Security Researchers Express Alarm Over Apple's Plans to Scan iCloud Images, But Practice Already Widespread

[siddavis]

Or, as the old quote says:



That was in the context of governments, but today's big companies have enough power that IMHO the same concept applies.

Exactly, and now the US government gets around their inability to directly do this type of activity (constitutionally forbidden) by just asking big tech to do it for them. Since they've become symbiotic, big tech obliges. What I actually find even more disgusting is that they are openly flaunting it now.

 

[zakarhino]

You’re using your computer wrong, Nazi! We have locked your accounts, clones your hard drive, and encrypted your entire system to prevent your access. Also, your Apple Card is frozen.

It's forever been a dream of some powerful folk that they can essentially 'kill' someone without actually ending their life by simply disabling their digital presence. Imagine a future with no cash and going anywhere requires the use of a digital identity controlled by third parties, you simply wouldn't be able to live without the use of that digital identity.

 

[DanTSX]

It's forever been a dream of some powerful folk that they can essentially 'kill' someone without actually ending their life by simply disabling their digital presence. Imagine a future with no cash and going anywhere requires the use of a digital identity controlled by third parties, you simply wouldn't be able to live without the use of that digital identity.

Its ok we’re only unpersoning the truth-deniers.

 

[Khedron]

It's forever been a dream of some powerful folk that they can essentially 'kill' someone without actually ending their life by simply disabling their digital presence. Imagine a future with no cash and going anywhere requires the use of a digital identity controlled by third parties, you simply wouldn't be able to live without the use of that digital identity.

Inconceivable!

 

[macrumorsuser10]

I think it's important to clarify one aspect of this security software: it fails once in one TRILLION accounts.
Pretty safe and accurate, if you ask me.

No, that's not how it works.

Your photo will be reduced to a single numerical fingerprint. That fingerprint will be compared to a list of fingerprints for known images without any context about your image. This fingerprint isn't a picture of your child bathing, and it's definitely not an image or understanding of genitalia. It t's just a number like 8BA62546-1258-4E90-9096-48EE7365ECAE. Since your photo is not on the list, nothing will happen.

On the other hand (and of course you wouldn't do this, I'm just trying to explain the mechanics here), if you sold that image online to a lot of people and it became a well known image of child pornography, the FBI would eventually add the image to their database. Apple would end up building a fingerprint of the FBI's copy of that image. If that fingerprint still matched your image, it would be flagged. Apple/LEO would be able to look at their copy of the image matching that fingerprint because they acquired the image through another mechanism. In this case, though, some other mechanism got the photo from your computer or phone into the cloud.

I've worked as a SW engineer. My current focus is deep learning. You two (sdf and Le0M) are naive.

False positives are ALWAYS possible. Out-of-domain data is ALWAYS possible. Buggy software is ALWAYS possible. Incompetent usage of software is ALWAYS possible. I don't care if someone wrote a proof on a piece of paper.

And this isn't even an issue of technology. This is an issue of policy and user privacy. Apple espouses "privacy is a fundamental right", yeah right up until a time a politician says it isn't.

 

[jimbobb24]

Let us stipulate that child porn is wrong.

It remains that a private corporation is now doing something, at scale, that would require a warrant if done by law enforcement. This is unacceptable, full stop. This is vulnerable to mission creep of unbelievably dystopian proportions.

And if Apple's competitors are also doing it, the only difference is that they will monetize it better than Apple.

Its short sighted with a poor understanding of history for everyone to treat any government or big corporation with this much leeway. Govt elites abuse the people whenever they can. Big tech in areas, in areas in which they have complete control over platforms, have shown themselves to be absolutely abusive of their power. All a long way of saying I agree completely. Laws exist to protect us and just because a “private corporation” does it, it is not transformed into a free for all where no protections exist. We control who corporations hire, how they fire, their safety measures, their mergers, the insurance they can buy, their quality control and on and on and on. This is just a new innovation the people need to regulate if it gets out of hand.

 

[macrumorsuser10]

This thread proves 99.99% of MacRumors users have no idea what they’re talking about.

Where did you get your PhD in Computer Science? If you don't have one, then you're in that 99.99%.

 

[Nuno Lopes]

Let us stipulate that child porn is wrong.

It remains that a private corporation is now doing something, at scale, that would require a warrant if done by law enforcement. This is unacceptable, full stop. This is vulnerable to mission creep of unbelievably dystopian proportions.

