I do believe the soundbite that got out early was, 'oh my god, Apple is scanning my phone for images.' This is not what is happening." — Craig Federighi
It is what is happening. How else do they create the “magical” hashes? It is happening on the phone. So, Craig, why do you say that is not what is happening when that is exactly what is happening?
Agreeing to the terms of service for iCloud is the only thing that actually matters. Once you do that, files that are coming from apps that you've chose to be backed up in iCloud are going to be scanned. There's no difference between that happening on the phone or on the iCloud servers. You agreed to the terms and the files being scanned are exactly the same in both scenarios.
Wrong. Agreeing to the terms of service to iCloud does not allow them to repurpose my phone to do that scan. They can scan it in iCloud. This on phone scanning is not needed and just opens Pandora’s Box.
I do believe the soundbite that got out early was, 'oh my god, Apple is scanning my phone for images.' This is not what is happening." — Craig Federighi
It is what is happening. How else do they create the “magical” hashes? It is happening on the phone. So, Craig, why do you say that is not what is happening when that is exactly what is happening?
Agreeing to the terms of service for iCloud is the only thing that actually matters. Once you do that, files that are coming from apps that you've chose to be backed up in iCloud are going to be scanned. There's no difference between that happening on the phone or on the iCloud servers. You agreed to the terms and the files being scanned are exactly the same in both scenarios.
This comment has absolutely nothing to do with my point, which is that Craig is lying by saying that photos are not being scanned on device.
The biggest problem with it was very poor communication, and the naive assumption that a corporation that has defined itself as a champion of privacy could drop a bomb like this without first getting review and buy in from privacy advocates and watchdogs like the EFF. hopefully, lesson learned. But Apple’s reaction is very encouraging. Yes, this will probably come back, but I’m pretty sure they will have it vetted by EFF and other actors first, instead of making it a fait accompli.
How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?
Implying Apple is not any worse than "everyone else" is not a ringing endorsement.
With comments like this, it's clear that people still don't understand the difference. There is no cloud storage company that wants CSAM material on their service. Period. You can either scan for it locally, on device... in a private way, or you can wait until the files are uploaded and scanned in a less private way. Your choice.
I wouldn't be surprised if this step is a prerequisite for Apple going full end-to-end encryption with photos next. Once they have something like this in place, they can justify to authorities how they know they're not holding CSAM material without invading user privacy in the process.
I think it's rather naive to think that Apple isn't going to have to address this with regard to ensuring they don't have CSAM material on their cloud services. You can either do it your way that preserves privacy the best you can or you have laws written to have it done their way which will most certainly be more invasive. If you wait for the laws to come, you lose your choice on how to implement it.
How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?
Implying Apple is not any worse than "everyone else" is not a ringing endorsement.
How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?
I won't use a smart speaker, but regarding Facebook & co. you are comparing apples to oranges – just don't give these apps access to your photos etc. and think about what you are uploading and you will be fine.
my point was not comparing Apple to any of these other corporations. My point was that it's a bit hypocritical to be completely ok with all of these other 'services' snooping, scraping, monetizing and otherwise surveilling your personally life and then to start screaming about Apple trying to do something to protect the most vulnerable people in society in a way that preserves people's privacy.
Everyone makes the obligatory statement that they're against exploiting children, but somehow they're not willing to put their money where their mouth is. But they are willing to give up their privacy for the ability to brag about their vacation, post conspiracy theories and snoop on their neighbors. I find it a very sad commentary on people's values.
People are against a lot of horrible things, but Apple, regardless of how laudable the company’s intentions, has no business intercepting anything that’s on my phone. Privacy doesn’t come with a back door. As for what people post on social media-that’s their choice.
How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?
I do not have any of those things… I obviously can’t speak for everyone though…
Does anyone here realize THIS means iCloud Photos stay virtually unencrypted, just as they have been since at least 2020? That CSAM thingy was supposed to scan the pics on-device so that they could be uploaded securely to iCloud if they don't violate the policy.
That is the mark of a quality corporation as well as a quality individual: Realizing that they are not perfect and everything thing they do is not inherently the right thing.
It's a humility that enables one to admit and correct mistakes -- or at least examine that they may have been mistakes.
Was this the right thing or the wrong thing to do? The mere fact that Apple sees that as a valid question speaks highly of them.
Good job Apple!
