mr. h

gatorguy said:

I get that you really REALLY want to paint a glowing picture of "gosh Apple is doing this for us", but is there any even circumstantial evidence Apple was ready to make everything end-to-end encrypted in a way they could not access any of your data even if they were ordered to? Not as far as I know. It's more of a hope and prayer since otherwise it's not for the betterment of us users. 

All I can say about that is that the whole scheme would be totally pointless if they weren't going to encrypt the photos. Why go to all the effort of designing this enormously complicated system, calculating hashes on-device, doing the CSAM hash-matching in a "blind" way so even the device itself doesn't know if there's been a match, and then going to all the convoluted effort of generating doubly-encrypted "vouchers" and associated "image information", if the photo itself was uploaded to iCloud unencrypted?

Certainly, this system would enable the photos to be uploaded to iCloud encrypted, but I concede that as far as I know, Apple hasn't said that they would do that. It's just that, as I said, the whole scheme seems totally pointless if the photos are uploaded to the server in the clear anyway.

How about Apple just offers a toggle in iCloud photos settings? The two options would be:

1. Photos are CSAM-scanned and encrypted before being uploaded to iCloud.
2. Photos are not CSAM-scanned, but are uploaded to iCloud in the clear. The server then does the CSAM scan.

Would this solution make everyone happier?

henrybay said:

Great news! Apple listened. Their CSAM concept made a mockery of Apple’s privacy ethos. Even though it was well intentioned, it would have turned our iPhones into digital Stasi officers monitoring our every move. 

Apple should turn their attention to screening cloud services where much of this offensive material is apparently stored and shared. But they should leave our iPhones alone. Our phones should be sacrosanct paragons of privacy. 

The irony of this post is sky-high.

Their CSAM concept was actually an extremely clever way of enabling all of your photos to be uploaded to iCloud fully encrypted (without giving Apple the keys), such that neither Apple nor anyone else (should they hack into iCloud, or be law-enforcement with a warrant) would have been able to inspect the photos in iCloud, with the exception of any individual photos that matched a CSAM hash, with the proviso that even then, there would have to be at least 30 photos that matched known CSAM material, before even that was possible.

But now, since they have backed down, all of your photos will continue to be uploaded to iCloud unencrypted, where Apple, law enforcement, and any hackers will be able to inspect all of your photos.

Which one of these two scenarios offers the most privacy?

muthuk_vanalingam said:
I don't think your understanding is correct. It is NOT exact copy of of known CSAM that is being searched for/compared against in your phone. There is a level of "pattern matching" involved when CSAM check is done on the phone before it is uploaded to iCloud. So new photos taken will also get flagged IF the pattern matches with known CSAM database entries.

This is not correct. Only known CSAM images, or minor modifications of those known CSAM images, would create a match. It would not be able to detect "new" child porn. Only the kind of AI-based scanning they were proposing for the Messages app on children's phones would theoretically be able to do that (and it's not what Apple was planning to do anyway)

JBSlough said:

Just a question on this tech. So, the software scans for known images of child porn from a data base from a third party. Which would imply that these images are downloaded off the internet or texted to one’s phone. Well, what about the person whose actually using his/hers iPhone to shoot pics, say in their homes? Those wouldn’t be in the database. Exactly how does that work? Or are those images “safe”? It seems to me that this tech only solves half a problem, that is images of known child porn. Not new ones. Am I correct in understanding this? 

Yes, that is correct. The proposed CSAM process would only be able to match to prior-known images. There is some cunningness to try to ensure that even if the image is slightly modified (e.g. cropped, mirrored, rotated slightly) from the known version a match will still be generated, but it absolutely would not trigger on any kind of "new" photo.

Let’s go beyond expressing personal opinions, and look past just your own wants. Considering your wants and everyone else’s, what should Apple actually do?  What is an actual solution to this issue that will give everyone what they want without compromise, or if not that then give the vast majority what’s most useful with the least compromise to everyone else.  Oared we just ranting about our own personal preferences (fine if that’s what it is and we’re honest about it) Or is a sensible conversation about real solutions possible? 

My suggestions are not considering only "what I want" and "what I need". I never use SD cards for example, but recognise there are enough people who do, to warrant a built-in slot in the MBP. You think I'm the only person in the world who needs to be able to connect to third-party projectors or move a file onto someone else's memory stick? I would suggest that rather than me having the problem of being self-absorbed, it is you. Four USB-C ports are fine for you, and you are seemingly incapable of imagining how irritating it is to have to use dongles etc. all the time, when the functionality could just be built-in to the laptop.

I think your arguments with regards to weight, cost, and space compromises for additional ports are all spurious. When you put the ports in an external hub, there is an enormous weight and space overhead for the enclosure etc. that just isn't applicable when the ports are built-in. Further, have you seen how much Apple have been able to shrink the motherboards for Apple Silicon-based Macs relative to the Intel versions? This would easily compensate for the very minimal additional space that the ports would take up. As for cost - Apple's margins are absolutely enormous already, and have widened even further with the introduction of Apple Silicon. They can easily add these ports without increasing the cost of the laptop.

My proposal - four thunderbolt USB-C ports, one USB-A port, one SD slot, one full-size HDMI, and one MagSafe charging port would:

Not make the laptop any bigger
Not make the laptop any heavier
Not make the laptop any more expensive (for the end user - it might reduce Apple's margin by a fraction of a %)
Have a negligible (possibly immeasurable) impact on battery life
Still give you the four ports you want

So, my solution has a significantly lower impact on the utility and convenience of the MBP for you, than visa-versa, hence it is a better solution.

An alternative that I rather like is what the Framework laptop is doing, where the I/O is done via removable USB-C modules, including a simple USB-C passthrough (https://frame.work/laptop - scroll down to see the modules). So, you could have e.g. six slots, and then whatever mix of USB-C passthrough, HDMI, USB-A, etc., that you want. The issue here though is that this would have a bigger impact on Apple's margins, and does have a non-negligible impact on weight and space consumed. I'm not sure Apple could do this without making the laptop thicker and I'd rather they didn't do that.