All this handwringing and foaming at the mouth, spittle flying everywhere. Fine, but what do you all pan to DO about it? Leave the iOS platform? Where will you go? Android, even though Google has been doing this for a couple of years now and Apple is just playing catch up? Will you extricate yourself from the online universe and go off the grid in a bunker in northern Utah or the Yukon territory, maybe Hudson’s Bay? Of course you can’t change anything in the ballot box because both parties are onboard with this. It’s coming and there’s NOTHING you can do about it except bitch on a tiny tech blog.
Bollocks. So when the Chinese government tells Apple to add a heap of CPP provided hashes, they’re going to refuse? Of course they won’t. If any government said provided data were hashes of CSAM material, who’s Apple to say it’s not?
That's the great thing about the CSAM material; it's just hashes. In some countries it could kiddie porn; in other countries it could be photos taken by the police at protest march. And in those countries, Apple won't be the only ones checking the pictures.
CSAM is not just hashes. Where did you get that idea? The hashes that Apple will compare against come from NCMEC, where the actual images are stored. The hashes are created from the images. Are we supposed to believe that NCMEC will now just accept a hash from any government that feels like sending it over without a corresponding image to go along with it?
Let’s not forget that it US law requires tech companies to report incidences of CSAM. Also, using iCloud Photo Library is opt in, so people who are worried about their photos being matched to a hash don’t need to opt in.
Gruber posits that doing the check client-side, rather than server-side, will allow them to fully encrypt iCloud backups.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Until the government in question passes a law that requires Apple to do so, because as they've said many times, they'll comply with any local laws, even to the detriment of their principles concerning privacy.
"We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
And having "steadfastly refused" those demands in the past, you've now done what they want voluntarily. And as soon as a government passes a law requiring the addition of something else, you'll comply, just as you have all along.
I would not expect Apple to necessarily reveal any expansion of it if some country, and in this case I'm thinking of China, would order them to. They've long soft-peddled the "iCloud operated by GCBD" handover. Heck, it's not even an Apple-run program there. Apple is simply contractually required to cooperate with the government-controlled cloud provider in whatever way needed for handlng the demands on services and access. It is no longer Apple's to run, and they aren't making the rules.
Surprisingly, you haven't actually hit on the worst problem.
Under the current system, the Chinese can avoid the problem simply by not storing stuff in iCloud. Apple even warned them when they were switching over so they had plenty of time to make other arrangements.
This is different.
This piece of software (let's not be coy; it's spyware, plain and simple – it is rifling through your shit looking for other shit) is running on the phone. This means that it can be activated to report on any picture, document or video, regardless of what cloud service it is attached to.
Now, people will now jump in and say, "Well, let's just wait until it happens shall we?"
But some things you know are a bad idea without waiting and seeing. I sometimes think it might be fun to lick a lamppost in sub-zero temperatures, just to see what would happen. But then, on second thoughts, I usually just assume the worst without testing the hypothesis.
You seem to have a finger deep inside Google; do they have something like this, or do they just do the server side scan. I haven't been able to find any reference to a similar setup at any other tech behemoth.
This is some bullshit too. If you don’t want Apple “rifling” through your shit, turn off iCloud photos. And it’s not rifling through your shit. It’s looking at hashes.
All this handwringing and foaming at the mouth, spittle flying everywhere. Fine, but what do you all pan to DO about it? Leave the iOS platform? Where will you go? Android, even though Google has been doing this for a couple of years now and Apple is just playing catch up?
Just going to politely stop you there for a second.
Google hasn't been doing this for years. Google carries out scans on the server, just like Microsoft, just like Apple.
What Google doesn't do (yet) is run government-sponsored spyware on the client device.
What will you do? Where will you go? Any answers?
Well, I fully expect Google to do the same thing, now that Apple has given law enforcement a taste of what they can get away with.
But the difference is that Android is open-source, so there will still be phones available that don't do the scan.
I think the point that supporters of this are missing is that it isn't the whole scanning, getting someone you neither know or trust to examine your private file, then shutting down your account, demanding you prove to them that you're not a nonce, then contacting the authorities. Nope, that's not the problem.
