not techie, community.
I read that as some creative way to use Scrapple for diagrams and went to check out what it was. Imagine my disappointment that it was just some poorly named software and not actually diagrams made from scrapple

https://en.m.wikipedia.org/wiki/Scrapple

Yup, it’s Scapple unlike Scrapple. A strange word without history. Let me add a plug for them (Literature and Latte): https://www.literatureandlatte.com/scapple/overview

They also have another amazing app called Scrivener, made for writers and novelists, but can hold its own against other note-taking apps.

Probably untrue but the general trend of Apple throwing in the towel on privacy has made me start seriously thinking about the logistics of moving away from macOS in the near future. I know it's going to be super unpleasant because I've been a 20+ year macOS snob and it's an integral part of how I get any work done. Making a reluctant change is so difficult. I almost hope Apple makes some terribly egregious changes to macOS that will make it easier for me to cut it loose and move on.
(comment deleted)
I've unplugged as much as I can from both Windows and MacOS. I still have to carry a Mac because of Xcode (and mobile development), Affinity (for design) and from time to time, MS Office (usually to deal with some ancient VBA code). The daily driver is just an LG Gram with Kubuntu, and here's the difference:

Command line: Linux wins by a mile. GNU gettext has better tab completion (i.e. it will complete parameters and paths). If you work with Linux servers, it's nice to have the same directory structure... and while brew is nothing short of amazing, package management on Linux (deb, rpm, pacman, etc...) is still the best.

Design: A lot of tools have moved to the cloud (i.e. Figma and Canva are getting better) but pro grade design software like Affinity Designer (or Adobe stuff) is still the best, especially if print shops are involved. If Serif ports Affinity to Linux, I will buy it for every machine at my company just to say thanks.

Video: Davinci and OSB run extremely well on Linux so life is good :-)

Development: Honestly everything is better on Linux... but no Xcode, which is required to distribute to the App Store. Xcode is a nice IDE, but most of the work I do is in JetBrains IDE (GoLand, PyCharm, WebStorm... and occasionally C Lion).

On the hardware front, Apple still makes great hardware, but some of the PC manufacturers are making great machines, too (LG, Lenovo, Dell). I'm particularly happy with LG's Gram 17" which has a giant screen and is an ounce or so heavier than a 13" MacBook Air. The M1 and M2 are fast, but a modern i7 or better is plenty fast and you can get one with 32GB for cheap.

Baby steps... maybe start with dual booting, or a VM, over time you get more and more comfortable as you find the bits you need on Linux or whatever.

You will probably never find a replacement for everything, but eventually you get to a threshold where the "Apple Hates Me" vibes > "Not quite everything I want", then you have somewhere to go when you flip the table... You will probably still hate it initially, but the nice thing is that you can work on it, making it into what you want, and unlike with Apple or MS you can make progress... it will stay how you put it, because the authors of the software are not working against you. i.e it gets more comfortable over time, and less of a battle over time.

Admittedly how easy this is, is highly subjective, e.g if you are a media person then it's going to be painful whatever platform you head to (although I hear audio and video editing alternatives are getting better).

Let's face facts, leaving macOS because of Apple's privacy policies is like moving to Canada because Trump was elected in 2016: lots of people will threaten it, few will actually do it. The state of the only realistic alternatives (Linux, BSD, etc.) desktop-wise is so woeful that people will put up with whatever Apple does. Otherwise, Apple wouldn't do it.
And moving to Canada is a terrible decision owing to how mediocre that place is compared to the US.
Moving away from your family, friends, and professional connections; the expense and hassle of the actual physical move; dealing with customs, immigration requirements, employment sponsorships, etc. in a new country; etc. may in fact be too expensive and unpleasant an undertaking for many cosmopolitan American liberals to countenance, irrespective of how nice Canada itself is.
(comment deleted)
Does anyone have a list of Apple urls that we can block via something like pi hole?

On a side note, I'm actively evaluating options to replace my aging MacBook. Anyone have a System76 laptop?

If you're looking for a Linux laptop specifically, take a look at StarLabs.

https://us.starlabs.systems/

How’s the build quality?
I have StarLite and I like it. One of the reasons why I got it was because System76 stuff seemed to have more complaints on average, although it's hard to say to what extent this is the consequence of them being the more well-known brand.

Star Labs also has considerable lead time for new orders - assume a few months.

