Given how ubiquitous cameras are, I can fully imagine more pictures being taken, though.
Guess I'm gonna have to buy a semi terrible privacy focused smart device with phone capabilities in the near future.
- Most instances of "child abuse" involve something that matches the legal term, but involves teenagers and is almost certainly not abuse
- Lots of conservatives want to punish said teens and anyone involved for sexuality and go along with the sophistry of calling people abuse victims when they have consensual sex or post their nude photos online
- Naturally, there is no incentive to look at naked 5 year olds, because that's not how the human body works. This is an edge case and is what the media makes out to be the norm
Stop pretending to have a "mature perspective". Companies should literally never touch your data unless there is a search warrant. Now that I read this article I'm concerned about what WhatsApp is doing.
[0]: https://www.reddit.com/r/apple/comments/p0i9vb/bought_my_fir...
1: https://www.hackerfactor.com/blog/index.php?/archives/929-On...
It's absolutely ridiculous what apple has become. The exact opposite of what they used to represent, when I loved them. God rest Steve Jobs soul, his 1984 ad is exactly what apple is now. Screwed devs on app store, strongarmed into compliance, cooperation with china, worse and worse UX on phones, and now this...
Really disappointing.
So I’ve been on the verge of doing this for years so this was the final push and motivation.
Yesterday I sold my iPad and Apple Watch. They are being shipped today. I’m just waiting on refunds on my AppleCare for my MacBook and iPhone now and I will sell them.
Yesterday I had a Nokia 215 arrive as a replacement phone. Also a monster pile of PC bits arrived which have been assembled into a Ubuntu running desktop. I am spending today migrating my data over carefully. When the MacBook sells I will buy a Nikon DSLR.
At the end of this I lose perhaps 20% convenience for an immeasurable privacy gain, lose a big chunk of the distractions from my life and end up with some cash left over which I will use to go on holiday.
The only thing I will miss is Apple Music but it’ll give me a chance to curate my music collection without distraction again.
I'm not sure how is that better?
Wouldn't AOSP/Lineage with Signal installed be better?
I sold my DSLR a couple of years after getting my G9x Mark II. The DSLR was always gathering dust compared to the G9x which with a small belt case could easily be taken anywhere.
That said these cameras are definitely not as flexible as a full SLR nor will you get the same performance. Its a large sensor when compared to a camera or other point and shoots but its still nothing compared to APS-C.
At this point I'm going back to owning a seaparate dedicated music device that is totally divorced from the computer. There's just something intentional about walking over to a CD player or record player, picking out an album, and putting it on compared to mindlessly browing Spotify playlists.
Are you switching from a laptop to a desktop machine? Do you have no use for the portability anymore?
Can Apple force people to install this even on devices they already sold?
heres my photo gallery all shot with the z5
Not having to edit the pictures is a huge plus, and JPG files in Nikon, even with dynamic range on, are pretty mediocre compared to Pixel phone.
Yes, backdooring E2E encryption in general is a bad idea. However, consider two things:
* iCloud Photos was never E2E encrypted in the first place. They already can scan your photos all they want server-side, and they have been scanning for CSAM since 2019, while Google has been scanning for it since 2009. Yes, if iCloud Photos were to become E2E encrypted leaving in a backdoor like this could be bad, but it's still the lesser of two evils. Would you rather they keep photos non-E2E forever and have even more unfettered access to them than a "backdoor" allows? It does NOT scan photos that are not uploaded to the cloud, despite being on-device. And it's important to note the threshold and manual human review system put in place before the authorities receive any notification at all.
* For iMessage, all this entails is warning children under 18 about explicit content, and optionally notifying parents if the child is under 13 and the parent opted in. (I don't think it even sends the photo itself to the parents, but that's not explicitly clarified anywhere.) At no point do Apple or the authorities learn the contents of E2E encrypted iMessages. (Also worth noting: if you use iCloud Backup, your messages are no longer E2E encrypted in the backup, as Apple holds the keys to that. This was true even before the new system was introduced.)
Yet. Once it's on the device, it's a MUCH smaller step to use it in other ways. It's certainly easier fro governments to argue that they should be able to force it to be used arbitrarily... you know, for the children/terrorists/etc.
> And it's important to note the threshold and manual human review system put in place before the authorities receive any notification at all.
Until it's not. Once again, once it's in place, it's a lot easier for malevolent actors (governments) to force it to be used other ways.
This a back door. Plain and simple. The fact that it's not _currently_ going to be used for evil (depending on your definition of evil) does not mean it won't be in the near future. Back doors are bad. How many times does this need to be said?
Yes I'd rather they do this. The fact that they're implementing on device checks doesn't suggest to me that they will be deploying E2E encryption. It suggests to me that they will be expanding on device scanning to all content in the future.
If they were going to make iCloud E2E encrypted, it would be a clear win to announce this at the same time as deploying on device scanning.
but you are forewarned - you can blew through way more then a weekend de-oppressing you digital life.
Google, Microsoft, Facebook, Twitter, etc. have all been scanning content for those same child porn images for darn near a decade now.
>The system that scans cloud drives for illegal images was created by Microsoft and Dartmouth College and donated to NCMEC. The organization creates signatures of the worst known images of child pornography, approximately 16,000 files at present. These file signatures are given to service providers who then try to match them to user files in order to prevent further distribution of the images themselves, a Microsoft spokesperson told NBC News. (Microsoft implemented image-matching technology in its own services, such as Bing and SkyDrive.)
