Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
ANY official sources for this claim? Do you understand the fact that you are purely SPECULATING WITHOUT ANY BASIS or whatsoever? Has Apple EVER said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled? Can you please point to OFFICIAL statement from Apple on this?
Lol. A big part of the fun of this website and following Apple's moves in general is the speculation. Apple hasn't given any official statement about AR glasses or a car. Should we not speculate about those, and what features they might have until there's an official statement? Hell, Apple hasn't given any official statement that they will be releasing a new iPhone this year. Better NOT spread that RUMOR WITHOUT any basis again and again.
"SPECULATING WITHOUT ANY BASIS". Really? No basis? They're taking actions which we can all see, officially announced actions, and those actions are a valid basis for speculation. Just think about their motives for a second. Why might Apple implement on device scanning instead of cloud based? For the Lulz? Because they're evil? Maybe there are other reasons then laying the groundwork for E2EE, sure. I'd love to hear other folks' speculation on what they might be.
No one said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled. In fact that was probably their biggest mistake. Perhaps that's why they've delayed it. If they later announce it as part of a rollout of E2EE, which I presume would be opt in per iCloud account like 2FA or iCloud messages, they can then offer customers the choice of scanning on iCloud, on device scanning, turning off iCloud, or moving to a non-Apple phone. Choose your poison.
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
Scan it on the server is the only alternative being bandied about, which completely misses the point that your data is far more vulnerable to seizure by the authorities (and hackers) if Apple keeps the encryption key. The on-device solution would mean Apple are able to apply end to end encryption to your iCloud Photo Library, and your privacy would be much enhanced.
If Apple NEVER plans to implement end-to-end encryption for iCloud data (there is absolutely NO indication to that effect from Apple so far), would you agree that on-device scanning is unnecessary when everything can be done at server side itself (in Apple's property instead of private owner's property)?
Good question.
I think one really positive thing about what Apple has been doing with the proposed solution is the relative openness and transparency. I may be wrong, but I don't think they've ever been nearly as transparent about any screening processes running in the cloud. I think placing the scan up front and being clear about what it's doing is a positive step. Maybe they could do the same for backend scanning, but since they haven't in the past, I'm going to chalk that up as a positive for the on-device scanning.
Also, since iPhones are in the hands of users, and consequently tinkerers and people who will dissect the software, you could argue that any changes to procedures and the hash table will be much more discoverable by the user community; whereas Apple's scanning on the server is a completely inscrutable black box. I'd actually like to see Apple doing more in exposing even more of the plumbing of the on device checks and the hashes and their source so that it can be publicly audited too, and that's something which is a possibility with an on device scan, and not really verifiable with server-side.
In terms of the scanning itself, obviously there's no real difference whether you do it on device or in the cloud, which is precisely why I'm unconcerned from a privacy standpoint.
If you've been paying attention, anything that Priti Patel endorses should cause you to think before agreeing with her. She is an incompetent minister, a bully, and she's broken the Ministerial Code numerous times. Those aren't ad hominem attacks, and they aren't based on her race; they are facts, and are based on her actions and record.
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
ANY official sources for this claim? Do you understand the fact that you are purely SPECULATING WITHOUT ANY BASIS or whatsoever? Has Apple EVER said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled? Can you please point to OFFICIAL statement from Apple on this?
Lol. A big part of the fun of this website and following Apple's moves in general is the speculation. Apple hasn't given any official statement about AR glasses or a car. Should we not speculate about those, and what features they might have until there's an official statement? Hell, Apple hasn't given any official statement that they will be releasing a new iPhone this year. Better NOT spread that RUMOR WITHOUT any basis again and again.
"SPECULATING WITHOUT ANY BASIS". Really? No basis? They're taking actions which we can all see, officially announced actions, and those actions are a valid basis for speculation. Just think about their motives for a second. Why might Apple implement on device scanning instead of cloud based? For the Lulz? Because they're evil? Maybe there are other reasons then laying the groundwork for E2EE, sure. I'd love to hear other folks' speculation on what they might be.
No one said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled. In fact that was probably their biggest mistake. Perhaps that's why they've delayed it. If they later announce it as part of a rollout of E2EE, which I presume would be opt in per iCloud account like 2FA or iCloud messages, they can then offer customers the choice of scanning on iCloud, on device scanning, turning off iCloud, or moving to a non-Apple phone. Choose your poison.