The problem is doing it on the device.
There have been people that suggest that we should have a backdoor. But the reality is if you put a backdoor in, that backdoor’s for everybody, for good guys and bad guys… I think everybody’s coming around also to recognizing that any backdoor means a backdoor for bad guys as well as good guys. And so a backdoor is a nonstarter. It means we are all not safe… I don’t support a backdoor for any government, ever. We do think that people want us to help them keep their lives private. We see that privacy is a fundamental human right that people have. We are going to do everything that we can to help maintain that trust. — Apple CEO Tim Cook, October 1, 2015
A concern from privacy and security experts has been that this scanning of images on device could easily be extended to the benefit of authoritarian governments that demand Apple expand what it searches for.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Riiiight.
Translation: Here at Apple, we might have created a back door, but we promise to only ever use it for good. Pinky swear!
The skeptic in me agrees with this. I’ve long said there’s a huge difference between not being capable to do something (intentional or not) and promising not to do something when the capability is there. While at this point in time they may very well not acquiesce to government requests, but what about several years down the road? What about China where they have already seeming bent over backwards to maintain a presence there? Being a software engineer myself, I’m sure this went through rigorous review and testing, but any new code added may potentially introduce another attack vector to be exploited.
Apple can resist to government requests but if a government makes that scheme into law Apple cannot resist.
This was true last week too, nothing has changed with regards to Apple's obligation to follow the law in places where they do business.
My guess is that they've been offered a deal: implement the backdoor and the anti-trust/monopoly stuff goes away.
Huh.
You know another big tech, Google, is in the antitrust crosshairs. It also coincides with a decision by Google to no longer give themselves a key to user cloud data backups so that they can't turn over certain private information even if compelled by court order. They simply can't decrypt it, period. There's been two other recent Google policy changes that will restrict authorities' access to data and communications too, both here and abroad. Is there any connection between privacy and antitrust action? I'm not so sure there isn't.
Apple can resist to government requests but if a government makes that scheme into law Apple cannot resist.
This was true last week too, nothing has changed with regards to Apple's obligation to follow the law in places where they do business.
My guess is that they've been offered a deal: implement the backdoor and the anti-trust/monopoly stuff goes away.
Huh.
You know another big tech, Google, is in the antitrust crosshairs. It also coincides with a decision by Google to no longer give themselves a key to user cloud data so that they can't turn over certain private information even if compelled by court order. They simply can't decrypt it, period. There's been two other recent Google policy changes that will restrict authorities' access to data and communications too, both here and abroad. Is there any connection between privacy and antitrust action? I'm not so sure there isn't.
I actually meant Apple had been offered a deal, but now I'm intrigued.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Until the government in question passes a law that requires Apple to do so, because as they've said many times, they'll comply with any local laws, even to the detriment of their principles concerning privacy.
"We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
And having "steadfastly refused" those demands in the past, you've now done what they want voluntarily. And as soon as a government passes a law requiring the addition of something else, you'll comply, just as you have all along.
I would not expect Apple to necessarily reveal any expansion of it if some country, and in this case I'm thinking of China, would order them to. They've long soft-peddled the "iCloud operated by GCBD" handover. Heck, it's not even an Apple-run program there. Apple is simply contractually required to cooperate with the government-controlled cloud provider in whatever way needed for handlng the demands on services and access. It is no longer Apple's to run, and they aren't making the rules.
Surprisingly, you haven't actually hit on the worst problem.
Under the current system, the Chinese can avoid the problem simply by not storing stuff in iCloud. Apple even warned them when they were switching over so they had plenty of time to make other arrangements.
This is different.
This piece of software (let's not be coy; it's spyware, plain and simple – it is rifling through your shit looking for other shit) is running on the phone. This means that it can be activated to report on any picture, document or video, regardless of what cloud service it is attached to.
Now, people will now jump in and say, "Well, let's just wait until it happens shall we?"
But some things you know are a bad idea without waiting and seeing. I sometimes think it might be fun to lick a lamppost in sub-zero temperatures, just to see what would happen. But then, on second thoughts, I usually just assume the worst without testing the hypothesis.