"There are two opportunities to look at content," when it's going into a cloud-storage account and when it's leaving, she said. "There is technology to do this," Grant added, pointing out that file signatures — unique hashes or fingerprints — could be used to confirm the nature of the files.
https://www.nbcnews.com/technolog/your-cloud-drive-really-pr...
If this is the case, then It is coming to every device (not just apple) or E2E will be made illegal(or a backdoor).
End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves.
Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.
Would it even be considered end 2 end encryption based on this Wikipedia definition? I don’t think it meets the definition if apple can determine certain files exist in a conversation.
> It's definitely the last straw for me in terms of apple products.
Uhh and where else will you go where the grass is so much rosier privacy-wise?
Then HN taught me that any company storing images on their infrastructure in the US must report pedophilic images to the US government.
At this point, the approach taken by Apple seems like the best one to me, if you don't want to store pictures in clear on your servers.
What other technical approach are people advocating for?
Another point it is to try to change the law, but this is beyond the scope of the conversation.
Apple‘s approach is the only way to - at the same time - act lawfully regarding to EARN-IT act in the US and provide E2E in iCloud.
I really hate these laws, but Apple is not the problem here. Read up on EARNIT and the EU laws currently in the works. All communication WILL HAVE TO BE SCANNED by the provider. Beating the drum against Apple will just lead to E2E encryption being forbidden. What needs to be forbidden instead is any access to communication.
https://www.apple.com/child-safety/ https://en.m.wikipedia.org/wiki/EARN_IT_Act_of_2020 https://ec.europa.eu/info/law/better-regulation/have-your-sa...
https://www.patrick-breyer.de/en/posts/message-screening/?la...
In one part, the pro-privacy part of me is of course aghast at the whole idea.
However...
If you "read the room", there have been increasing noises from the global political world in recent years, and perhaps especially in the US.
So if you think about it that way, it might be a case of Apple jumping before they were pushed.
I mean, let's face it, if you wait for the politicos to come up with a solution and force it through with legislation, they really would put in actual backdoors and encryption bans given half the chance.
I suspect others, such as WhatsApp, might begrudgingly follow in due course.
There's always GPG and a whole litany of other tools and apps for those who know what they are doing in terms of privacy.
https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...
I am pretty sure all of Big Tech is in collusion among themselves and with various governments, after what Snowden showed us.
https://www.theguardian.com/world/2013/aug/23/nsa-prism-cost...
Everything starts off with "won't anyone think of the children?". Next thing you know, Apple is scanning your photos for faces of known "terrorists", etc.
I have children, and hate CP with a passion, but know that this is not the answer.
At this point, I have no doubt that in the future, a more ambiguous excuse such as "hate speech" will be used and under that umbrella, the elites will have a huge margin for pursuing any kind of "dissidence".
Finding and protecting even a few children from becoming victims of pornography is clearly something that is well worth my not having 100% privacy.
Even knowing that there might be false alarms.
Despite what the strident discourse has been, individual privacy is not some sancrosanct idea that cannot ever be tread upon. There are some things that are far far more important than that.
I'm surprised he went ahead with this considering how much privacy goodwill they have built up over the years.
What my SO says that he's just the manager of sales interested in selling their products and nothing else; the "else" is done by others - with marketing and pr and actual work.
This tweet here gives interesting options to learn more about it https://twitter.com/yoyoel/status/1424154582372872192?s=20
I have no imagination of the suffering of the kids behind it and it's definitely good that we fight it. But why not for older kids?
Apparently this is already happening on all major platforms in the moment. Apples implementation is the most privacy friendly one, or isn't it?
> Not only searches for known pictures and videos are to be legalised, but also error-prone “artificial intelligence”, for example to automatically search text messages for “luring” of minors. If an algorithm reports a suspected message, message content and customer data could be automatically forwarded to law enforcement agencies and non-governmental organizations worldwide without human examination.
> WhatsApp’s owner, Facebook, has reasons to pounce on Apple for privacy concerns.
>> The idea that parents are safe people for teens to have conversations about sex or sexting with is admirable, but in many cases, not true. (And as far as I can tell, this stuff doesn't just apply to kids under the age for 13.) — Kendra Albert (@KendraSerra) August 5, 2021
>> EFF reports that the iMessage nudity notifications will not go to parents if the kid is between 13-17 but that is not anywhere in the Apple documentation that I can find. https://t.co/Ma1BdyqZfW — Kendra Albert (@KendraSerra) August 6, 2021
I'm against Apple forcing a backdoor onto every device, but this argument falls totally flat to me. Yes there are shitty parents out there, but despite that, parents still need the ability to parent. If Apple's "think of the children" arguments for their backdoor are wrong, then this "think of the children" argument against it is wrong too. There's nothing wrong with notifying parents that their pre-teen is doing someone they shouldn't be doing with their phone.
IMHO, I'd support the existence of such feature, but only as long as it's a user-installable option, not installed on every phone as part of the OS.
Yet the privacy implications will last forever. Once it's implemented, it only takes a rubber-stamp warrant to compel Apple to scan your device for anything the government deems concerning. In fact, no warrant needed in most countries.
Privacy advocates don't seem to get it. There can not and will not be a future where these people can hide in the net. Either somebody figures a way to catch them without hurting the privacy of the innocent, or we will use systems that hurt the privacy of the innocent.
There is no third option, so put your energy into finding a solution that satisfies the first option if you care about this so much.
