Wow. So you're trying to equate people who are concerned about their privacy to anti-vaxxers. I'm guessing there are not much to defend so you have to go to that route?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Addresses CSAM Detection Concerns, Will Consider Expanding System on Per-Country Basis
- Thread starter MacRumors
- Start date
- Sort by reaction score
It’s not overarching, wake up Neo, being able to STORE illegal stuff on SERVERS was never a thing. Never.
You can’t store copyright-infringing stuff on servers.
You can’t store intellectual property infringing stuff on servers.
You can’t store illegal stuff on servers.
You can’t store child p0rn on servers.
You can’t store money laundered cash in a bank.
You could be reported by the doctors if your wife shows up beaten up at an hospital.
You could be reported if you go to the hospital with a gun wound.
Sometimes companies and banks are in the position to police you and report you, yes.
The opposite was never a thing and never will, except in some extreme libertarian fantasy.
Wow. So you're trying to equate people who are concerned about their privacy to anti-vaxxers. I'm guessing there are not much to defend so you have to go to that route?
I’m not doing that.
I just stated that we have a problem with scientific literacy and it shows, even in people who thought they were “better” than anti-vaxxers.
Your definition of illegal might not be the same as what being defined by these black boxes of databases. And regardless even if you don't have anything that you considered "illegal", allowing a private company to actually scan your stuff on your own phone (not their server) to create hashes that can be used against you without you knowing what's the criteria is, to me, a bit too much.
I wish you good health and that you never have to live in a country with more stringent morality laws. Keep in mind what you write here if you do. Peace.
Not only that. Overarching systems like this open up abuses for blackmail. Somebody can inject those hashed pictures on the server side, and suddenly you are flagged. Imagine the risks if you're an opposition politician or journalists.
They could always scan your stuff and you wouldn’t have known.
The minute they’re scanning your stuff for something NOT in your interest, what are they doing? They’re TELLING you and they will ask your permission this Fall.
Sounds respectful so far.
And no it’s not local stuff, it’s stuff ON ITS WAY TO SERVERS.
This was always a risk, with any server side service routinely searched for illegal stuff.
What’s your solution to both fight crime and make planting fake evidence impossible? There’s no solution, just thresholds, processes, human review, appeals, etc.
Last edited:
Somebody could plant illegal stuff in my Facebook, Instagram, TikTok, Whatsapp, MacRumors account.
These companies should not look for illegal stuff or report illegal stuff because it could be planted. It’s overarching and overreaching. And they could be pressured at gun point to abuse these house-cleaning practices.
What drugs are you people on?
These companies should not look for illegal stuff or report illegal stuff because it could be planted. It’s overarching and overreaching. And they could be pressured at gun point to abuse these house-cleaning practices.
What drugs are you people on?
You have no idea of the beliefs of those who oppose Apple's new venture. I am certainly not a Conservative, hate Trump and live in the Nordics. Yet funnily enough, I strongly believe Apple is wrong to head in this direction.
I was referring to a couple of openly conservative post, I didn’t say 100% of the people concerned by this are conservatives. Let’s not strawman each other posts.
This is such a slippery slope and this system could be abused in so many different ways.
Doing something everybody in the industry already does routinely but in a more efficient and respectful way is a slippery slope, ok.
@peanuts_of_pathos - why are you going negative on posts that are providing additional technical insights well beyond Macrumor's fluffy articles and Apple's technical summary? In doing so you're essentially obfuscating the issue, leading the discussing astray and pushing other forum members to posts with incorrect technical details and erroneous assumptions.
This is truly not about political standpoint. You honestly think any sane person (liberal or conservative) want their pictures to be scanned by some “black box” you bought as your communications device? There is no law requiring Apple to scan the pictures or any data of iOS users but still they intend to do it. Who appointed them to be big brother? As an Apple investor I see this as a very bad business decision. They destroyed the credibility of their core marketing in one big bang. What are they or their users benefitting from this move? When you think about Apple you think about ease of use and privacy. Better privacy than you get from any other “turn key system”. Now you think about false advertising and empty promises. If Apple is willing to do this then what will they do next?
