Apple Abandons Controversial Plans to Detect Known CSAM in iCloud Photos

[hooptyuber]

Is Apple's CSAM really dead?

“Imagine my surprise when browsing these images in the Finder, Little Snitch told me that macOS is now connecting to Apple APIs via a program named mediaanalysisd (Media Analysis Daemon - a background process for analyzing media files).”

Jeffrey Paul: Apple Has Begun Scanning Your Local Image Files Without Consent

 

[VulchR]

Is Apple's CSAM really dead?

“Imagine my surprise when browsing these images in the Finder, Little Snitch told me that macOS is now connecting to Apple APIs via a program named mediaanalysisd (Media Analysis Daemon - a background process for analyzing media files).”

Jeffrey Paul: Apple Has Begun Scanning Your Local Image Files Without Consent

(Before I begin, just to say I thought the CSAM scanning idea was lunacy from the onset - the kind of nonsense that happens when you leave engineers unsupervised by people with actual social skills.)

I am not sure what mediaanalysisd does, but many commentators have pointed out that a process by that name has been around for years - long before the whole CSAM debacle. My guess is that it searches for duplicate pictures and tries to identify categories of pictures (e.g., to create 'moments'), but it'd be nice if somebody who actually knows what this process does to comment. I'd hate to have to return to my Apple consumer boycott and 1984 signature....

Anyway, I would much prefer that Apple fixed AutoIncorrect (spelling checker) than try to categorise my pictures.

 

[ghanwani]

Anyway, I would much prefer that Apple fixed AutoIncorrect (spelling checker) than try to categorise my pictures.

There is no power or money in that.

 

[samwa3]

Is Apple's CSAM really dead?

“Imagine my surprise when browsing these images in the Finder, Little Snitch told me that macOS is now connecting to Apple APIs via a program named mediaanalysisd (Media Analysis Daemon - a background process for analyzing media files).”

Jeffrey Paul: Apple Has Begun Scanning Your Local Image Files Without Consent

An article with an interesting premise and finding, but ultimately with little real insight. But, not that I expected more from Jeffrey.

Interesting also that in his "timeline" of CSAM scanning plans at Apple he left out the statement that this news topic is about. The one where Apple said: "We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos." in December 2022.

Instead he opted to only include a far earlier statement that indeed implied Apple would go ahead with their CSAM scanning plans, but just take some more time ("we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.") from late 2021.

So, and now he found out something new about "mediaanalysisd" that nobody else knows about? Good thing he does no further research, but instead directly goes on to publish a blog post about it so people who are less critical start parroting him (just found this random comment:

https://www.reddit.com/r/MacOS/comments/u17hsa/_/j4vj0i8

LOL)

That's not to defend Apple. I'm also curious what information is sent to that API endpoint and why. And I'm eager to criticise them for it as soon as I know more. I also think the CSAM scanning plans are completely idiotic and violate our privacy rights (and yes, that of course includes what Microsoft, Google etc. are already doing with their cloud storage, which I don't touch with a 10 feet pole). But uhh, this blog post doesn't help with any of that.

 

[Technerd108]

(Before I begin, just to say I thought the CSAM scanning idea was lunacy from the onset - the kind of nonsense that happens when you leave engineers unsupervised by people with actual social skills.)

I am not sure what mediaanalysisd does, but many commentators have pointed out that a process by that name has been around for years - long before the whole CSAM debacle. My guess is that it searches for duplicate pictures and tries to identify categories of pictures (e.g., to create 'moments'), but it'd be nice if somebody who actually knows what this process does to comment. I'd hate to have to return to my Apple consumer boycott and 1984 signature....

Anyway, I would much prefer that Apple fixed AutoIncorrect (spelling checker) than try to categorise my pictures.

I agree the CSAM scanning idea was really a bad idea from the start but I don't see a lot of people asking why would a supposedly privacy focused company do such a thing?

Apple must have understood that what it was proposing was an official back door into every Apple product? Whether the intent was good or not this goes completely counter to the idea of security and privacy. I don't have a problem with getting rid of CSAM but you had better not put a gaping security hole on my device and actively scan it which is a huge violation of my privacy.