Server scanning makes it clear that the company running the servers has access to your photos. So you can either find a form of encrypted storage, or be okay with that, depending on your privacy stance. Having device with ability to scan your photos removes that choice. It is a privacy invasion.
ios already does on-device ml-based photo categorisation for some time, afaik no way to turn it off.
Windows already does this via Windows Defender. This is a basic AV functionality and much more privacy preserving.
The CCP have already throughly demonstrated that they don’t need manufactures consent to build these systems.
Look at the Uyghur population in China. They already have their phones scanned on device for dissident material, not by coercing manufacturers, but by forcing the population to install a surveillance app. Then making it illegal to use a phone without it.
Being caught at checkpoint without the app installed and working is grounds for immediate arrest and re-education.
IMO this appears to be Apple either a) trying to preempt future criticism or regulation or b) responding to some behind-closed-doors pressure/bargaining with US authorities.
It's certainly been going on for the past decade.
For example:
>a man [was] arrested on child pornography charges, after Google tipped off authorities about illegal images found in the Houston suspect's Gmail account
https://techcrunch.com/2014/08/06/why-the-gmail-scan-that-le...
1. Encrypt everything.
2. Don't store images on your servers at all.
There's nothing to report if all you have is some encrypted blob. Alternatively, just don't consume any user data at all. Data is and should be a massive liability.
My thoughs as well.
If you don't want there very dangerous weapon you have thought out to be abused, don't create a physical assembly of it and don't tell anyone who has a habit of abusing powerful weapons.
Apple just erroneously said "it's safe" despite the fact that it clearly can be abused.
[0] https://blog.cryptographyengineering.com/2020/03/06/earn-it-...
That’s exactly what you do if you plan to enable E2E.
That being said, one of two things is true. Either Apple does exactly what they say, in which case they are not able to perform server-side content / fingerprint scanning, or Apple is outright lying about only using their key on behalf of law enforcement. This latter case would open them to all sorts of legal liabilities, like a suit from shareholders for false reports. It would also require the silence of every Apple engineer who has ever been involved in at least their iCloud Photo program, and probably a bunch of server infrastructure as well. Additionally, they'd be legally obligated to report their scan results to the NCMEC but would have to do so in a way that doesn't give away that they're lying about how their systems work.
The functionality to detect CSAM uploaded to Apple’s servers or sent to pre-teens?
> And it basically means we sell out our democratic principles
What democratic principle is being sold out?
Reading https://support.apple.com/en-us/HT202303 , it seems that Apple may encrypt pictures on their servers, but they have the key. The list of what's actually end-to-end encrypted doesn't include photos. So, they may be scanning on your phone, but they can scan on their servers if they wanted to.
In this way the can get rid of the keys on their servers and still find pedo pictures.
This is just farce.
Ones they know of…
> What other technical approach are people advocating for?
Apple already has a technical solution, encryption.
How does encryption help prevent porn being sent to pre-teens?
That's not true though.
Reduce user data stored in cloud data centres as much as possible. This is the approach taken by Whatsapp, so not surprised they are the ones most vocal against it.
And at the risk of appearing to be supportive of a Facebook product, I think this is the right way to take computing. We don't need a central place to put stuff or to do compute when we can do it on our own devices. We just need orchestration.
And it's always there also for whoever they claim to want to catch, so this measure is useless.
This is not protecting anyone, Apple might very well be anticipating the regulation, but that does not automatically deserve our praise. We should fight against this implementation and any regulation requiring similar measures.
Right. This will, a) catch the low hanging fruit type of criminal and b) keep honest people honest while forcing them to give up something for nothing.
They've tried to do this for decades and have failed. If they're going to do it then let it be on record. Let's see how voters like it.
ETA: in short, about a month ago they did get the votes, at least in the EU, and it's now "allowed" for providers to scan all content. In a little while, they're going to have a vote to change "allowed" to "required", and we have no reason to think it'll go differently.
If they ban encryption tech sector will kick up enough noise that even non tech people will at least notice.
This way, it essentially opens a backdoor. Changing this from scanning hashes of pictures stored locally, to scanning for arbitrary things stored locally probably is not monumental task ( next in line probably hate speech ).
And once you have that capability it's hard to argue to governments that you cant let them scan the content of either particular phone, or all of the phones, for whatever they want, which could be: .*
This way, the message to non techies will be, we are protecting children, but bunch of online weirdos and maybe pedophiles don't want us too.
you get privacy and freedom from the smartphone-service-based-everything-forever lifesytle, it's nice
Like whatsapp saying their chat is encrypted, is it really? Well, Facebook is trying really hard to losen this up, why don't they just release an update sending them the keys?
It turns out that compromises have to be made. And it's also a moving target.
And generally speaking I want my device to be mine. I don't even want debugging or app verification requests happening without my consent. It's my device and when I upload to the cloud, I'll use my own encryption.
It was obviously merely an example for illustration purposes by the parent. To get a point across it's often very helpful to use a stark, clear example.
Few governments will ever have the extraordinary capabilities and resources of the CCP in China.
For the other ~190 governments that will never reach that level of capability, what they might have now is a globe-spanning billion-device corporation like Apple more willing to assist them.
That risk is not tiny, can you imagine any authoritarian government asking a compliant Apple to remove inconvenient pictures?
Which is why you make it mandatory on all devices sold, not just apple.
It takes longer but the end result looks MUCH better than anything your phone can produce. That said, sometimes I just want to take a selfie and not fiddle too much. Thats when I use my google pixel.
* SafetyNet doesn't work, as expected, which means no Google Pay. Nothing else I use has been impeded, though. * Chromecasting doesn't seem to be implemented in MicroG, so no casting content
Other than that, it's been solid.
