University Researchers Who Built a CSAM Scanning System Urge Apple to Not Use the 'Dangerous' Technology

[scvrx]

I want Apple to proceed with "the Grand Plan". I will enjoy the horror stories after. Seriously.
What Apple wants - Apple gets. Apple wants dumb people for customers and easy money - Apple will get all the stupid, pseudo-educated, self-absorbed, warriors for the "Corporate Agenda in the name of Communistic Good", mindless buyers influenced by other mindless sellers.
I am glad that Apple is silent and instead of mitigating the biggest brand crisis in existence of the company, releases "woken" ads for incoming iSpyware.
Governments will be happy, they are planning to end encryption for looong time.
I am happy, because for once "stupid" people will be served with the aftermath.
Way to go iSheeple. Way to go.

 

[jntdroid]

If Samsung was smart, their marketing department would jump on this situation.

 

[Theo Belk]

3. Your phone has been scanning the content of your photos for years.

What's different here is that it never reported the contents to anyone but you. This is an obvious and salient point. Tell your astroturf manager that we know about this and it's not relevant.

4. Governments could already try and pass laws to force companies like Apple to allow access to or scan for content. As the researchers in the article state it’s already being done, CSAM scanning tech doesn’t make it any more easy.

Um, yes it does. It enables a new framework to bypass the very difficult to intercept end-to-end encryption. Apple can't break iCloud encryption no matter what laws get passed. Now they have no excuse not to comply with new kinds of requests that involve on-phone scanning.

If anything it’s a more complicated and difficult method of looking for content.

Maybe on-phone scanning is more complicated that simply ditching encryption or building in a back door, but its not difficult once the framework is in place.

It would be WAY easier, say, for China to just demand Apple give them complete access to their Chinese data centers. Or prevent Apple devices sold in China from utilizing encryption to begin with.

Funny you should say that.

What you do with your phone is your choice, but you should do it based on calm analysis and actual facts, not the fear mongering and innacuracies being thrown around.

Calm analysis and actual facts objectively indicate that Apple's plan is intrusive, contrary to previous stated policies regarding privacy, and opens a door for abuse.

 

[Theo Belk]

Apple has the key to decrypt those iCloud photos.

No they don't.

 

[Flight Plan]

Only problem is Android is really your only alternative and that may not be any better for your privacy.

edit: spelling correction

Does XDA still have various different builds? I remember doing that once on a Motorolla and it worked pretty well. I just didn't like the scamware in the store.

 

[Flight Plan]

No they don't.

No, but they CAN retrieve anything that was backed up to iCloud. So your big bad security watchdog is really a li'l chihuahua.

 

[Just sayin...]

My iCloud sub was up for renewal two days ago. I cancelled. Apple Music was dumped a few months ago for various reasons. Obviously the numbers of subs fluctuate daily but I hope there is a clear to see and abnormal decrease this week.

I’ve just disconnected 1 of my 3 Apple devices from iCloud today and I’ve just dumped ALL my photos to my new Linux system’s shared drive, using that outstanding app Photosync. I’ve also completed my migration from MS Office to LibreOffice (which is WAY more clunky), and that removes the large majority of my docs from the cloud. Once my backups are complete and verified functional, I’ll start working on disconnecting my 2nd system and finally my 3rd system from iCloud entirely. I’ve already disabled the auto OS update function on all my systems and will remain on iOS 14 as long as possible (or, until Apple reverses course). So very sad that Apple has chosen this path…

 

[MacBH928]

reminds me of the scientists that built the atomic bomb

Even if Apple cancels this, the trust has been broken, FOSS FTW!

 

[Flight Plan]

The NSA with its arms open wide.

Shaka...

I thought Apple cared about privacy lol

...when the walls fell!

 

[ececlv]

No they don't.

The manual review process is not people looking at hashes. they are looking at your pictures

 

[Theo Belk]

The manual review process is not people looking at hashes. they are looking at your pictures

According to their stated policies, Apple can not break the iCloud encryption

"No one else, not even Apple, can access end-to-end encrypted information"​

So if they can review the pictures, it has to be an as-yet undisclosed capability to pull the photo from your phone before it is stored in iCloud or Apple's posted statement is a lie. Neither option is palatable. Apple plays word games but they tell the truth when they are cornered.

 

[ececlv]

According to their stated policies, Apple can not break the iCloud encryption

"No one else, not even Apple, can access end-to-end encrypted information"​

So if they can review the pictures, it has to be an as-yet undisclosed capability to pull the photo from your phone before it is stored in iCloud or Apple's posted statement is a lie. Neither option is palatable. Apple plays word games but they tell the truth when they are cornered.

