Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
In the Github thread there are better matches with the same hash. Like two photos of totally different content but looking quite like normal photos.

Anyway, I took the time to go through this talk again: https://www.apple.com/105/media/us/...enix-security-symposium-tpl-us-2021_16x9.m3u8 Actually it's interesting, they have planned a lot more "safety guards" than I remember, especially also for this kind of attack:
View attachment 2149182

They actually were planning on using another algorithm than NeuralHash (which would've run on the devices) on their servers to double-check any positive matches, making it unlikely for these "fake" pictures to be recognized as CSAM by the overall system. And of course, they also promised to use human reviewers at the end.

Still, I sleep better without any CSAM scanning going on. But at least, their implementation of it was considerably better than what Microsoft/Google etc. are doing.
Yes, this check was added after the initial uproar by the security community. Apple went through a couple of revisions to their CSAM scanning explainer page as weaknesses in their implementation were pointed out by researchers.
 
  • Like
Reactions: VulchR
"CSAM scanning" has never been implemented by Apple in any software release of theirs. As quoted in the article you're commenting on, Apple stated: "We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos." This is the latest news on this topic.

Right so I can upgrade from my holding pattern of iOS 14 to iOS 16 without any worries?

A version of the Neural Hash model was found in iOS 14.3. The ML model was extracted and placed on GitHub. Devs even built websites of non-CSAM images that triggered the CSAM positive identification routines.

That's amazing. I seem to have missed all the action. The CSAM was a real deal breaker for me. I've had enough of all this tech being used against people and nations, you know not just Apple.

It also pushes me to look back at SD camera of 12 years age and started using that again for a bit of fun same MP as iPhone but not as fast or with any of the processing but a bit of uncurrated, "oh I forgot about that picture..." fun, I even started to think about getting a new dedicate digital camera for the pocket, betrayal is never good, and once a brand or person doe sit you can never trust them again and i can same sentiment here, Apple screwed up big time on this one.

So overall user give latest version of iOS being CSAM free or at least inactive safety rating totally safe or as good as?

Reading some more and thinking could it be switched on at granular device side level remotely?

I know this is hypothetical hack but if the latest build have it in the codebase, albeit unused, what's to stop a remote exploit as such uncommenting the code and running in the background unbeknownst to the user and maybe even Apple?
 
Last edited:
Right so I can upgrade from my holding pattern of iOS 14 to iOS 16 without any worries?
Just be aware that when you upgrade to ios 16, Apple has the ability download security updates without your consent.
That's amazing. I seem to have missed all the action. The CSAM was a real deal breaker for me. I've had enough of all this tech being used against people and nations, you know not just Apple.
I stay current as I don't want my phone to be hacked by some malicious website.
It also pushes me to look back at SD camera of 12 years age and started using that again for a bit of fun same MP as iPhone but not as fast or with any of the processing but a bit of uncurrated, "oh I forgot about that picture..." fun, I even started to think about getting a new dedicate digital camera for the pocket, betrayal is never good, and once a brand or person doe sit you can never trust them again and i can same sentiment here, Apple screwed up big time on this one.
I starting using my DSLR, not because of CSAM, but because it takes pictures differently than what can be taken with a smartphone. I can still trust Apple - ymmv.
So overall user give latest version of iOS being CSAM free or at least inactive safety rating totally safe or as good as?

Thing is reading some more now, could it be switched on a granular device sdie love remotely? I know tha's has think gin but if the latest build have it there, be unused, what's to stop pa remote hack as such uncommenting the code and running in the background unbeknownst to the user?
Nothing. If you are going to partake in outsmarting Apple (or Microsoft, or google) you're barking up wrong tree.
 
  • Like
Reactions: CarlJ
Check the main news feed. I'm sure it's in one of the articles. But it won't say much more than what I said.
If what I have read I have understood correctly then it may be possible to disable this form or auto update in settings.