You seem to have a finger deep inside Google; do they have something like this, or do they just do the server side scan. I haven't been able to find any reference to a similar setup at any other tech behemoth.
This is some bullshit too. If you don’t want Apple “rifling” through your shit, turn off iCloud photos. And it’s not rifling through your shit. It’s looking at hashes.
Think of it as a virus scan.
What virus scan can be switched on and off by changing the law?
A concern from privacy and security experts has been that this scanning of images on device could easily be extended to the benefit of authoritarian governments that demand Apple expand what it searches for.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Riiiight.
Translation: Here at Apple, we might have created a back door, but we promise to only ever use it for good. Pinky swear!
The skeptic in me agrees with this. I’ve long said there’s a huge difference between not being capable to do something (intentional or not) and promising not to do something when the capability is there. While at this point in time they may very well not acquiesce to government requests, but what about several years down the road? What about China where they have already seeming bent over backwards to maintain a presence there? Being a software engineer myself, I’m sure this went through rigorous review and testing, but any new code added may potentially introduce another attack vector to be exploited.
I'm a software engineer too, and one thing I've always been a little wary of is Apple's testing strategy. They have allowed some seriously weird bugs out into the wild.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Until the government in question passes a law that requires Apple to do so, because as they've said many times, they'll comply with any local laws, even to the detriment of their principles concerning privacy.
"We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
And having "steadfastly refused" those demands in the past, you've now done what they want voluntarily. And as soon as a government passes a law requiring the addition of something else, you'll comply, just as you have all along.
I would not expect Apple to necessarily reveal any expansion of it if some country, and in this case I'm thinking of China, would order them to. They've long soft-peddled the "iCloud operated by GCBD" handover. Heck, it's not even an Apple-run program there. Apple is simply contractually required to cooperate with the government-controlled cloud provider in whatever way needed for handlng the demands on services and access. It is no longer Apple's to run, and they aren't making the rules.
Surprisingly, you haven't actually hit on the worst problem.
Under the current system, the Chinese can avoid the problem simply by not storing stuff in iCloud. Apple even warned them when they were switching over so they had plenty of time to make other arrangements.
This is different.
This piece of software (let's not be coy; it's spyware, plain and simple – it is rifling through your shit looking for other shit) is running on the phone. This means that it can be activated to report on any picture, document or video, regardless of what cloud service it is attached to.
Now, people will now jump in and say, "Well, let's just wait until it happens shall we?"
But some things you know are a bad idea without waiting and seeing. I sometimes think it might be fun to lick a lamppost in sub-zero temperatures, just to see what would happen. But then, on second thoughts, I usually just assume the worst without testing the hypothesis.
You seem to have a finger deep inside Google; do they have something like this, or do they just do the server side scan. I haven't been able to find any reference to a similar setup at any other tech behemoth.
This is some bullshit too. If you don’t want Apple “rifling” through your shit, turn off iCloud photos. And it’s not rifling through your shit. It’s looking at hashes.
Think of it as a virus scan.
What virus scan can be switched on and off by changing the law?
Why do you think hypothetical changes to laws could only ever affect this particular piece of Apple software?
Apple can resist to government requests but if a government makes that scheme into law Apple cannot resist.
This was true last week too, nothing has changed with regards to Apple's obligation to follow the law in places where they do business.
My guess is that they've been offered a deal: implement the backdoor and the anti-trust/monopoly stuff goes away.
Huh.
You know another big tech, Google, is in the antitrust crosshairs. It also coincides with a decision by Google to no longer give themselves a key to user cloud data so that they can't turn over certain private information even if compelled by court order. They simply can't decrypt it, period. There's been two other recent Google policy changes that will restrict authorities' access to data and communications too, both here and abroad. Is there any connection between privacy and antitrust action? I'm not so sure there isn't.
I actually meant Apple had been offered a deal, but now I'm intrigued.
What Google doesn't do (yet) is run government-sponsored spyware on the client device.
Why do you say it’s government sponsored? Apple are using a NCMEC dataset of hashes, but I’ve otherwise seen no indication that any government has any hand in this. Indeed, the focus on obfuscation and privacy leads me to think this is an Apple solution through and through.
