University Researchers Who Built a CSAM Scanning System Urge Apple to Not Use the 'Dangerous' Technology

[Mercury7]

Btw, some people in the tech industry think the evil act can’t be retracted… Apple admission that they built this even without implementation makes it impossible for them to say no to government…. Even if they reversed course they can now be compelled to implement it. …. It was Alex from macbreak weekly that made that observation

 

[dk001]

You can store up to 4Tb on iCloud while many users only have 64Gb storage on their phones.

I have more data in iCloud than on my iPhone, iPad and Macs.

If scanning is to occur no matter what, it's better for me that it only scans on device.

The best solution for me would be end-to-end encryption on all iCloud data and scanning occurring on as little data as possible on the phone.

That’s assuming you store everything on the iCloud.
Most do not. Either by choice or they don’t want to pay for it.

 

[Mercury7]

One big point lays serious doubt on your claim.
IF Apple was scanning the iCloud for CSAM like most major cloud providers, the number of reported CSAM violations would be far in excess of the 265 they reported last year. That is a legal requirement: IF you scan and find you MUST report. Many were assuming Apple scanned (discounting warrants and subpeonas) as they claimed they could. The numbers reported means either Apple scans and does not report - breaking the law - or they don’t scan and don’t break the law.

I am going with the latter.

Your correct… the law only says you must report what you find, it does not require you to look

 

[dk001]

They will be worse for almost everyone if they aren't even going to use Google services and apps.

To use most of Google services and apps including their app store, you need Google Play Services, which contains scanning software. This scanning software scans regularly at least part of your file system.

Google Play Services: Everything you need to know

Google Play Services is one of the most powerful pieces of software that people hardly know anything about. Learn everything you need here.

www.androidauthority.com

 

[jk1221]

Because governments to include the US government have been pressuring Apple to do this. It’s not good when you have your subjects using a method of communication that’s very difficult for you to intercept. The less democratic government is the worse it is.

Apple isn’t worried about financial loss because other than a short-lived outrage there’s nothing consumers will or can do. Apple knows this. There is no other privacy focused alternative. And in a sad way I think it’s funny that all these people were worshiping Apple like it was some sort of charity now realize it’s just a corporation designed to make money. I love Apple products but Apple as a corporation and Tim as a CEO isn’t any different than Google or Facebook ethically.


If you haven’t seen this video it’s a good watch. Just wait till Renee and Georgia finish a little bit of chitter chatter she straight up goes off on Apple. Renee is just sitting there looking like oh crap there goes my friendly relationship with Apple

You know when you're losing your ultimate fanboys/girls you stepped in it.

Even she makes the point that this isn't about the kids but for money, to sell to areas where they can then say oh the government made us do it/turn it over- journalists, political dissidents, etc.

People seem to forget some places don't treat people so well like the US/Canada/most of Europe with any human rights. Imagine Afghanistan if the Taliban become legit government and can force Apple to go after non-Mulsim acts that women or gay people do and go execute them. Innocent hashes, like "woman wth face uncovered" "gay pride flag" etc.

And even Rene makes the "me too" guilty until proven innocent while wrecking careers and families before evidence argument; which is true. The stigma of this even over inappropriate sexual remarks to a female at work will be 1000000000x worse since it's kids too.


But I think she does a REAL disservice there. "Oh well I'm too in the ecosystem so I will just whine." Apple does not care. The only thing that will get their attention is money loss; people leaving. In the ecosystem is not an excuse if you want to speak out that critically; DO SOMETHING.

Which she goes on to say staying on iOS14; which is ironic as a side note when the same Apple fanboys will do that but then go into the Pixel 5a thread, a perfectly decent phone, and bash the OS updates only being 3-4 years. Like cmon man....

 

[nickdalzell1]

BTW if you did move to Android there is an Apple Music app for it, although for some reason it won't let me login with my Apple ID (it claims incorrect password/username, possibly not supporting Two-facter auth yet?).

