Apple 'poisoned the well' for client-side CSAM scanning, says former Facebook security chi...

2»

Comments

  • Reply 21 of 25
    auxio said:

    The argument is that, if you had no problem working for a company which scans everything people upload to them to build an advertising profile, how can you now speak out against Apple doing a very limited version of that when you're uploading to them?  Simply because it's happening on-device rather than server side?  Uh yeah, that's because it's the only way to maintain end-to-end data encryption.  If they had to generate the image hashes server side, it would mean you'd have to upload your photos unencrypted (or encrypted in a way which allows Apple to decrypt them).
    Given that he's a former employee, and the nature of that employment, I find it entirely plausible that he did have a problem, thus his departure.
    muthuk_vanalingamapple_badger
  • Reply 22 of 25
    mattinozmattinoz Posts: 2,280member
    rcfa said:
    mr lizard said:
    “The implementation of the technology itself has left Stamos puzzled. He cites that the on-device CSAM scanning isn't necessary unless it is in preparation for end-to-end encryption of iCloud backups. ”

    Bingo. 
    Not sure why he’s saying that. On-device scanning gives users a fuzzy feeling of privacy (“I have nothing to hide, but no data leaves my device”) and saves Apple server side infrastructure for scanning large volumes of data across a massive cloud infrastructure. Instead they just have to deal with a (hopefully rather small) number of alerts.

    So even without E2E this makes sense.
    If Apple do everything of “value add” on device they can treat server side as just a dumb box of bytes. Encrypted or not but might as well be. 

    They don’t need to worry about middle men or programmers for anyone else’s hardware but their own. Other can worry about best way to move and stash bytes Apple just uses the combined power the devices they have been paid for. 

    Yes not sure he made a case for poisoning the well. 
    scstrrf
  • Reply 23 of 25
    auxio said:
    auxio said:
    lkrupp said:
    Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms.
    I was just about to say the same thing.  If people are outraged about CSAM scanning, they surely know about Facebook scanning everything (and not just hashes).  A former Facebook employee weighing in on it?  That's a joke right?
    I'm not tracking the argument here. If anything, an ex-Facebook security chief would be more credible on this subject for the reasons you and others are stating, for the same reason the government uses embedded informants. They know what they're talking about. 
    The argument is that, if you had no problem working for a company which scans everything people upload to them to build an advertising profile, how can you now speak out against Apple doing a very limited version of that when you're uploading to them?  Simply because it's happening on-device rather than server side?  Uh yeah, that's because it's the only way to maintain end-to-end data encryption.  If they had to generate the image hashes server side, it would mean you'd have to upload your photos unencrypted (or encrypted in a way which allows Apple to decrypt them).
    Some of you are talking like the guy is defending Apple. He's saying exactly what people here believe is true, and he has the background to be credible in his criticism, unlike most posting here, including me. Your moral posturing about where he worked doesn't disqualify his knowledge on this subject. We don't know if he has "no problem" with what Facebook does. He left the company and now works at that shady college Stanford. Oh, wait, Stanford is one of the world's most prestigious schools. Maybe stop trying to apply your purity test and take what he says, or not. 
    edited August 2021 muthuk_vanalingamapple_badger
  • Reply 24 of 25
    auxio said:
    auxio said:
    lkrupp said:
    Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms.
    I was just about to say the same thing.  If people are outraged about CSAM scanning, they surely know about Facebook scanning everything (and not just hashes).  A former Facebook employee weighing in on it?  That's a joke right?
    I'm not tracking the argument here. If anything, an ex-Facebook security chief would be more credible on this subject for the reasons you and others are stating, for the same reason the government uses embedded informants. They know what they're talking about. 
    The argument is that, if you had no problem working for a company which scans everything people upload to them to build an advertising profile, how can you now speak out against Apple doing a very limited version of that when you're uploading to them?  Simply because it's happening on-device rather than server side?  Uh yeah, that's because it's the only way to maintain end-to-end data encryption.  If they had to generate the image hashes server side, it would mean you'd have to upload your photos unencrypted (or encrypted in a way which allows Apple to decrypt them).
    Come on, you should know better than this, being a moderator. GatorGuy clarified this point multiple times, that the iCloud photos are encrypted using Apple's keys, not device keys. It is an important distinction. So Apple DOES have the ability to decrypt the photos which are present in iCloud.
    darkvaderlibertyforall
  • Reply 25 of 25
    auxio said:
    auxio said:
    lkrupp said:
    Remember, people, this is the former 'Facebook security chief’. Facebook and security are mutually exclusionary terms.
    I was just about to say the same thing.  If people are outraged about CSAM scanning, they surely know about Facebook scanning everything (and not just hashes).  A former Facebook employee weighing in on it?  That's a joke right?
    I'm not tracking the argument here. If anything, an ex-Facebook security chief would be more credible on this subject for the reasons you and others are stating, for the same reason the government uses embedded informants. They know what they're talking about. 
    The argument is that, if you had no problem working for a company which scans everything people upload to them to build an advertising profile, how can you now speak out against Apple doing a very limited version of that when you're uploading to them?  Simply because it's happening on-device rather than server side?  Uh yeah, that's because it's the only way to maintain end-to-end data encryption.  If they had to generate the image hashes server side, it would mean you'd have to upload your photos unencrypted (or encrypted in a way which allows Apple to decrypt them).
    Some of you are talking like the guy is defending Apple. He's saying exactly what people here believe is true, and he has the background to be credible in his criticism, unlike most posting here, including me. Your moral posturing about where he worked doesn't disqualify his knowledge on this subject. We don't know if he has "no problem" with what Facebook does. He left the company and now works at that shady college Stanford. Oh, wait, Stanford is one of the world's most prestigious schools. Maybe stop trying to apply your purity test and take what he says, or not. 
    Ah yes, Stanford...  

    https://padailypost.com/2020/07/24/researcher-at-stanford-accused-of-working-for-chinese-military/

    and

    Chinese family 'paid $6.5 million to get daughter into Stanford ...https://www.timeshighereducation.com › news › chines...

    and

    https://www.chronicle.com/article/u-s-turns-up-heat-on-colleges-foreign-ties-that-may-chill-partnerships-for-years

    and

    Is Stanford Collaborating With Chinese Propaganda? Just ...https://www.forbes.com › eamonnfingleton › 2014/10/05
    edited August 2021
Sign In or Register to comment.