Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
For the CSAM stuff, why don’t they do this BEFORE an image is saved to the device? Check the hash when someone goes to save a photo to the device and warn them that it’s a match instead of this horrible “safety voucher” idea where the user has no idea what’s happening. If they try to screen shot it, do the same hash check and throw up a warning. Much more simple and transparent.

Goal should be to PREVENT distribution. The iCloud Photo Library and hidden safety voucher idea doesn’t do that. And nothing is solved if that feature is disabled.

Not well thought out.
When one really think about the actual goal, like another poster here said, the efforts should be on those making those photos in the first place, not applying a blanket scanning for literally everyone in the world. Scanning for some photos afterwards doesn't solve the fact that the abuse had happened, and will only encourage them to do newer photos, or even go underground. Meanwhile, the mass scanning system is already in place. It's only a matter of time to scan for other things... because... hey, why not?

Now it's one thing if the whole system and process are transparent, allowing audits and public scrutiny, and have appeal process. But this comes from an ultra secretive opaque private company (Apple) using a blackbox database.
 
Right - did you see the rest of that comment?

Our devices have E2EE on them.

The cloud does not.

We gain cloud E2EE, while also gaining a "loophole" (too strong of a word...) for the E2EE on our devices.

I don't expect near the security and privacy in the cloud that I do on my own device, so I'm not ok with this trade-off.

Edit: And if you (or anybody else) is ok with that trade-off, that's perfectly fine. But those that are not ok with that trade-off have just as valid of a perspective as well.

You're using iCloud Photos and iCloud Backups, are you not?

This step towards iCloud Photos with E2EE "with a loophole" cannot be *worse* than what you're doing on your iPhone today and *realistically* can mean better privacy for all iCloud Photos customers.
 
  • Disagree
Reactions: huge_apple_fangirl
You're using iCloud Photos and iCloud Backups, are you not?

This step towards E2EE "with a loophole" cannot be *worse* than what you're doing on your iPhone today and *realistically* can mean better privacy for all iCloud customers.
I would argue the loophole is worse since you have no way to monitor what CSAM is doing, the device would be better off without E2EE if it means CSAM monitoring is not installed on the device.
 
  • Like
Reactions: bobcomer
@farewelwilliams

This is so simple

People don't want ANY tool built into their phone whose purpose is to compare their private data against black box third party databases.

It's literally as simple as that.

This is so simple.

The people who are complaining about privacy today are currently not practicing privacy conscious behavior on their iPhones today nor will they realistically begin practicing privacy-focused measures in the near future. For as long as this statement is true, this on device CSAM system in the "WORST CASE SCENARIO" will not realistically result in a loss of privacy now and in the near future.
 
I would argue the loophole is worse since you have no way to monitor what CSAM is doing, the device would be better off without E2EE if it means CSAM monitoring is not installed on the device.

Worse than now? Nope. You have no way of knowing if someone you don't know is looking at your iCloud photo library right now.

You might have a point if you've never used iCloud Photo library and never enabled iCloud backups, but realistically, most customers have. Therefore, most customers will benefit from an E2EE-with-a-loophole
 
You're using iCloud Photos and iCloud Backups, are you not?

This step towards iCloud Photos with E2EE "with a loophole" cannot be *worse* than what you're doing on your iPhone today and *realistically* can mean better privacy for all iCloud Photos customers.

Yes on both accounts.

I get what you're saying, but "privacy" in your context has a big asterisk next to it - because Apple is building a way through that privacy... while giving you more... privacy.

If you were to put privacy expectations on a scale of 1 to 5, 1 being no expectations and 5 being full expectation, I would put iCloud photos and backups at 3, and what's on my phone at 5 (or more...). And that is completely acceptable to me because iCloud is on their servers.

What Apple is doing bumps up (potentially - we're all guessing that's Apple's end goal here) iCloud to a 4, and bumps down our phones to a 4, because there's now a "loophole" (again, sorry for the lack of a better word) through that privacy on our phones... as there will also be a "loophole" on iCloud even if they implement E2EE on it. Nobody will be able to expect a 5 on any of Apple's products (cloud or local) any more.

I would prefer a 5 on my phone and 3 on iCloud. The phone is mine, iCloud is theirs. I'm renting iCloud space, I own my phone. And I would prefer to keep my phone at a 5 while also being able to use iCloud at my discretion, with the full understanding that iCloud is at a 3...

Edit: To my bolded point, Alex Stamos said as much today as well: "The introduction of non-consensual scanning of local photos combined with client-side ML might have "poisoned the well against any use of client side classifiers.""

