iOS 15 Privacy Guide: Private Relay, Hide My Email, Mail Privacy Protection, App Reports and More

[hagar]

Actually Apple has scanned iCloud for years already. However, there is one massive difference here. First of all Apple intends to do the heavy lifting client side in the future. Easily searchable database within a device makes mass surveillance effective. Also companies such as NSO Group will most likely find good use for such database. It’s worth mentioning that on hands of companies such as NSO Group iOS has more holes than Swiss cheese. Tens of thousands of people have had their security compromised by NSO products (that’s only one company). Making device security even worse is definitely not the way to go. Apple should do the scanning on server side like they have done before (and like others are doing) and make the devices safer and more secure. Building backdoors into devices is definitely not the right way to go.

Apple has never done any scanning server side to avoid abuse and protect privacy. All Photo Library scanning for memories, faces,… is done client side. That’s why your new phone gets so hot and uses so much battery the first few days.

The weird thing is that now they’ve expanded scanning to CSAM, their choice to do it client side sounds worse than server side. They probably should have reconsidered this.

 

[Wildkraut]

Exactly right. Now they want us to pay extra for the illusion of privacy when they have sold out their customer base to keep the government happy.

Yep, this is a long term project for Apple, and more will come.
The next step will probably be Siri, let her permanently listen in the background and hash the recordings, if this is not done already here and there, iirc we already had a news headline regarding manual listening to Siri recordings.

There is a reason why they never securely made a E2EE iCloud and iCloud backups and kept a general key to encrypt all. They are just fooling the ones who does not have the knowledge to understand and connect the dots.

All you can do now is avoid these services, and inform friends, family to do the same.

 

[Wildkraut]

Out of curiosity: what alternative are you considering? Google and Microsoft have been doing these scans for years.

Self hosting, or back to basic, and no Cloud is an alternative.
Or a Cloud where you can up self-encrypted files.

 

[hagar]

Self hosting, or back to basic, and no Cloud is an alternative.
Or a Cloud were you can up self-encrypted files.

Good luck finding a smart phone that doesn’t run a big tech OS and let’s you self host your cloud needs.

Yep, this is a long term project for Apple, and more will come.
The next step will probably be Siri, let her permanently listen in the background and hash the recordings, if this is not done already here and there, iirc we already had a news headline regarding manual listening to Siri recordings.

There is a reason why they never securely made a E2EE iCloud and iCloud backups and kept a general key to encrypt all. They are just fooling the ones who does not have the knowledge to understand and connect the dots.

All you can do now is avoid these services, and inform friends, family to do the same.

You’re just spectaculating without any grounds. And while you can easily switch of Siri and iCloud, it doesn’t solve anything if you’re this paranoid. In that case you should completely avoid iOS, macOS, MS, Android, … not use any cloud services whatsoever and use a VPN to access the internet. Which is unattainable for the vast majority of people.

 

[pratikindia]

No longer updating to iOS 15. All my devices will stay on 14.

 

[MacBH928]

This article reminds me when Facebook writes on their webpage terms like "Private" "Secure"

 

[Shirasaki]

Are you sure? I have an iPod Touch previous gen here on iOS 11 (the OS it shipped with). It has been in Airplane mode with BT and WLAN turned off for at least two years. I'm not aware of any net connection it could have established (strictly used as a music player for the locally stored files using VOX).

That’s an iPod Touch. Try iPhone or iPad, or a MacBook. M1 MacBook can no longer be completely shut down. Close the lid and open it, the Mac will turn on itself. No power button press required.

I say that because I read a security article a while ago detailing an experiment someone did to see how offline could you go with iPhone. And the result is: it’s not possible.

 

[Robert.Walter]

Glad to see this article, as last Wednesday I sent this letter to the MacRumors tip line:

“Hi,

I think some feature articles on hide my email would be interesting.

One aspect that might be pointed out is that although apples HME introductory materials indicate unlimited addresses, Public Beta users are limited to 100 addresses (which puts a jarring cramp in the conversion to HME for online accounts when the unannounced limit is reached.)

