Apple Publishes FAQ to Address Concerns About CSAM Detection and Messages Scanning

[hydropsyche]

First, Apple is already playing the ass for taking apps from the app store that don't agree with their politics...

Second, Apple already kowtows to China...

Third, Apple is supposed to be the privacy option for us, not the 'also ran' option...

Forth, Apple supports the encryption back door...

 

[Eroro]

Apple still use closed source code, I will not trusted it. Until they show it up.
Then what make you different with Trump "Huawei Spy" Propaganda.

Both basically a same things.

 

[Rigby]

This quote kind of sums up why I am so shocked and disappointed that of all the big tech companies it was Apple (which I had always held in high regard for their leadership on privacy) that had to do this:

"End-to-end-encrypted messaging is controversial, it has become a central battlefield between hawkish lawmakers and security agencies on one side, and big tech and the privacy lobby on the other. Once a backdoor is introduced, the fear is that it will soon spiral out of control. And Apple appears to have just blinked first. The repercussions will not be known for some time, but this is definitely a pivotal moment."

From:

Why You Should Switch iMessage After New iPhone Updates

Two critical warnings have suddenly hit Apple's billion-plus iMessage users...

www.forbes.com

 

[EdT]

A few years ago police and the FBI wanted a back door to allow authorities to view encrypted information on Apple devices. Apple said no, that a back door would inevitably be misused.

I don’t think the fact that Google, Dell, Amazon, Samsung etc all data mine, sell my information, and will disclose my information to whoever at the drop of a hat has any bearing on what Apple has decided to do. Those companies never promised privacy on or with their products. Apple has. It is probable that governments and large corporations have been able to crack Apple’s security. Perhaps not as quickly as they would like but not as difficult as Apple has portrayed it. But now Apple has said that they are willing to put in back doors. They use a cause that people find a repugnant act to cover their change of position. But the code that lets them find one type of information stored can be repurposed to find others, and if they can and are willing to do that on iCloud accounts then it’s no great leap for them to decide it’s ok to open up any and all parts of their system.

It’s not a question of “Is Apple lying to their customers”, it’s a question of how long have they been doing it, and for whose benefit.

 

[Rigby]

A few years ago police and the FBI wanted a back door to allow authorities to view encrypted information on Apple devices. Apple said no, that a back door would inevitably be misused.

I don’t think the fact that Google, Dell, Amazon, Samsung etc all data mine, sell my information, and will disclose my information to whoever at the drop if a hat has any bearing on what Apple has decided to do. They never promised privacy on or with their products. Apple has.

I think it is much worse than just holding Apple to a higher standard. Apple is actually the first to start undermining end-to-end encryption by introducing endpoint monitoring (which so far only malware a la Pegasus did). Yes, it's limited in scope for now, but the dam has been breached.

 

[Darth Tulhu]

So many people missing the forest for the trees, and being naive as hell about human nature and the ease that fascism can infiltrate every aspect of our lives.

I don't give a DAMN why Apple (or ANY company) is looking in my Photos library, because that's NOT the issue here.

The issue is that they shouldn't be looking in my libraries, PERIOD.

As the proverb states:

He that can be trusted with little can be trusted with much.

He that cannot be trusted with little cannot be trusted at all."

Next thing you know a President will be using this tech to "protect us" from Mexican rapists and drug dealers, Arabs and Muslims, Atheists, LGBTQ folk, and of course all those still-disenfranchised dark-colored people whose forefathers were brought to the West against their will, for starters.

The child molesters will easily and simply stay off those servers. The Dark Web exists, regardless.

People need to raise hell about this NOW.

 

[turbineseaplane]

I don't give a DAMN why Apple (or ANY company) is looking in my Photos library, because that's NOT the issue here.

The issue is that they shouldn't be looking in my libraries, PERIOD.

BINGO!

Thank you for cutting through the crap.
People are getting all twisted around details when your broader point is the important bit here.

My device.
My data.

I decide - not Apple - who gets to go through it
(barring a warrant or some legal situation of course)

 

[turbineseaplane]

Next thing you know a President will be using this tech to "protect us" from Mexican rapists and drug dealers, Arabs and Muslims, Atheists, LGBTQ folk, and of course all those still-disenfranchised dark-colored people whose forefathers were brought to the West against their will, for starters.

Also, just so you know, I didn't exclude these example on purpose -- at all

I'm deeply concerned - deeply - about State forced misuse of this type of technology.

Excellent point

I find this to be an immediately pressing concern for many people around the world. There is a lot of Western privilege in the "defenders of Apple" on this topic. So so many who have the luxury of just bantering about this don't realize how awful it already is - right now - under various regimes around the world.

 

[jntdroid]

Also, just so you know, I didn't exclude these example on purpose -- at all

I'm deeply concerned - deeply - about State forced misuse of this type of technology.

Excellent point

I find this to be an immediately pressing concern for many people around the world. There is a lot of Western privilege in the "defenders of Apple" on this topic. So so many who have the luxury of just bantering about this don't realize how awful it already is - right now - under various regimes around the world.