Edit 2: Actually, Stamos' entire thread is a really good read:
 
Last edited:
I wonder what the current Apple would say if the FBI goes back to them again asking for a specific backdoor in the name of preventing terrorism.

"What do you need us to scan for?"
"Will do!"

"For the kids.." ;)

ju-ju-wentz.gif
 
Last edited:
Yes on both accounts.

I get what you're saying, but "privacy" in your context has a big asterisk next to it - because Apple is building a way through that privacy... while giving you more... privacy.

If you were to put privacy expectations on a scale of 1 to 5, 1 being no expectations and 5 being full expectation, I would put iCloud photos and backups at 3, and what's on my phone at 5 (or more...). And that is completely acceptable to me because iCloud is on their servers.

What Apple is doing bumps up (potentially - we're all guessing that's Apple's end goal here) iCloud to a 4, and bumps down our phones to a 4, because there's now a "loophole" (again, sorry for the lack of a better word) through that privacy on our phones... as will there also be a "loophole" on iCloud even if they implement E2EE on it. Nobody will be able to expect a 5 on any of Apple's products (cloud or local) any more.

I would prefer a 5 on my phone and 3 on iCloud. The phone is mine, iCloud is theirs. I'm renting iCloud space, I own my phone. And I would prefer to keep my phone at a 5 while also being able to use iCloud at my discretion, with the full understanding that iCloud is at a 3...

You're betting on Apple reducing the system down to a "backdoor" status which would mean less phone security. I'm betting Apple won't do that which would mean more cloud security for me. Agree to disagree.
 
You're betting on Apple reducing the system down to a "backdoor" status which would mean less phone security. I'm betting Apple won't do that which would mean more cloud security for me. Agree to disagree.
Apple already has unless they back down. At this point a stock Google Pixel phone using Google cloud services would be more secure than iOS 15 since the Android device does not have a backdoor built into the device.
 
You're betting on Apple reducing the system down to a "backdoor" status which would mean less phone security. I'm betting Apple won't do that which would mean more cloud security for me. Agree to disagree.

Fair enough, but by creating the "path" now for that hypothetical backdoor, are they not reducing the system down somewhat already?
 
The issue is trust.

Do you or do you not trust Apple?

I (still) trust Apple, and I hope that in time, more people will see the light and come to appreciate the elegance of what Apple is trying to do here.
You should not trust Apple more than Apple trusts you. Apple trusts you so little that they suspect you of pedophilia and install an AI-watchdog into your phone. Do not trust Apple more than that, they do not deserve it.

At this point, any claims Apple makes, including their technical whitepaper, should be regarded as such - mere claims, and frankly, quite possibly lies. If Apple does not open-source iOS, you should ask yourself, what are they trying to hide?
 
Apple already has unless they back down. At this point a stock Google Pixel phone using Google cloud services would be more secure than iOS 15 since the Android device does not have a backdoor built into the device.

Already has what? Backdoor? Of course. That's why whatever you're arguing is pointless considering that you're not safe already on iOS 14 for as long as iCloud is enabled and enabling E2EE-with-a-loophole on iCloud photos is realistically more private than whatever we have now.
 
Already has what? Backdoor? Of course. That's why whatever you're arguing is pointless considering that you're not safe already for as long as iCloud is enabled and enabling E2EE-with-a-loophole on iCloud photos is realistically more private than whatever we have now.
It's like jumping in traffic to avoid the telephone pole.
 
Its not about the tech genius. Some of you fanbois cease to amaze me.
If it’s not about the tech then people are getting triggered for something that was already routinely performed server-side before.

Alternatively, if people fail to understand that there’s no practical difference between server-side search and on-device search that only becomes human-readable once the pics are uploaded to a server AND you cross a threshold of offences, yes he’s right you people can’t wrap your head around how this works.
 
Fair enough, but by creating the "path" now for that hypothetical backdoor, are they not reducing the system down somewhat already?

not reducing the system down worse than what we have now, no. the only exception would be if you don't use iCloud photos or backups at all which I'd wager most customers do use and will continue to use in the near term. and realistically can only mean better privacy for those customers.
 
@farewelwilliams

We don't want ANY tool built into our phone whose purpose is to compare our private data against black box third party databases.

/fin

GUYS I HAVE JUST SNEAKED IN ON SPOTLIGHT SEARCH INDEXING MY DATA, ALL OF IT! HELP!

How do I know Apple won’t be pressured into doing more with that after a number of modifications??
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.