The thing is scanning is already happening on your device. Spotlight and meta data on your phone. Search for dog or child in photos it will show those types of photos. What’s to stop apple from adding confederate flag or whatever.
The neural hash system only creates hashes if you turn the iCloud photos back up on your own. By your definition they crossed that line over a decade ago.
I agree server side choice of scanning given to the customer would be a nice option and allow for you to use iCloud photos backup. I don’t know if this is why but it doesn’t scale very well when you do it server side. I also don’t know but many presume Apple chose this route so they can encrypted all of iCloud including photos. Doing device side scales much more and still in your control.
I think you’ve got great points though. Something more hybrid with even more choices.
Spotlight indexing is a different beast. Each device performs its own index and it never leaves the device. The intention behind it is also different. Every OS with a search feature has indexing as a time and energy saver. This is lifted directly from library index cards, where thumbing through a couple drawers of 3.5"x5" index cards saves an enormous amount of time and energy compared to walking every aisle of what could be a very large library in search of one book. Computers use indexing to scan a few MB database instead of pouring through Gigabytes if not Terabytes of raw data on the drive to search for a calculator program.
There are a lot of things where being on-device increases privacy/security. CSAM detection is not one of those things. Apple definitely had blinders on when designing this system to not see where it leads and the myriad weak points. You know that if Apple rolls this out, other companies and governments will 100% use it as an excuse to increase surveillance drastically, whether it be for the children, for national security, or to better serve you ads. The thing that really concerns me is the fact that Apple can't even verify the databases aren't being abused until accounts start getting flagged. How could they not see the corner they backed themselves into for something they're not legally obligated to do?
The device line I'm talking about is code to actively search for illegal content. Microsoft's system to warn about possible malicious software is there for my protection, not to report to the authorities that I'm using unsigned software. Antivirus software is actually a compromise on performance and trust for protection against accidental clicks. Some diligence and clever settings nullify most of the need for antivirus software. Apple's Photo Object Recognition is there so when I search for cars, I get pictures with cars in them. In the same effect, though, photo search is kinda weak in what it can search for (thankfully). Apple's CSAM detection is like a TSA strip search each time you take a picture, just truly invasive with the goal of looking for something to use against you in a court of law. Sure 99% of people pass through with nothing found, but how does that actually feel to go through that process?
I would rather we never gain E2EE iCloud if it means being subject to continuous photo library scanning on my device for undesirable content. I'd rather trust Apple with my non-E2EE data than to have to trust a government (or two) to not seed a database and try to arrest me (or anyone) for wrongthink. That said, Apple hasn't mentioned one thing about increasing encryption within iCloud, just the process it takes to decrypt the added security vouchers. With the way the software is nowadays, without iCloud sync, there's little reason to stay with Apple products if you have multiple devices. It's much easier to break out of the default and roll my own solution on de-Googled Android and Linux. With these operating systems, integrating an E2E encrypted Nextcloud instance to sync my data is way simpler than doing it with an iPhone and iPad. Nextcloud on Android can do a straight folder/file sync to the camera roll and music folder. That's why several people threatened to jump from Apple entirely if they implement this scanning system, myself included. Without iCloud, Apple devices just become good hardware running severely crippled operating systems. I was ready to pull the trigger on a Pixel 5 running CalyxOS when Apple announced they were suspending the rollout of CSAM detection. I had already built a new desktop computer and researched Nextcloud hosts at that time, too.
Truth be told, there is an immense amount of trust inherent to using Apple products. I would've thought someone were from another dimension had they told me how far into Apple's ecosystem I'd currently be back in 2019. Back then, I fought to keep iOS 9 on my iPhone SE, had iCloud turned off, most data toggles off, had Siri disabled, physically removed/blocked the cameras, and kept all my devices siloed. Dropbox hosting public pictures for an owners forum I belong to was the extent of cloud services I used. Now, I currently sync everything through iCloud, have 4 HomePods, use Apple Pay, and drive a connected car.
