exceptionhandler

Xed said:

exceptionhandler said:

I’ve never understood the desire for widgets.  I’ve tried using some form of them since the old dashboard back in snow leopard to ones currently in iOS (I’d rather have more room for apps on my screen than have a widget take up that space). The utility they add just seems too cumbersome, and at which point why not just open the app? Just my personal experience/opinion; I’m sure there are many who swear by them. 

I guess somewhat related are the “complications” on Apple Watch.  I do use some of those on my watch faces.

id be curious to hear about people’s use cases and workflows around widgets.

I have mossed Dashboard widgets, especially when used with Hot Corners to quickly see various types of info at a glance, so I’m very happy with Sonoma’s ability to sue a Hoy Corner to call the desktop which can have various widgets which are much better than the web code-based widgets of the old Dashboard.

As someone who only uses their Desktop as a temporary working location for files it’s almost always empty or nearly empty, so people who have hundreds of  unorganized files on their desktop may not like the new setup, but I love it.

What widgets do you use?

I’ve never understood the desire for widgets.  I’ve tried using some form of them since the old dashboard back in snow leopard to ones currently in iOS (I’d rather have more room for apps on my screen than have a widget take up that space). The utility they add just seems too cumbersome, and at which point why not just open the app? Just my personal experience/opinion; I’m sure there are many who swear by them. 

We recommend that prospective buyers of the Apple TV 4K should buy the Wi-Fi + Ethernet model.

I’d also recommend the one with the Ethernet port for an additional reason.  I had a 3rd gen Apple TV that lost its wifi capability and was out of its support period, but it still served us years because I just used an Ethernet cable to connect it to the network.

All-Purpose Guru said:

So does the EU have ANYBODY in their legislature that has any idea how any of this stuff could be accomplished?

The only way I know that would allow interoperability between different encrypted platforms would take a can opener to the encryption and would compromise security.

Unless the Messages app supports the protocols for these other services, meaning the chat would work in iMessage, but explicitly be limited to Facebook messenger for instance if that’s how the chat started, so you’d have to login in Messages with a Facebook account to send/receive to people on Facebook.  And to use the iMessage protocol in messages, you’d still have to login to iCloud.  So essentially each service would be sandboxed, but dislayable in the app.

but that may not be what they are talking about here, which in that case, you’d be correct unless each separate service understood the same encryption protocol and keys.

StrangeDays said:

Incorrect. Sorry but you're speaking from ignorance here. Deploying 100% E2E is exactly why Apple designed on-device child rape CSAM scanning.

Do you work for Apple? Do you know an insider at Apple that has stated so? Has Apple officially released this detail somewhere?  You’re making an assumption here, and it’s no better than what pundits do that I see bashed all the time here.  Apple may, or may not, be implementing a sort of encryption that would be “wish it were real E2E” (think of the basic security questions banks ask, which is a type of “wish it were 2 factor auth”, it’s not the real thing, dumpster divers can find that info, and at best it’s just secondary passwords “something you know”… real 2F is something you know, and something you have, 3F is something you know, something you have, and something you are.). The whole point of this is, real E2E is when I, in secret, encrypt a message, that no one else knows it’s contents, and it stays encrypted until it reaches the target audience, who has the capability to decrypt it (at which point you have to trust they will not share that info, or someone or something is not watching).  But the point is behind E2E is that only you, the sender are privy to the contents, and sometime later, the target audience is also privy.

point is, even if some criminal were using it (probably not unless they are dumb, because of server side CSAM), they can encrypt their stash using something like TrueCrypt (and even use the plausible deniability mode that double encrypts it) and store it in a general file sharing/storage service like Dropbox or Google drive.  Or heck, even just keep it local and just sync it to their own devices.  They’ll find ways to see and propagate it.

im not saying apple shouldn’t do CSAM… they should, but keep it on the server side.  It’s encrypted in transit (https) and is probably encrypted at rest, so only a few who have the keys may have access to it at Apple.  How does that change if the move to on device scanning and reporting? 

Apple has used a threshold algorithm to enable review of the contents… remove that, and you will have true e2e encryption; otherwise it’s just “wish it were e2e”. It’s close, but no cigar.

Once a threshold is met what happens then? Do we trust Apple to handle the data correctly? Do we trust the authorities will handle the data correctly?  Do we trust individuals at these places not to share it or leak it?  Do we trust that the thresholds won’t change? Do we trust that other types of images won’t be deemed “illicit” in the future? Do we trust a similar threshold algorithm won’t be applied to text in imessages, looking for messages of terrorism or “hate” speech?  Do we trust that it will only be done for photos uploaded to iCloud?

I see no difference:

 - Someone having limited access outside the intended audience to the data with on device scanning and reporting…

- Someone having limited access outside the intended audience to the data with server side scanning and reporting…

The only difference here is where it’s done, and on device has more serious privacy problems than the server side.

I treat anything I sent to iCloud photos as public knowledge, aka anything I want to keep private stays on my devices.  On device scanning and reporting encroaches on that privacy (even given the current software “limitations” of thresholds and only done when sent to iCloud)… so, given that, I would much rather the CSAM reporting stay server side.

¯\_(ツ)_/¯