My guess is that since Apple completely dependant on China and CCP for their entire supply chain or let's say at least 90% of it that the Chinese government approached Apple and asked for a feature to be built into the OS so they could scan their population devices for whatever their purposes are. Apple didn't want to implement this just in China as that would be a huge PR disaster so they tried to spin the purpose of the scanning and tied it to an issue that would be hard to argue against like CSAM.

Luckily there was enough pushback from people to stop it at least for now but I bet it will be implemented at some time.

They sold us the idea that cloud storage and icloud would be safe and secure and private to get buy in and now they have our data they can change the rules any time they want. They sold us devices saying they are safe and secure and private and give us a EULA that lets them do anything.

I used to trust Apple as the last vestige of privacy but I think because of the close integration with China and CCP those days are long gone.

I wish more people would wake up to the fact that Apple has changed in very deleterious ways. They have sold out their supposed core principles to a dictatorship that produces their products better and cheaper than anywhere else but atca cost that I believe is even too high for Apple itself.

Now Apple can't reverse course. They can't move their supply chain to India or Vietnam because the talent and infrastructure is just not there and not at a scale that China can offer.

I don't see that Apple is going to be a steward for privacy anymore and their services and ads are only increasing. Apple is becoming what they used to advertise against in the 80s.

I love my Apple products but I am at an inflection point where I am asking myself do I want to continue to support a company that no longer has any semblance of my ideals or best interest at heart. That increasingly aligns itself with a Communist dictatorship and has sold out it original principles.

I know Microsoft and Google are no better but at least I know what I am getting into with them and I am not sold an idea that doesn't exist anymore.

I have always been a multi platform user and I am seriously considering slowly decreasingly my reliance on Apple products and software.

I wonder how many other people share my perspective?

 

[samwa3]

A blog post that actually explores the issue: https://eclecticlight.co/2023/01/18/is-apple-checking-images-we-view-in-the-finder/ And I just checked Jeffrey's Mastodon... fun times. Won't share my further opinion here because I'd rather urge you to have a look at everything yourself and make up your own mind.

If the Live Text functionality running 100% on your local machine and not sending any output to Apple equates to "your Mac is now snitching on you", then words have lost all their meaning. Which is sad, because there are things that we need to criticise companies like Apple for. But "boy who cried wolf"-style bashing for every little assumed misstep will just lead to a state where people stop caring altogether.

 

[Playfoot]

I agree the CSAM scanning idea was really a bad idea from the start but I don't see a lot of people asking why would a supposedly privacy focused company do such a thing?

Apple must have understood that what it was proposing was an official back door into every Apple product? Whether the intent was good or not this goes completely counter to the idea of security and privacy. I don't have a problem with getting rid of CSAM but you had better not put a gaping security hole on my device and actively scan it which is a huge violation of my privacy.

My guess is that since Apple completely dependant on China and CCP for their entire supply chain or let's say at least 90% of it that the Chinese government approached Apple and asked for a feature to be built into the OS so they could scan their population devices for whatever their purposes are. Apple didn't want to implement this just in China as that would be a huge PR disaster so they tried to spin the purpose of the scanning and tied it to an issue that would be hard to argue against like CSAM.

Luckily there was enough pushback from people to stop it at least for now but I bet it will be implemented at some time.

They sold us the idea that cloud storage and icloud would be safe and secure and private to get buy in and now they have our data they can change the rules any time they want. They sold us devices saying they are safe and secure and private and give us a EULA that lets them do anything.

I used to trust Apple as the last vestige of privacy but I think because of the close integration with China and CCP those days are long gone.

I wish more people would wake up to the fact that Apple has changed in very deleterious ways. They have sold out their supposed core principles to a dictatorship that produces their products better and cheaper than anywhere else but atca cost that I believe is even too high for Apple itself.

Now Apple can't reverse course. They can't move their supply chain to India or Vietnam because the talent and infrastructure is just not there and not at a scale that China can offer.

I don't see that Apple is going to be a steward for privacy anymore and their services and ads are only increasing. Apple is becoming what they used to advertise against in the 80s.

I love my Apple products but I am at an inflection point where I am asking myself do I want to continue to support a company that no longer has any semblance of my ideals or best interest at heart. That increasingly aligns itself with a Communist dictatorship and has sold out it original principles.

I know Microsoft and Google are no better but at least I know what I am getting into with them and I am not sold an idea that doesn't exist anymore.

