Apple Outlines Security and Privacy of CSAM Detection System in New Document

[bobcomer]

apple will load this database onto our phones with ios1

It's actually already there since ios14.3 supposedly.

i think what apple is doing here is trying to put the database in the spotlight so users will know it can't be tampered with or changed ... unlike databases that reside server side which are opaque to the user

That would make sense, but it's still a leap of faith to trust it, and I just don't have it anymore.

some folks have said that apple should do the photo scanning on a relay server and thus keep it off device, again as far as i know this would be a less transparent process than what they are trying here

That's the only thing that would make it acceptable to me. Both are black boxes and I don't want it anywhere near my own device.

 

[slomojoe]

It's actually already there since ios14.3 supposedly.

That would make sense, but it's still a leap of faith to trust it, and I just don't have it anymore.

That's the only thing that would make it acceptable to me. Both are black boxes and I don't want it anywhere near my own device.

not happy about either, feel like i am convicted before a trial and assumed to be a potential pedophile (i love how apple won’t let me swipe the word “pedophile” )

but what to do and where to go ?

sure makes using the phone more complex

i wonder if we will see e2ee as a tradeoff ? i wonder if this is why apple is doing this ?

 

[cupcakes2000]

this does not help apple's case any

Apple says collision in child-abuse hashing system is not a concern

Serious flaw in Apple’s CSAM scanner uncovered.

www.theverge.com

Hardly. Did you read it?

 

[slomojoe]

Hardly. Did you read it?

yeah read i did read and understand most of it but not all, it seems to support apple's loudly proclaimed "human checking backup" for matched images, though they are telling us this will happen 1 in a trillion, so either apple hasn't done the work to test neural hashing or they are winging this as they go along and just putting out reassuring figures

plus as has been pointed out upthread, what about non-iphone icloud uploads which would seem better taken care of using a relay server which is what many folks want for the phone to get the database off the phone

 

[bobcomer]

but what to do and where to go ?

Not much, just not Trust Apple any more. I wont be buying a new MBP this fall for one, and I'm changing my main phone to an android phone. True, it's only 2 devices an less than pocket change to apple, but that doesn't matter. We'll see about the future.

i wonder if we will see e2ee as a tradeoff ?

I bet not, the governments wont allow it. I personally don't care about it, so it's not a selling point for me.

i wonder if this is why apple is doing this ?

Only if they'd have announced it at the same time.

 

[Playfoot]

yeah read i did read and understand most of it but not all, it seems to support apple's loudly proclaimed "human checking backup" for matched images, though they are telling us this will happen 1 in a trillion, so either apple hasn't done the work to test neural hashing or they are winging this as they go along and just putting out reassuring figures

plus as has been pointed out upthread, what about non-iphone icloud uploads which would seem better taken care of using a relay server which is what many folks want for the phone to get the database off the phone

I have wondered that as well.....If one doesn't use iCloud, but another service, then the information is NOT sent to apple/scanned?

 

[Playfoot]

And with the news of collisions, would it be a fair assumption that Apple was aware of the ability to create collisions, despite press releases implying NO collisions? Was Apple hoping to perfect the system, as it often does, with the users' data over time?

Is this reason Apple decided to take Corellium to court again for an issued ruled on last year? To slow research that would show the faults?

I don't know the answers, but this only serves to increase suspicion, to reduce trust, to undermine the good work Apple has done. All would agree Apple has made a complete and utter hash of this....Pun intended.

 

[Alwis]

i think apple has a strong interest in maintaining trust with users so perhaps we will know more

If they had, they would not have implemented this "feature" in the first place.

Apply clearly states, that they think, that all of there users are potential pedophiles. So if Apple does not trust me, wha should I trust Apple?

 

[Luis Ortega]

If everyone who’s whining about this doesn’t immediately boycott these services, then they only have themselves to blame. We need to put our money where our mouth is.

