DAalseth said: It can and will be used by governments to crack down on dissent. It’s not an if but a when. It will produce false positives, it’s not an if but a when. Apple’s privacy safeguards are a fig-leaf that will be ripped off by the first government that wants to.
Governments that want to crack down on dissent will still do so regardless of whether Apple has CSAM hash scanning or not. They have the money to hire programmers just like Apple does.
But they don't have the power to put any of that programming work on EVERY IPHONE IN THEIR COUNTRY.
Nope, but they do have the power to scan and filter all internet access (as China and many other governments do).
This article sounds more like a press release or white paper from Apple.
None of Apple’s safeguards mean a thing because they are all policies. Policies that can be changed. The hard thing is getting a mechanism into the OS. Even if it has safeguards programmed in, that is only an update away from being changed. The hard part is getting the mechanism in there in the first place (with user acceptance and without a huge uproar ). Once you’ve done it (“for the children”), updates to change or repurpose it are easy as the scrutiny has gone down.
The silly exculpatory listing of differences in the systems is useless.
1Did Apple leave the Russian market when Russia demanded the installation of Russian government approved apps? 2Did Apple leave the Russian and Chinese markets, when Russia and China demanded that iCloud servers be located in their countries where government has physical access? 3Did Apple leave the Chinese market, when VPN apps were requested to be removed from the Chinese AppStore? 4Did Apple comply when Russia demanded that Telegram be removed from the Russian AppStore? 5Did Apple leave the UAE when VoIP apps were outlawed there?
NO, NO, NO, NO, NO, and NO!
And NO will be the answer if these countries require additional databases, direct notification (instead of Apple reviewing the cases), etc.
Once this is baked into the OS, Apple has no leg to stand on, once “lawful” requests from governments are coming.
1-Apple did not end up preloading the software that Russia demanded, only allowed for users to selectively load programs upon start up if they chose to. 2-Apple is quickly moving to end-to-end encryption with an independent, third party go between which would completely eliminate the threat of Chinese (or Russian, or UAE) access to encrypted files on servers. 3-New security system will be a built in VPN on steroids (end to end encryption, intermediate, independent 3rd part server shielding ID from Webhosts and sniffers, while preventing ISPs from knowing sites visited) 4-don’t know 5-see 3
THIS IS WHY THEY ARE TAKING THE STEP TO SINGLE OUT CSAM NOW—SO THEY CAN STAMP IT OUT, WITHOUT PROVIDING A GATEWAY TO BAD ACTORS, STATE OR PRIVATE ENTERPRISE, WHILE ALLOWING AN UNPRECEDENTED LEVEL OF SECURITY / PRIVACY.
Do you have a source / link to support the claim that Apple is "quickly moving to end-to-end encryption" of files on servers (including China and Russian servers)? With E2E encrypted meaning that neither Apple nor China/Russia or any third party that can be forced to reveal it, has the key.
This would be great news, and explain why Apple is implementing on-device CSAM scanning, but has as far as I'm aware never been announced or even hinted at.
I wish they would just scan iCloud like the other cloud providers. What an ass backwards way of saving server side processing cycles at the expense of privacy and device processing cycles, and Apples reputation in the toilet.
Also guess what if someone wanted to save illicit data they just need to encrypt it themselves before uploading. Hashing is useless if it’s not in its original image format. This technology is only going to catch low hanging fruit and they were caught long ago. Today’s pedos are using Tor networks and all kinds of technology. Unfortunately they’re savvy enough to not be caught, especially not by something like this, or they’d already be caught by other means. They’re acting like this is a nuclear bomb approach to CSAM but it’s not going to be effective at all, except we still get all the collateral damage
CSAM scanning end user devices is just the worst idea Apple ever had – if they feel they need to do something they should delay the feature and put it in iCloud.
Even if they put this in iCloud there are technologies that allow end to end encryption (asymmetric cryptography).
I will not use iOS 15 and macOS Monterey until this spyware has been removed.
DAalseth said: It can and will be used by governments to crack down on dissent. It’s not an if but a when. It will produce false positives, it’s not an if but a when. Apple’s privacy safeguards are a fig-leaf that will be ripped off by the first government that wants to.
Governments that want to crack down on dissent will still do so regardless of whether Apple has CSAM hash scanning or not. They have the money to hire programmers just like Apple does.
There’s no reason to give them the keys to the castle.