All this handwringing and foaming at the mouth, spittle flying everywhere. Fine, but what do you all pan to DO about it? Leave the iOS platform? Where will you go? Android, even though Google has been doing this for a couple of years now and Apple is just playing catch up? Will you extricate yourself from the online universe and go off the grid in a bunker in northern Utah or the Yukon territory, maybe Hudson’s Bay? Of course you can’t change anything in the ballot box because both parties are onboard with this. It’s coming and there’s NOTHING you can do about it except bitch on a tiny tech blog.
What will you do? Where will you go? Any answers?
Maybe those bitching on this tiny tech blog can't do much, but [unfortunately] parents can do by prohibiting the iPhone to their kids: "iPhone? God forbid ! I heard that Apple's cloud is full of paedophiles and Apple is working hard to deal with that..."
All the boneheads claiming Apple created a "backdoor" -- nope. All the tech companies do this (Dropbox, Microsoft, Google), and Apple did 100% server-side CSAM scanning a year ago:
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Until the government in question passes a law that requires Apple to do so, because as they've said many times, they'll comply with any local laws, even to the detriment of their principles concerning privacy.
"We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
And having "steadfastly refused" those demands in the past, you've now done what they want voluntarily. And as soon as a government passes a law requiring the addition of something else, you'll comply, just as you have all along.
I would not expect Apple to necessarily reveal any expansion of it if some country, and in this case I'm thinking of China, would order them to. They've long soft-peddled the "iCloud operated by GCBD" handover. Heck, it's not even an Apple-run program there. Apple is simply contractually required to cooperate with the government-controlled cloud provider in whatever way needed for handlng the demands on services and access. It is no longer Apple's to run, and they aren't making the rules.
You seem to have a finger deep inside Google; do they have something like this, or do they just do the server side scan. I haven't been able to find any reference to a similar setup at any other tech behemoth.
Serious? Did you check? Yes, Google and Microsoft both do something similar. PhotoDNA is Microsoft's tool. They, like Dropbox and Twitter and Tumblr, all scan for CSAM images using the hash checks, and notify the police. Just like this.
...so what's different here? Here Apple does the hash-compare on-device, prior to uploading the image to its commercial cloud server. This allows them to 1) not host the CSAM. 2) Actually offer more privacy by not being aware if you have any CSAM on-device until a certain threshold number of matches has been met.
How come you guys weren't having fits about Google, Microsoft, and Dropbox scanning images? How come re-tooling it by authoritarians wasn't a concern then?
Bollocks. So when the Chinese government tells Apple to add a heap of CPP provided hashes, they’re going to refuse? Of course they won’t. If any government said provided data were hashes of CSAM material, who’s Apple to say it’s not?
That's the great thing about the CSAM material; it's just hashes. In some countries it could kiddie porn; in other countries it could be photos taken by the police at protest march. And in those countries, Apple won't be the only ones checking the pictures.
CSAM is not just hashes. Where did you get that idea? The hashes that Apple will compare against come from NCMEC, where the actual images are stored. The hashes are created from the images. Are we supposed to believe that NCMEC will now just accept a hash from any government that feels like sending it over without a corresponding image to go along with it?
Let’s not forget that it US law requires tech companies to report incidences of CSAM. Also, using iCloud Photo Library is opt in, so people who are worried about their photos being matched to a hash don’t need to opt in.
Gruber posits that doing the check client-side, rather than server-side, will allow them to fully encrypt iCloud backups.
So you think China will be happy with Apple using hashes of NCMEC? Where the US government could insert hashes that are of someone they want in China, and then under the guise of CSAM find out all the photos they want of this person?
There is literally no point in encrypting backups if Apple has defied the trust of their customers by inserting this spyware. What's the point in end to end encryption if the spyware is already on the device pre-encryption? How long until it scans all files on your phone before syncing to iCloud? How long before it scans all files all the time?
Apple can resist to government requests but if a government makes that scheme into law Apple cannot resist.