 

[killhippie]

I have decided to order a Pixel 6a when released and stick Graphene on it. I'm going to switch to Linux not sure which flavour yet, but at least it will be on a computer I can work on without being locked out of the hardware. Apple wont notice I'm gone, but if the people on here who truly don't want this dystopian backdoor (its a door no matter how much you dont want to believe that) so call it what you want, maybe its a porthole or a catflap but no hardware is hack proof, Apple are not the great with security either, but the iPhone seemed the best of the bunch until now, so it will get opened by someone or some government and I would rather go back to using a dumbphone if needed than be part of that nightmare, or be the poor b'stard who's life is runied by being that one in a trillion, if the numbers are to be believed and Apple could be making that up, after all they are in distortion field mode mode right now to protect themselves.

Apple did not even have to do this. It really feels like they have been strong armed into 'think of the children' as a cover for lots of acronyms wanting access to iPhones as and when they require it further down the line. The Apple tech apologists on this forum seem blind to the damage Sony did when they put rootkits on computers that had recorded certain CD's back in 2005. This isnt much better tbh and after all this time I'm not surprised companies have not learned better tbh. Apple want to make money and if they have to sell our souls to do it they will. Apple is not your friend, no big tech corp is, you are just data and a way to make money.

 

[Luis Ortega]

I have decided to order a Pixel 6a when released and stick Graphene on it. I'm going to switch to Linux not sure which flavour yet, but at least it will be on a computer I can work on without being locked out of the hardware. Apple wont notice I'm gone, but if the people on here who truly don't want this dystopian backdoor (its a door no matter how much you dont want to believe that) so call it what you want, maybe its a porthole or a catflap but no hardware is hack proof, Apple are not the great with security either, but the iPhone seemed the best of the bunch until now, so it will get opened by someone or some government and I would rather go back to using a dumbphone if needed than be part of that nightmare, or be the poor b'stard who's life is runied by being that one in a trillion, if the numbers are to be believed and Apple could be making that up, after all they are in distortion field mode mode right now to protect themselves.

Apple did not even have to do this. It really feels like they have been strong armed into 'think of the children' as a cover for lots of acronyms wanting access to iPhones as and when they require it further down the line. The Apple tech apologists on this forum seem blind to the damage Sony did when they put rootkits on computers that had recorded certain CD's back in 2005. This isnt much better tbh and after all this time I'm not surprised companies have not learned better tbh. Apple want to make money and if they have to sell our souls to do it they will. Apple is not your friend, no big tech corp is, you are just data and a way to make money.

I suspect that it’s a political move to help stave off monopoly regulations that would impact their profits.
I’m not sure that you can escape it with any platform that is available, but we should boycott all such services and platforms and hopefully they take notice when they start losing money.
It also helps to be more politically responsible and elect people who will stand up for our interests at all levels of government.

 

[slomojoe]

seems to me about the only thing you can do (if you are going to continue to use an iphone, i am, because 90% of my family does) is not to use icloud photos, create your own cloud and use an e2ee cloud service like sync.com for an offsite backup

in the end, we have to take care of ourselves and not depend on apple or any other tech company, we have to assume that they are all hostile to our best interests

 

[Playfoot]

I can't help but wonder if this will have a negative impact on Apple's stated goal of fighting CSAM.

For example, I have instructed IT to look into more robust encryption of all files attached to emails intracompany and for regular clients, if there are ways to encrypt email, etc. Some years back, I already decided to end BYOD, and issue company phones that we control for security.

For many this might have been the proverbial straw...It is safe to assume that most of us in this thread were aware of the tremendous erosion of privacy. Yet, we endured and accepted the encroachment. Apple's CSAM might one be looked at as a watershed event.

 

[slomojoe]

a cursory glance at my devices shows how deep into the system i am but i am definitely planning my escape, i completely understand both how and why apple is doing this but i cannot get past the inescapable conclusion that apple assumes i am a child pornographer, convicted without charges or a trial … goodbye apple

 

[Synchromesh]

You know you do not have to update to iOS 15, right? Your phone will work exactly the way prior to iOS 15. It is entirely your choice and Apple have warned you in advance. iOS 15 will also be scanning text and numbers in our locally stored photos, remember? For privacy purists this is just as bad if not worse than CSAM. I personally will wait to see how this story goes and may stay on iOS 14. It’s not like iOS 15 introduces something incredible.