Personally It's been replaced with my thousand plus songs I already own or had since Napster, and Spotify for streaming (although I download the playlists since on hikes I often have no service)

 

[nickdalzell1]

Google Play Services: Everything you need to know

Google Play Services is one of the most powerful pieces of software that people hardly know anything about. Learn everything you need here.

www.androidauthority.com

True, but if you use an app such as NetGuard you can disable internet and location access selectively to Google Services and the apps will still run, since all they use them for is verification (which can be done on device), location data (I don't even need that), and checking for app updates with the Play Store (I don't do updates)

 

[rme]

You know when you're losing your ultimate fanboys/girls you stepped in it.

Even she makes the point that this isn't about the kids but for money, to sell to areas where they can then say oh the government made us do it/turn it over- journalists, political dissidents, etc.

Most people just don't care. See the Will you leave the Apple ecosystem because of CSAM? poll.
Only a small minority cares about privacy or freedom of speech.
The vast majority of people in the US or Europe would be perfectly happy living in a china-style dictatorship.

 

[ChromeCrescendo]

what are the shipping times like to Tinagra?

Do Darmok and Jalad really need phones?

 

[dk001]

The CSAM Detection system is US only. My opinion is they do this because of political pressure and wants to avoid laws being passed which would make scanning iCloud obligatory. By doing it on device they also don't have to break encryption.

If thinking about the new features in Messages I think it's has to do with the huge problem of adults contacting and sending nudity pictures to teenagers and even children. Also a lot of parents, especially in the US, wants very strict parental controls when it comes to pornography and nudity in general. It's basically what a lot of their customers want.

Don’t buy that at all. Sexting and sharing has become a “normal” activity amongst teens. There is a big disconnect between the older and younger generation on what is perceived as right vs wrong. When I became a foster parent and went through all the classes, I was appalled and amazed at that difference. We need to remember there is a big difference between what many do and CSAM. Personally, I think Apple is way wrong trying to integrate (by appearance) the two.

 

[dk001]

I fully support more parental controls. Like expanded administrators rights over their kids phones. Apple does the right thing here. But this is quite different from a company scanning private storage anytime and independently notifying authorities.

If Apple supported that, they need to make the controls easier and far more robust.

 

[dk001]

NCMEC are authorised by Congress to do this job. They have been doing it more or less for two decades if not more. They're also mostly funded by the federal budget. And are considered now a government agent in legal cases.

It's a good thing they're not law enforcement agencies and only provides evidence to law enforcement agencies. It's better for the citizens that investigations are handled by the normal law enforcement agencies whether it's the local sheriff or FBI.

Update: recent court cases have declared that some groups like this are operating as defacto law-enforcement.

 

[cola79]

One big point lays serious doubt on your claim.
IF Apple was scanning the iCloud for CSAM like most major cloud providers, the number of reported CSAM violations would be far in excess of the 265 they reported last year. That is a legal requirement: IF you scan and find you MUST report. Many were assuming Apple scanned (discounting warrants and subpeonas) as they claimed they could. The numbers reported means either Apple scans and does not report - breaking the law - or they don’t scan and don’t break the law.

I am going with the latter.

Another option would be that it really were just this 265. Do people really think that Millions of iPhone users have pictures of child abuse on their phones?
These criminals are still a very small minority. And whatever the crime is, almost no criminals use their smartphones to keep evidence for the authorities.
What is the first thing everybody searches through once you get arrested? Your phone!
So yes, the number of criminals who have child abuse on their portable devices is very very small. It's really the dumbest of the dumbest criminals who do that.

 

[scvrx]

Probably because it’s getting dull debunking the conspiracy crap every 3 seconds.

I have being warned by the moderators to keep my tone polite, which I will.

"Conspiracy crap" is not adequate label for growing pile of actual evidence about the design and implementation of this system. Respectable organizations and expert individuals are standing behind this. Not some Q-anon crowd. Please own you opinion, but try to be factual and rational about it.

For some people, who are using Apple longer than most, empty promises and flashy marketing tricks are not enough to abandon their privacy and give their trust over - just because Apple never make mistakes. Right?