I swear you'd think Apple hired foregoneconclusion to cheerlead their anti-privacy tools. Some part of "no, other companies aren't adding scanning on users devices"* and "it will expand and be abused" must not make sense.
Apple could scan people's files on the cloud side - it's what every other company does. Pretending that adding scanning on-device is a massively brilliant privacy feature is just insanity.
* Companies like Facebook actually have done stuff like scanning your contacts, I don't remember hearing "it's all good, there have been hackers stealing contact information for a while, so ignore it".
The silly exculpatory listing of differences in the systems is useless.
Did Apple leave the Russian market when Russia demanded the installation of Russian government approved apps? Did Apple leave the Russian and Chinese markets, when Russia and China demanded that iCloud servers be located in their countries where government has physical access? Did Apple leave the Chinese market, when VPN apps were requested to be removed from the Chinese AppStore? Did Apple comply when Russia demanded that Telegram be removed from the Russian AppStore? Did Apple leave the UAE when VoIP apps were outlawed there?
NO, NO, NO, NO, NO, and NO!
And NO will be the answer if these countries require additional databases, direct notification (instead of Apple reviewing the cases), etc.
Once this is baked into the OS, Apple has no leg to stand on, once “lawful” requests from governments are coming.
So you expect an American company to take on a foreign country? Get real!
Where’s the US in this discussion?
Did the US protect Apple from Russian demands? No.
Did the US protect Apple from Chinese demands? No.
Did the US protect Apple from UAE demands? No.
Did the US protect Apple from EU demands? No.
Will the US protect Apple from US demands? Silly question.
Must Apple comply with local laws in the countries they operate in? Of course.
In short surveillance is not privacy and they cannot exists together Apple - you are destroying your own product and brand here. Do not place hash databases and hidden scanning engines on iPhones/iPads. Yes it is a disturbing issue to be resolved (the images on your servers) - but scan them at the server and just delete them - don’t play legislator, judge and jury here. Block and delete at your server - but do not move hidden and non adjustable systems and processes on our devices - your known for privacy - your about to destroy that for covert surveillance - shame Apple!
DAalseth said: It can and will be used by governments to crack down on dissent. It’s not an if but a when. It will produce false positives, it’s not an if but a when. Apple’s privacy safeguards are a fig-leaf that will be ripped off by the first government that wants to.
Governments that want to crack down on dissent will still do so regardless of whether Apple has CSAM hash scanning or not. They have the money to hire programmers just like Apple does.
What nonsense! The programmers don’t help, if data is encrypted!
They would need a zero-day exploit and hack each person’s phone to install their software, and not get detected in the process. Yes, with a few high value targets they might be able to do that, but they can’t routinely scan hundreds of millions of users’ phones for images mocking the President, religious leaders, leaked government documents, etc. So, yes, Apple’s infrastructure is ripe for abuse, and, no, a few government programmers can’t do what Apple is doing, not because they don’t have the skills, but because they don’t have access to the OS, signing keys, etc.
If Apple does this it will be their most stupid decision in history. Making the discontinue of the original HomePod and “antennagate” pale in comparison.
iKnockoff companies and tech blogs are gonna have a field year with this. There’s already misinformation. The biggest Apple fan I know told me the other day, “I heard Apple can look through your photos.”
LISTEN TO THE EXPERTS. They have been down this road. They know what they are talking about. They abandoned this line of development because they saw what a massively bad idea it was. It can and will be used by governments to crack down on dissent. It’s not an if but a when. It will produce false positives, it’s not an if but a when. Apple’s privacy safeguards are a fig-leaf that will be ripped off by the first government that wants to. Worst of all it will destroy the reputation Apple has crafted over the last twenty years of being on the individual users side when it comes to privacy and security. Once they lose that, in the minds of a huge number of consumers they will then be no better than Google.
False positives aren’t needed. I know a detective that works for the state who implants evidence. He HATES men. So this is gonna be a lovely tool for him!!
Heck, if your wife or someone knows your iCloud password and wants revenge they can do this. The possibilities are endless!!
The silly exculpatory listing of differences in the systems is useless.
Did Apple leave the Russian market when Russia demanded the installation of Russian government approved apps? Did Apple leave the Russian and Chinese markets, when Russia and China demanded that iCloud servers be located in their countries where government has physical access? Did Apple leave the Chinese market, when VPN apps were requested to be removed from the Chinese AppStore? Did Apple comply when Russia demanded that Telegram be removed from the Russian AppStore? Did Apple leave the UAE when VoIP apps were outlawed there?