In all honesty this is like some terrorist act, which allowed mass surveillance. The so called purpose was to stop the terrorists but guess what, the man in the cave doesn’t use digital communication so you need guys in the ground to do the work. You know who uses digital devices, its the regular guys like us and now Taliban has taken over Afghanistan.
If someone thinks the child abusing porn producers and users are storing their stuff on iCloud then you are very naive. These people have always been hiding their tracks in physical and digital world so this will have no effect on them. Honestly, you just end up scanning the pictures of regular guys. To catch the target you need the man on the ground (preferably next to the hard drive self in your local IT store because that’s were all the pedeophiles are doing their shopping).
"These efforts will evolve and expand over time"
And personally I have no doubt they will. Once a content-scanning system like this (that uses unreadable databases) has been put into place, it will be too tempting for immigration and law enforcement to demand access - locally.
Just imagine how this will speed up border controls and enable law enforcement to expand searches?
Why pull 100GB of data from a traveller's iPhone, when you can quickly hook it up to a computer and access its internet database of "evil material" hashes (that has already been prepared by local scanning) within a mere seconds? And why stop at child abuse material, if you easily add other entries to the database? Probably even secretly, if it concerns "national security" in the US.
It's overreaching for companies to scan all my stuff (and every other user's stuff, routinely) just because a few people will store illegal stuff with them.
Just as it is overreaching for my landlord to rummage through the stuff in my apartment just because I could have something illegal in there.
Did I agree to such searches in my tenancy agreement?
That is the criticism: It's just not privacy-respecting policy and conduct.
That is certainly a possibility, since Apple has put the system in place, and such an attack is technical doable.
That said, it will require broad technical skills at the level of NSA or the Chinese cyber-warfare groups:
1 - an attacker would have to breach your iCloud account (OK, that one is probably easy), and
2 - determine a number of original images used by Apple to create the on-device hash-table (this cannot be reverse engineered from the on-device hash-table)
3 - obtain the on-device hash-table (a hacker can't use a 3. party hash-table as a substitute as Apple can't decrypt safety vouchers based on such)
4 - breach your iPhone to capture your account's safety voucher master key and produce the partial keys for the safety vouchers
5 - Build the encryption key (based on the malicious hash-table match) for the outer layer of the safety voucher
6 - get access to both the neural network and the hash function used for on-device matching to creating the Neuralhash
7 - Build the partial key for and encrypt the inner layer of the safety voucher (which contains the Neuralhash)
8 - Assemble the safety vouchers correctly and upload these plus malicious images 100% protocol-aligned with what Apple's servers expects, while masquerading as your iPhone, iPad or Mac.
As I said, certainly doable - Edit: the reach and longevity of such an attack vector would probably be limited (headlines like "Apple's CSAM system captures another government opposing journalist in Belarus" are audit triggers if nothing).
I'm personally more worried about government actors forcing Apple to use the system for other regime-mandated searches.
Last edited:
The problem is you say “scanning” where in actuality it is “checking against a limited database of known CP using a system that makes an error on average every 1000 years”.
If anything, this is a communication misstep because it’s difficult for people in the streets to understand the technicalities of this (sniffing pictures for something extremely specific without looking at them).
This system is extremely ill-suited for that.
Photos app has done face recognition for many years and even item recognition for some years now which would be much better suited for what you are describing. They could program to look for MAGA caps easily.
So, why haven't governments forced Apple to expand these features?
Are you ok with explosives sniffing machines at airports just because a few people may bring explosives?
Are you ok with Facebook, Google, etc. routinely scanning their platforms for illegal stuff just because a fee people will store illlegal stuff?
Are you ok with store clerks mass-policing law abiding citizens about vaccination status and mask usage just because a few people may be spreading a world-destroying airborne virus?
Yes, but this system doesn't scan files.
There are many examples of local scanning on other systems which doesn't seem to raise alarms at all.
Android scans every URL used by any app and the OS and potentially harmful URLs are being sent to Google.
Google Play Protect scan parts of the file system everyday on Android and can even delete stuff.
Microsoft Defender and other anti-virus tools scans your entire drive by default.
With Safe Browsing, something I believe every major browser implements, every URL is checked against a list of untrusted URLs etc.
Many of these systems (and having similar on iPhone) would be much better for governments to do surveillance. And yet I don't see much protests over these systems.