I have always been a multi platform user and I am seriously considering slowly decreasingly my reliance on Apple products and software.

I wonder how many other people share my perspective?

Well, as I have stated previously, there is now no way to know if the technology is or is not in place....IF demanded by State actors as you note above, then said same entities have the ability to muzzle Apple's public acknowledgement.

 

[samwa3]

Well, as I have stated previously, there is now no way to know if the technology is or is not in place....IF demanded by State actors as you note above, then said same entities have the ability to muzzle Apple's public acknowledgement.

That is true insofar as there was never a way to know if the technology is or is not in place. Apple could even open-source every last line of code that was ever written under their control and we'd still have no way of knowing what an iPhone actually does that anybody has purchased. Technically, even Apple has no way of knowing as there's the possibility of someone in the supply chain or even inside the company sneaking things in without anybody else taking notice.

Question is: at what point is it still a reasonable assumption and when does it become a negligible technicality? Hard to say objectively, the only thing I'm certain about is that you can spin this all the way to the brain in a vat.

 

[I7guy]

That is true insofar as there was never a way to know if the technology is or is not in place. Apple could even open-source every last line of code that was ever written under their control and we'd still have no way of knowing what an iPhone actually does that anybody has purchased. Technically, even Apple has no way of knowing as there's the possibility of someone in the supply chain or even inside the company sneaking things in without anybody else taking notice.

Question is: at what point is it still a reasonable assumption and when does it become a negligible technicality? Hard to say objectively, the only thing I'm certain about is that you can spin this all the way to the brain in a vat.

Do you really believe that some programmer could sneak any old code in IOS without a person in a responsible position knowing about it? That would be about the biggest black eye in terms of software development that a Silicon Valley tech company could get.

While everything is within the realm of possibility, imo, the probability is near zero that malware can be injected in ios without a person of responsibility knowing about it.

 

[samwa3]

Do you really believe that some programmer could sneak any old code in IOS without a person in a responsible position knowing about it?

The whole point I was making there is that this is an unreasonable assumption to make. So, no, I don't believe in that at all, to spell it out clearly.

 

[Playfoot]

That is true insofar as there was never a way to know if the technology is or is not in place. Apple could even open-source every last line of code that was ever written under their control and we'd still have no way of knowing what an iPhone actually does that anybody has purchased. Technically, even Apple has no way of knowing as there's the possibility of someone in the supply chain or even inside the company sneaking things in without anybody else taking notice.

Question is: at what point is it still a reasonable assumption and when does it become a negligible technicality? Hard to say objectively, the only thing I'm certain about is that you can spin this all the way to the brain in a vat.

To be fair, I do not believe any CSAM application would come from the supply chain. I merely meant that as Apple announced the ability, it seems likely that some State actor would demand Apple keep the "back door" open for security.....Remember, even in the US, there are bodies much stronger, and much more secret, while being legal, than FISA courts.

 

[samwa3]

Remember, even in the US, there are bodies much stronger, and much more secret, while being legal, than FISA courts.

Surely these entities, if we assume for the sake of the argument that they have that amount of power, do not rely on Apple announcing something and then scrapping it again to get their scanning into the operating system? Why not just do it ... like, without any public announcements? Or is this some double psychology where telling people you're gonna scan their files and then not going through with it is supposed to make them trust you more than if you just never told them that?

 

[BaldiMac]

I agree the CSAM scanning idea was really a bad idea from the start but I don't see a lot of people asking why would a supposedly privacy focused company do such a thing?

Apple must have understood that what it was proposing was an official back door into every Apple product? Whether the intent was good or not this goes completely counter to the idea of security and privacy. I don't have a problem with getting rid of CSAM but you had better not put a gaping security hole on my device and actively scan it which is a huge violation of my privacy.

My guess is that since Apple completely dependant on China and CCP for their entire supply chain or let's say at least 90% of it that the Chinese government approached Apple and asked for a feature to be built into the OS so they could scan their population devices for whatever their purposes are. Apple didn't want to implement this just in China as that would be a huge PR disaster so they tried to spin the purpose of the scanning and tied it to an issue that would be hard to argue against like CSAM.

Luckily there was enough pushback from people to stop it at least for now but I bet it will be implemented at some time.