Since I am nit using 16 I can’t check 🥸
 

Attachments

  • 59694583-265C-44DB-BE6C-25A06ED9DBDF.png
    59694583-265C-44DB-BE6C-25A06ED9DBDF.png
    238.8 KB · Views: 131
  • Like
Reactions: Omega Mac
Read the fine print.
Indeed, so I think that was missed in the MR article, an innocent omission or did I not read the whole thing properly Hmmm…

Also I’ve hit a wall and some web sites are not supporting this version of safari browser nor installing Firefox was a way around it. I innocently thought non Safari browsers Compatibility was generally not linked to iOS version but I guess I’m wrong.

Maybe a different browser try I should.
 
Indeed, so I think that was missed in the MR article, an innocent omission or did I not read the whole thing properly Hmmm…

Also I’ve hit a wall and some web sites are not supporting this version of safari browser nor installing Firefox was a way around it. I innocently thought non Safari browsers Compatibility was generally not linked to iOS version but I guess I’m wrong.

Maybe a different browser try I should.
All browsers on iOS use the rendering engine built into the operating system. By not updating your iOS version you will therefore always lag behind in terms of rendering web content regardless of which app you‘re using. Also you‘re probably missing out on security fixes.

Your call obviously. Personally I think the threat from random hackers is bigger than the things discussed here in this topic, but everyone‘s threat model is different anyway so weigh up your options by yourself :)
 
  • Like
Reactions: Omega Mac and I7guy
Indeed, so I think that was missed in the MR article, an innocent omission or did I not read the whole thing properly Hmmm…

Also I’ve hit a wall and some web sites are not supporting this version of safari browser nor installing Firefox was a way around it. I innocently thought non Safari browsers Compatibility was generally not linked to iOS version but I guess I’m wrong.

Maybe a different browser try I should.
The rendering engine is two+ years old. And maybe some websites are using new www standards. Either way it’s your call to upgrade or not.
 
  • Like
Reactions: Omega Mac
All browsers on iOS use the rendering engine built into the operating system. By not updating your iOS version you will therefore always lag behind in terms of rendering web content regardless of which app you‘re using. Also you‘re probably missing out on security fixes.

Your call obviously. Personally I think the threat from random hackers is bigger than the things discussed here in this topic, but everyone‘s threat model is different anyway so weigh up your options by yourself :)
I’ll have to upgrade but no longer trust Apple. It’s a very poor situation but the way the world is no surprises.

While the issues might seem different on a fundamental level Apple has given itself one if not potentially two backdoors.

Not great when trust is bust to lose control over access to a personal computing device.

Less I phone and more Borg Phone.

Thanks for updating on the very important nuance of the fine print.
 
Last edited:
Well I don’t use iCloud for photos but do for files and the convenience of having access for projects and work etc. Between devices or machines, and I am totally aware “it’s somebody else computer.” 🥸

I use to use lil snitch. Must try again.

However it’s not fully clear exactly what is going on. I can transfer file or photos from iPhone to the macOS without being connected to the net.

So what happens there?

When is the scanning event suppose to occur in transfer or after?

I would have assumed the scanning for people and objects transfers from the iPhone to iphotos, since that’s all done on device and the A chip is I thinkncustomised to perform this task well - So what’s new?

Or what more should I be worried about now!?
 
This is kinda of a stupid question even though I have a dev account and can download betas.

How can I get a signed 15.7,
It only showing support software files up to iPhone 7!
 
As pointed out earlier, mediaanalysisd isn't nefarious, and it isn't new. We already know MacOS scans our photos. That's how Apple provides features such as object and people recognition. That can't happen unless the photos are scanned.

Apple is a company that lies about them caring about privacy, they do not ever deserve the benefit of the doubt. You stating that mediaanalysisd isn't nefarious does not make it so.
 
Apple is a company that lies about them caring about privacy, they do not ever deserve the benefit of the doubt. You stating that mediaanalysisd isn't nefarious does not make it so.
You’re the one simply stating an opinion. I provided a link to a detailed third party analysis of the feature.
 
  • Like
Reactions: CarlJ
Any updates on the active or not position of the CSAM codebase in iOS16.5 and macOS these days?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.