Apple Outlines Security and Privacy of CSAM Detection System in New Document

[jseymour]

Being as Apple merely "suspended" their plans, it's been my belief all along they were just waiting for either the furor to die down or to have a "legitimate" excuse to activate their spyware.

Thus I've not updated any of my devices to iOS 15. (Given that Apple stopped issuing security updates for 14.x fairly quickly [surprise!], I suppose that means I really should get on the stick and replace them with Android devices.) Almost nothing is saved in iCloud. Siri remains disabled everywhere. We've purchased no additional Apple products, and have no plans to do so.

I'll miss my Apple Watch most of all, I think 😭

 

[jntdroid]

Being as Apple merely "suspended" their plans, it's been my belief all along they were just waiting for either the furor to die down or to have a "legitimate" excuse to activate their spyware.

Thus I've not updated any of my devices to iOS 15. (Given that Apple stopped issuing security updates for 14.x fairly quickly [surprise!], I suppose that means I really should get on the stick and replace them with Android devices.) Almost nothing is saved in iCloud. Siri remains disabled everywhere. We've purchased no additional Apple products, and have no plans to do so.

I'll miss my Apple Watch most of all, I think 😭

I don't blame you, but unfortunately I think it's a pipe dream to think Android won't head the same direction.

 

[bobcomer]

I don't blame you, but unfortunately I think it's a pipe dream to think Android won't head the same direction.

They might, and I already did same with them I do with my iPhone, no iCloud photo or document sharing sharing. As long as all they scan is things to be uploaded to iCloud that'll do, but if they go further, I don't know what I'll do but iCloud probably wont be part of it. I really hate the idea of scanning on my device. I don't have anything that is illegal, and I don't care if they scan on their side if I upload something, but on my device, no, no way, no how.

 

[rme]

I don't blame you, but unfortunately I think it's a pipe dream to think Android won't head the same direction.

I've moved to GrapheneOS (a privacy focussed Android fork) on a Pixel 6. I can recommend it!

 

[GBaughma]

"see, it is the law, we always follow the law..."

But that's just it. It's NOT the law. The law states it gets reported if it is *discovered*, and specifically goes on to state "this does not mean that a vendor should actively search for it..."

 

[Playfoot]

But that's just it. It's NOT the law. The law states it gets reported if it is *discovered*, and specifically goes on to state "this does not mean that a vendor should actively search for it..."

Yes, I have wrote the same statement . . . Agree completely.

 

[Gelam]

Hmmm. Not that I am one to easily surrender to conspiracy theories, but based on the attached link, me thinks Apple is getting ready to activate the dormant CSAM framework buried in its OS's. The reason will be, "see, it is the law, we always follow the law..."

Perhaps Apple knew this all along, decided to attempt to limit the negative feedback, wait until governments started to require CSAM removal.

https://9to5mac.com/2022/05/11/appl...e-back-as-eu-plans-a-law-requiring-detection/

This one is very interesting indeed. If that is the case, Apple knows about many things long before it is announced. If that is the case Apple knew about the European DMA long before we know about it as well.

 

[_Spinn_]

This one is very interesting indeed. If that is the case, Apple knows about many things long before it is announced. If that is the case Apple knew about the European DMA long before we know about it as well.

Yeah at the time Apple announced the CSAM scanning it really seemed like there was unseen pressure on them. I suspect Apple knew this stuff was coming and was trying to get out in front of government legislation so they could do something in a way that protected user privacy without putting in government backdoors. That being said I don't like Apple's solution but I hate what governments seem to want even more.

The EU seems intent on destroying encryption and privacy in order to "save the children." Their proposal would essentially require algorithms to scan ALL emails, messages, or other communications in order to detect "grooming" not just CSAM. If the proposal passes it would essentially create China level internet surveillance in the EU.

More info in this thread:

https://twitter.com/x/status/1524106734566100996

 

[Playfoot]

There has always been a creep to investigate, to spy, to reduce privacy. However, in my humble opinion, the loss of privacy received a boost with 9/11. So many people were convinced to surrender privacy for the false promise of absolute security....

Scanning on device, reading text and emails is just the latest move.