Hmm and perhaps thats why many are saying this is a backdoor.

the manual review process is apple viewing your photos.

 

[Just sayin...]

“According to their stated policies, Apple can not break the iCloud encryption…”

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

www.reuters.com

 

[Theo Belk]

No, but they CAN retrieve anything that was backed up to iCloud. So your big bad security watchdog is really a li'l chihuahua.

If the backup is not encrypted for some reason then yes. All bets are off. But nobody in their right mind does that. If the backup is encrypted then no. Not Apple or anyone else without the key gets in there. This is a fact that has driven law enforcement to use cracking services.

My big bad what? I'm no friend of Apple. Apple doesn't want friends. Get too close to Apple and you'll find that out.

 

[Theo Belk]

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

www.reuters.com

Take it up with Apple and Reuters. Let me know what you find out.

 

[LV426]

Apple, make it opt-in.

Settings | Privacy | Snitch on me if I (allegedly) upload kiddie porn

 

[Theo Belk]

Hmm and perhaps thats why many are saying this is a backdoor.

the manual review process is apple viewing your photos.

Yep. My bet is on when a photo is flagged will be transmitted to someplace in addition to iCloud for review.

 

[scvrx]

reminds me of the scientists that built the atomic bomb

Even if Apple cancels this, the trust has been broken, FOSS FTW!

Actually I am thankful. No other scenario will push me to remove macOS from computers made by Apple and install Arch Linux. So for me this is winning situation already. I have forgotten this feeling: You in control of your own hardware and software without telemetry. We loved so much MacOS that installing Little Snitch on all company computers was mandatory. With this on device system Apple has reminded us all that iOS is closed source and we as consumers have only their "pinky swear" to believe.

 

[GrumpyCoder]

According to their stated policies, Apple can not break the iCloud encryption

"No one else, not even Apple, can access end-to-end encrypted information"​

So if they can review the pictures, it has to be an as-yet undisclosed capability to pull the photo from your phone before it is stored in iCloud or Apple's posted statement is a lie. Neither option is palatable. Apple plays word games but they tell the truth when they are cornered.

Correct, the problem is iCloud Photo is not E2EE. https://support.apple.com/en-us/HT202303

 

[jntdroid]

According to their stated policies, Apple can not break the iCloud encryption

"No one else, not even Apple, can access end-to-end encrypted information"​

So if they can review the pictures, it has to be an as-yet undisclosed capability to pull the photo from your phone before it is stored in iCloud or Apple's posted statement is a lie. Neither option is palatable. Apple plays word games but they tell the truth when they are cornered.

From your own source:

"For certain sensitive information, Apple uses end-to-end encryption." Notice it doesn't say all.

Photos are not included in that. Scroll down and you can see the list of items that are actually E2EE. Photos are listed in the "A minimum of 128-bit AES encryption" section only.

Apple's servers hold the encryption keys for everything not listed in the "End-to-end encrypted data" section. This is widely documented at multiple other sources. Apple is simply vague about it here.

Does that mean they're scanning iCloud photos? No. But they could if they needed to.

 

[jntdroid]

If the backup is not encrypted for some reason then yes. All bets are off. But nobody in their right mind does that. If the backup is encrypted then no. Not Apple or anyone else without the key gets in there. This is a fact that has driven law enforcement to use cracking services.

My big bad what? I'm no friend of Apple. Apple doesn't want friends. Get too close to Apple and you'll find that out.

The keys to many iCloud items, including photos, are stored on their servers.

 

[citysnaps]

The manual review process is not people looking at hashes. they are looking at your pictures

More precisely, *only* your *flagged* pictures with identical hash values of those found in the child porn database.

 

[hagar]

"Hi!
I'm Agent Jamie Smith and this is my Federal Legal Posse.
Here is a FISA warrant and an addendum to your CSAM db.
Here is the instructions you will follow in the event you get a match.
And lastly, here is the Gag Order limiting what you can discuss and communicate.
Kindly have a Super Sparkly day and we will see you next time!"

That’s not how this works. And again, if they mandated 10 years ago to monitor all activity on hour phone and they said yes, you’re already in the system.

 

[Jony Five]

Apple betrayed their commitment to privacy as soon as the FBI convinced them to not encrypt iCloud data. This is just another domino falling.

 

[spotlight07]

The conspiracy theorist in me wonders if this is Apple’s latest warrant canary. Especially since the NeuralHash model was found in iOS 14.3, which Apple confirmed is “an earlier version of the current model”.

I wonder the same. If Apple doesn’t change direction it must be because the three letter agencies are already using this tech and they are forced to silently comply. If that’s the case, kudos to Apple for blowing the whistle.