If it hasn't been a problem that Google has been scanning your cloud data for the last decade, it didn't suddenly become a problem now.
The feature what everyone is afraid of (scan all in my device), is super trivial to add generally. Company like Apple can push it to public in less like week regardless if this Child Safety came first.
This new feature is actually really hard to develop, because they try to create E2EE system with backdoor. And they want to lock themselves out of this backdoor to prevent misuse.
There is no difference.
Yay progress.
...or whatever gets sneaked into a database that nobody can take a look at, and whose maintainers have zero obligations to you.
>and those instances have been verified to actually be child porn by a human.
Yeah, SWAT teams doing their homework before shooting people up is precisely why SWATting is a completely innocent thing to do and never put anyone in danger.
And that also does nothing in case of "neural" (aka blackbox) hash collision, where the Algorithm mistakes a normal picture for CP. The "human" you have in your dreams doesn't have access to the actual file you have on your device, right? (At least, that's the sales pitch for on-device privacy). They won't know until they get you.
Personally, I would hope that HN people know better than to blindly trust an opaque algorithm running off an opaque database to never make a mistake in where it sends SWAT teams.. but here we are.
Remember ICloud is operated by Chinese company in china.
There is no sense making laws you can't enforce. It erodes trust and credibility.
I don't think any of these scanned systems or policies will survive in the long run. They're inherently insecure and won't lead to growth.
https://www.howtogeek.com/719825/how-to-stop-windows-10s-ant...
If Microsoft receives an illegal file through this channel, they are legally obligated to report it in the US.
If most of your music is on major labels, then bandcamp may not be great for you.
I love it. I think I have around 300 purchases. It’s also great for discovering music. Much better than spotify in that regard.
(I'm unaffiliated, just sharing)
I use a Yamaha receiver (R-N803) that has their MusicCast software on it. And I use these various inputs:
- CD
- Phono
- USB. A little teensy usb loaded with music I’ve collected for the last 25 years - however, I’ve cleaned it up so it’s not filled with random things that makes my wife go “what is all this stuff! I just want to see MY music!”
- I have a Navidrome server running on a pi, with a hardrive connected to it. It basically contains the USB + all the other random stuff. This is played via the bluetooth input and Play:Sub app on my phone.
- Likewise I play the bandcamp app via Bluetooth through the receiver, and spotify as well (I mostly use spotify for listening to the back catalogs of established artists).
- Net Radio. Access thousands of radio stations, worldwide, that stream their service. It’s pretty cool!
There’s more. But, point is the setup is cool and diverse and it’s pretty easy to use.
I have a desktop (not laptop) for my own stuff and a laptop for company stuff and a dock and KVM setup for it.
I am not using the company laptop for personal stuff.
They aren’t.
> iMessage is next whether you want it or not.
Is there some evidence you have of this plan? Sounds like this is just a fear you have.
The EARN IT act. It may not be Apple's plan, Apple's plan, as you suggest, might only be for doing scanning on encrypted iCloud and excluding encrypted iMessage. But what Apple will be pushed to do after that is pretty clear.
Pinephone is my hope, too, but do not expect anything stable soon. That will take some time, probably years. It does not happen on its own, though, they need support now to make it a real alternative and not just a tinker toy.
Pinephone: Cheap. The device isn't very powerful. With people coming from an Apple device, that's a problem.
Fairphone 3: Fair. The hardware isn't very powerful either, and the device is more expensive, but the product is better for the people who assembled it and the environment.
Librem 5: Open. Even more expensive than Fairphone, but the hardware features killswitches, and there's no binary blobs. Lacks the fair advantages Fairphone has.
Each of these can run a myriad of FOSS OSes from a deGoogled Android (ASOP-based fork) such as /e/ or Ubuntu or Debian/Arch/Ubuntu mobile versions or SFOS (Sailfish) community version (without Android emulation layer!), and each hardware and software has their pros/cons. I use a Fairphone 3 with stock firmware with a Pinephone as back-up phone (and have to use a Samsung flagship device for work). Previously I used a Fairphone 2 with LineageOS + microG (kind of like predecessor of /e/ before that took off).
PS: On the gaming side, I'm getting a Steam Deck. Its a bang for the buck compared to Aya Neo/Nintendo Switch/gaming smartphones). No, it isn't open hardware, but the device runs Linux and you get root on it, plus all the reviews (including Linus Tech Tips) are positive.
It is nice the the fairphone trys to be nice and fair, but I would rather have a focus of a actual open phone under my control and they do not deliver this (not to blame them, the issue is hard). Fixing the global exploitive economy is a different issue and trying to solve everything at once is not working usually.
"Librem 5"
How useful is a microphone killswitch, if there is no killswitch for the speakers, that can be used as a microphone, too? And it would be news to me, that it is now completely free of binary blobs and their claims always felt a little bit dishonest to me. I recently read a interview by the former CTO that confirms it
https://www.phoronix.com/scan.php?page=news_item&px=Zlatan-T...
I would go with the Pinephone. For now I have a stupid samsung phone with facebook app preinstalled and unremovable, but have not yet found the time to try lineage with it.
I do have Xperia X & Xperia 10 II and can confirm Android emulation layern works very well.
You can run Sailfish OS on many other devices thanks to community porting work, but without support for the Jolla provide Android emulation layer. The devices will still run all the many native Sailfish OS apps + ARM compiled flatpaks just fine & the is community work in getting Anbox to run to provide Android emulation on the community ports as well. :)
It's at the top of my if-I-ever-jump-ship-from-Apple list of phones.
