Apple Outlines Security and Privacy of CSAM Detection System in New Document

[usagora]

NO NO NO! They have said the scanning happens on device. It doesn't get reported until it's uploaded to the cloud.

They create the hash on device. They read the 1's and 0's of your photos and create a hash. They then compare that hash to the local database (on your phone) of CSAM hashes.

Sounds like YOU don't understand how it works.

Since you don't believe me, this is from Apple's privacy chief, Erik Neuenschwander:

The hash list is built into the operating system, we have one global operating system and don't have the ability to target updates to individual users and so hash lists will be shared by all users when the system is enabled. And secondly, the system requires the threshold of images to be exceeded so trying to seek out even a single image from a person's device or set of people's devices won't work because the system simply does not provide any knowledge to Apple for single photos stored in our service. And then, thirdly, the system has built into it a stage of manual review where, if an account is flagged with a collection of illegal CSAM material, an Apple team will review that to make sure that it is a correct match of illegal CSAM material prior to making any referral to any external entity. And so the hypothetical requires jumping over a lot of hoops, including having Apple change its internal process to refer material that is not illegal, like known CSAM and that we don't believe that there's a basis on which people will be able to make that request in the U.S. And the last point that I would just add is that it does still preserve user choice, if a user does not like this kind of functionality, they can choose not to use iCloud Photos and if iCloud Photos is not enabled, no part of the system is functional.

Apple Privacy Chief Explains 'Built-in' Privacy Protections in Child Safety Features Amid User Concerns

Apple's Head of Privacy, Erik Neuenschwander, has responded to some of users' concerns around the company's plans for new child safety features that will scan messages and Photos libraries, in an interview with TechCrunch. When asked why Apple is only choosing to implement child safety...

forums.macrumors.com

 

[usagora]

I disagree.

Well you can disagree with reality all you want, but it still remains reality.

 

[usagora]

It means "not on the device" storage and that is very different than off-device storage. You pay for it with the device, you access it with the device, and you manage it with the device. It's a device feature, powered by an internet connection service to expand the capacity of the device. It is Apple's equivalent of user-upgradable storage.

Again, WTF? It's the SAME thing. If it's not ON your device, it's by definition OFF your device. And no one's saying you can't use it. If you don't like the terms then use another cloud service that probably has the same terms. Best of luck to you.

👋

 

[PsykX]

A positive thing about CSAM is that it saved us from the tech news drought.

 

[usagora]

The hashing and scanning happens on device. It only gets reported if you upload to iCloud. Apple is installing software on your device that you paid for that is essentially spyware. Spyware will now be an intrinsic feature of iOS.

You don't even know what spyware is. Spyware means the user is unaware their data is being transmitted to a third party. That's the "spy" part - by definition it's secret. Apple is telling you up front that if you attempt to upload a certain amount of CSAM to their servers, they're going to know about it. If you don't, then they're not accessing any of that scanning data.

 

[januarydrive7]

Honestly, the biggest news from today's article is that Apple requires >= 2 sovereign jurisdictions to agree about CSAM content for Apple to even consider matching against it. If true, this derails a lot of the arguments that it will be used by <insert regime here> for nefarious purposes. Apple messed up not presenting this detail up front, as it's a huge reveal of one the big layers of security built in to the process.

 

[Altivec88]

Is Apple being purposely dense. I have no doubt that Apple's intentions for this software is for good. I have no doubt Apple thinks this is secure and can't be abused in anyway. No different then when they told us iPhones are secure and iMessage is secure but here we are with companies breaking in to those without a sweat. Ultimately, causing at least one persons death. Craig is wrong on this one. I don't care how Apple "communicates" this. I have to look at it from the standpoint of, if this software gets hacked (which it will), what could go wrong. In the wrong hands, A lot could go wrong with major implications. This is not something I can support and I will show it with my wallet.

 

[usagora]

"If you are no longer happy with the entire 'bundle' you purchased, then no one is stopping you from selling....." rather misses the point that the hardware may have been sold on the basis of privacy, so on that basis someone changing that should pay the refund, not the user having to sell?