And if Apple's competitors are also doing it, the only difference is that they will monetize it better than Apple.

We already living in a dystopian season. We crossed the line a few years back. Its just gonna get worst for all good intentions.

“Dystopia: A futuristic, imagined universe offering the illusion of a perfect society maintained through corporate, bureaucratic, technological, moral, and control systems.”

 

[macrumorsuser10]

and for comments such as these.

And also for your face. I mean, don't take this the wrong way, but you look like you're up to no good.

 

[IllinoisCorn]

But since it's child porn, it's okay, right?

I guess that's Apple's attitude.

By that same token, the FBI could just say to Apple "hey, Tim--terrorist related, okay? Open it up."

So, the level of privacy afforded by Apple is determined by what the government is searching for?🧐

 

[LV426]

This is still very creepy. Not sure what exactly Apple's motive is.

I'm just not going to allow Apple to go through my iPhone. Hopefully, that option is given.

Why are you not sure? The motive is clear – to a living person at least – that the motive is to help prevent the abuse of children.

It’s an honourable motive, but I’m very wary of the process of an account being shut down unless the account owner has an opportunity to respond. Accidents and technical faults happen, and many people absolutely rely on having a functioning Apple ID. It would be a travesty if you got a dodgy photo from a stranger and that got backed up to iCloud, resulting in you being locked out of your device.

 

[IllinoisCorn]

We already living in a dystopian season. We crossed the line a few years back. Its just gonna get worst for all good intentions.

“Dystopia: A futuristic, imagined universe offering the illusion of a perfect society maintained through corporate, bureaucratic, technological, moral, and control systems.”

We've been in a dystopia for awhile now.

 

[citysnaps]

Deleted.

 

[citysnaps]

This is still very creepy. Not sure what exactly Apple's motive is.

I'm just not going to allow Apple to go through my iPhone. Hopefully, that option is given.

Let's see...iCloud... Apple's servers (or perhaps google's), right?

Why in the world would Apple/Google want child porn on *their* servers?

 

[sdf]

I'm just not going to allow Apple to go through my iPhone. Hopefully, that option is given.

Apple doesn't.

Code signed by Apple, part of the OS, does on device.

If you can't trust that, you shouldn't be using iOS because Apple-signed OS code examining photos is totally unavoidable. There's not a reasonable level of skepticism if you plan to continue to use an iPhone.

 

[Rigby]

Here's a quote:

"The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge."

Can you guess who wrote that? Here's the solution.

 

[sdf]

If you're into that kind of stuff, feel free to move to China, but in democratic countries there is no place for something like this.

There absolutely is: In the scenario you outlined, you would not just the receiver but the origin of the child porn. That absolutely needs to be investigated in a rational society, especially a democratic one.

 

[Apple_Robert]

Can we opt-out of this nonsense?

There is no "opt-out" of nonsense ability on MR, as that is included by default with all user accounts.

 

[sdf]

Now Apple has proven that it CAN access encrypted stuff in iCloud

Apple cannot access encrypted stuff in iCloud without the encryption key. Anything you think it can, they either have the key available or it's done on device.

Nobody says that stuff doesn't exist. It does. But the assumption here is wrong. This isn't a mystery (and never has been) and it's all documented (and has been for years)! This is not an "aha!" moment.

 

[Feyl]

Apple should add scanning for:

1. Photos of the confederate flag.
2. Photos of people not wearing Covid masks.
3. Photos of Chinese people disrespecting the Chinese government.
4. Photos of Middle eastern women not wearing burkas.
5. Photos of a group of people with too many whites, not enough blacks.

I would laugh but this is how it will be in the future.

 

[Rigby]

Statement by the EFF:

Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life

Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its...

www.eff.org

 

[Apple_Robert]

I think it's important to clarify one aspect of this security software: it fails once in one TRILLION accounts.
Pretty safe and accurate, if you ask me.

I take it you are willing to be the trillionth account that ends up in tech / LEO hell.

 

[Rigby]

Apple cannot access encrypted stuff in iCloud without the encryption key.

Sure. They only access it on your device before it's uploaded.

 

[jjudson]

What if someone shaved all their body hair and took a selfie to share with another pervert?

Asking for a friend...

 

[Apple_Robert]

What if someone shaved all their body hair and took a selfie to share with another pervert?

Asking for a friend...

As long as the "friend" isn't a minor child, I don't see the problem between consenting adults, although Dr. Phil may have some questions for both hairless parties.