They sold us the idea that cloud storage and icloud would be safe and secure and private to get buy in and now they have our data they can change the rules any time they want. They sold us devices saying they are safe and secure and private and give us a EULA that lets them do anything.

I used to trust Apple as the last vestige of privacy but I think because of the close integration with China and CCP those days are long gone.

I wish more people would wake up to the fact that Apple has changed in very deleterious ways. They have sold out their supposed core principles to a dictatorship that produces their products better and cheaper than anywhere else but atca cost that I believe is even too high for Apple itself.

Now Apple can't reverse course. They can't move their supply chain to India or Vietnam because the talent and infrastructure is just not there and not at a scale that China can offer.

I don't see that Apple is going to be a steward for privacy anymore and their services and ads are only increasing. Apple is becoming what they used to advertise against in the 80s.

I love my Apple products but I am at an inflection point where I am asking myself do I want to continue to support a company that no longer has any semblance of my ideals or best interest at heart. That increasingly aligns itself with a Communist dictatorship and has sold out it original principles.

I know Microsoft and Google are no better but at least I know what I am getting into with them and I am not sold an idea that doesn't exist anymore.

I have always been a multi platform user and I am seriously considering slowly decreasingly my reliance on Apple products and software.

I wonder how many other people share my perspective?

Seems like you are just speculating as to Apple's motives and their relationship with China. Apple just made iCloud data more secure, not less. You complain about advertising, but ads by themselves aren't a privacy violation.

Did you notice that nowhere in your post did you list any actions that Apple has actually taken that compromises the privacy and security of your data.

 

[usagora]

Thank you, Apple. CSAM was a joke. If privacy matters in your life, it should matter to the phone your life is on”. Long Live!

Except this would've only been if you uploaded such material to iCloud (iCloud ≠ iPhone). And if you read iCloud's terms of service, Apple always has and still has the right to look at your data there:

Legal - iCloud - Apple

Terms

www.apple.com

As @BaldiMac pointed out, the exception to this is if you have Advanced Data Protection enabled:

How to turn on Advanced Data Protection for iCloud - Apple Support

Advanced Data Protection for iCloud offers our highest level of cloud data security and protects the majority of your iCloud data using end-to-end encryption.

support.apple.com

But my main point is is seems many people were and are confusing those iPhone privacy claims with iCloud, which isn't the same thing.

 

[usagora]

So there’s no way for Apple to regain your trust?

Corporations basically never admit mistrakes these days, and certainly never eat crow. If Apple doing so isn’t enough to convince you that they actually do realize how stupid this was, what would be?

Can you point to a better alternative?

In today’s world, what Apple did took balls. It’s the right thing to do, and they at least deserve kudos for doing it.

If nothing else, you might want to think about the next time they screw up. Wouldn’t you want to not only have a stick to threaten them with, but also a carrot to reward them with so they have an incentive to turn around like they did here?

b&

While I don't agree that Apple was doing anything wrong to begin with, you're correct regarding the "trust" issue. No matter what large tech company you go with, there's eventually going to be something you don't like. It's unrealistic to jump ship every time that happens.

 

[BaldiMac]

Except this would've only been if you uploaded such material to iCloud (iCloud ≠ iPhone). And if you read iCloud's terms of service, Apple always has and still has the right to look at your data there:

View attachment 2148193

Legal - iCloud - Apple

Terms

www.apple.com

To be clear, if you enable Advanced Data Protection, Apple can no longer access the encrypted data even in the face of a warrant. Your device would be needed to decrypt the data.

 

[usagora]

To be clear, if you enable Advanced Data Protection, Apple can no longer access the encrypted data even in the face of a warrant. Your device would be needed to decrypt the data.

Thanks. I edited my post to clarify.

 

[Technerd108]

Seems like you are just speculating as to Apple's motives and their relationship with China. Apple just made iCloud data more secure, not less. You complain about advertising, but ads by themselves aren't a privacy violation.

Did you notice that nowhere in your post did you list any actions that Apple has actually taken that compromises the privacy and security of your data.

Well of course I am speculating.

No Ads are not a privacy violation but rather opposite of Apples business model since it's inception. I never said Ads were a privacy violation just extremely annoying. Also I always thought buying the extra cost of Apple products and their long time business model would protect me from Ads.

I also never said that Apple has compromised the privacy or security of my devices yet. If they would have implemented CSAM scanning it would have.