Apple and humility in the same sentence? Give me a break. They have a problem in admitting and correcting mistakes, look no further than the butterfly keyboard. This is a company that has reached monopoly size, and increasingly throws its weight around because people are locked into their ecosystem.
muthuk_vanalingam said: Nope. Apple can very well scan the photos in iCloud and report it to authorities.
It doesn't make a difference when or where Apple scans files. You can't use iCloud without agreeing to Apple's terms of service and part of that includes Apple reserving the right to scan files the user is backing up in the cloud. Once you select an app to have files backed up in iCloud, you can't object to Apple scanning those files. Your selection per the cloud has given Apple the right to scan them.
That is the mark of a quality corporation as well as a quality individual: Realizing that they are not perfect and everything thing they do is not inherently the right thing.
It's a humility that enables one to admit and correct mistakes -- or at least examine that they may have been mistakes.
Humility.... Word of the day.
Lol. I am sure George wouldn't understand the reason for your post or that it was directed at him.
I got a good belly laugh at the expense of the one pushing ideology over truth.
muthuk_vanalingam said: Nope. Apple can very well scan the photos in iCloud and report it to authorities.
It doesn't make a difference when or where Apple scans files. You can't use iCloud without agreeing to Apple's terms of service and part of that includes Apple reserving the right to scan files the user is backing up in the cloud. Once you select an app to have files backed up in iCloud, you can't object to Apple scanning those files. Your selection per the cloud has given Apple the right to scan them.
It does make a difference and many people understand that difference, which is why there is outrage. And there is NO technical limitation for Apple to perform this in iCloud. Then why does Apple insist on doing it on-device? That raises suspicion significantly on the motive of Apple.
Only the crazy pedos and Libertarians are outraged. Others are concerned where this go and what it could lead to -- but not outraged..
Did Apple ever explain in easy to understand language how a human can review the photos if they are encrypted and private? Which is it? Reviewable by humans or encrypted? It can't be both.
Did Apple ever explain in easy to understand language how a human can review the photos if they are encrypted and private? Which is it? Reviewable by humans or encrypted? It can't be both.
Encrypted but with keys held by Apple, so that the images can be decrypted on-demand.
Does anyone here realize THIS means iCloud Photos stay virtually unencrypted, just as they have been since at least 2020? That CSAM thingy was supposed to scan the pics on-device so that they could be uploaded securely to iCloud if they don't violate the policy.
But this is the back door officials are looking for… what good is e2e encryption if there is any point in the process where data can be transmitted so that it notifies a 3rd party of what it may contain? If there’s any point where data can be transmitted, it renders the purpose of encryption useless.
While apples solution won’t transmit anything until a certain threshold is met, the capability is there to transmit info about the data being encrypted, which necessarily circumvents the e2e process. It becomes a “we promise and absolutely swear we won’t do anything else” which is as good as no e2e encryption. This is a slippery slope, and new “features” could feasibly added touting the “success” of the on device scanning, and so it would begin…
The data may technically be e2e encrypted, but the weak point becomes just outside the front door. If something or someone is sitting there, watching what is going in or coming out, then what good is having opaque walls? If I knew someone was watching my front door (which in this case we do), I’d just do my criminal stuff somewhere else.
This also opens the door for bad actors to exploit this system… people have already started poking and prodding the disabled version of this in ios14.
I personally consider iCloud photos to be public, and act accordingly, despite any “niceties” Apple may provide in terms of privacy of the service. While I’d like to see icloud photos encrypted so that absolutely the only intended parties can see them (people I’ve shared with), I would not accept this on device scanning to achieve that.
That is the mark of a quality corporation as well as a quality individual: Realizing that they are not perfect and everything thing they do is not inherently the right thing.
It's a humility that enables one to admit and correct mistakes -- or at least examine that they may have been mistakes.
Was this the right thing or the wrong thing to do? The mere fact that Apple sees that as a valid question speaks highly of them.
Good job Apple!
Apple and humility in the same sentence? Give me a break. They have a problem in admitting and correcting mistakes, look no further than the butterfly keyboard. This is a company that has reached monopoly size, and increasingly throws its weight around because people are locked into their ecosystem.
That's true. Their history of humility (especially since Steve) has not been great. But I give them credit for it this time.
I think this clip of Steve says a lot: While he's proud of what he created he realizes that he doesn't have the perfect answer for everybody.
Child Sexual Abuse Material - CSAM would affect to many powerful people in all walks of life! I will not list the whos who since I may be “Cancelled”.
iPhone sales will be down drastically from these people (we're talking about worldwide issues here) plus other paranoias. Apple has good intention but their large profits will be eaten.
