University Researchers Who Built a CSAM Scanning System Urge Apple to Not Use the 'Dangerous' Technology

[hans1972]

If I can read your iMessages for pornography I can also read them for going against whatever country you live in. It’s not really hard to understand. Apple’s policy is to comply with whatever local laws and government requests in the country it does business in. This means when the Chinese government requests Apple to scan iPhones for certain information, Apple will comply.

Most people in China uses WeChat. They have implemented OCR in their chat to convert all text in images to text and also image filtering and reporting.

China doesn't need Apple at all.

Also iCloud backup and iCloud Photo Library is available to Apple and thus law enforcement in the US, Europe and China.

 

[rme]

Not only apple might not meet EU regulations but any business user might violate data handling and privacy protection requirements by allowing separate stuff and searching to happen within his private data and device.

Think again. https://www.patrick-breyer.de/en/posts/message-screening/?lang=en

 

[jseymour]

Think again. https://www.patrick-breyer.de/en/posts/message-screening/?lang=en

Fascinating. Kind of at odds with this: German government wants Tim Cook to reconsider CSAM plans

 

[rme]

Fascinating. Kind of at odds with this: German government wants Tim Cook to reconsider CSAM plans

Majority of the German reps voted against.

https://mepwatch.eu/9/vote.html?v=134463

 

[hagar]

I'm sure you're right. Can you please inform the TSA of their mistake? https://www.tsa.gov/travel/passenger-support/travel-redress-program

It’s a metaphore 🙄🤦‍♂️

 

[thadoggfather]

'no you just don't understand it, we messed up the messaging is all'

 

[pdoherty]

There is no no fly list.

The list of CSAM content consists of photos from multiple child protection organisations. Only if the image is on all their lists, it’s included in the DB. so, it’s a good thing no individual organisation is responsible.

if your iCloud account is reported to NCSEM (not the authorities by the way) I assume they will decide if they will file a complaint against you, after which the legal authorities take over, which obviously includes a procedure for you to defend yourself.

there is no Apple police dragging you to jail.

You missed the analogy that the items considered fair game to report is not within public purview. Anyone can add things to the list, or come up with entirely new lists. Like China that wants dissident materials kept off of iPhone engravings - not hard to imagine them quietly informing Apple “either also scan for these images (tank man; self-immolating man) or you can‘t sell in China”.

 

[antiprotest]

If you are ok with a third party digging through your stuff, fine.
I‘m not. Not even a tiny bit. Plus I do have customer data and some documents/data from various courts in my possession for processing.
Hence I am forced by law to go elsewhere. Not that I would stay given the circumstances

What's your plan? What are your options at this point?

 

[thadoggfather]

Think Different: Think Identical: Spy Different

 

[RobArtLyn]

I can't look at OS code running and understand what's happening, especially if it's obfuscated in some way, which is VERY easy to do. I don't know about you, but I can't read machine code on something that's running, and there's no built in debugger to see things in a more meaningful way. (as if a debugger would be enough...) And no, you are stating absolutely no facts.

EDITAs) I have stated previously, I support server side scanning -- it's their hardware to do and it does ***NOT*** have access to everything on my phone like a local scanner does, only what my phone syncs with iCloud, iMessage, email...

If it’s scanned locally before being encrypted and only if it’s about to be transferred to their servers (as described) then they don’t have to scan on their hardware so they no longer need the keys. You know, the keys that they use to turn over everything to the government when told to. So, how is Apple not having the keys reduce your privacy when they are scanning exactly same material either way?

 

[09872738]

What's your plan? What are your options at this point?

Computing: Just ordered an Alienware X17; main OS will be Linux / KDE Plasma instead of going for the 16 inch MBP ASi

Smartphone: Not sure. Will stay on iPhone X for now (13 Pro - which i planned - probably off). In the future maybe Calyx. Problem is: Apple Watch (5) is rather useless without an iPhone.

iPad: no idea. There is no real competition I‘d consider

In general I‘d prefer to not leave the ecosystem. I like programming on the Mac, and ASi is a game changer in mobile computing. Too bad the come up with this nonsene at this point

 

[rme]

If it’s scanned locally before being encrypted and only if it’s about to be transferred to their servers (as described) then they don’t have to scan on their hardware so they no longer need the keys. You know, the keys that they use to turn over everything to the government when told to. So, how is Apple not having the keys reduce your privacy when they are scanning exactly same material either way?