I guess my question would be - what's the alternative? I actually like Samsung... but I feel like Apple still provides a more cohesive experience and still does privacy better in so many other areas...

 

[turbineseaplane]

but I feel like Apple still provides a more cohesive experience and still does privacy better in so many other areas...

Do they?
I don't even know anymore honestly.

The company has become something I don't really trust that much.
I'm really an Apple customer right now out of inertia from the early 2000's more than anything they've done lately.

Good Q about alternatives.
I have nothing intelligent to say on that for now.
Just so frustrated about what's happened here.

 

[Abazigal]

Turn off iCloud Photo Library
Use Google Photos

Your photos might be scanned in the cloud but no on-device scanning.

All other solutions which people are preposing here will make you unhappy. This one might actually work for you.

It’s a difference without a distinction.

Yes, Apple scans your phones on device, only only those meant to be uploaded to iCloud. It’s no different from google photos doing the same thing to photos after you upload them.

In the end, you only think it makes a difference, but you would simply be lying to yourselves.

 

[giggles]

Must read on all this from Ben Thompson

He really nails it with Policy vs Capability

Apple’s Mistake

While it’s possible to understand Apple’s motivations behind its decision to enable on-device scanning, the company had a better way to satisfy its societal obligations while preserving…

stratechery.com

His policy vs capability distinction does not work particularly well if he’s talking about the on-device scan part of the equation.

Currently the security vouchers are cryptographically protected by a multi-key system like the treasure of granpa Abe Simpson Hellfish army unit in that classic Simpsons episode.

Saying that potentially Apple could open the system up more by a mere change of policy is like saying Apple could potentially bypass the data encryption on iPhones altogether (I don’t know, maybe pushing a silent update inside a major update that harvests data while the user is logged in). Yeah potentially they could, it’s not an open source OS after all, but if you need to implement major technical changes to how the system works you’re basically also changing capability (unless we’re emptying words of any meaning and being sloppy slippery sloppers).

If it takes so many degrees of technical separation, it’s not just a change of policy…Apple would need to DISMANTLE how the security vouchers are currently protected..

Now, if he’s talking about the potential to abuse the scanning algorithm itself (by using another database, etc.), that was already true for server-side mass search algorithms…nothing more, nothing less..nothing more “on-device”-y about it..

 

[giggles]

Yes, Apple scans your phones on device, only only those meant to be uploaded to iCloud. It’s no different from google photos doing the same thing to photos after you upload them.

1000x this

People can’t wrap their head around this.

Until the photos are uploaded to Apple’s servers, the scan results are just an unreadable post-it note on your fridge and they will stay this way TILL THE END OF TIMES if you don’t enable iCloud photos.

I understand why at first and on the surface people could feel violated but then as human beings we need to use reason, science and look hard at the technical reality of this.

 

[MadeTheSwitch]

I find it hard to believe if China told Apple to institute something similar for other purposes as a condition for continued sales and manufacturing in their country, that Apple would say no and just abandon a market of over a billion people. And then what if a bunch of other countries start demaning the same thing? No sales in half the world? Really? And what about when Tim Cook is gone and some other CEO takes over some day? Tim cannot guarantee that changes to this steadfast policy will not weaken over time.

 

[giggles]

It’s amazing that if we
- disable iCloud Photos
- disable iCloud Backup (we can backup to a Mac as an alternative)
- disable ad profiling altogether for all the apps
- stop pixel tracking in Mail
- enable DNT in Safari
- use the 2-hop double blind Apple Private Relay
- use a good ad-blocker/everthing-blocker on Safari and always use private mode for good measure
- use the strong Safari-generated passwords

we random schmuks can enable with just a bunch of taps and clicks a secret agent 007 level of privacy and security, protected by best in class laserz-to-your-face biometric security

Thank you Apple for making this system real and leading the way in the democratization of privacy and security. 🙏🏻🙏🏻🙏🏻

(needed to be said in weeks like this)

 

[HQNYC]

1000x this

People can’t wrap their head around this.

Until the photos are uploaded to Apple’s servers, the scan results are just an unreadable post-it note on your fridge and they will stay this way TILL THE END OF TIMES if you don’t enable iCloud photos.

I understand why at first and on the surface people could feel violated but then as human beings we need to use reason, science and look hard at the technical reality of this.

That's the issue for everyone. People don't want it to be client side scanning. Scan iCloud servers all you want since Apple can be held liable for CP, but don't integrate it into iOS. Yes, I know that Apple already scans photos for facial recognition, geolocation, etc. But these procedures never explicitly stated that they would police your content.

And before you say that Apple told us while other companies may do it privately, their whole brand is based on ease of use and privacy.

This reminds me of Black Mirror.

