robaba

The mothership is leaking.  Read that anyway you will.

gatorguy said:

radarthekat said:

gatorguy said:

mr. h said:

henrybay said:

Great news! Apple listened. Their CSAM concept made a mockery of Apple’s privacy ethos. Even though it was well intentioned, it would have turned our iPhones into digital Stasi officers monitoring our every move. 

Apple should turn their attention to screening cloud services where much of this offensive material is apparently stored and shared. But they should leave our iPhones alone. Our phones should be sacrosanct paragons of privacy. 

The irony of this post is sky-high.

Their CSAM concept was actually an extremely clever way of enabling all of your photos to be uploaded to iCloud fully encrypted (without giving Apple the keys), such that neither Apple nor anyone else (should they hack into iCloud, or be law-enforcement with a warrant) would have been able to inspect the photos in iCloud, with the exception of any individual photos that matched a CSAM hash, with the proviso that even then, there would have to be at least 30 photos that matched known CSAM material, before even that was possible.

But now, since they have backed down, all of your photos will continue to be uploaded to iCloud unencrypted, where Apple, law enforcement, and any hackers will be able to inspect all of your photos.

Which one of these two scenarios offers the most privacy?

Why are you and a couple of others so convinced this was all because Apple was prepared to E2E encrypt the whole shebang?  In truth there is no way they could have done so for half their entire user base as China would have barred them from the country if they did. You honestly think Apple was willing to cut revenues by a third or more? 

I get that you really REALLY want to paint a glowing picture of "gosh Apple is doing this for us", but is there any even circumstantial evidence Apple was ready to make everything end-to-end encrypted in a way they could not access any of your data even if they were ordered to? Not as far as I know. It's more of a hope and prayer since otherwise it's not for the betterment of us users. 

So no objection to the Minority Report crowd who so readily projects into the future how Apple will start scanning for all manner of other things, but you object to those who project that Apple might, in the future, make a more secure iCloud.  Gotcha.  

No objection to it at all if Apple has the courage to do the right thing and thumb their nose at China, take back their iCloud service there, and enact E2EE in order to have an actually secure Cloud service. Do you believe they do? 

So no, you didn't "get me" at all. 

They do this and they very quickly run out of governments to thumb their nose at.  Would you be happy is the only place you could legally use (or even own) your Apple device was Switzerland?  Good luck waiting on that kind of “bravery.”

techconc said:

gatorguy said:

MplsP said:

How many of the people screaming about CSAM have Facebook, WhatsApp, Instagram, and google apps on their devices and an Amazon or google smart speaker in their home?

Implying Apple is not any worse than "everyone else" is not a ringing endorsement. 

With comments like this, it's clear that people still don't understand the difference.  There is no cloud storage company that wants CSAM material on their service.  Period.  You can either scan for it locally, on device... in a private way, or you can wait until the files are uploaded and scanned in a less private way.  Your choice.  

I wouldn't be surprised if this step is a prerequisite for Apple going full end-to-end encryption with photos next.  Once they have something like this in place, they can justify to authorities how they know they're not holding CSAM material without invading user privacy in the process. 

I think it's rather naive to think that Apple isn't going to have to address this with regard to ensuring they don't have CSAM material on their cloud services.  You can either do it your way that preserves privacy the best you can or you have laws written to have it done their way which will most certainly be more invasive.  If you wait for the laws to come, you lose your choice on how to implement it. 

Exactly—thank you for being the ninja we need!  You said this much more succinctly than I.

muthuk_vanalingam said:

lkrupp said:

Dead_Pool said:

Subway’s Jared tweets his appreciation!

Think of the children who will suffer abuse because a few privacy wackos don’t want Apple to scan their photos. Fuck those kids, right?

Nope. Apple can very well scan the photos in iCloud and report it to authorities. They have the keys to decrypt the files stored in iCloud, so there is NOTHING that is preventing Apple from doing it and NO ONE is against this. The opposition is only for doing the scan ON the device, NOT in iCloud.

This is the very issue that Apple is trying to avoid.  They don’t want to be able to scan your data on their services because they know if they do, ANYTHING that passes through their servers will eventually be requested by some authoritarian government, and they will have to provide that access, UNLESS that information is already encrypted and Apple doesn’t have the key.  This is the golden ring (golden Apple?) that they have been reaching for and everyone has been lauding them for.  The problem is this—how to they keep their system from becoming a haven for every bad actor in the known ‘verse?  Apples solution was to embed the process into the phones in a way that does not open the end user to further degradation of their privacy—only hashes, only looking for known matches, only in the process of uploading to their servers (not just passing through).  Like it or not that’s now binned.

my point is, if Apple is to be able to provide users with the golden ring of security from government snooping, it’s going to need some solution for bad actors of completely scrap it’s services division.  At nearly half of its pre-tax earnings, there’s no way Apple can afford to abandon services.  Even then it will still be blamed for enabling bad actors.  No-one will want to be connected to the next 9/11 type incident when it inevitably happens.

gatorguy said:

I would not be shocked if Apple uses this to join up with Open Titan development.

Boy, I would be.  Apple hasn’t really enjoyed working with open source consortiums in the past.  They always want more access than Apple is comfortable providing.