(1) To Pinephone designers: I would absolutely love a 2cm thick Pinephone if that allowed some more speed and serious battery life. I'm serious about that; my current phone is a Nokia 8110 4G (the new "banana") which is 1.5 cm thick, and although the OS is a joke and I use it only for calls and as 4G access point for my laptop, wrt usability it's the best thing I've bought in years.
This is exactly what the keyboard mod is for. The keyboard has 6000 mHa battery (although it does not make Pinephone run faster).
https://www.govinfo.gov/app/details/USCODE-2011-title18/USCO...
Client side scanning is a prerequsite to making it e2e if you also want countermeasures against CSAM.
FISA orders are not warrants and do not require probable cause; the FISA Amendments Act Section 702 spying that goes on (aka PRISM internally to the IC) pulls data directly from cloud provider systems without a search warrant and was cited by Ed Snowden as one of the main reasons he came forward.
Probably not monumental task, to change to scan every picture.
They can't pretend they don't have the capability.
And if they can scan for CP, why can't they scan for "whatever" else instead.
I think its more than that. images sent with iMessage are stored in iCloud, even if the device is not necessarily uploading.
How else would that have such warnings they claim in their announcement. [1]
And we have seen these systems have their scope/use case changed in the past [2]
To the point in the other discussion [3]. OP stated that Apples plans to scan and then upload suspected images are illegal. But i would think that they are only scanning images, client side, that users themselves are attempting to upload (either though attachments, or automatic iCloud backups etc) which would put Apple in the clear. In this case that would be iCloud images, or those that piggyback iCloud services like iMessage etc.
[1] https://www.apple.com/child-safety/ [2] https://www.eff.org/deeplinks/2020/08/one-database-rule-them... [3] https://news.ycombinator.com/item?id=28110159
And of course the scope could change tomorrow. Just like the scope of Android could change tomorrow. They could even have changed the scope without doing an announcement!
In my comment history it clearly shows that there's an effort to parse through the information and seek clarity.
And its worth noting that iMessage data is and can be backed up to iCloud, and not just using backups. For many with multiple devices this is specifically useful.
https://support.apple.com/en-us/HT208532
Further, as to this
>And of course the scope could change tomorrow. Just like the scope of Android could change tomorrow. They could even have changed the scope without doing an announcement!
I am pointing out that there is a specific history of this already on record and documented. And their technical documents specifically state their intentions.
Page 3 : https://www.apple.com/child-safety/pdf/Expanded_Protections_...
"This program is ambitious, and protecting children is an important responsibility. Our efforts will evolve and expand over time"
I don't understand why you find such an observation so offensive. Its pretty clear Apple sees this as a first step into what will eventually be a much larger program.
Nobody is objecting to opt-in clientside content filtering.
Because they’d also need to be announcing that you can no longer reset your iCloud password and recover to a new device. And I’ve not seen anything that suggests this.
So I suspect it is encrypted at rest, with a key known to Apple as before as well as this CSAM approach.
Citing final phrase on the paper to TLDR their system:
> Apple is able to learn the relevant image information only once the account has more than a threshold number of CSAM matches, and even then, only for the matching images.
This applies only for images, so you can still reset your password. Technically, there are two layers of encryption on images. Regular server-side encryption and this "E2EE like" encryption, which allows access for CSAM matches in specific threshold.
[1]: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...
Today this is less about physically tying management and physically putting wax in the crews ears and more about technically and legally making oneself unable to touch the juicy juicy customer data.
This is no different than a private doctor testing for illicit drugs and reporting results to the DEA (they literally do this for ADHD patients.)
Except that they can’t and don’t.
We crossed this bridge a long time ago. Apple already has on device Neural Nets processing everyone one of your on device photos. That’s what powers spotlight search and “photo memories”.
Simple fact of the matter is that this isn’t the top of some slippery slope, it’s half way down one. A slope we started down when we figured out how to put powerful Neural Nets on mobile devices in people’s pockets.
> Until it's not. Once again, once it's in place, it's a lot easier for malevolent actors (governments) to force it to be used other ways.
Which is why Apples current solution makes it cryptography impossible to decrypt photos until a large enough number of suspect photos have been uploaded.
Yes, you might laugh and say that won't happen, but on-device scanning is the first step.
In less trustworthy countries it's not that farfetched to imagine what this can be used for.
So Apple must back down now or face the consequences in the form of loss of reputation and eventually loss of sales.
I keep seeing this jump. There's no evidence this will happen. Apple can already technically do anything they want to compromise the security of your device in the next software update, so could Google or Samsung or any other company. But when in Apple's history have they done this? There is zero reason to believe this is the next step other than speculation and fear mongering.
But they're making it easier for governments to come along and force them to do more. Or even for themselves, but I tend to think they're less of an issue.
I know "it's a slippery slope" gets overused... but if you keep taking baby slips down that slope, it only gets slipperier. You should avoid taking as many of those steps as possible.
It is as easy as always been. Only problem is that this might give them new ideas. As the most of the politics are probably non-tech people, they don’t know what is possible.
For tech person, functionality like this (on-device scanning and flagging) is super trivial to add. Antivirus engines have existed decades.
Oh wow, that's a very interesting option - I like the way that hinge works, but I fear that a mechanical part that complex in a smartphone is likely to become worn out quickly (source: I had both a Moto RAZR and a T-Mobile Sidekick back in the day and both would barely stay closed by the time I upgraded).