Apple did NOT mention a word about end-to-end encryption when they detailed about CSAM implementation because they do NOT have any such plans to do it. It is that simple. Even after the fallout of CSAM announcement, they did NOT mention end-to-end encryption as their goal AND that CSAM being the only stumbling block towards achieving that goal. So, why are you assuming it when Apple has given no indication or whatsoever about this?
And what track record are you talking about? The one in China where they gave up iCloud keys completely to Chinese authorities? If past actions are any guide to Apple's future plans, Apple NOT implementing the end-to-end encryption is the safe bet to make.
Talk about ridiculous worry mongering going on. Let me get this straight, you are all worried that once this system is put into place, Apple will be compelled by governments and other evil entities to expand the “scanning” and reporting into other areas? Is that the gist of it?
Can one of you please explain to me how that is not currently possible? Because I’m missing something. If desired, China could require Apple to surveillance EVERYTHING on your device. There is no absolutely need for this CSAM tool to do that.
For years, Apple and every other online service was already compelled to search through all user data stored on their servers and report illegal child pornography. Why haven’t they expanded that search into other areas? Can one of you explain that?
The current “laws” do not allow e2e encryption of stored data for that one and only reason; child pornography. This gives law enforcement [warranted] access to all your iCloud data, not just your illegal photos.
All Apple’s CSAM tools allow, is that Apple can remain complaint to current laws (reporting illegal child pornography) while also offering users the ability to store the rest of their data (and photos) encrypted and out of prying eyes.
Couple of points: 1. It may be extremely hard for you to grasp this basic point, but many people do understand this - Apple's iCloud servers are Apple's property and anything stored in iCloud by end-users is public data for all practical purposes (even though the owner of the data is end-users). And Apple can scan data in their property for illegal content and report it to law enforcement agencies. BUT they have no business or whatsoever looking into the data stored in a device which is "owned' by end-users. "Ownership of the property" is the key operative word here. Apple owns iCloud and they can do whatever hell they want to do with it, as long as they "inform" end-users about it. End-users own the phones and Apple/Google/<anyone else> (at least the ones who "claim" to uphold the "privacy" of the end-users) has no business peeking into it.
2. The most important one - you mentioned "All Apple’s CSAM tools allow, is that Apple can remain complaint to current laws (reporting illegal child pornography) while also offering users the ability to store the rest of their data (and photos) encrypted and out of prying eyes". This is pure SPECULATION on your part and please do NOT spread this RUMOR WITHOUT any basis again and again. Apple has NEVER mentioned that they WILL implement end-to-end encryption as soon as on-device CSAM scanning is enabled. NEVER. It is pure speculation by some of the AI forum members that Apple would do it. If you are so sure about it, can you please share Apple's official statement on this?
You should read some of the evaluations of Apple's proposed CSAM detection tool, as apparently neither you nor the sources you get information from understand what is being proposed.
1. The proposed tool does not "[look] into the data stored" in your device. It looks at the data you have told it to send to Apple's photo sync/sharing service. If you don't use iCloud Photo Library, the CSAM detection is never run.
On the other hand, Spotlight looks at all the data stored on your device, and it would be trivial to extend it to tell Apple or whatever government agency if you have mentioned the words "bomb" and "president" together in any thread in Messages. How is this CSAM detection tool a threat to privacy but Spotlight isn't?
2. The whole system intrinsically involves end-to-end encryption for all images sent to iCloud Photo Library. If implemented, all photos sent to Apple would be encrypted. That's literally the whole point of the tool. If a CSAM match is detected, the tool emits a "voucher" which contains a point in 30-dimensional space. When enough points are accumulated, they can be used to find the key the device used to encrypt the photos, which can then be used to decrypt them and verify if they actually are CSAM.
To protect against a single such voucher being used as proof that a particular person has uploaded CSAM, the tool also emits "synthetic vouchers" which contain garbage points which don't contribute to the ability to find the image encryption key. Apple can only tell which vouchers from an account are real when they get 30 real vouchers from that account.
Apple did NOT mention a word about end-to-end encryption when they detailed about CSAM implementation because they do NOT have any such plans to do it. It is that simple.
Bold words. By that logic Apple also have no plans to release AR glasses, a car, or even another iPhone, because they've never mentioned it.
Even after the fallout of CSAM announcement, they did NOT mention end-to-end encryption as their goal AND that CSAM being the only stumbling block towards achieving that goal. So, why are you assuming it when Apple has given no indication or whatsoever about this?