This was true last week too, nothing has changed with regards to Apple's obligation to follow the law in places where they do business.
My guess is that they've been offered a deal: implement the backdoor and the anti-trust/monopoly stuff goes away.
Huh.
You know another big tech, Google, is in the antitrust crosshairs. It also coincides with a decision by Google to no longer give themselves a key to user cloud data so that they can't turn over certain private information even if compelled by court order. They simply can't decrypt it, period. There's been two other recent Google policy changes that will restrict authorities' access to data and communications too, both here and abroad. Is there any connection between privacy and antitrust action? I'm not so sure there isn't.
I actually meant Apple had been offered a deal, but now I'm intrigued.
That is very interesting. There’s a theory floating around that Apple is running the back door in the client so they can implement encrypted backups on iCloud. This seems to blow that idea out of the water.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Until the government in question passes a law that requires Apple to do so, because as they've said many times, they'll comply with any local laws, even to the detriment of their principles concerning privacy.
"We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
And having "steadfastly refused" those demands in the past, you've now done what they want voluntarily. And as soon as a government passes a law requiring the addition of something else, you'll comply, just as you have all along.
I would not expect Apple to necessarily reveal any expansion of it if some country, and in this case I'm thinking of China, would order them to. They've long soft-peddled the "iCloud operated by GCBD" handover. Heck, it's not even an Apple-run program there. Apple is simply contractually required to cooperate with the government-controlled cloud provider in whatever way needed for handlng the demands on services and access. It is no longer Apple's to run, and they aren't making the rules.
You seem to have a finger deep inside Google; do they have something like this, or do they just do the server side scan. I haven't been able to find any reference to a similar setup at any other tech behemoth.
Serious? Did you check? Yes, Google and Microsoft both do something similar. PhotoDNA is Microsoft's tool. They, like Dropbox and Twitter and Tumblr, all scan for CSAM images using the hash checks, and notify the police. Just like this.
...so what's different here? Here Apple does the hash-compare on-device, prior to uploading the image to its commercial cloud server. This allows them to 1) not host the CSAM. 2) Actually offer more privacy by not being aware if you have any CSAM on-device until a certain threshold number of matches has been met.
How come you guys weren't having fits about Google, Microsoft, and Dropbox scanning images? How come re-tooling it by authoritarians wasn't a concern then?
Because Google, MS and Dropbox have never been champions of privacy, and Apple has. Thats one of the big reasons to have an iPhone over an Android phone. Of course it doesn't matter what Apple does, you've got your head so far up their ass you'll always think it's wonderful. They could activate the cameras in every iMac to monitor for "terrorist activity" and you'd think it's brilliant, because it's Apple.
Bollocks. So when the Chinese government tells Apple to add a heap of CPP provided hashes, they’re going to refuse? Of course they won’t. If any government said provided data were hashes of CSAM material, who’s Apple to say it’s not?
That's the great thing about the CSAM material; it's just hashes. In some countries it could kiddie porn; in other countries it could be photos taken by the police at protest march. And in those countries, Apple won't be the only ones checking the pictures.
CSAM is not just hashes. Where did you get that idea? The hashes that Apple will compare against come from NCMEC, where the actual images are stored. The hashes are created from the images. Are we supposed to believe that NCMEC will now just accept a hash from any government that feels like sending it over without a corresponding image to go along with it?
Let’s not forget that it US law requires tech companies to report incidences of CSAM. Also, using iCloud Photo Library is opt in, so people who are worried about their photos being matched to a hash don’t need to opt in.
Gruber posits that doing the check client-side, rather than server-side, will allow them to fully encrypt iCloud backups.
So you think China will be happy with Apple using hashes of NCMEC? Where the US government could insert hashes that are of someone they want in China, and then under the guise of CSAM find out all the photos they want of this person?
There is literally no point in encrypting backups if Apple has defied the trust of their customers by inserting this spyware. What's the point in end to end encryption if the spyware is already on the device pre-encryption? How long until it scans all files on your phone before syncing to iCloud? How long before it scans all files all the time?
Nothing is sent to the US government until Apple has reviewed the material and confirmed it is CSAM. If it’s a photo of some Chinese dude it’ll get de-flagged and nothing will happen.