And has been explained countless time in this thread, many others, and by Apple themselves, this move is precisely for the SAKE of privacy, so that all that image scan data stays on your phone, not on their servers (they can access their own servers, obviously, but cannot access your device because they don't hold the key to it). I'm sorry you and so many others either don't understand that or don't want to understand it.

👋

 

[Cosmosent]

If a Boycott of iOS 15 & its derivatives soon gains momentum, the Apple Board may be Forced to Force Tim Cook out, assuming he doesn't back down on this !

To me, it is clearly Tim Cook's biggest Screw Up !

I think it illustrates that Tim Cook's Upper Mgmt Team is filled with Yes Men & Women !

Someone with common sense should have stood up & said "this isn't right !".

 

[Mr. Awesome]

Yes, precisely, your neighbor will only call the authorities if they see your CP. The neighbor in our analogy is the Apple on-device scanner, and Apple is the authority. Does that make more sense?

A better analogy: your neighbor designs a robot to search your house for CSAM. He only calls the police if his robot tells him about CSAM 30 times.

The problem with your original analogy is that Apple is a human entity, and the phone is not. In your analogy, the police are human entities and the neighbor is also a human entity. The fact that the neighbor is a human entity is what’s alarming to people. But in reality, your phone isn’t a human looking at all your photos. It’s essentially a collection of algorithms.

 

[AbsoluteAnointedOne]

Um...how about neither? Apple shouldn't be scanning ANY of my content. Whether it's on my phone or in the cloud, it is MY content created on a phone I paid for.

Lol any “cloud” storage that you do not physically access and own, is and will scan the content you place on it. This legally required in most western countries.

 

[rootee]

Why were you already OK with Apple scanning your photos before this?

No, not really, tbh. Not a fan of any scanning. As a consumer, more options are better, and I personally would go towards a fully private platform. Apple gained market share with their pro-privacy stance of the last few years, and this is clearly a step in the opposite direction. It's a head-scratcher really, why is Apple going down this path. It's not for the children, it's for the market share, but how they get from A-to-B here is the great question!

 

[btrach144]

Apple doesn’t care about privacy anymore. If they try to claim privacy at their 2021 iPhone event, I’m going to vomit.

This isn’t going to go away Apple. Get the hell off our iPhones.

 

[2540497]

Nobody:

Nobody at all:

Apple  : We are going to start scanning your iPhone for child porn

I was surprised Apple dropped the ball on this and didn’t internally realise this would be widely panned and fly against their Privacy crusade.

Now I’m CONCERNED. Concerned that in the face of widespread global condemnation they’ve chosen to double down. That’s a step past incompetent. That’s not the Apple I know and love. Tone deaf.

 

[cmaier]

Apple hasn’t seemed to realize that their nonstop explaining won’t erase any concerns.

It’s like trying to explain to someone that vaccines are good. People won’t understand things that negate their world view.

 

[citysnaps]

Nobody:

Nobody at all:

Apple  : We are going to start scanning your iPhone for child porn

I was surprised Apple dropped the ball on this and didn’t internally realise this would be widely panned and fly against their Privacy crusade.

Now I’m CONCERNED. Concerned that in the face of widespread global condemnation they’ve chosen to double down. That’s a step past incompetent. That’s not the Apple I know and love. Tone deaf.

Perhaps there's information you're not privy to? Have you considered that?

Or are you in the camp that Cook/Federighi/Maestri just aren't very smart people and came up with this on their own volition, believing people wouldn't care, privacy is overrated - something customers don't really care about, and really, because Apple is a corporation, the move will actually *increase* revenue because that's what matters.

Yet those and other Apple execs apparently lucked into creating one of the most successful and valuable companies in the world. Who woulda thought!

 

[BurgDog]

It is software installed on my phone taking up resources that provides zero benefit to me. Benefit is only to Apple, they should do this on their hardware, not mine, assuming they are required by law to do this.