Another feature article idea would be the hodgepodge lack of integration in SIA, HME, and iCloud Keychain’s Passwords.

These important and overlapping functions, all iCloud based, are Balkanized by a) having their user interfaces in three different locations and b) of markedly different layout. It’s as if three opposing teams made these features.

The lack of integration, differing features is amazing:
- search and alphabet slider is only present in passwords but not SIA or HME indexes;
- in SIA an email address can be deactivated by toggle switch and kept in the same alphabetical place in the index, whereas in HME it ends up in a separate index buried at the bottom of the active address index;
- in Passwords there is a button for changing a p/w on the site but this is not replicated in either HME (for changing address) or in SIA (where arguably it might not be appropriate).

By putting each of these features on separate and for SIA and HME buried islands Apple makes it difficult to:
- convert site profile information to HME;
- easily (without numerous unnecessary visits to app switcher and tapping up and down into and back out of the Settings tree) correct for iOS’ lack of robustness in capturing a new e/m or p/w entered in a profile page;
- have an overview of one’s authentication credentials after these things are set up.

For a user to be able to step up their security and privacy, having unique p/w and u/n on each website is a must but Apple put a lot more love into the UI for Passwords than HME and I think for the average user the UI design shortcomings will confuse, frustrate, and eventually alienate them and ultimately lead to a bad reputation and low uptake.

For the rest of us who can figure out how to use these features, it still involves a wtf-level of frustration because setting up and using is so much more difficult than it has to be.

There is much potential in these features but that will be unrealized if normal users can’t easily and successfully implement and administer them.

In many ways, these each feel like proof of concept that got approved but never quite got refined, and one has to wonder if Apple executives are using them because it seems nobody is demanding these UI’s (in the aggregate) not only be made better but actually be made good (by integrating and harmonizing them).

Ps Passwords, even as good as it is still, to a surprisingly large degree, fails to update a current key by overwriting it with a new email address, instead creating a new key (and if the new key is further down in the alphabet than it’s predecessor, it is not the one that Autofill offers up.)

PPs I’ve reported these issues into the Public Beta system but think an article by you folks might raise some awareness at Apple as to the problem here as well as be interesting for your readership.”

Note: While I think the new on-phone digital surveillance is the harbinger and iceberg’s tip of a very bad slippery slope thing done with the best of intentions or in response to state coercion, I have made my expanded comments in the other articles but do think that all this privacy stuff is largely for naught now that apple has revealed a proof of concept that will only expand in scope and depth when countries amend their laws (or game the system) to force Apple to expand it.

Apple will cave to protect foreign market share or avoid domestic and foreign monopoly breakup threats by allowing more intrusion. They have planted a golden tree that will sprout copious and odious fruit.

Doing the wrong thing for the right reason or with the best of intentions is still doing the wrong thing. As my dad used to say: “The road to hell is paved with good intentions.”

 

[Vol Braakzakje]

That’s an iPod Touch. Try iPhone or iPad, or a MacBook. M1 MacBook can no longer be completely shut down. Close the lid and open it, the Mac will turn on itself. No power button press required.

I say that because I read a security article a while ago detailing an experiment someone did to see how offline could you go with iPhone. And the result is: it’s not possible.

Could you link me that article? I really want to read that!

 

[th0masp]

That’s an iPod Touch. Try iPhone or iPad, or a MacBook. M1 MacBook can no longer be completely shut down. Close the lid and open it, the Mac will turn on itself. No power button press required.

I say that because I read a security article a while ago detailing an experiment someone did to see how offline could you go with iPhone. And the result is: it’s not possible.

Ok, iPhone, point taken. I only responded because in your original post you called it an iOS device which includes the Touch (or older iPads without phone module). I would not rule out any halfway recent device sneaking onto the net hence the curiosity.

 

[Nuvi]

Apple has never done any scanning server side to avoid abuse and protect privacy. All Photo Library scanning for memories, faces,… is done client side. That’s why your new phone gets so hot and uses so much battery the first few days.