How long before we hear the end of this wailing? Apple are being open and upfront about what they’re doing. If anything changes there’s no reason to think they won’t be open and upfront about that too, at which point you can move to the Ubuntu phone or whatever.
A concern from privacy and security experts has been that this scanning of images on device could easily be extended to the benefit of authoritarian governments that demand Apple expand what it searches for.
"Apple will refuse any such demands," says the FAQ document. "We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future."
Riiiight.
Translation: Here at Apple, we might have created a back door, but we promise to only ever use it for good. Pinky swear!
The skeptic in me agrees with this. I’ve long said there’s a huge difference between not being capable to do something (intentional or not) and promising not to do something when the capability is there. While at this point in time they may very well not acquiesce to government requests, but what about several years down the road? What about China where they have already seeming bent over backwards to maintain a presence there? Being a software engineer myself, I’m sure this went through rigorous review and testing, but any new code added may potentially introduce another attack vector to be exploited.
I'm a software engineer too, and one thing I've always been a little wary of is Apple's testing strategy. They have allowed some seriously weird bugs out into the wild.
Apple's software quality has been going downhill for a long time. There are a lot of bugs that should never ever have passed testing, they obviously don't fuzz the user inputs on any of their software. And considering how many user inputs have been found to have critical bugs, I don't hold out much hope that the non-user facing inputs (streams, executables, document parsing etc) has been tested too well either.
Comments
What will you do? Where will you go? Any answers?
Let’s not forget that it US law requires tech companies to report incidences of CSAM. Also, using iCloud Photo Library is opt in, so people who are worried about their photos being matched to a hash don’t need to opt in.
Gruber posits that doing the check client-side, rather than server-side, will allow them to fully encrypt iCloud backups.
Think of it as a virus scan.
Just going to politely stop you there for a second.
Google hasn't been doing this for years. Google carries out scans on the server, just like Microsoft, just like Apple.
What Google doesn't do (yet) is run government-sponsored spyware on the client device.
Well, I fully expect Google to do the same thing, now that Apple has given law enforcement a taste of what they can get away with.
But the difference is that Android is open-source, so there will still be phones available that don't do the scan.
I think the point that supporters of this are missing is that it isn't the whole scanning, getting someone you neither know or trust to examine your private file, then shutting down your account, demanding you prove to them that you're not a nonce, then contacting the authorities. Nope, that's not the problem.
The problem is doing it on the device.
Yup, that aged well.
You know another big tech, Google, is in the antitrust crosshairs. It also coincides with a decision by Google to no longer give themselves a key to user cloud data backups so that they can't turn over certain private information even if compelled by court order. They simply can't decrypt it, period. There's been two other recent Google policy changes that will restrict authorities' access to data and communications too, both here and abroad. Is there any connection between privacy and antitrust action? I'm not so sure there isn't.
I actually meant Apple had been offered a deal, but now I'm intrigued.
Google, throwing away the keys?
Where's the link for this?
What virus scan can be switched on and off by changing the law?
https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/
...you dudes are simply panicking and clutching your pearls because you didn't know about it before.
https://protectingchildren.google/intl/en/
https://www.microsoft.com/en-us/PhotoDNA/CloudService
...so what's different here? Here Apple does the hash-compare on-device, prior to uploading the image to its commercial cloud server. This allows them to 1) not host the CSAM. 2) Actually offer more privacy by not being aware if you have any CSAM on-device until a certain threshold number of matches has been met.
How come you guys weren't having fits about Google, Microsoft, and Dropbox scanning images? How come re-tooling it by authoritarians wasn't a concern then?
There is literally no point in encrypting backups if Apple has defied the trust of their customers by inserting this spyware. What's the point in end to end encryption if the spyware is already on the device pre-encryption? How long until it scans all files on your phone before syncing to iCloud? How long before it scans all files all the time?
How long before we hear the end of this wailing? Apple are being open and upfront about what they’re doing. If anything changes there’s no reason to think they won’t be open and upfront about that too, at which point you can move to the Ubuntu phone or whatever.