> the Pro 1 X is just a rebrand
This is very interesting to me, would you mind filling me in on what it's a rebrand of?
> They've tried to do this for decades and have failed.... Let's see how voters like it.
My "point" is that I thought the same way you did -- look what a mess Clipper Chip was, they always want backdoors but surely a voice of reason will show up, etc -- but something has changed. Couple the vote in the EU with the way the major tech companies reacted to GDPR (you'd be surprised how many sites simply block all of Europe rather than comply) and it's a wakeup call. There is a real chance of the bad guys winning here.
Maybe we'll get lucky and the next vote will fail, or maybe if it passes there will be providers that refuse to comply. I think if it happens, it's far more likely that most will cave, and a few will just pull the plug and stop offering service.
In short, you might be right to be afraid of this outcome, but it has nothing whatsoever to do with CSAM countermeasures.
>That, of course, is the rub: Apple controls the algorithm, both in terms of what it looks for, what bugs it may or may not have, and also the inputs, which in the case of CSAM scanning is the database from NCMEC. Apple has certainly worked hard to be a company that users trust, but we already know that that trust doesn’t extend everywhere: Apple has, under Chinese government pressure, put Chinese user iCloud data on state-owned enterprise servers, along with the encryption keys necessary to access it. What happens when China announces its version of the NCMEC, which not only includes the horrific imagery Apple’s system is meant to capture, but also images and memes the government deems illegal?
>The fundamental issue — and the first reason why I think Apple made a mistake here — is that there is a meaningful difference between capability and policy. One of the most powerful arguments in Apple’s favor in the 2016 San Bernardino case is that the company didn’t even have the means to break into the iPhone in question, and that to build the capability would open the company up to a multitude of requests that were far less pressing in nature, and weaken the company’s ability to stand up to foreign governments. In this case, though, Apple is building the capability, and the only thing holding the company back is policy.
I agree that it could be used to detect image collections (and only image collections) that are not porn, that users upload to iCloud Photo Library.
That is the only established abuse case. Apple has categorically denied that they will comply with it, just as they refused to help the FBI in the San Bernardino case.
Even if they do end up complying in China because China passed a law, authoritarianism in China is a red herring. This mechanism is of no consequence to the Chinese government.
All of has absolutely nothing to do with your claim that ‘iMessage is next’ and the article doesn’t support your claim.
That’s the point - people keep claiming some nefarious slippery slope, which is of course in the realm of possibility, but is not actually happening.
So what actions are you referring to that show they won't do any of those scary things?
Because that actually happened, and in a democratic country even.
So it's not hard to imagine what less democratic countries could demand of Apple.
https://www.abc.net.au/news/2021-06-29/queensland-coronaviru...
https://daringfireball.net/2021/08/apple_child_safety_initia...
Not true. They will be scanning your messages also for inappropriate content - https://www.apple.com/child-safety/
If you're talking to adults, or children whose parents don't want to use the service, you're not getting your photos scanned.
My sense is Apple is trying to keep CASM off their servers. Scanning phones before it gets there was their solution to what I assume is a government demand/ultimatum. “Do this or we repatriate your foreign entity taxes” or some other shit.
I too feel that Apple just caved and eroded trust that took decades to build up. The only way this gets sorted is the “screeching minority” continues to screech and brings other in. Notify state attorneys general, FTC, etc. will that do anything? Who know? My bet is that it’s the DOJ behind all of this.
Hopefully the plaintiff bar which are already preparing class action lawsuits will find a way to get documents in discovery that allude to government coercion. But then again I’m sure there would be a clever way those are not produced under some “national security” bullbaiting reason.
All we can do is try, and keep the pressure on.
But what happens the second they get an order from $GOVERNMENT that tells them to use the spyware to also look at other documents on the device?
I think it's pretty obvious what Apple will say. They'll say "OK." They have no plausible deniability to tell $GOVERNMENT to go pound sand - they have demonstrated the capability already! Telling the spyware to scan different files is a trivial change from a technical perspective.
And after the case to stop them refusing security updates for those without it installed+enabled, there will need to be another one to force them to allow it to be disabled, then a few circuits around the court of public tattle to make it really disable and not magically re-enable itself at random intervals.
https://www.apple.com/ios/ios-15-preview/features/ (under settings)
iCloud Photo Library is an optional feature, and there are numerous alternatives.
It’s really ridiculous to try to call this “opt-in”.
None of my photos have been scanned, nor ever will be unless I choose for them to be. I don’t have to do anything to achieve this. They won’t scan anything unless I decide to go ahead.
That is the very meaning of opt-in.
Opt-out typically means that someone will go ahead with something unless you decline. This is not that.
I do agree that if I don’t want on device scanning in future, I will need to choose another could photo service, but in the meantime, nothing will be scanned without me taking positive action to initiate it.
Of course it matters. Politicians must listen to voters on topics of import or they're out. If you're arguing against democracy and for some imagined alternative, then I can't help you because that's a worse outcome.
It's true some policies do pass that a lot of people don't want. It's up to the voters to make an issue of that in the next election cycle. As an American living in the EU you can certainly use your voice. That may be as consequential as your vote if you are convincing. Since I do not live there I don't engage in those politics, despite the connectedness of the world. There's enough to deal with on our home turf.
I don't have to bring a solution to notice that the system we have is not working. (That's not to say I don't wish I had one, I just don't.)
> As part of setup, the device generates an encryption key for the user account, unknown to Apple.
