Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What’s the reason for doing it in-device is then in your opinion?

They could have gone the MS/Google/etc route and just do it in iCloud, but files can’t be encrypted all the time in that option.

But even that would have generated sensational headlines (because it’s Apple) and frenzy in MacRumours forums…until people would have realised that uh oh everybody’s been doing this for years.
Their reason for doing it, in my opinion, doesn't matter - I'm saying that, at this point in time where I'm writing this, saying that Apple is doing it to enable full E2E encryption for iCloud photos is speculation, not guaranteed, and therefore does not excuse this.

People who oppose this move are opposed to having a device snitch on them, on behalf of an uncaring megacorp and authorities, who have the power to ruin people's lives. This escalates the blurring of the lines between "What's mine/on my own private device" and "what other entities control". This is what we oppose.
 
  • Like
Reactions: turbineseaplane
There are free encrypted photo apps and free notes apps.

Tresorit has end to end encryption for photos and videos. U can simply disable Apple Photos and use it instead. The downside is u only get 3 GB for the free option and can only be logged into 2 devices.

Standard Notes offers free end to end encryption for note taking

SecureMyEmail offers a way to encrypt Gmail with PGP encryption. It’s free version works with one email
 
Is it though? If they had announced E2E encryption for photos together with the CSAM scanning, it would have changed the discussion. But they didn't.

Funnily enough, there are a number of E2E encrypted cloud storage services that don't scan your device (e.g. Tresorit, ProtonDrive, Sync.com, Filen.io).
Have you read the TOS of these services regarding what they do to your data in the cloud?

If, or when, EU/US mandates that this must be done, one way or another, do you want this check to be done (it’s just a hash comparison) in the device when uploading or in the cloud against your decrypted files?
 
  • Haha
Reactions: sinoka56
Finally, e2ee with scanning at either end defeats the purpose of e2ee.
E2E doesn’t mean that your files are encrypted all the time in the device - if they were even you couldn’t see them.

The communication endpoints in E2E communication **must always decrypt the data**.

For example, iMessage and WhatsApp are E2E but obviously, in your device, the messages are decrypted so that you can read them.

(There was an insanely stupid media frenzy a while ago about WhatsApp “breaking E2E” because people can report offensive messages. Uh oh.

It’s not breaking E2E if the user **decides to send** messages to Facebook for review. You can also take a screenshot. But it surely made for some great clickbait headlines.)

Anyway, it’s likely that Apple will start checking the content in iCloud - and this means that iCloud Photos won’t be properly encrypted.

I hope everybody panicking over the CSAM in-device check is happy.
 
Haha and now it's updated to say the bookmarks are not actually end to end encrypted. Pathetic.
 
Have you read the TOS of these services regarding what they do to your data in the cloud?
What are they supposed to do with data they can't decrypt?
If, or when, EU/US mandates that this must be done, one way or another, do you want this check to be done (it’s just a hash comparison) in the device when uploading or in the cloud against your decrypted files?
In the cloud, no question. That leaves me the choice not to upload my data. I don't like to be subjected to constant searches of my own device as if I was a criminal. On-device scanning is also the first step to undermining the security of services that actually are E2E encrypted.

More generally, I think we should resist such mandates rather then engaging in preemptive obedience.
 
Last edited:
“In recent months, Apple has come under pressure to make iCloud Photos and iCloud backups fully end-to-end encrypted, but the company has yet to make those changes.”

RIGHT. Because they’re still in a holding pattern to completely invade the privacy of those things. What’s it called again? CSCAM?
Their lack of decision to encrypt has nothing to do with CSAM, it goes long before that.

PRISM!
 
Fine. Now please find a way of encrypting iMessage in the cloud. That's where there are serious privacy implications as Apple, and by extension any government authority, has full access.
Yes along with getting WatchOS to properly sync with iOS/iPadOS/macOS. There is a consistent disconnect between them all. Delete on iPhone/WatchOS/macOS/iPadOS doesn’t properly sync with iMessages/SMS on the other devices.

it’s annoying an real security issue if you sleep with your watch are single or out camping or on plane for a business trip. Not just messages but also 2FA is delivered to WatchOS.

iMessage in the cloud is already end-to-end encrypted. But you have to disable iCloud Backup to avoid storing the encryption key on iCloud (all these info are in the iCloud white paper on the Apple website anyway)
You really believe that?
like you believe d Apple stating 7yrs ago that iMessage in iCloud would also properly sync with WatchOS?? It doesn’t!
 
c) Truly end to end encrypted so Apple can't see them. But I guess that's never going to happen.
Why is the facts misconstrued as Apple seeing your pictures when they’ve clearly stated they’re searching the hash?

yes I fully understand the back door is the real threat here and they probably already can view the pictures and have for a while.

then again how come no fear for 12yrs until this year about photos when photos in iCloud has never been encrypted, and Apple already ran algorhythms to determine dates of pictures etc to come up with a slideshow ???
 
  • Haha
Reactions: sinoka56
Why is the facts misconstrued as Apple seeing your pictures when they’ve clearly stated they’re searching the hash?

yes I fully understand the back door is the real threat here and they probably already can view the pictures and have for a while.

then again how come no fear for 12yrs until this year about photos when photos in iCloud has never been encrypted,

the issue is with the snitching, from your own device. As far as no one complaining about photos in iCloud for 12 years, 1) not everyone realizes that "cloud" is "someone else's computer" and this woke up them to that fact, 2) people who do realize it understand that the scanning and snitching is happening on "someone else's computer", out of their control, and so either avoided using it or were fine with it.

In either case, the issue is with the tightening of the grip, the loss of control over one's own device, when it now has the very real functionality (no longer theoretical) of snitching about you to authorities, by proxy of Apple.

and Apple already ran algorhithms to determine dates of pictures etc to come up with a slideshow ???

And same point as above - analyzing your data, on device, in service of the user, is quite different from analyzing the data, on the device, in service of law enforcement. One has a potential of making you think "how come my iphone thinks the starbucks logo is a person, how did it end up putting a pic of a dinosaur in 'furry friends', ha haha funny", while the other has the potential of ruining lives (while the real, non-dumb, baddies will just turn off icloud sharing)

Anyway this is just re-hashing all the arguments from a month ago I guess...

tuirns out the bookmarks won't be E2E encrypted anyway!
 
  • Like
Reactions: DeepIn2U
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.