NO, NO, NO, NO, NO, and NO!
And NO will be the answer if these countries require additional databases, direct notification (instead of Apple reviewing the cases), etc.
Once this is baked into the OS, Apple has no leg to stand on, once “lawful” requests from governments are coming.
So you expect an American company to take on a foreign country? Get real!
Where’s the US in this discussion?
Did the US protect Apple from Russian demands? No.
Did the US protect Apple from Chinese demands? No.
Did the US protect Apple from UAE demands? No.
Did the US protect Apple from EU demands? No.
Will the US protect Apple from US demands? Silly question.
Must Apple comply with local laws in the countries they operate in? Of course.
The point is exactly the one you make.
And the consequence is, once Apple introduces the infrastructure meant for CSAM scanning, it’s just a matter of time, until it’s abused for other purposes, exactly because Apple isn’t protected, least of all from its shareholders, who don’t give a damn about free speech, political or religious freedom, gay rights, etc. but want to see dividends and a rising stock price.
Exactly because of what you wrote, on-device CSAM scanning is a disaster.
The silly exculpatory listing of differences in the systems is useless.
1Did Apple leave the Russian market when Russia demanded the installation of Russian government approved apps? 2Did Apple leave the Russian and Chinese markets, when Russia and China demanded that iCloud servers be located in their countries where government has physical access? 3Did Apple leave the Chinese market, when VPN apps were requested to be removed from the Chinese AppStore? 4Did Apple comply when Russia demanded that Telegram be removed from the Russian AppStore? 5Did Apple leave the UAE when VoIP apps were outlawed there?
NO, NO, NO, NO, NO, and NO!
And NO will be the answer if these countries require additional databases, direct notification (instead of Apple reviewing the cases), etc.
Once this is baked into the OS, Apple has no leg to stand on, once “lawful” requests from governments are coming.
1-Apple did not end up preloading the software that Russia demanded, only allowed for users to selectively load programs upon start up if they chose to. 2-Apple is quickly moving to end-to-end encryption with an independent, third party go between which would completely eliminate the threat of Chinese (or Russian, or UAE) access to encrypted files on servers. 3-New security system will be a built in VPN on steroids (end to end encryption, intermediate, independent 3rd part server shielding ID from Webhosts and sniffers, while preventing ISPs from knowing sites visited) 4-don’t know 5-see 3
THIS IS WHY THEY ARE TAKING THE STEP TO SINGLE OUT CSAM NOW—SO THEY CAN STAMP IT OUT, WITHOUT PROVIDING A GATEWAY TO BAD ACTORS, STATE OR PRIVATE ENTERPRISE, WHILE ALLOWING AN UNPRECEDENTED LEVEL OF SECURITY / PRIVACY.
First, what you write doesn’t become more correct or true because you write in all caps and bold.
Second: ad 1: Yes, Apple complied with the law, meaning they preloaded software, even it it’s just software that allows the installation/replacement of Apps. If the Russian law had been written differently, they wouldn’t have preloaded an installer, they would have preloaded apps.
ad 2: Apple isn’t moving any more to e2e encryption than ever. The servers aren’t operated by “go betweens” but by local companies designed to shield Apple from liability. In other words, certain services offered by Apple in most of the world are offered under license by an independent local company. The countries have full access to their servers, encryption keys, etc. if they want; they could run the servers on special hypervisors that allow introspection during operations. They can pull data sets, and run cryptanalysis on it, etc. Just about every reason why server security is relevant is compromised.
ad 3: Nice, if true; so far the workings are insufficiently documented. However….
…none of that changes the key point: Apple will comply with local laws over abandoning a market. So if China declares the new VPN security system, you’re claiming Apple has planned, illegal, then that feature will simply be unavailable when location services detect your within China. Or China might mandate that they operate the VPN servers, so, great, you still have privacy against corporations, but the government will track with even more detail and ease of use all a user’s internet activity.
And to get back to the original issue: if governments want additional or modified hash databases, Apple will bend and comply, which is why this on-device scanning is an unmitigated disaster waiting to happen, as the only thing standing between Apple users and full-on Orwellian surveillance are a few Apple POLICIES, subject to change at any given time, at Apple’s or some government’s whim. There’s no significant TECHNICAL obstacle, and only fundamental technical obstacles can guarantee privacy.