For some this is minor inconvenience, they will buy everything that Apple produces without thinking it over.

 

[jseymour]

You really think Signal is secure when it’s running on an OS that has a built in backdoor?

Unless Apple corrupts the app or installs a key logger: Yes. It is, literally, end-to-end encrypted.

Android may be better for privacy if Apple moves forward with this…

Or certainly not worse. Being as I've been obliged to lobotomize my Apple ecosystem and Android will let me do a lot more: The equation has drastically changed. So odds are very much in favor of me moving back to Android eventually.

The point is you can make Android more private.

Much less invasive than it is by default: Yes.

How much of a pain is android without the App Store? I couldn’t imagine iPhone without the iPhone App Store.

You don't need to do-away with Google's Play Store. You can install an alternate AOS and still access the Play Store.

I’m even seeing editorials on this in “normal” (non-tech) media.

Well, there's the previously-posted Bill Maher monologue. Check out his comments at 1:23 and the audience reaction. He gets it. So, too, does the majority of his audience if the response is any guide. His audience's reaction mirrors what I've experienced when I've told people of this.

If the U.S. "news" media were doing their jobs (which they have not for years), pretty much everybody'd know about this by now.

 

[rme]

Another option would be that it really were just this 265. Do people really think that Millions of iPhone users have pictures of child abuse on their phones?
These criminals are still a very small minority. And whatever the crime is, almost no criminals use their smartphones to keep evidence for the authorities.
What is the first thing everybody searches through once you get arrested? Your phone!
So yes, the number of criminals who have child abuse on their portable devices is very very small. It's really the dumbest of the dumbest criminals who do that.

Depends. If you go by the legal definition (sex pics with someone <18 in it), it might well be millions globally.

 

[Mercury7]

BTW if you did move to Android there is an Apple Music app for it, although for some reason it won't let me login with my Apple ID (it claims incorrect password/username, possibly not supporting Two-facter auth yet?).

Personally It's been replaced with my thousand plus songs I already own or had since Napster, and Spotify for streaming (although I download the playlists since on hikes I often have no service)

Yeah I thought I could use Apple music on android… my daughter bought a cheap android the last time she lost her iPhone and so pretty sure she is using it

 

[jseymour]

Probably because it’s getting dull debunking the conspiracy crap every 3 seconds.

Except, other than those who've had what Apple's planning on doing completely wrong: You and Apple's defenders haven't "debunked" anything. You have an opinion. That opinion's essence seems to be: 1. You're willing to see your privacy and security compromised to aid the effort of ridding the world of child pornography, 2. You trust Apple's system will actually be an effective tool to achieve that end, and 3. You trust Apple will never do more than that with it.

That's it. That's the sum total of your and other Apple defenders' arguments. But they aren't arguments that actually debunk anything. They're opinions. Opinions that are no more or less valid than those who disagree with you. And, if I may be excused for the logical fallacy of appealing to authority: Opinions that so far aren't shared by any credible, independent security or privacy entity. Not. A. One.

 

[hagar]

Apple’s servers are full of CSAM content. Apple has the right to remove that content, but it doesn’t want to decrypt iCloud photos, leaving them vulnerable to access. So it does the check before uploading the photo. Private and secure so no data leaves the user’s phone. Nice solution.

If you don’t trust their approach, you shouldn’t have trusted iOS and macOS in the first place.

 

[Mercury7]

You don't need to do-away with Google's Play Store. You can install an alternate AOS and still access the Play Store.

Can you elaborate for those of us that have zero knowledge of android

 

[rme]

Apple’s servers are full of CSAM content. Apple has the right to remove that content, but it doesn’t want to decrypt iCloud photos, leaving them vulnerable to access. So it does the check before uploading the photo. Private and secure so no data leaves the user’s phone. Nice solution.

If you don’t trust their approach, you shouldn’t have trusted iOS and macOS in the first place.

And Apple's servers will remain full of CSAM content. You really believe politicians, the FBI, and the NCMEC will be fine with that, because they won't be able to add more stuff?

