zimmie

About

Username
zimmie
Joined
Visits
172
Last Active
Roles
member
Points
2,737
Badges
1
Posts
651

Reactions

854Like0Dislike357Informative

  • EU carriers want Apple's Private Relay blocked

    zimmiezimmie
    dcgoo said:

    Agree! What is the difference between already existing VPN services and Apple Private Relay?
    Difference is Private Relay only applies to traffic from the Safari browser.  A VPN would apply to the entire device.
    This is not accurate. Private Relay covers all DNS requests by default, and all HTTP requests made by URLSession and a few other APIs. Safari uses one of the covered APIs, so its HTTP requests are sent over Private Relay if it is enabled. All browsers on iOS are basically Safari skins, so they also use Private Relay if enabled.

    Part of the problem is people have been conflating "VPN" and "proxy" for over a decade. The overwhelming majority of "VPN" services are actually acting as proxies. They just happen to use VPN technologies for the client-to-proxy leg. Private Relay is also a proxy service, and it's valid to compare it to others.
    applguyFileMakerFellerwatto_cobra

  • Skilled labor shortages could be the next big chip supply problem

    zimmiezimmie
    ravnorodom said:
    This is where chip makers need to step in and work with universities or institutions. Many big corporations donate equipments to schools for training, research and hiring after graduation. Establishing mini or virtual chip fabrication lab in University maybe tough but something is needed to be done.
    They already do. A college near me has had a semiconductor manufacturing degree plan for over 20 years. Analog, Intel, Texas Instruments, and a few smaller manufacturers all hire the graduates. Now that TSMC is expanding into the US, I assume they will as well.

    What's really cool is the program also offers early enrollment and dual credit for people still in high school. Spend half your day at the high school, half your day at the college, and you have around 20 hours of college EE credit when you graduate high school.
    watto_cobraravnorodomdewme

  • New Apple iCloud Private Relay guide details what it doesn't cover

    zimmiezimmie
    chris-net said:
    are other browsers or applications like chrome, Firefox, games able to use private relay?
    That depends. Browsers on iOS and iPadOS all have to use the whole system-level browser engine (I seem to remember Opera renders sites on an Opera-controlled server, then sends them to the phone to display, so maybe not that one), so they should all get private relay for both DNS and HTTP sites.

    Browsers on macOS are another story. If they use the system's DNS resolver stub, then they get private relay for DNS. If they use their own DNS resolution (like Chrome), they do not get private relay for DNS. That said, the biggest reason some browsers do their own DNS resolution, though, is to use DNS-over-HTTPS, which provides protection from snooping on the local network (but not from snooping by the DNS provider).

    If they go through the system APIs for web requests (like URLSession), they should also get private relay for HTTP sites. Most Mac browsers have their own network engines, so they would not get private relay for HTTP sites.
    williamlondonwatto_cobra

  • Apple wipes on-device CSAM photo monitoring from site, but plans unchanged

    zimmiezimmie
    exceptionhandler said:
    zimmie said:
    exceptionhandler said:
    badmonk said:
    I suspect CSAM screening will ultimately be performed and confined iCloud server side, like every other cloud based service has been doing for years (and not talked about it).

    I always thought iCloud screened for CSAM, after all MSFT and Google have been doing it for years.

    Freedom has its limits.
    I think they’ve always been scanning iCloud photos and reporting on the server side.  I think someone previously linked to a document that states so.  So the claims about protecting peds is unwarranted, because it will still be done on the server side.  What apple was trying to do was impose/move their house rule (server side) into our houses (iPhones) for whatever reason.

    I see no reason for the move.  As some people have previously stated, “maybe Apple is going to e2e encrypt iCloud photos”.  The rub here is that it would not be e2e encrypted either way.  Scanning and reporting necessitates access to the data. E2E encryption is only E2E encryption IFF there is no process to circumvent it (including at either end) to send the data to someone else outside of the authorized recipients intended by the sender.  This very fact alone means that iCloud photos will never be e2e encrypted as Apple needs to do CSAM scanning.

    So all things stated, I’m fine with the current state of server side scanning as it’s not on my device and the only way the scanning and reporting applies is IFF you use the service (some may argue that’s the way it would work on device, but that is subject to change, whereas if it’s on the server, they can’t make that change to scan more than what’s sent to iCloud)
    The proposed on-device CSAM scanning intrinsically involves end-to-end encryption. The whole point is to allow your device to encrypt photos with a key which Apple doesn't hold. If it detects CSAM, it also uploads partial directions on how to find the key. Once enough partial directions are uploaded, they can be used to find the key to decrypt the images, but Apple doesn't have the key until then. They also can't create the partial directions on their own.