Secondly: https://en.wikipedia.org/wiki/Process_of_elimination - what other possible reason could there be for Apple to implement on device scanning instead of cloud scanning? I'm completely open to other plausible explanations but so far haven't come across any others in any discussion of this topic.
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
Scan it on the server is the only alternative being bandied about, which completely misses the point that your data is far more vulnerable to seizure by the authorities (and hackers) if Apple keeps the encryption key. The on-device solution would mean Apple are able to apply end to end encryption to your iCloud Photo Library, and your privacy would be much enhanced.
If Apple NEVER plans to implement end-to-end encryption for iCloud data (there is absolutely NO indication to that effect from Apple so far), would you agree that on-device scanning is unnecessary when everything can be done at server side itself (in Apple's property instead of private owner's property)?
Good question.
I think one really positive thing about what Apple has been doing with the proposed solution is the relative openness and transparency. I may be wrong, but I don't think they've ever been nearly as transparent about any screening processes running in the cloud. I think placing the scan up front and being clear about what it's doing is a positive step. Maybe they could do the same for backend scanning, but since they haven't in the past, I'm going to chalk that up as a positive for the on-device scanning.
Also, since iPhones are in the hands of users, and consequently tinkerers and people who will dissect the software, you could argue that any changes to procedures and the hash table will be much more discoverable by the user community; whereas Apple's scanning on the server is a completely inscrutable black box. I'd actually like to see Apple doing more in exposing even more of the plumbing of the on device checks and the hashes and their source so that it can be publicly audited too, and that's something which is a possibility with an on device scan, and not really verifiable with server-side.
In terms of the scanning itself, obviously there's no real difference whether you do it on device or in the cloud, which is precisely why I'm unconcerned from a privacy standpoint.
Supposably not the algorithm that Apple will be using in their final CSAM tool. But still shows that Apple will probably be playing a cat and mouse game with hackers over this.
Maybe no real difference between scanning images of your iCloud Photos library on your device or on the iCloud sever. But there is a difference when it comes to scanning images in iMessage, of minors iPhones (than has it enabled). First of all, the scanning do not involve hash. The scan involves using software recognition. Much like the software use to find all the photos with your dog in it. Second, iMessage is suppose to be end to end encryption. Which should mean that not even Apple should be able to read your message. And there's no way that Apple can scan the iMessage image on their server since iMessage is suppose to be end to end encryption and Apple do not have the key to read the iMessage, once it's in their server. So not only will Apple CSAM tool scan the image(s) being sent (from a minor's iPhone/iPad), before encryption on the device, it will also scan the image(s) they receive, after decryption on the device. Even if the image received, was not sent by a minor.
The funny thing is that even if you're unconcern about your privacy or any loss thereof and not willing put up any fight, your government is very concern and will fight for you. And seems willing to make sure they don't toss the baby out with the bathwater.
Unlike here in the US. Where our government don't seen to be too concern at all about its citizens privacy and seems more than willing want to put an end to end to end encryption and have back doors installed, to make it easier for law enforcement. But the people here take their privacy more seriously and will put up a fight, to prevent it from being chipped away. Even if it's just a little bit at a time.
Apple did NOT mention a word about end-to-end encryption when they detailed about CSAM implementation because they do NOT have any such plans to do it. It is that simple.
Bold words. By that logic Apple also have no plans to release AR glasses, a car, or even another iPhone, because they've never mentioned it.
Even after the fallout of CSAM announcement, they did NOT mention end-to-end encryption as their goal AND that CSAM being the only stumbling block towards achieving that goal. So, why are you assuming it when Apple has given no indication or whatsoever about this?
Secondly: https://en.wikipedia.org/wiki/Process_of_elimination - what other possible reason could there be for Apple to implement on device scanning instead of cloud scanning? I'm completely open to other plausible explanations but so far haven't come across any others in any discussion of this topic.
As per the first link that you shared, Apple has abandoned the plan for end-to-end encryption after FBI complained. It does not make any mention about Apple reviving the end-to-end encryption, does it? If that is the case, without further announcement from Apple to that effect, wouldn't it be logical to assume that Apple is NOT planning to implement end-to-end encryption?
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
Scan it on the server is the only alternative being bandied about, which completely misses the point that your data is far more vulnerable to seizure by the authorities (and hackers) if Apple keeps the encryption key. The on-device solution would mean Apple are able to apply end to end encryption to your iCloud Photo Library, and your privacy would be much enhanced.
If Apple NEVER plans to implement end-to-end encryption for iCloud data (there is absolutely NO indication to that effect from Apple so far), would you agree that on-device scanning is unnecessary when everything can be done at server side itself (in Apple's property instead of private owner's property)?