How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?
Implying Apple is not any worse than "everyone else" is not a ringing endorsement.
How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?
I won't use a smart speaker, but regarding Facebook & co. you are comparing apples to oranges – just don't give these apps access to your photos etc. and think about what you are uploading and you will be fine.
my point was not comparing Apple to any of these other corporations. My point was that it's a bit hypocritical to be completely ok with all of these other 'services' snooping, scraping, monetizing and otherwise surveilling your personally life and then to start screaming about Apple trying to do something to protect the most vulnerable people in society in a way that preserves people's privacy.
Everyone makes the obligatory statement that they're against exploiting children, but somehow they're not willing to put their money where their mouth is. But they are willing to give up their privacy for the ability to brag about their vacation, post conspiracy theories and snoop on their neighbors. I find it a very sad commentary on people's values.
That's because people make a choice to use FB/IG/Twitter etc, they make a choice to lose privacy over the photo they post, and they are posting that photo to someone else's device. Plus, they agreed to scanning for "objectionable material" when they signed up. No service - not even Google or FB, scans the photos on your own device. Apple was going to install spyware on people's own devices without permission, and with no choice. No one agreed to Apple scanning devices for CSAM when they bought their phones.
Ceasing to use FB/IG/Twitter doesn't cost a penny. Ceasing to use an iPhone could cost a lot of cash, especially if you are deeply invested in the ecosystem.
You completely missed conveniently ignored the part where Apple wouldn't scan the photos unless they're uploaded to iCloud. So it really wasn't a choice about not using an iPhone, it was a choice about not using iCloud to store your photos. Same as the choice to not use other hosted services like FB/IG/Twitter.
muthuk_vanalingam said: Nope. Apple can very well scan the photos in iCloud and report it to authorities.
It doesn't make a difference when or where Apple scans files. You can't use iCloud without agreeing to Apple's terms of service and part of that includes Apple reserving the right to scan files the user is backing up in the cloud. Once you select an app to have files backed up in iCloud, you can't object to Apple scanning those files. Your selection per the cloud has given Apple the right to scan them.
It does make a difference and many people understand that difference, which is why there is outrage. And there is NO technical limitation for Apple to perform this in iCloud. Then why does Apple insist on doing it on-device? That raises suspicion significantly on the motive of Apple.
The reason why you'd want to do it on-device, rather than on iCloud servers, is so that you could then have true end-to-end encryption (which even Apple can't decrypt). For Apple to be able to scan an image which is uploaded to an iCloud server, it needs to be encrypted in a way which Apple can decrypt (so that they can generate the image hash).
Comments
hopefully, lesson learned. But Apple’s reaction is very encouraging. Yes, this will probably come back, but I’m pretty sure they will have it vetted by EFF and other actors first, instead of making it a fait accompli.
I wouldn't be surprised if this step is a prerequisite for Apple going full end-to-end encryption with photos next. Once they have something like this in place, they can justify to authorities how they know they're not holding CSAM material without invading user privacy in the process.
I think it's rather naive to think that Apple isn't going to have to address this with regard to ensuring they don't have CSAM material on their cloud services. You can either do it your way that preserves privacy the best you can or you have laws written to have it done their way which will most certainly be more invasive. If you wait for the laws to come, you lose your choice on how to implement it.
Scan iCloud all you want. Stay the fuck out of the Messages app.
I got a good belly laugh at the expense of the one pushing ideology over truth.
Only the crazy pedos and Libertarians are outraged. Others are concerned where this go and what it could lead to -- but not outraged..
While apples solution won’t transmit anything until a certain threshold is met, the capability is there to transmit info about the data being encrypted, which necessarily circumvents the e2e process. It becomes a “we promise and absolutely swear we won’t do anything else” which is as good as no e2e encryption. This is a slippery slope, and new “features” could feasibly added touting the “success” of the on device scanning, and so it would begin…
The data may technically be e2e encrypted, but the weak point becomes just outside the front door. If something or someone is sitting there, watching what is going in or coming out, then what good is having opaque walls? If I knew someone was watching my front door (which in this case we do), I’d just do my criminal stuff somewhere else.
This also opens the door for bad actors to exploit this system… people have already started poking and prodding the disabled version of this in ios14.
I personally consider iCloud photos to be public, and act accordingly, despite any “niceties” Apple may provide in terms of privacy of the service. While I’d like to see icloud photos encrypted so that absolutely the only intended parties can see them (people I’ve shared with), I would not accept this on device scanning to achieve that.