    To protect against one of those partial directions being used as evidence of possession, they also set the system up to emit fake partial directions which are indistinguishable from real ones until after you have uploaded enough real ones.

    The clear solution is to spin all of the iCloud-related functionality out of Photos and into a separate application. CSAM scanning then goes in that application. If you want to upload stuff to iCloud, you need that application, which has the CSAM scanning. If you don't want the CSAM scanning, don't load the application (or remove it if it comes preinstalled). Done. Addresses everybody's concerns.
    It’s not intrinsic, the encryption used as a veil of protection.  I get that it’s theoretically impossible to decrypt the offending files until a threshold is met, but in order to report those images, it necessarily circumvents the E2E process between the normal intended sender and receiver(s), to send them for review at Apple and authorities.  Yes, the process heavily relies on encryption methods, but allows for another originally unintended party to be involved.  True E2E encryption means only specified sender and receiver have access to the information (but you still have to trust those involved not to reshape it).  Top it off, it’s on device, where it’s easier to “expand” functionality to include other things, whereas when it’s in the service, it’s physically unable to access anything on device unless it’s sent (hopefully over ssl) or already stored in the service.
    It sounds like you misunderstand exactly what end-to-end encryption is. When it's used, either end can betray the other and leak the unencrypted information, or even the key. That doesn't make it not end-to-end. This is one end (your phone) potentially leaking the key. Unless your phone decides to do that, Apple has no way to get at the key or any of the encrypted data. Compare with non-end-to-end cryptosystems, such as Telegram's old encryption method, where Telegram-the-company is a party to the key negotiation, and gets key material they could use to decrypt the conversation without either end being aware.

    Right now, Apple employees can view photos you store in iCloud. Presumably they are prohibited from doing this by policy, but they have the technical capability. With the endpoint CSAM scanning as explained in the technical papers Apple presented, they would no longer have that capability. That's because the endpoint CSAM scanning intrinsically involves end-to-end encryption.

    We already trust that Apple won't rework their on-device content scanning. Or did you forget what Spotlight and the object recognition in Photos are? Not like you can disable either of those.
    jony0

  • Apple wipes on-device CSAM photo monitoring from site, but plans unchanged

    zimmiezimmie
    exceptionhandler said:
    badmonk said:
    I suspect CSAM screening will ultimately be performed and confined iCloud server side, like every other cloud based service has been doing for years (and not talked about it).

    I always thought iCloud screened for CSAM, after all MSFT and Google have been doing it for years.

    Freedom has its limits.
    I think they’ve always been scanning iCloud photos and reporting on the server side.  I think someone previously linked to a document that states so.  So the claims about protecting peds is unwarranted, because it will still be done on the server side.  What apple was trying to do was impose/move their house rule (server side) into our houses (iPhones) for whatever reason.

    I see no reason for the move.  As some people have previously stated, “maybe Apple is going to e2e encrypt iCloud photos”.  The rub here is that it would not be e2e encrypted either way.  Scanning and reporting necessitates access to the data. E2E encryption is only E2E encryption IFF there is no process to circumvent it (including at either end) to send the data to someone else outside of the authorized recipients intended by the sender.  This very fact alone means that iCloud photos will never be e2e encrypted as Apple needs to do CSAM scanning.

    So all things stated, I’m fine with the current state of server side scanning as it’s not on my device and the only way the scanning and reporting applies is IFF you use the service (some may argue that’s the way it would work on device, but that is subject to change, whereas if it’s on the server, they can’t make that change to scan more than what’s sent to iCloud)
    The proposed on-device CSAM scanning intrinsically involves end-to-end encryption. The whole point is to allow your device to encrypt photos with a key which Apple doesn't hold. If it detects CSAM, it also uploads partial directions on how to find the key. Once enough partial directions are uploaded, they can be used to find the key to decrypt the images, but Apple doesn't have the key until then. They also can't create the partial directions on their own.

    To protect against one of those partial directions being used as evidence of possession, they also set the system up to emit fake partial directions which are indistinguishable from real ones until after you have uploaded enough real ones.

    The clear solution is to spin all of the iCloud-related functionality out of Photos and into a separate application. CSAM scanning then goes in that application. If you want to upload stuff to iCloud, you need that application, which has the CSAM scanning. If you don't want the CSAM scanning, don't load the application (or remove it if it comes preinstalled). Done. Addresses everybody's concerns.
    CelticPaddywilliamlondon[Deleted User]watto_cobrajony0