Seems like you are somehow conflating the direction Apple is going and attempts they have made with actual data privacy and security issues?

Of course as I have already stated they could at any time change the rules of the game and my privacy would look a lot different with Apple products.

The fact that Apple has said they won't track your app store purchases if you opt out only to find out they do track you either way is unsettling.

I like Apple software and hardware and I think they are the current best in terms of privacy and security. That doesn't mean that I approve of everything they do. Also because I want more privacy and security I am very critical of any move Apple makes that might hint they are changing their direction in terms of those two things.

What happens when there is no company that even offers an illusion of privacy and security anymore? I am not naive enough to think that my data is completely private or secure on the world wide web no matter the hardware or platform I use. I simply want as private and secure as I can get.

 

[BaldiMac]

Well of course I am speculating.

That was my point. You made conclusions based on nothing but speculation.

No Ads are not a privacy violation but rather opposite of Apples business model since it's inception. I never said Ads were a privacy violation just extremely annoying. Also I always thought buying the extra cost of Apple products and their long time business model would protect me from Ads.

Fair enough. You brought up ads in the same sentence you were discussing privacy.

I also never said that Apple has compromised the privacy or security of my devices yet. If they would have implemented CSAM scanning it would have.

But they didn't.

Seems like you are somehow conflating the direction Apple is going and attempts they have made with actual data privacy and security issues?

Nope. I'm simply pointing out that you are saying that Apple is going a certain direction based on speculation, despite the fact that Apple has made definitive steps in the opposite direction.

Of course as I have already stated they could at any time change the rules of the game and my privacy would look a lot different with Apple products.

Anyone would look a lot different if they changed to look a lot different.

The fact that Apple has said they won't track your app store purchases if you opt out only to find out they do track you either way is unsettling.

I have no idea what that means. Of course Apple tracks your App Store purchases. The App Store wouldn't work if they didn't.

I like Apple software and hardware and I think they are the current best in terms of privacy and security. That doesn't mean that I approve of everything they do. Also because I want more privacy and security I am very critical of any move Apple makes that might hint they are changing their direction in terms of those two things.

What happens when there is no company that even offers an illusion of privacy and security anymore? I am not naive enough to think that my data is completely private or secure on the world wide web no matter the hardware or platform I use. I simply want as private and secure as I can get.

Apple has made many decisions that I disagree with, but their actions have been to move towards more privacy, not less. Advanced data protection protects most of your data from Apple, even in the face of a warrant. That's a huge step in a positive direction.

 

[Omega Mac]

Missed this news, tell me.

Is CSAM enabled or not in the latest iOS release?

 

[samwa3]

Missed this news, tell me.

Is CSAM enabled or not in the latest iOS release?

"CSAM scanning" has never been implemented by Apple in any software release of theirs. As quoted in the article you're commenting on, Apple stated: "We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos." This is the latest news on this topic.

 

[PBG4 Dude]

"CSAM scanning" has never been implemented by Apple in any software release of theirs. As quoted in the article you're commenting on, Apple stated: "We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos." This is the latest news on this topic.

A version of the Neural Hash model was found in iOS 14.3. The ML model was extracted and placed on GitHub. Devs even built websites of non-CSAM images that triggered the CSAM positive identification routines.

 

[samwa3]

 

[I7guy]

The meme would be more effective if the picture on the right wasn’t a tv snow pattern, but for example a cat. But I doubt they would map to the same hash.

 

[samwa3]

The meme would be more effective if the picture on the right wasn’t a tv snow pattern, but for example a cat. But I doubt they would map to the same hash.

In the Github thread there are better matches with the same hash. Like two photos of totally different content but looking quite like normal photos.

Anyway, I took the time to go through this talk again: https://www.apple.com/105/media/us/...enix-security-symposium-tpl-us-2021_16x9.m3u8 Actually it's interesting, they have planned a lot more "safety guards" than I remember, especially also for this kind of attack:

They actually were planning on using another algorithm than NeuralHash (which would've run on the devices) on their servers to double-check any positive matches, making it unlikely for these "fake" pictures to be recognized as CSAM by the overall system. And of course, they also promised to use human reviewers at the end.

Still, I sleep better without any CSAM scanning going on. But at least, their implementation of it was considerably better than what Microsoft/Google etc. are doing.