Good question.
I think one really positive thing about what Apple has been doing with the proposed solution is the relative openness and transparency. I may be wrong, but I don't think they've ever been nearly as transparent about any screening processes running in the cloud. I think placing the scan up front and being clear about what it's doing is a positive step. Maybe they could do the same for backend scanning, but since they haven't in the past, I'm going to chalk that up as a positive for the on-device scanning.
Also, since iPhones are in the hands of users, and consequently tinkerers and people who will dissect the software, you could argue that any changes to procedures and the hash table will be much more discoverable by the user community; whereas Apple's scanning on the server is a completely inscrutable black box. I'd actually like to see Apple doing more in exposing even more of the plumbing of the on device checks and the hashes and their source so that it can be publicly audited too, and that's something which is a possibility with an on device scan, and not really verifiable with server-side.
In terms of the scanning itself, obviously there's no real difference whether you do it on device or in the cloud, which is precisely why I'm unconcerned from a privacy standpoint.
Supposably not the algorithm that Apple will be using in their final CSAM tool. But still shows that Apple will probably be playing a cat and mouse game with hackers over this.
Maybe no real difference between scanning images of your iCloud Photos library on your device or on the iCloud sever. But there is a difference when it comes to scanning images in iMessage, of minors iPhones (than has it enabled). First of all, the scanning do not involve hash. The scan involves using software recognition. Much like the software use to find all the photos with your dog in it. Second, iMessage is suppose to be end to end encryption. Which should mean that not even Apple should be able to read your message. And there's no way that Apple can scan the iMessage image on their server since iMessage is suppose to be end to end encryption and Apple do not have the key to read the iMessage, once it's in their server. So not only will Apple CSAM tool scan the image(s) being sent (from a minor's iPhone/iPad), before encryption on the device, it will also scan the image(s) they receive, after decryption on the device. Even if the image received, was not sent by a minor.
The funny thing is that even if you're unconcern about your privacy or any loss thereof and not willing put up any fight, your government is very concern and will fight for you. And seems willing to make sure they don't toss the baby out with the bathwater.
Unlike here in the US. Where our government don't seen to be too concern at all about its citizens privacy and seems more than willing want to put an end to end to end encryption and have back doors installed, to make it easier for law enforcement. But the people here take their privacy more seriously and will put up a fight, to prevent it from being chipped away. Even if it's just a little bit at a time.
We were only talking about the CSAM hash scan, not the messaging. That's obviously a completely different scenario.
Sadly I don't live in the European Union, though thankfully not the USA either.
Oh man, now I’m conflicted. I was a defender of Apple’s CSAM solution, but it does not sit at all well with me to be on the same side of the argument as Priti Patel. The woman is a nasty piece of work.
Yes communists like yourself have a special racial hatred for Priti Patel. The daughter of an immigrant to the U.K. who is a minister in the Conservative party.
A fact which also makes the comments about the U.K. becoming ‘communist/ mini-China’ even more hilarious. But these are probably comments from ignorant types who probably could identify either China or the U.K. on a map, and get worried when they occasionally cross the county-line.
Crowley a communist? Bwahahaha, are you fucking insane? What a ridiculous claim to make. Priti Patel is a nasty piece of work, a fucking bully that doesn't deserve the position she enjoys now (she should have been fired long ago), a perfect symbol of all that is wrong with the current UK government.
Oh man, now I’m conflicted. I was a defender of Apple’s CSAM solution, but it does not sit at all well with me to be on the same side of the argument as Priti Patel. The woman is a nasty piece of work.
Yes communists like yourself have a special racial hatred for Priti Patel. The daughter of an immigrant to the U.K. who is a minister in the Conservative party.
A fact which also makes the comments about the U.K. becoming ‘communist/ mini-China’ even more hilarious. But these are probably comments from ignorant types who probably could identify either China or the U.K. on a map, and get worried when they occasionally cross the county-line.
Oh man, now I’m conflicted. I was a defender of Apple’s CSAM solution, but it does not sit at all well with me to be on the same side of the argument as Priti Patel. The woman is a nasty piece of work.
Yes communists like yourself have a special racial hatred for Priti Patel. The daughter of an immigrant to the U.K. who is a minister in the Conservative party.
A fact which also makes the comments about the U.K. becoming ‘communist/ mini-China’ even more hilarious. But these are probably comments from ignorant types who probably could identify either China or the U.K. on a map, and get worried when they occasionally cross the county-line.