Privacy is content and value agnostic: either you have privacy, or you don’t; there’s no such thing as topic specific privacy.
I wish they would just scan iCloud like the other cloud providers. What an ass backwards way of saving server side processing cycles at the expense of privacy and device processing cycles, and Apples reputation in the toilet.
Apple goes to greater lengths than most vendors to ensure that they can't easily decrypt the stuff users upload. Generating these signatures given the unencrypted data is likely very quick and would be a barely perceptible use of your phone's battery power. Think of all the processing Google Photos does to your images to find similar faces or figure out that a set of photos can be made into a cute animated GIF. That's all done server side and it can only be done on decrypted images. Apple doesn't provide similar levels of capabilities because they don't have as ready access to the decryption keys.
Indeed, a good number of the differences in how much Apple's cloud services can do for you versus Google and Alexa come down to the fact that Google and Amazon servers prioritize their ability to use their servers to process your data for their purposes.
Admittedly, none of them are as lax as Facebook at using and selling your data, but then Facebook makes crappy products even with all that data. Evil and incompetent yet still wildly profitable should be a weird combination, but I guess you find a lot of that outside of the tech world, so maybe it isn't.
I believe Apple has a hidden agenda for doing this and it has nothing to do with protecting children or child trafficking. For all the bad press and blowback from the public, and the fact that this seems to contradict their own security ideals, there is more to this than meets the eye!
Apple's agenda is to do what they can to stave off government intrusions on their privacy-focused business model. This presumably gives them some breathing room for that by doing the minimum they think they can get away with while still "thinking of the children." Getting lawmakers to pass laws destroying privacy is just too easy if you can make it about stopping child porn.
This is literally just scanning for CSAM images, an extremely restricted dataset. It's hard to imagine what the hidden agenda for doing that might be. They don't need this excuse to do phone-side image fingerprints. And it's weird that everyone is so much more focused on the CSAM stuff rather than the ability for parents to have their kids' messages scanned by AI algorithms looking out for sexting.
Also guess what if someone wanted to save illicit data they just need to encrypt it themselves before uploading. Hashing is useless if it’s not in its original image format. This technology is only going to catch low hanging fruit and they were caught long ago. Today’s pedos are using Tor networks and all kinds of technology. Unfortunately they’re savvy enough to not be caught, especially not by something like this, or they’d already be caught by other means. They’re acting like this is a nuclear bomb approach to CSAM but it’s not going to be effective at all, except we still get all the collateral damage
Sure, that’s why Facebook alone reported 20 million items last year, because they’re so savvy.
False positives aren’t needed. I know a detective that works for the state who implants evidence. He HATES men. So this is gonna be a lovely tool for him!!
Heck, if your wife or someone knows your iCloud password and wants revenge they can do this. The possibilities are endless!!
Yes, your wife might go seek out and then illegally possess CP in order to frame you for a crime they just committed themselves. Sounds very scary and very improbable!
Have Google been doing this? They likely have. Has it resulted in any harm to anyone you know? Straight answer, please. As in yes or no.
Apple have been scanning iCloud pics for years now. They also have been known to be scanning email since at least 2020. Have there been any major ‘false positives’? Again, yes or no, please.
If I think a certain topic dangerous, I just don't engage in its discussion. It’s as simple as that. Do you really need to talk foreign policy with someone you’ll likely never even meet, knowing it won’t change things a single bit? I personally don’t discuss anything online, except professional (scientific, carreer-related) and practical matters. Trust me, I’ve got MUCH more time and mental capacity to grow professionally as well as personally now that I’ve quit ranting and waging ‘holy’ wars. I look back and realise it was a terrible waste of both. I don’t use social media, either, and it’s a blessing, since in my experience, hyper-information environments aren’t doing you any good. They and the frisson they create cause anxiety, shorter attention spans, and procrastination. I also agree that If you live online, you don’t have a life - except you’re some kind of celebrity who needs to maintain a certain online presence. Wake up, folks, there’s much in life besides the Internet. And the dystopian futures conspiracy theorists have been predicting for ages now? They keep saying this time around it certainly happens, but if any, our Internet culture ridden with fake news and populated with home-brewed experts has already created a dystopia in the mind of the gullible. They can’t live without its fake, never-ending thrill already.