It's refreshing to see someone actually take the time to do some proper analysis on this, rather than simply assuming that Apple are up to no good and getting angry about it based on nothing. Nice work by the author, and a well-explained writeup.
A great rebuttal and investigation into a topic that was raised by a shallow alarmist last week.
It's beginning to look like it wasn't a great move to become so dependent on so much closed source software. "It's open source" they cry. Yeah, system level stuff, just with some closed-source barnacles attached that do god knows what, stealthily, unaccountably, and yet brazen to a terrifying degree. "Trust us". Hmmm.
Broadly speaking, if something is closed source and connected, it phones home. Whether it can collect sensitive private data about the user is just a matter of when. The sooner common users realize that, the safer they can be in the future. Unfortunately, spying on users is a well paid business, therefore even without involving 3 letter government agencies and/or conspiracy theories, we should expect every hardware/software manufacturer to attempt to profit from that, if not because pretty much everyone else in the field is doing the same already.
(comment deleted)
I suppose you should do it the other way round: there is a rumour, you see if it is true rather than assuming it is true and try to find evidence if it is true.
What if there's no way to find out if it's true?
Then assume it is true when making security decisions, but don't pretend it is true when talking about it in discussions. (imo.)
If apples not building an AI behind each of their users, sell your stock now.
If you upload your data to a server that server’s owners can do whatever they want with it. How do people still not get this?
This article is not about people uploading data to a server intentionally, so I don't see the connection. Who are the people who 'still don't get this'?
Distinguish between choosing to upload your data to a server vs. working with data on your local hard drive without air-gapping your computer first.
What’s there to distinguish? You’re knowingly using a program that openly advertises that it uploads your data.
Apple isn't creating neural hashes for CSAM detection, as they'd have to be in possession of source material to create them, so they're getting them from someone else. Since it's indistinguishable in it's hash form, when the supplier becomes interested in looking for something else, nobody will ever know.
>so they're getting them from someone else

Is there any evidence they even do neural hash CSAM detection?

Do not let Apple off the hook. This must be removed.

This functionality will be used in other global jurisdictions to clamp down on freedom. In a world where we cede more control and increasingly subjugate ourselves, it's only a matter of time before it's used against us too.

Say no to monitoring.

So the thing the article concludes isn’t being done, must be removed?
Maybe that's the case. We should be vigilant and treat the concern with utmost seriousness.

Once upon a time, Apple announced they would do this. We can't ever let them.

The article concludes that there isn't evidence it's being done -- which is different.

Apple should not be trusted without evidence. We should be able to verify what our devices are sending to Apple, Google and others.

But they aren’t monitoring. And a hash doesn’t help you monitor unless you’ve got a hash of another image like CSAM. And you can turn this off if you want.

Honestly I know everyone thinks that everything is a slippery slope to death camps. But sometimes it’s just a cool helpful feature.

The suppliers are well documented and it takes two suppliers agreeing on the same neural hash.

So, when the US center for missing and exploited children decides to collide with the Japanese equivalent to detect IDK what, yea, you wouldn’t know. Assuming those agencies don’t operate with transparency.

Requiring two suppliers to agree is simply the current policy. I think the GPs concern is that Apple's policies can change without warning or notice. That seems like a pretty valid concern to me, which Apple has zero interesting in mollifying.
> Basing claims on the inference that two events might be connected, without understanding the nature of either, is reckless if not malicious.

It can easily happen, though. I did it yesterday, with a bank, concerning a credit card number that had been purloined. It was unwise, and reckless, and I ended up owning it, and apologizing (plus, I learned about a trigger that I need to watch out for).

That said, just because something "easily happens," does not make it OK. We can "easily" get homicidally angry, and it would be A Bad Thing, if we acted on our impulses.

A mark of my personal maturity, is grounding these impulses, before they make it to the outside. When I fail (like yesterday), I get embarrassed.

Maybe today. What does it matter when apple can change their policy anytime the feel like it? Maybe they can dynamically turn things on and off.
(comment deleted)
After CSAM case I lost trust on any big corporation, the trend for digital control and spying is publicly announced by governments. The global planners in Davos are saying it clearly.

So, when the option to run Little Snitch is removed from the macOS, this platform will die for me.

I had a hard gripe with Apple since 2015, sadly the UX design team needed to work with Sketch. After CSAM, all developers in the office use Manjaro. We use macs only for the design related workflows.

Nowadays, we are lucky that Figma is working in the browser and the switch for the designers will be less hard.

On a smartphone front, I reduced my usage to banking apps and phone calls. If I have to take a photo, I use a camera, RX100 or Leica with real lens.

> Nowadays, we are lucky that Figma is working in the browser and the switch for the designers will be less hard

How is storing all your files in the cloud a solution to worries about local image scanning?

1. Work related files. 2. Collaboration process. 3. There is no alternative for Figma at the moment. 4. Penpot.app is something to look for. They are open source and have an option to run the software on your own cloud/server. But they are not the industry standard, and the tool is without the extensive plugin community of Figma.
I see a lot of people talking about firewalling in this thread...

Apple owns the whole IP range 17.X.X.X, so you can just put the below line in /etc/pf.conf to block all talk with those IPs

block drop from any to 17.0.0.0/8

Also for an additional layer of protection, you can add these domains to the hosts file:

https://gitlab.com/intr0/AppleBlock/-/blob/master/AppleBlock...

Also I see a lot of people trying to defend apple in this thread. Imo life is too short to defend a corporation this large (unless you have a financial incentive to maintain trust in it, obviously)