 

[Mercury7]

Except, other than those who've had what Apple's planning on doing completely wrong: You and Apple's defenders haven't "debunked" anything. You have an opinion. That opinion's essence seems to be: 1. You're willing to see your privacy and security compromised to aid the effort of ridding the world of child pornography, 2. You trust Apple's system will actually be an effective tool to achieve that end, and 3. You trust Apple will never do more than that with it.

That's it. That's the sum total of your and other Apple defenders' arguments. But they aren't arguments that actually debunk anything. They're opinions. Opinions that are no more or less valid than those who disagree with you. And, if I may be excused for the logical fallacy of appealing to authority: Opinions that so far aren't shared by any credible, independent security or privacy entity. Not. A. One.

That’s pretty much it… everyone will have to decide if this goes too far for them to stay…. I already made my decision, only thing is I probably will be running ios14 with no icloud for a while, fortunately the way this is rolling out gives me time to decide on new devices….. I imagine I could probably go a couple of years on ios14 if need be….. and there is still remote possibility Apple could reverse course next week…. SPeculated by some they will just claim technical issues and let it die instead of admitting the mistake

 

[jseymour]

Can you elaborate for those of us that have zero knowledge of android

There is LineageOS, which is the base Android Operating System, which is open source. It's available for a variety of Android hardware platforms. It is essentially de-Googled Android. There's another project, but I cannot recall its name.

The original de-Googled Android was the CyanogenMod project. (LineageOS is a fork of that.) I ran CyanogenMod on my old Samsung tablet. It removed all the unnecessary Google and Samsung bloatware and intrusionware, but still gave me the rest of the Android experience.

In fact: A phone running an independent AOS distribution is arguably a great deal more private and secure than even an iOS device pre-CSAM-scanning. It's open source. That means many eyes see the actual source code that goes into the binary builds. If something nefarious gets stuffed in there, it doesn't take painstaking reverse engineering to find it and figure out it's there and what it does. It's immediately apparent. And almost certainly just as quickly removed. (And whomever put it there removed from access to the source code repository.)

ETA: It just occurred to me: I've essentially "lobotomized" my Apple Watch, anyway. If I can have the functionality I now have (essentially: date & time, notifications, and heart rate monitoring is all it's doing now) with it linked to an AOS install, maybe I'll keep it? I'm going to look into this.

ETA2: Whoops! A non-starter. So, once I leave the iPhone and iPad behind, the Apple Watch will be history, too. Too bad ¯\_(ツ)_/¯

 

[dk001]

Another option would be that it really were just this 265. Do people really think that Millions of iPhone users have pictures of child abuse on their phones?
These criminals are still a very small minority. And whatever the crime is, almost no criminals use their smartphones to keep evidence for the authorities.
What is the first thing everybody searches through once you get arrested? Your phone!
So yes, the number of criminals who have child abuse on their portable devices is very very small. It's really the dumbest of the dumbest criminals who do that.

Take a look at all the other cloud services and FaceBook. Once you do you will see how ludicrous that claim is (Apple scanning).

 

[nickdalzell1]

There is LineageOS, which is the base Android Operating System, which is open source. It's available for a variety of Android hardware platforms. It is essentially de-Googled Android. There's another project, but I cannot recall its name.

The original de-Googled Android was the CyanogenMod project. (LineageOS is a fork of that.) I ran CyanogenMod on my old Samsung tablet. It removed all the unnecessary Google and Samsung bloatware and intrusionware, but still gave me the rest of the Android experience.

In fact: A phone running an independent AOS distribution is arguably a great deal more private and secure than even an iOS device pre-CSAM-scanning. It's open source. That means many eyes see the actual source code that goes into the binary builds. If something nefarious gets stuffed in there, it doesn't take painstaking reverse engineering to find it and figure out it's there and what it does. It's immediately apparent. And almost certainly just as quickly removed. (And whomever put it there removed from access to the source code repository.)

CyanogenMod 7.1 was my favorite custom ROM. 😢