The weird thing is that now they’ve expanded scanning to CSAM, their choice to do it client side sounds worse than server side. They probably should have reconsidered this.

Actually they have done server side scanning for CSAM (https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/). As said before client side scanning is much worse option than having it done server side. First of all client side scanning allows them to have unlimited scalability. They or third party can literally search any matching image (doesn’t matter what the image is). Apple naturally denies the possibility telling its just child porn black list they are scanning for. The truth is that companies such as NSO Groups Pegasus can utilise iOS to far greater extent than Apple wants to admit. Pegasus is capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps. Weakening iOS security to allow client side scanning opens it up for efficient mass surveillance since every device has built it database of images which can be cross checked with a blacklist. In all honesty, this scanning is terrible idea. Child abusers must be caught but this isn’t the way to do it.

Also this opens up whole new avenue of possibilities to plant false evidence. If you have physical access to someone’s device, find out iPhone login credentials and plant some black listed material. Apparently it takes only few pictures to get the “alarm triggered” (based on documented cases) and you have police waiting outside the targets door. You don’t even need a high end systems like Pegasus to do that. Some social engineering will do that and you can literally destroy some ones life. The possibility of getting caught for planting evidence is low and impact is extremely high. In all honesty if I wanted to topple governments in democratic nations then this would be terrific tool. Naturally you would need to use service like Pegasus to inject images to targets devices in this case but this would be extremely cost effective and would create extreme political turmoil. Think about it, world leader caught with child porn. Leak the info to media if required using some proxy and get your popcorn ready.

All in all the client side scanning of everyone’s material is extremely terrible idea.

Apparently Apple thinks they are doing the right thing and believe only small minority will complain.

If this is truly a part from leaked authentic Apple memo than Apple leadership has completely lost it. Also this means that there are those within Apple who think this is terrible idea so maybe there is still hope. Stopping child abuse isn’t the same as introducing “1984”.

 

[Shirasaki]

Could you link me that article? I really want to read that!

I forgot the link and forgot enough of the article title that Google search became nearly impossible. Sorry.

 

[bmac89]

I love Apple but this news feels like a joke given the recent headlines

What are the recent headlines you are referring to?

I haven’t been on Mac rumors or been reading the news lately. I had a look but couldn’t find any news that might be related.

 

[th0masp]

Apparently Apple thinks they are doing the right thing and believe only small minority will complain.

View attachment 1815823

If this is truly a part from leaked authentic Apple memo than Apple leadership has completely lost it. Also this means that there are those within Apple who think this is terrible idea so maybe there is still hope. Stopping child abuse isn’t the same as introducing “1984”.

Looks like the highlighted text is in fact not written by an Apple employee but rather by the aforementioned director of this center they are cooperating with. Strong case of activist speak all over this memo - she probably didn't get out of Twitter mode when writing this.

 

[Shirasaki]

Apparently Apple thinks they are doing the right thing and believe only small minority will complain.

So does every time when they create a replacement program for certain devices. They always lead the statement with “a small number of users”. For apple, to constitute “lots of users”, it would need to be 10 millions MINIMUM. Or 30% of the whole user base, which is near impossible to achieve using forums and tech websites alone.
Media attention and TV broadcast must be involved to raise awareness in the correct way.

 

[iHorseHead]

 

[hagar]

Actually they have done server side scanning for CSAM (https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/). As said before client side scanning is much worse option than having it done server side. First of all client side scanning allows them to have unlimited scalability. They or third party can literally search any matching image (doesn’t matter what the image is). Apple naturally denies the possibility telling its just child porn black list they are scanning for. The truth is that companies such as NSO Groups Pegasus can utilise iOS to far greater extent than Apple wants to admit. Pegasus is capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device's microphone and camera, and harvesting information from apps. Weakening iOS security to allow client side scanning opens it up for efficient mass surveillance since every device has built it database of images which can be cross checked with a blacklist. In all honesty, this scanning is terrible idea. Child abusers must be caught but this isn’t the way to do it.