 

[Mega ST]

So a monitoring computer would try to decide about what he thinks my intentions might be? Up to the point of calling the police? Interfering with all my private conversations all the time? Sounds unconstitutional. What happened to privacy?

 

[GBaughma]

So a monitoring computer would try to decide about what he thinks my intentions might be? Up to the point of calling the police? Interfering with all my private conversations all the time? Sounds unconstitutional. What happened to privacy?

You waive your privacy every time you agree to a TOS.

And THAT is where apple is going to "get you". You've probably already agreed to them monitoring you... because who actually reads the TOS? You spend $1,000 on a phone, they won't give you your money back if you don't agree to the TOS, and you can't use it if you don't agree. So people just "agree". Including me.

 

[Playfoot]

You waive your privacy every time you agree to a TOS.

And THAT is where apple is going to "get you". You've probably already agreed to them monitoring you... because who actually reads the TOS? You spend $1,000 on a phone, they won't give you your money back if you don't agree to the TOS, and you can't use it if you don't agree. So people just "agree". Including me.

I do read the EULA / TOS. However, there is no other choice in this day and age....You must agree as it is all but impossible to work, live without tech......

 

[Alwis]

You spend $1,000 on a phone, they won't give you your money back if you don't agree to the TOS, and you can't use it if you don't agree.

I am pretty sure, that this would violate German law regarding terms of services. These terms must be announced appropriately before the contract (e.g. buying the phone) and they must not contain any surprising clauses, otherwise they are invalid.

First is not the case when I can only see them after I bought the phone. And clauses, that all my data can be scanned and that the phone can not be used without agreeing to this for sure is surprisin. according to German law.

More likely is, that big US tech companies just chose to ignore these laws, as they do in other cases to.

 

[Mega ST]

My constitutional rights -like "privacy" and "integrity of the personal sphere" in case of my country- should be above what any company demands anyway? Without respecting my country's constitution no company can do business here, whether it has good intentions or not.

 

[Playfoot]

Well, it looks like the UK is will effectively lead the charge to have snooping on our devices...

https://9to5mac.com/2022/07/14/csam-law/

At this rate, how long will it be before houses can be searched without a warrant?

 

[GBaughma]

Well, it looks like the UK is will effectively lead the charge to have snooping on our devices...

https://9to5mac.com/2022/07/14/csam-law/

At this rate, how long will it be before houses can be searched without a warrant?

Interesting that the article clearly identifies what we've been freaking out about.
Not just CSAM, but terrorist activities, eating disorders, self-harm, or other "harmful" content.

THIS IS WHAT WE'VE BEEN TALKING ABOUT, PEOPLE. How this "for the children, on-device CSAM scanning technology" could be misused.

I hate to be the first one to say "I told you so..."

 

[GBaughma]

Well, it looks like the UK is will effectively lead the charge to have snooping on our devices...

https://9to5mac.com/2022/07/14/csam-law/

At this rate, how long will it be before houses can be searched without a warrant?

And what exactly trips the alarm?

"Oh honey, you look so grown up in your dress for your quinceanera" (potential grooming?)
"I just bought a whole case of twinkies! LOL!" (Eating disorder?)
"Hey, Marlboro is having a sale, 3 packs for $10" (self-harm?)
"Found a new vape flavor I really like! Butterscotch ripple!" (self-harm?) (had to put that one in there, considering I'm such a vape advocate...)
"Baby's first bath photo!" (CSAM?)
"I found this new church I really like... it's called Branch Davidian" (Terrorist activity?)
"This president is a real numbskull" (Sedition? Terrorist?)

Do you see NOW how this can be abused in SO MANY WAYS? And the UK is leading the pack now...

 

[mw360]

Interesting that the article clearly identifies what we've been freaking out about.
Not just CSAM, but terrorist activities, eating disorders, self-harm, or other "harmful" content.

THIS IS WHAT WE'VE BEEN TALKING ABOUT, PEOPLE. How this "for the children, on-device CSAM scanning technology" could be misused.

I hate to be the first one to say "I told you so..."

You’ve read the article too quickly, and you may benefit from clicking through to the source Guardian article. There, the discussion about client-side ‘scanning’ is only in the context of CSAM/CSAE on E2E chats. So it’s not about the technology being misused, it’s about the technology being used for its stated purpose.