I'm not a communist dude. Calm your crazy down.
And what if you were?
I don't know, what if I were?
I'm not, so it hardly seems a question worth asking.
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
Solution Proposal.
1. Do not scan on device. 2. Turn on E2EE for the iCloud. 3. Since Apple cannot scan either the device or iCloud, in compliance with current law, since Apple has not obtained knowledge about specific illegal items it has no responsibility to report anything. With E2EE it can no longer find and cannot allow law enforcement readable access.
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
Solution Proposal.
1. Do not scan on device. 2. Turn on E2EE for the iCloud. 3. Since Apple cannot scan either the device or iCloud, in compliance with current law, since Apple has not obtained knowledge about specific illegal items it has no responsibility to report anything. With E2EE it can no longer find and cannot allow law enforcement readable access.
That solves the problem across board.
And everyone who enjoys a dabble in child abuse photography cheers!
Has anyone who is against Apple’s CSAM plans proposed an alternative solution, especially taking into account the scenario where Apple enables end-to-end encryption on iCloud?
As my boss would say “don’t come to me with problems, come to me with solutions” but the only alternative solution I’ve heard so far is don’t do anything.
ANY official sources for this claim? Do you understand the fact that you are purely SPECULATING WITHOUT ANY BASIS or whatsoever? Has Apple EVER said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled? Can you please point to OFFICIAL statement from Apple on this?
Lol. A big part of the fun of this website and following Apple's moves in general is the speculation. Apple hasn't given any official statement about AR glasses or a car. Should we not speculate about those, and what features they might have until there's an official statement? Hell, Apple hasn't given any official statement that they will be releasing a new iPhone this year. Better NOT spread that RUMOR WITHOUT any basis again and again.
"SPECULATING WITHOUT ANY BASIS". Really? No basis? They're taking actions which we can all see, officially announced actions, and those actions are a valid basis for speculation. Just think about their motives for a second. Why might Apple implement on device scanning instead of cloud based? For the Lulz? Because they're evil? Maybe there are other reasons then laying the groundwork for E2EE, sure. I'd love to hear other folks' speculation on what they might be.
No one said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled. In fact that was probably their biggest mistake. Perhaps that's why they've delayed it. If they later announce it as part of a rollout of E2EE, which I presume would be opt in per iCloud account like 2FA or iCloud messages, they can then offer customers the choice of scanning on iCloud, on device scanning, turning off iCloud, or moving to a non-Apple phone. Choose your poison.
Apple did NOT mention a word about end-to-end encryption when they detailed about CSAM implementation because they do NOT have any such plans to do it. It is that simple. Even after the fallout of CSAM announcement, they did NOT mention end-to-end encryption as their goal AND that CSAM being the only stumbling block towards achieving that goal. So, why are you assuming it when Apple has given no indication or whatsoever about this?
And what track record are you talking about? The one in China where they gave up iCloud keys completely to Chinese authorities? If past actions are any guide to Apple's future plans, Apple NOT implementing the end-to-end encryption is the safe bet to make.
Turns out Apple have been working on end-to-end encryption for years. So much for “a safe bet” ¯\_(ツ)_/¯
Apple did NOT mention a word about end-to-end encryption when they detailed about CSAM implementation because they do NOT have any such plans to do it. It is that simple.
If past actions are any guide to Apple's future plans, Apple NOT implementing the end-to-end encryption is the safe bet to make.
Comments
"SPECULATING WITHOUT ANY BASIS". Really? No basis? They're taking actions which we can all see, officially announced actions, and those actions are a valid basis for speculation. Just think about their motives for a second. Why might Apple implement on device scanning instead of cloud based? For the Lulz? Because they're evil? Maybe there are other reasons then laying the groundwork for E2EE, sure. I'd love to hear other folks' speculation on what they might be.
No one said that they would implement end-to-end encryption as soon as on-device CSAM scanning is enabled. In fact that was probably their biggest mistake. Perhaps that's why they've delayed it. If they later announce it as part of a rollout of E2EE, which I presume would be opt in per iCloud account like 2FA or iCloud messages, they can then offer customers the choice of scanning on iCloud, on device scanning, turning off iCloud, or moving to a non-Apple phone. Choose your poison.