You don't have to update with older phones, yes. But with a new upcoming one you can't downgrade to iOS 14, now can you?

 

[jseymour]

seems to me about the only thing you can do (if you are going to continue to use an iphone, i am, because 90% of my family does) is not to use icloud photos, ...

I've already whacked all my iCloud photo storage and disabled it on my iPhone and iPad, and disabled most other iCloud storage/sharing.

 

[Mega ST]

I would prefer to have no spying going on on my device at all. The best would be some clear statement that they never will do it. I accept that Apple might have had good intentions with all this but below the line and balancing the pros and cons they might not have been aware of, there is only one solution, to not do it at all.
I don't want to start a hiding game tricking my configuration settings around their features. Their features must just fit me. All of them.
And again I have nothing to hide and never had.

 

[one more]

You don't have to update with older phones, yes. But with a new upcoming one you can't downgrade to iOS 14, now can you?

Apparently, we should still be able to use iOS 14 after iOS 15 is released:

Apple Won't Make You Upgrade to iOS 15 and Will Continue to Provide Security Updates for iOS 14

Apple plans to allow iPhone and iPad users to remain on iOS 14 and iPadOS 14 even after the launch of the iOS and iPadOS 15 updates, according to new...

www.macrumors.com

 

[jseymour]

Apparently, we should still be able to use iOS 14 after iOS 15 is released:

From the article:

Or continue on iOS 14 and still get important security updates until you're ready to upgrade to the next major version.

[Note: Emphasis added]

Hmmm... This puts me in an odd position. I'll have to devote some thought to it. I might maybe could talk myself into keeping my iPhone and iPad longer than I'd anticipated.

Waitaminute! That article has a publication date of June 7. How come nobody mentioned this before now?

 

[one more]

Waitaminute! That article has a publication date of June 7. How come nobody mentioned this before now?

It was mentioned by me and others, but probably got overwhelmed by people focusing too much on the problem, so skipping a very simple solution offered to them.

It is unprecedented on Apple’s part, however, offering iOS 14 releases after iOS 15 is out. Stranger still, why do it when all the devices that run iOS 14 can run iOS 15 too? 🤷🏻‍♂️

 

[Playfoot]

It was mentioned by me and others, but probably got overwhelmed by people focusing too much on the problem, so skipping a very simple solution offered to them.

It is unprecedented on Apple’s part, however, offering iOS 14 releases after iOS 15 is out. Stranger still, why do it when all the devices that run iOS 14 can run iOS 15 too? 🤷🏻‍♂️

Only wish they would put out an announcement that new 16" MacBook Pros could be downgraded from Monterey to Big Sur, or even lower.....

 

[jseymour]

It was mentioned by me and others, but probably got overwhelmed by people focusing too much on the problem, so skipping a very simple solution offered to them.

I guess so, because I missed it until that post, and I've been carefully reading all comments relating to this whole brouhaha.

It is unprecedented on Apple’s part, however, offering iOS 14 releases after iOS 15 is out. Stranger still, why do it when all the devices that run iOS 14 can run iOS 15 too? 🤷🏻‍♂️

My guess? My guess is Apple knew their subsequent announcement of the on-device CSAM-scanner would be quite unpopular and it's to avoid a mass (FSVO "mass") exodus from the Apple ecosystem?

I'm just glad they're doing it. It'll give me a lot more time to plan my move for the time when a non-compromised iOS will no longer be an option.

 

[one more]

My guess? My guess is Apple knew their subsequent announcement of the on-device CSAM-scanner would be quite unpopular and it's to avoid a mass (FSVO "mass") exodus from the Apple ecosystem?

Not sure. If Apple could foresee this strong opposition, why still go ahead with it?

 

[JeMeCasse]

Apple are a company of theatre and they do it very well. But the time has come for them to be put in check. No to on device scanning, yes to right to repair, and yes to opening up the app store for those that want it.

I look out for consumers, not multi trillion dollar corporations.

 

[jseymour]

Not sure. If Apple could foresee this strong opposition, why still go ahead with it?

Hubris? Did not accurately estimate the extent and degree of opposition? Dunno.