 

[killhippie]

It’s amazing that if we
- disable iCloud Photos
- disable iCloud Backup (we can backup to a Mac as an alternative)
- disable ad profiling altogether for all the apps
- stop pixel tracking in Mail
- enable DNT in Safari
- use the 2-hop double blind Apple Private Relay
- use a good ad-blocker/everthing-blocker on Safari and always use private mode for good measure
- use the strong Safari-generated passwords

we random schmuks can enable with just a bunch of taps and clicks a secret agent 007 level of privacy and security, protected by best in class laserz-to-your-face biometric security

Thank you Apple for making this system real and leading the way in the democratization of privacy and security. 🙏🏻🙏🏻🙏🏻

(needed to be said in weeks like this)

Still you miss the point by a mile, I hope you dont practice archery. Hitting a person off the field would be acceptable I guess, for the greater good of hitting a designated target and all that. Jeez how many back doors or (side doors roof lights of pet doors) its still a backdoor, have ever not been exploited? Once they know its there it will be prised open by someone or misused by some government body like the USA or the UK (the UK government are overjoyed to hear Apples news) and that makes me worried considering how much surveillance we have here already, their glee says more than I ever could tbh. Let alone the Russian etc who abuse human rights and god help you if you are part of the LGBTQ+ community and this is definitely a slippery slope with added app scanning, let alone caring for your own privacy as it will be all safe because erm... oh yes Apple! Good luck with that.

 

[giggles]

But these procedures never explicitly stated that they would police your content.

Apple will update their terms to ask you to consent to this.
And according to some rumors they may also leave the option to stay on iOS14 indefinitely.

 

[giggles]

Still you miss the point by a mile, I hope you dont practice archery. Hitting a person off the field would be acceptable I guess, for the greater good of hitting a designated target and all that. Jeez how many back doors or (side doors roof lights of pet doors) its still a backdoor, have ever not been exploited? Once they know its there it will be prised open by someone and you care nothing of your privacy it seems because erm Apple! Good luck with that.

If we need to imagine heavy modifications (namely dismantling the elegant multi-factor cryptographic protection of the security vouchers) to how it works to make it work like a backdoor, it’s not a backdoor.

If it doesn’t quack, it’s not a duck.

 

[groovebuster]

Google has been doing this with GMail since 2014

Google scans everyone’s email for child porn, and it just got a man arrested

Search giant trawls photos for illegal “digital fingerprints”

www.theverge.com

No one bats an eye for that

But when Apple does it, NOW everyone gets upset

Why is this?

Who is stupid enough to use Gmail as an email account for anything? Problem is, that people are way too little concerned about privacy. Lack of education and laziness...

 

[HQNYC]

Apple will update their terms to ask you to consent to this.
And according to some rumors they may also leave the option to stay on iOS14 indefinitely.

You don't understand that most of the commentators are faithful Apple users such as myself. Heck, I even started posting on Macrumors because this situation is near and dear to my heart.

No one wants their journey with Apple products to end, but there is a clear distinction between the present Apple and the Apple during the FBI case. I feel disappointed that Apple decided that we are all suspects of CSAM. The presumption of innocence has left the room.

Apple doesn't feel very American right now.

 

[giggles]

You don't understand that most of the commentators are faithful Apple users such as myself. Heck, I even started posting on Macrumors because this situation is near and dear to my heart.

No one wants their journey with Apple products to end, but there is a clear distinction between the present Apple and the Apple during the FBI case. I feel disappointed that Apple decided that we are all suspects of CSAM. The presumption of innocence has left the room.

Apple doesn't feel very American right now.

So you also feel you are a suspect of blowing up planes and of laundering money for the narcos?
You’re constantly mass-scanned for these crimes as well.

Also, if you read the Stratechery post, you’ll see the US law excerpts that explain why Apple and the other companies have to do this or they will be fined. US law is probably un-American, I suppose.

 

[HQNYC]

So you also feel you are a suspect of blowing up planes and of laundering money for the narcos?
You’re constantly mass-scanned for these crimes as well.

Also, if you read the Stratechery post, you’ll see the US law excerpts that explain why Apple and the other companies have to do this or they will be fined.

I don't want to get defensive about CSAM because I think those people deserve the death penalty. However, you're wrong about being fined. Apple will only get fined if the company knows of CP content and doesn't report it. How will Apple know of it if those users never utilize iCloud Photos? Therefore no fines.

By embedding the hash scan within iOS, it can be assumed that Apple thinks every user is a suspect of CSAM. The next thing that Apple might scan for is what you posted: terrorism and possibly drugs. If hashes can catch CP, then it can definitely catch terrorism. Every Apple user in America, will then be a suspect of terrorism.

 

[giggles]

By embedding the hash scan within iOS, it can be assumed that Apple thinks every user is a suspect of CSAM.

This is just your completely arbitrary way to put it tho.

With new technologies and the vast prairies of the internet, pedos have enjoyed new ways to carry on their criminal activity. The number of the CSAM incidents reported by Facebook are there to show it.

On the other hand, it seems fair that new technologies may also enable new ways to track them down.

You can’t just copout and label all of this as “we are all suspects” using last-century reasoning.

The tech behind this is more nuanced than that.

 

[giggles]

https://twitter.com/x/status/1424947947293184004

Nice.
One slippery slope concern less.