Seems I missed an announcement. Where did Apple say they don't need those keys anymore?
Also : you think the FBI&politicians are going to be happy if Apple says : "all the existing CSAM collections in iCloud are safe with us"?

 

[jseymour]

Problem is: Apple Watch (5) is rather useless without an iPhone.

Yeah... I'm gonna miss my Apple Watch I've tried to find an adequate replacement and have come up with bupkis, so I guess my smart watch days are over.

iPad: no idea. There is no real competition

I haven't gotten as far as looking into a replacement tablet, yet.

 

[hooptyuber]

If they don’t cancel this I’m seriously going to have to look at alternative products, which saddens me.

I wonder how those Linux phones are coming along.

 

[rme]

I wonder how those Linux phones are coming along.

Future looks bright for Linux phones. I think there will be more demand for them after the introduction of the fbiPhone.

 

[jseymour]

I wonder how those Linux phones are coming along.

They're coming along. They may actually be usable.

I'm thinking I'll more likely move to an Android phone with either LineageOS or wossname (can't recall the other AOS project right now). I used CyanogenMod on my old Samsung tablet and it worked fine.

 

[slomojoe]

What's your plan? What are your options at this point?

use an e2ee encryption backup like sync.com and build your own cloud storage system with a nas like synology's 220+

 

[vault]

All this effort and actual pedophiles get suspended sentences at most. What a joke.

 

[Mega ST]

The real criminals will have moved their pictures elsewhere already.

 

[bobcomer]

You're right, strange. I sometimes see it and sometimes don't. I thought they changed something.

It was just an underline, not a link.

I've seen the disagree button not show a couple times too, I think it's just a bug in the forum software.

 

[rme]

The real criminals will have moved their pictures elsewhere already.

Why? They're perfectly safe with Apple it seems. Only new uploads will be scanned.

 

[bobcomer]

If it’s scanned locally before being encrypted and only if it’s about to be transferred to their servers (as described) then they don’t have to scan on their hardware so they no longer need the keys. You know, the keys that they use to turn over everything to the government when told to. So, how is Apple not having the keys reduce your privacy when they are scanning exactly same material either way?

Since your phone includes more information about yourself than iCloud does, any scanner has more access than if they just scanned server side. And since it's down on your device, iCloud is irrelevant now, and it's oh so easy to change what is scanned without most users even knowing about it.

 

[scvrx]

Computing: Just ordered an Alienware X17; main OS will be Linux / KDE Plasma instead of going for the 16 inch MBP ASi

Smartphone: Not sure. Will stay on iPhone X for now (13 Pro - which i planned - probably off). In the future maybe Calyx. Problem is: Apple Watch (5) is rather useless without an iPhone.

iPad: no idea. There is no real competition I‘d consider

In general I‘d prefer to not leave the ecosystem. I like programming on the Mac, and ASi is a game changer in mobile computing. Too bad the come up with this nonsene at this point

Plasma is traditional desktop paradigm on steroids. You can easily customize and streamline the experience. In my office most of developers are with KDE/Arch. I have played with popOS implementation of Gnome and I like it a lot, it has logical short-keys and tilling windows function by default. My only personal Apple device left is the iPadPro only for one app - Procreate. There is no analogue at the moment, may be I will invest in Wacom Cintiq (Krita is also capable Linux app for digital painting and drawing.

I have switched to flip phone, waiting for Xperia delivery and will install SailfishOS.

On the ecosystem. I feel your pain. It hurts because of macOS incoming implementation but in general this is the past.
Apple will butcher desktop computing anyway.

 

[jseymour]

I have switched to flip phone, ...

I'll switch to a feature phone if I have to. I think, before that, I'd try a Light Phone. And, before that, I'll try an Android phone with LineageOS or something on it.

Problem is: We have an irrigation system, alarm system, and surveillance system, all for which I literally need a "smart" mobile device. So I'll down-grade to a feature phone if I have to, but I will go down kicking and screaming all the way

 

[dk001]

Ran into this video this morning.
Check out the time stamp 11:40