If iOS is so open and easily hackable as you say, don’t you think governments and terrorists already have unlimited access to your photos? So hacking this new scanning system would be pointless because it would expose their presence to Apple and eventually the user.

Also, server side scanning (which I do agree would be a much better approach here) allows for far more scalability than any kind of client-side implementation.

 

[Kabeyun]

Thanks MR. A thorough and helpful review.

 

[Wildkraut]

Good luck finding a smart phone that doesn’t run a big tech OS and let’s you self host your cloud needs.


You’re just spectaculating without any grounds. And while you can easily switch of Siri and iCloud, it doesn’t solve anything if you’re this paranoid. In that case you should completely avoid iOS, macOS, MS, Android, … not use any cloud services whatsoever and use a VPN to access the internet. Which is unattainable for the vast majority of people.

I don't need luck, I'm doing this already since many years, I self-host my Cloud(Buzzword alarm!), isn't soooo difficult and just works.

There are many "grounds" for assuming this, one of them is the article above all these forum posts on page 1.
Yeah that's right, i don't trust any of these OS's you named, i use them, but trusting them mindless would be fatal.
I don't even trust the router of my internet provider, I run hardware firewall(s) and a proxy protecting my whole network. I tried to enable "Apples Private Relay", and it said (1 issue), that it is not supported on my network, and this feels very very good 🤘.
I use Cloud services, but very selectively and strict, I upload just stuff which was encrypted by myself, or stuff that i don't care if they get viewed by others someday. I also use VPN, but I VPN to myself and not to some VPN provider which I personally can't trust, but setting up a third-party VPN isn't difficult, too.

Anyway, If you can't set up these things, better distribute your data over different service providers and encrypt, encrypt encrypt, it isn't so difficult.

 

[Dkka1]

Privacy, the only American big tech co allowed to do business in China, which is implementing a mass surveillance code, says 🤣🤣

Just in case a washing machines vendor wants to target you based on your ip location 🤣🤣

 

[Dkka1]

This article reminds me when Facebook writes on their webpage terms like "Private" "Secure"

Newspeak

 

[Dkka1]

It's helpful to law enforcement to have a list of all the websites you visited (if you are a bad person). You're not a bad person, are you?

Oh Tim Cook is a very bad person in lots of countries. It only takes a government change for him to be a very bad person in the US.

But apart from gay people, foreigners, protestors, the opposition, journalists and many, many others, there's nothing to fear here. Everybody is guilty unless otherwise is proven, right? The government surely is a perfect and timeless judge. It's not like every government were just people with power, right? If you were to release a mass surveillance feature, you would say it is for political purposes, right?

It's just pure coincidence this feature is released during China's tech crackdown, too.

 

[Khedron]

So that begs the question… is storing pictures in iCloud is the only reason you use the Apple ecosystem?

It's a big reason. But being treated with respect used to be the main one.

 

[Macaholic868]

This is all part of a well planned GAME a SET-UP and an ACT. This privacy thing didn’t happen overnight. It is all well planned.

First, Apple wanted to gain consumers trust. They were able to brainwash the consumers by saying Privacy is the #1 goal, being transparent and you are in full control of your data.

Second, now in 2021, since all the trust is there now from the consumers. They are going to use that against you. Simply by scanning your photos and who knows what. Whatever garbage term they are using algorithms? It’s all a cover up. They will simply scan and obtain information of your data. Thus, privacy is exposed and not fully there anymore.

Turn off iCloud Photos, keep your photos on your main device and make sure it’s backed up. Problem solved.

 

[Robert.Walter]

Turn off iCloud Photos, keep your photos on your main device and make sure it’s backed up. Problem solved.

But for how long?

Privacy expansions were supposed to have solved the problem until they suddenly didn’t.

You either stand firm with privacy or you begin your trip down that’s slippery slope of increasing surveillance.