P.S. Do yourself a favour and read ‘The Rational Optimist’ by Matt Ridley. Our ancestors would’ve gladly lived our lives, yet we ourselves aren’t even grateful for what we have.
Comments
This would be great news, and explain why Apple is implementing on-device CSAM scanning, but has as far as I'm aware never been announced or even hinted at.
Even if they put this in iCloud there are technologies that allow end to end encryption (asymmetric cryptography).
I will not use iOS 15 and macOS Monterey until this spyware has been removed.
Apple could scan people's files on the cloud side - it's what every other company does. Pretending that adding scanning on-device is a massively brilliant privacy feature is just insanity.
* Companies like Facebook actually have done stuff like scanning your contacts, I don't remember hearing "it's all good, there have been hackers stealing contact information for a while, so ignore it".
Did the US protect Apple from Russian demands? No.
Did the US protect Apple from UAE demands? No.
Did the US protect Apple from EU demands? No.
Will the US protect Apple from US demands? Silly question.
Must Apple comply with local laws in the countries they operate in? Of course.
Yes, with a few high value targets they might be able to do that, but they can’t routinely scan hundreds of millions of users’ phones for images mocking the President, religious leaders, leaked government documents, etc.
So, yes, Apple’s infrastructure is ripe for abuse, and, no, a few government programmers can’t do what Apple is doing, not because they don’t have the skills, but because they don’t have access to the OS, signing keys, etc.
iKnockoff companies and tech blogs are gonna have a field year with this. There’s already misinformation. The biggest Apple fan I know told me the other day, “I heard Apple can look through your photos.”
Heck, if your wife or someone knows your iCloud password and wants revenge they can do this. The possibilities are endless!!
And the consequence is, once Apple introduces the infrastructure meant for CSAM scanning, it’s just a matter of time, until it’s abused for other purposes, exactly because Apple isn’t protected, least of all from its shareholders, who don’t give a damn about free speech, political or religious freedom, gay rights, etc. but want to see dividends and a rising stock price.
Exactly because of what you wrote, on-device CSAM scanning is a disaster.
Second:
ad 1: Yes, Apple complied with the law, meaning they preloaded software, even it it’s just software that allows the installation/replacement of Apps. If the Russian law had been written differently, they wouldn’t have preloaded an installer, they would have preloaded apps.
ad 2: Apple isn’t moving any more to e2e encryption than ever. The servers aren’t operated by “go betweens” but by local companies designed to shield Apple from liability. In other words, certain services offered by Apple in most of the world are offered under license by an independent local company. The countries have full access to their servers, encryption keys, etc. if they want; they could run the servers on special hypervisors that allow introspection during operations. They can pull data sets, and run cryptanalysis on it, etc. Just about every reason why server security is relevant is compromised.
ad 3: Nice, if true; so far the workings are insufficiently documented. However….
…none of that changes the key point: Apple will comply with local laws over abandoning a market. So if China declares the new VPN security system, you’re claiming Apple has planned, illegal, then that feature will simply be unavailable when location services detect your within China. Or China might mandate that they operate the VPN servers, so, great, you still have privacy against corporations, but the government will track with even more detail and ease of use all a user’s internet activity.
And to get back to the original issue: if governments want additional or modified hash databases, Apple will bend and comply, which is why this on-device scanning is an unmitigated disaster waiting to happen, as the only thing standing between Apple users and full-on Orwellian surveillance are a few Apple POLICIES, subject to change at any given time, at Apple’s or some government’s whim. There’s no significant TECHNICAL obstacle, and only fundamental technical obstacles can guarantee privacy.
Privacy is content and value agnostic: either you have privacy, or you don’t; there’s no such thing as topic specific privacy.
Indeed, a good number of the differences in how much Apple's cloud services can do for you versus Google and Alexa come down to the fact that Google and Amazon servers prioritize their ability to use their servers to process your data for their purposes.
Admittedly, none of them are as lax as Facebook at using and selling your data, but then Facebook makes crappy products even with all that data. Evil and incompetent yet still wildly profitable should be a weird combination, but I guess you find a lot of that outside of the tech world, so maybe it isn't.
This is literally just scanning for CSAM images, an extremely restricted dataset. It's hard to imagine what the hidden agenda for doing that might be. They don't need this excuse to do phone-side image fingerprints. And it's weird that everyone is so much more focused on the CSAM stuff rather than the ability for parents to have their kids' messages scanned by AI algorithms looking out for sexting.