I think one really positive thing about what Apple has been doing with the proposed solution is the relative openness and transparency. I may be wrong, but I don't think they've ever been nearly as transparent about any screening processes running in the cloud. I think placing the scan up front and being clear about what it's doing is a positive step. Maybe they could do the same for backend scanning, but since they haven't in the past, I'm going to chalk that up as a positive for the on-device scanning.
Also, since iPhones are in the hands of users, and consequently tinkerers and people who will dissect the software, you could argue that any changes to procedures and the hash table will be much more discoverable by the user community; whereas Apple's scanning on the server is a completely inscrutable black box. I'd actually like to see Apple doing more in exposing even more of the plumbing of the on device checks and the hashes and their source so that it can be publicly audited too, and that's something which is a possibility with an on device scan, and not really verifiable with server-side.
In terms of the scanning itself, obviously there's no real difference whether you do it on device or in the cloud, which is precisely why I'm unconcerned from a privacy standpoint.
And what track record are you talking about? The one in China where they gave up iCloud keys completely to Chinese authorities? If past actions are any guide to Apple's future plans, Apple NOT implementing the end-to-end encryption is the safe bet to make.
1. The proposed tool does not "[look] into the data stored" in your device. It looks at the data you have told it to send to Apple's photo sync/sharing service. If you don't use iCloud Photo Library, the CSAM detection is never run.
On the other hand, Spotlight looks at all the data stored on your device, and it would be trivial to extend it to tell Apple or whatever government agency if you have mentioned the words "bomb" and "president" together in any thread in Messages. How is this CSAM detection tool a threat to privacy but Spotlight isn't?
2. The whole system intrinsically involves end-to-end encryption for all images sent to iCloud Photo Library. If implemented, all photos sent to Apple would be encrypted. That's literally the whole point of the tool. If a CSAM match is detected, the tool emits a "voucher" which contains a point in 30-dimensional space. When enough points are accumulated, they can be used to find the key the device used to encrypt the photos, which can then be used to decrypt them and verify if they actually are CSAM.
To protect against a single such voucher being used as proof that a particular person has uploaded CSAM, the tool also emits "synthetic vouchers" which contain garbage points which don't contribute to the ability to find the image encryption key. Apple can only tell which vouchers from an account are real when they get 30 real vouchers from that account.
First of all: https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT
Secondly: https://en.wikipedia.org/wiki/Process_of_elimination - what other possible reason could there be for Apple to implement on device scanning instead of cloud scanning? I'm completely open to other plausible explanations but so far haven't come across any others in any discussion of this topic.
Supposably not the algorithm that Apple will be using in their final CSAM tool. But still shows that Apple will probably be playing a cat and mouse game with hackers over this.
Maybe no real difference between scanning images of your iCloud Photos library on your device or on the iCloud sever. But there is a difference when it comes to scanning images in iMessage, of minors iPhones (than has it enabled). First of all, the scanning do not involve hash. The scan involves using software recognition. Much like the software use to find all the photos with your dog in it. Second, iMessage is suppose to be end to end encryption. Which should mean that not even Apple should be able to read your message. And there's no way that Apple can scan the iMessage image on their server since iMessage is suppose to be end to end encryption and Apple do not have the key to read the iMessage, once it's in their server. So not only will Apple CSAM tool scan the image(s) being sent (from a minor's iPhone/iPad), before encryption on the device, it will also scan the image(s) they receive, after decryption on the device. Even if the image received, was not sent by a minor.
The funny thing is that even if you're unconcern about your privacy or any loss thereof and not willing put up any fight, your government is very concern and will fight for you. And seems willing to make sure they don't toss the baby out with the bathwater.
https://carnegieendowment.org/2021/03/31/encryption-debate-in-european-union-2021-update-pub-84217
Unlike here in the US. Where our government don't seen to be too concern at all about its citizens privacy and seems more than willing want to put an end to end to end encryption and have back doors installed, to make it easier for law enforcement. But the people here take their privacy more seriously and will put up a fight, to prevent it from being chipped away. Even if it's just a little bit at a time.
Sadly I don't live in the European Union, though thankfully not the USA either.
I'm not, so it hardly seems a question worth asking.
1. Do not scan on device.
2. Turn on E2EE for the iCloud.
3. Since Apple cannot scan either the device or iCloud, in compliance with current law, since Apple has not obtained knowledge about specific illegal items it has no responsibility to report anything. With E2EE it can no longer find and cannot allow law enforcement readable access.
That solves the problem across board.
Literally everyone is happy!
Jfc
https://appleinsider.com/articles/22/12/13/apples-advanced-data-protection-feature-is-here---what-you-need-to-know/