muthuk_vanalingam

robaba said:

muthuk_vanalingam said:

lkrupp said:

Dead_Pool said:

Subway’s Jared tweets his appreciation!

Think of the children who will suffer abuse because a few privacy wackos don’t want Apple to scan their photos. Fuck those kids, right?

Nope. Apple can very well scan the photos in iCloud and report it to authorities. They have the keys to decrypt the files stored in iCloud, so there is NOTHING that is preventing Apple from doing it and NO ONE is against this. The opposition is only for doing the scan ON the device, NOT in iCloud.

This is the very issue that Apple is trying to avoid.  They don’t want to be able to scan your data on their services because they know if they do, ANYTHING that passes through their servers will eventually be requested by some authoritarian government, and they will have to provide that access, UNLESS that information is already encrypted and Apple doesn’t have the key.  This is the golden ring (golden Apple?) that they have been reaching for and everyone has been lauding them for.  The problem is this—how to they keep their system from becoming a haven for every bad actor in the known ‘verse?  Apples solution was to embed the process into the phones in a way that does not open the end user to further degradation of their privacy—only hashes, only looking for known matches, only in the process of uploading to their servers (not just passing through).  Like it or not that’s now binned.

my point is, if Apple is to be able to provide users with the golden ring of security from government snooping, it’s going to need some solution for bad actors of completely scrap it’s services division.  At nearly half of its pre-tax earnings, there’s no way Apple can afford to abandon services.  Even then it will still be blamed for enabling bad actors.  No-one will want to be connected to the next 9/11 type incident when it inevitably happens.

muthuk_vanalingam said:

mr. h said:

gatorguy said:

I get that you really REALLY want to paint a glowing picture of "gosh Apple is doing this for us", but is there any even circumstantial evidence Apple was ready to make everything end-to-end encrypted in a way they could not access any of your data even if they were ordered to? Not as far as I know. It's more of a hope and prayer since otherwise it's not for the betterment of us users. 

All I can say about that is that the whole scheme would be totally pointless if they weren't going to encrypt the photos. Why go to all the effort of designing this enormously complicated system, calculating hashes on-device, doing the CSAM hash-matching in a "blind" way so even the device itself doesn't know if there's been a match, and then going to all the convoluted effort of generating doubly-encrypted "vouchers" and associated "image information", if the photo itself was uploaded to iCloud unencrypted?

Certainly, this system would enable the photos to be uploaded to iCloud encrypted, but I concede that as far as I know, Apple hasn't said that they would do that. It's just that, as I said, the whole scheme seems totally pointless if the photos are uploaded to the server in the clear anyway.

How about Apple just offers a toggle in iCloud photos settings? The two options would be:

1. Photos are CSAM-scanned and encrypted before being uploaded to iCloud.
2. Photos are not CSAM-scanned, but are uploaded to iCloud in the clear. The server then does the CSAM scan.

Would this solution make everyone happier?

Yup, that would make at least 99% of the users happy. There are few odd ones out, but this would be a workable solution imho. 

They’ve already been doing that for over a year. 

https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/

radarthekat said:

muthuk_vanalingam said:

lkrupp said:

Dead_Pool said:

Subway’s Jared tweets his appreciation!

Think of the children who will suffer abuse because a few privacy wackos don’t want Apple to scan their photos. Fuck those kids, right?

Nope. Apple can very well scan the photos in iCloud and report it to authorities. They have the keys to decrypt the files stored in iCloud, so there is NOTHING that is preventing Apple from doing it and NO ONE is against this. The opposition is only for doing the scan ON the device, NOT in iCloud.

chadbag said:

I do believe the soundbite that got out early was, 'oh my god, Apple is scanning my phone for images.' This is not what is happening." — Craig Federighi 

It is what is happening.  How else do they create the “magical” hashes? It is happening on the phone.  So, Craig, why do you say that is not what is happening when that is exactly what is happening?

So you call creation of a checksum scanning a file?  Is that what you’re saying?  Apple is simply creating a hash from each photo to be uploaded.  It can then compare that hash to hashes created against the photos in a CSAM database.  This is pretty innocuous. 

foregoneconclusion said:

muthuk_vanalingam said: Nope. Apple can very well scan the photos in iCloud and report it to authorities.

It doesn't make a difference when or where Apple scans files. You can't use iCloud without agreeing to Apple's terms of service and part of that includes Apple reserving the right to scan files the user is backing up in the cloud. Once you select an app to have files backed up in iCloud, you can't object to Apple scanning those files. Your selection per the cloud has given Apple the right to scan them. 

gatorguy said:

GeorgeBMac said:

That is the mark of a quality corporation as well as a quality individual:   Realizing that they are not perfect and everything thing they do is not inherently the right thing.

It's a humility that enables one to admit and correct mistakes -- or at least examine that they may have been mistakes.

Humility.... Word of the day.

rob53 said:

22july2013 said:

Exciting times. I've been arguing for this for years and that's why so many people hate me on this forum.

So you believe a developer has every right in the world to post their apps for free on the Apple App Store? Give me one legitimate reason why Apple should be required to host these apps for free. Apple doesn't charge for free apps but could start doing that if they wanted to. Apple could also start charging developers to even put their apps on the Apple App Store and if these stupid laws pass, I'm all for Apple doing that. There's no way anyone could force Apple to host things on their servers for free. It would be like me hosting your email server on my hardware, which I maintain, for free. Get a grip, I'd never do that and I doubt any company would do that. This shows how stupid these laws are.

Of course, if you want to have your own payment system, then be prepared for Apple to start charging you a hosting fee for every download and install of that app. That's only fair isn't it?