The question is, how is this generated. Can it be re-derived from information Apple has? If not, how will Apple handle cases where the user loses or breaks their device?
Is it derived from the iCloud password? Currently Apple can reset your iCloud password and restore access to your images. Will Apple no longer be able to do this in the future?
It’s really unclear to me, and I’d want explicit answers to these questions personally.
[1]: https://www.apple.com/child-safety/pdf/Apple_PSI_System_Secu...
But it’s still not clear how that key is derived. It’s not clear, as implemented that Apple do not hold a master key to decrypt all data (as they do currently).
In fact, if the key is randomly generated, if you have one device (as many users do) and you lose that device. Do you lose all your data? Even if you have your iCloud password?
It doesn’t make sense. It would be a massive change to how iCloud currently operates and is used. And I find this extremely unlikely.
Right now, you can browse your photos online. That functionality is going away?
There are seemingly many open questions. But given that there’s no clear statement from Apple, I’m inclined to believe that they retain the ability to decrypt all data.
That’s exactly what this is. If you use iCloud Photos your pictures will be scanned unless you explicitly disable iCloud Photos.
How is that not opt-out? You never get asked if you’d like to opt-in to have your images scanned for CSAM.
Apple is only checking images you choose to upload to iCloud photos to see if you are uploading a collection of CSAM. This is entirely optional, and they have publicly explained what they are doing.
They are not sniffing through your communications as they see fit.
Take traditional mail. That is not opened, it is, usually, not read. Nor is content checked. It can, and is, opened in case of warrants (let's ignore totalitarian regimes here). What Google is doing when it comes to photos, as was Apple before, is opening every envelope containing photos to check wether or not it was CP. Already bad enough because they still opened your mail. You could avoid that by just using another mail carrier, so.
What Apple is doing now is checking you photos before you put them in the envelope. In case they find too many stuff they don't like they open all your other photo albums. And they tell authorities. Without any means for you to prevent that. It's like the postal service looking at your mail before they pick it up.
All that without oversight by courts. Without proper legal and investigative proceedings. Heck, even without any law, currently, forcing them to do that.
The more recent incidents where that or similar things happened were:
- the USSR
- the DDR with the Stasi
- Nazi Germany
- Western allies during WW2 through dedicated censorship bureaus
All of those were historically deemed unacceptable, maybe necessary for the greater good so. Now a private entity, with a global reach, does the same thing in principle. Even with the technical capabilities to do it on a much larger scale, and more thoroughly. And because of Apple being private is, for some reason, ok for you.
Not sure if further discussion woth you has a point, I'll just leave it at that.
Ad hominem is bad faith. It’s usually a sign that you know your arguments don’t hold up.
> What Apple is doing now is checking you photos before you put them in the envelope.
No, an ‘envelope’ is a totally misleading analogy. This has nothing to do with sending messages.
If you want an analogy try this one: Apple provides a warehouse for people who want to store copies of their precious photos. They give you a copier to make copies of your photos, you give them the copies, and they file them.
Because they don’t want a vault full of child porn, then equip the copier with a scanner to detect known child porn while it makes the copy.
That is all that is happening here. No sniffing through communications as they see fit, only a way to prevent you from uploading child porn to their service.
Anyone saying otherwise simply isn’t being truthful.
That doesn't make sense. The issue is that Apple is very publicly signaling they are changing their approach to privacy now. Companies change approaches to any number of things all the time, they're not static entities. As such you have to evaluate their nature as a consumer on an ongoing basis, not one time forever. It's true of food, it's true of consumer electronics, it's true of general product or service quality, it's true of privacy issues or censorship, and so on. Apple even knew the consequences ahead of time - per the insider notes - and don't care, they charged ahead regardless.
It would be much harder for them to pull of if the system was open with user actually in control.
This is obviously not effective given that you can get around it that easily if you want to. Coincidentally though, it will be totally effective at surveilling the 99.999% that are normal users and won’t go out of their way to disable iCloud. The whole CP thing is such an obvious farce.
Well, until protesters want to use an app in the store to coordinate their protests yet the government wants you to reject it, so the protesters can't use it:
https://www.applefritter.com/content/teargas-walled-garden-i...
With users not being able to install the app themselves Apple is the single point of failure with no plausible deniability like Android (any any sane OS in general) has. And they did reject the app.
And just a few months before this happened I attended a talk about free software from FSF and they mentioned just the same thing about iOS and the gate keeper being the single point of failure a repressive regime can apply pressure on. Turned on to not be far fetched at all...
Apple have always had the capability, and have been advertising it as central selling point of new versions of iOS for years. That ship sailed along time ago.
Before that, Apple put up a front that they would fight for user privacy at every turn. They pitched that over and over and over again as a corporate ethos, a selling point. That was the facade at least, even if one is cynical and wants to pretend it was a lie. Now they're not even presenting the facade, which will open the flood gates dramatically. They went from a supposedly resisting agent, to a morally gray and willing agent at a minimum. Apple dumped an enormous vat of blood into the shark infested waters.
As for the US government having access to the backups, that’s required by law.
You can always make the paranoid case that Apple wants to do this because they are somehow lying about their values, or you can make the case that their hand has been forced.
You could also note that they promised to implement e2e backups but haven’t yet, and this is rumored to be because the FBI asked them not to.
If you assume that Apple is doing this stuff because they want to, then of course you’ll see this next move as just another bad thing they are doing.
If on the other hand you consider that they don’t want to do these things but are being forced to until they have a better option, then you can look at this move as a way to get out of a double bind.