 

[amnesia0287]

What I can’t figure out is WHY they are doing the checks on device if it’s only impacting images through apple services like iCloud or iMessage? Why not just do that same check server side and not add some random “backdoor”. All the cloud providers already do the same crap, so why are they moving the check onto devices, are they really lacking compute that much?

in its current iteration, sure it seems quite safe, but it seems pretty easy for china for example to make a law where they control the hash list.

 

[Abazigal]

Nobody:

Nobody at all:

Apple  : We are going to start scanning your iPhone for child porn

I was surprised Apple dropped the ball on this and didn’t internally realise this would be widely panned and fly against their Privacy crusade.

Now I’m CONCERNED. Concerned that in the face of widespread global condemnation they’ve chosen to double down. That’s a step past incompetent. That’s not the Apple I know and love. Tone deaf.

https://twitter.com/x/status/1426305009919139842

macrumour’s own poll results doesn’t seem to support the narrative that Apple is facing widespread criticism, especially when you consider that the people visiting this website tend to be more critical of Apple than the rest of their user base.

Rather than believing that Apple is being tone deaf and refusing to take their head out of the sand, is it possible that Apple is reading their customer base right in that the majority are either indifferent or even supportive of such a move, and what we are seeing here is, once again, a very vocal minority?

By the time iOS 15 rolls out next month, we will probably be surprised that there was even an uproar over this matter.

 

[hlfway2anywhere]

Why don't you enlighten us?

None of what Craig said mitigates the fact that Apple is scanning the images on your iPhone. Apple is reviewing content on your phone for unapproved content. There is absolutely no denying that.

So, tell us. Where do those of us who are against us have it wrong? You'll note that the majority of comments are strongly against this technology.

The fact that you say apple is “scanning your images” as if apple themselves are looking at the crappy pictures of your kids and pets is already wrong and if you can barely even grasp that, getting into anything more detailed seems like a wasted effort with people who just want to be mad about something.

 

[amnesia0287]

It is software installed on my phone taking up resources that provides zero benefit to me. Benefit is only to Apple, they should do this on their hardware, not mine, assuming they are required by law to do this.

There are hundreds of things running on your device taking up resources that don’t benefit you nor would you care. Welcome to software. But I do agree that I can’t figure the reason they are doing it on device rather than in the cloud. Even if images are encrypted (which as best I know they aren’t) they could still just include the file hash with the encrypted one.

if they purely did the checks in the cloud, then no matter what, turn off cloud, no Risk. As it stands with them checking on device, the only thing gating them from just scanning everything is them saying they won’t.

it just doesn’t make sense. It seems like a super stupid engineering choice. Cause if it’s only cloud stuff, it should already be getting scanned like every single cloud provider does.

 

[JCCL]

If you install iOS 15, then you agreeing that you are allowing Apple to use the software it owns to constantly look at your stuff when you choose to upload it to their servers.


Bit of a slippery-slope, there...

Yeap. That’s why iOS 15 beta is off my phone now. While future hardware purchase plan on hold (I was previously dead set on getting iPhone 13 Max).

Giving them access to my data was not part of the terms my original transaction.

 

[hlfway2anywhere]

Yeap. That’s why iOS 15 beta is off my phone now. While future hardware purchase plan on hold (I was previously dead set on getting iPhone 13 Max).

Giving them access to my data was not part of the terms my original transaction.

I’m bookmarking your profile just so I can watch you get over this or switch to the worlds least privacy oriented company, in real time

 

[spazzcat]

I just don't want Apple to be scanning iCloud period. It's a way to look over and go through our privacy. What if information gets leak to the government or the criminals. Who's held responsible for that?

Find an alternative way to catch criminals. And, why Apple is even getting involve?

Isn't this already happening on every cloud provider including iCloud? The only difference is Apple is going to start creating the hashes on the phone first before uploading it to iCloud.

 

[rootee]

I’m bookmarking your profile just so I can watch you get over this or switch to the worlds least privacy oriented company, in real time

Pfft, those don't seem like the only two options. Apple could indeed reverse course, if the bad PR eventually hurts their bottom line, share price, in which holding out on iOS/hardware upgrades makes perfect sense

BTW, that's a pretty distasteful thing to want to do, lol.