All that stuff about eating disorders etc. was already in the bill and neither article demonstrates that the bill intends for your private texts to be scanned for any of that. This is mainly about content moderation on open platforms and search engines.

Neither of the articles quote the bill directly though, and the bill is nearly 300 pages, so I’ll let somebody else check the exact wording.

 

[PBG4 Dude]

And what exactly trips the alarm?

"Oh honey, you look so grown up in your dress for your quinceanera" (potential grooming?)
"I just bought a whole case of twinkies! LOL!" (Eating disorder?)
"Hey, Marlboro is having a sale, 3 packs for $10" (self-harm?)
"Found a new vape flavor I really like! Butterscotch ripple!" (self-harm?) (had to put that one in there, considering I'm such a vape advocate...)
"Baby's first bath photo!" (CSAM?)
"I found this new church I really like... it's called Branch Davidian" (Terrorist activity?)
"This president is a real numbskull" (Sedition? Terrorist?)

Do you see NOW how this can be abused in SO MANY WAYS? And the UK is leading the pack now...

Where do you live? Marlboros are almost 12 bucks a pack here.

 

[Playfoot]

Interesting that the article clearly identifies what we've been freaking out about.
Not just CSAM, but terrorist activities, eating disorders, self-harm, or other "harmful" content.

THIS IS WHAT WE'VE BEEN TALKING ABOUT, PEOPLE. How this "for the children, on-device CSAM scanning technology" could be misused.

I hate to be the first one to say "I told you so..."

Yes, people will write that it only targets CSAM and think of the children. However, once implemented, the technology can be used for anything authorities deem necessary. And as the hash tag library is only known to the creators, ie Big Brother, then really it is possible for anything to become the target.

And Apple already has caved to China and Russia, so it is highly likely Apple would again cave. To be fair, they have caved in the US whenever issued the dreaded Security Letter, more secret and classified than a mere FISA warrant.

 

[Mega ST]

Google flagged a father who took private pictures of his son for his doctor.

DNyuz - Latest Breaking U.S. News

Latest Breaking News, U.S. and World Politics, Crime, Business, Science, Technology, Autos, Entertainment, Culture, Movie, Music, Sports.

dnyuz.com

 

[hydropsyche]

Don't forget the 24/7 location tracking of mobile devices, even when turn off!

I went to an android open source privacy phone that keeps both google and apple out! Pricks.

 

[I7guy]

Google flagged a father who took private pictures of his son for his doctor.

DNyuz - Latest Breaking U.S. News

Latest Breaking News, U.S. and World Politics, Crime, Business, Science, Technology, Autos, Entertainment, Culture, Movie, Music, Sports.

dnyuz.com

That I guess is the difference between real time scanning and hash scanning. There ought to be a class action lawsuit.

 

[jseymour]

This annoys the bejesus out of me:

The nurse said to send photos so the doctor could review them in advance.
...
With help from the photos, the doctor diagnosed the issue and prescribed antibiotics, which quickly cleared it up.

All without an office visit. Faster, more convenient, and less expensive in time and money all-around. But...

Dr. Suzanne Haney, chair of the American Academy of Pediatrics’ Council on Child Abuse and Neglect, advised parents against taking photos of their children’s genitals, even when directed by a doctor.

We're not supposed to actually use technology to our advantage

I regard Google as about as evil a big tech company as their is. I thought, once-upon-a-time, I could seek refuge in Apple, but Apple seems intent on becoming every bit as evil.

That I guess is the difference between real time scanning and hash scanning. There ought to be a class action lawsuit.

I don't want Apple, or anybody else, scanning my stuff in any way, shape, or form. Period.

 

[bobcomer]

Google flagged a father who took private pictures of his son for his doctor.

DNyuz - Latest Breaking U.S. News

Latest Breaking News, U.S. and World Politics, Crime, Business, Science, Technology, Autos, Entertainment, Culture, Movie, Music, Sports.

dnyuz.com

People should just stop using iCloud and whatever they call google's cloud for backups. There's just too much risk of a false positive and I would have paid that $7000 to sue Google to get my information back. (plus penalty.). Google doesn't have a leg to stand on denying giving his info back. So scummy.