Now they can turn on e2e without being accused of creating a safe haven for pedophiles.
Both pathways are plausible, but given the investment in privacy Apple has been making and the consistency with which they state their values and boundaries, I don’t think they want to be creating backdoors.
This is a false statement. Google's android backups are end to end encrypted.
Encrypted or not, Google will give the backups to the government, along with any keys they have.
I agree that there would be more protection against the government if the backups were encrypted, and I hope this is still Apple’s plan.
Google on the other hand, has been scanning photos for CSAM all along, and collects a massive trove of behavioral data from android and every one of their other properties including search history, all of which are also available to the government.
Has Apple thought this through?
Without iMessage/Facetime, a large part of the peer pressure teens get for having an iPhone is gone. Now they might start asking for a Galaxy or something like that.
It could (maybe) also be a prelude to enabling E2E encryption for everything in iCloud.
Firstly - CASM scanning is done via fingerprinting - the image is fingerprinted on device and when uploaded to iCloud that fingerprint is compared with the "dodgy images" fingerprints and an alert raised if a threshold of matches is reached (what's the threshold and with whom?)
Secondly - there is on-device AI image recognition - when you send an image to someone else (via iMessage or the share sheet) it is checked for nudity and if the iCloud account in question is registered to a 13-year old or younger, their parents are alerted.
In both cases the fingerprinting/scanning is on-device and is triggered by the images leaving the device.
Nope. The comparison is done on the device and the threshold is set there as well.
I am not sure how alarmed I am yet at this whole affair but I do know that maybe 50% of posts I read about this have glaringly incorrect information which definitely dampers my alarmism.
As I understand it the fingerprinting and comparison is done on device, but it only happens as part of the upload-to-iCloud process. So the grandparent's phrasing isn't unreasonable.
I don’t think Apple are stupid, it would have been a clear PR win if they said “we’re adding E2EE”.
Given no explicit statement, and how drastically it changes the nature of their service, I don’t think your speculation is justified.
I know that physically / electronically, a speaker is a microphone, but is there any way for someone to actually record sound through the speakers on the librem? There is a lot more to a microphone than just the diaphragm...
https://www.hackread.com/hackers-steal-data-air-gapped-pcs-m...
A lot of people in our world simply cannot afford a Fairphone. I can, and I applaud the project, so I went for it. I also applaud the other projects, and remember that perfect is the enemy of good. That a Librem 5 isn't going to be perfect in terms of security, is OK. Its their first iteration (and they had various iterations of it, which lead to considerable delays).
There's also some keyboard smartphones such as Planet Cosmo Communicator and Planet Astro Slide. And some other ones as well such as F(x)tec (which is a good successor to Nokia N900). These are also niche, specific, with their hardware keyboard (which include custom layout such as Dvorak). But they can run alternative OSes, by default. I believe that, for me, this (hardware keyboard smartphone) is going to be the ultimate usability dream, if the keys are large enough. I previously owned a Nokia E71 and Nokia N900, before touch typing became the status quo.
> [...] I recently read a interview by the former CTO that confirms it [...]
I also backed Astro Slide (and own a Cosmo Communicator), and am disappointed with their hardware downgrade from Dimensity 1000 to 800. I hate it when promises are not kept. But it happens. As mentioned I owned a Nokia N900 previously, but I wasn't fond of the keyboard, so I hope Astro Slide's going to be better. And, given its like the Cosmo Communicator (which I am used to), I am confident it will be. The big disadvantage of Planet devices is their slow updates, and being reliant on Mediatek (MTK) which means EOL soon.
With regards to hardware keyboard I read Pinephone is planning such as well, which is great news because its otherwise such an affordable smartphone. Pine64 sells a lot of other cool FOSS stuff such as Pinecil and Pine Camera.
It's the only phone running FSF-endorsed OS without binary blobs, PureOS. It's recommended by the FSF [0]. More details here [1].
[0] https://www.fsf.org/givingguide/v11/
[1] https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
Speakers can be wired to do that, but this is not something you can change with software.
I've never used a phone like this, but are you also forced to provide FB credentials during initial setup? If not, then is the FB app just being installed a privacy threat if it is never used? Is it still accessing information on the phone without being tied directly to you?
I would be worried that even without logging into Facebook or giving it my credentials, my FB-ized phone would help FB's efforts in creating and maintaining shadow profiles. As far as I'm concerned, since the FB app is tied into the OS so tightly that it cannot be removed, it poisons the phone and makes it an adversarial surveillance device.
This type of poison, of course, is not limited to Facebook.
These preinstalled apps are still crap though, I'd rather have a smaller system partition and a bigger user data partition, should I own such a phone.
I don't know. I do not have FB. But the fact, that I still have to have the app no matter what I want, illustrates my point, that I really do not own or controll this phone. But it works reliable, was affordable - AND I can remove the batterie.
And I do it regulary, because then I can be sure, it is really turned off.
Otherwise I kind of assume everything I do with it or around it, is potentially recorded.
So yes, I really, really want a phone that I can trust, even if it is turned on.
Good to know about deactivating apps on Android, though; thank you! I do not remember if I had that option.
Maybe not at all likely (in my case) but when we talk about real security and for some people this is indeed a question of live and death, then I don't want to promote half solutions.
edit: to clarify. , yes a microphone killswitch is probabyl useful in the way that it eliminates most common attack vectors to silently listening to people, but it is potential harmful if people would rely on it for 100% - but do get listened to and send to gulag because the local KGB did in fact took the effort to implement such spyware