Apple's iPhone scanning scandal and the Mac

[GrumpyCoder]

If you use filevaulth, can apple scan pictures or content of hdd?

In theory, yes. Anything you access on your system, they could access as well (I'm not saying they do). This has to be done locally anyway (searching in finder, etc.), what's new is the "report back to Apple" feature about things on your device.

What are your thoughts on replacing your iCloud usage? Afaik Linux doesn't do that part.

To be honest, I'm only using iCloud as a normal account/email and syncing passwords for websites across devices. So I don't really have a plan when it comes to that. When it comes to File syncing between devices I'm using DevonThink Pro, which is E2EE. You can use a server to work with Linux/Windows. If I'd fully switch, I'd have to think about something new for a better workflow.

 

[deeddawg]

I want a machine whose manufacturer has no capability to scan my drive even if I'm fool enough to "opt in".

 

[crymimefireworks]

To be honest, I'm only using iCloud as a normal account/email and syncing passwords for websites across devices. So I don't really have a plan when it comes to that.

I saw somethjng related to this the other day - 1Password looking into self hosted options:

1password is considering a self-hosted option to store vaults | Hacker News

news.ycombinator.com

 

[bobcomer]

View attachment 1816540

It may come down to that!

 

[crymimefireworks]

I want a machine whose manufacturer has no capability to scan my drive even if I'm fool enough to "opt in".

Here here! All this phone-home stuff is a non-starter. Apple thinks we don't have any options. And the thing is, they're right...for now, for this quarter. Alternatives suck.

But consumer demand is a game changer. Vote with your dollar -- I'm just not entirely sure where yet. Ideas?

 

[quarkysg]

No, that is not correct. It is a simple tool that works on any type of data/content. And the behavior can be changed at any time, by modifying configuration files. You don't hardcode these things, that's a 80s thing.

I dunno if it's as simple as you described. It is an image analysis tool that has the ability to detect that same image after cropping, colour changes etc. The image processing course I took many many moons ago involves lots of transforms and computation. They could be using a neural-network that's been trained to generate the hashes. So I'm thinking it's not so straight forward.

 

[Shirasaki]

That functionality is still there. They backpedaled on the whole App authentication. But the core functionality still exists and they can use it anytime. Tools like LuLu explicitly mention this on their website.

Apple can’t control third party hardware firewall behaviour, so one can attempt to block such connection outside Of macOS using something called USB computer stick. Dunno how routing traffic through it works but might worth a try. Or just good old fashion raspberry pi.

But then, apple can detect if Such connection exist, and stop the function altogether if monitoring can’t be continued. This means even deeper analysis needs to be performed to block that, until it is no longer possible.

Right now in my mind Apple is planning to go all out to plug every single loophole customer might come up with and enforce client based mass surveillance in the name of (insert good cause here). Apple has become a big villain.

 

[crymimefireworks]

Apple has become a big villain.

You're onto something here. So what are you doing about it? Any tips?

 

[Shirasaki]

You're onto something here. So what are you doing about it? Any tips?

I’d try hardware firewall as a starter. And then I need to research connections Between apple server and iOS device as well as Mac, finding out how they go about things, then write rules to block it. I have to constantly update it as time goes on to maintain the blocks while using cloud function normally. It’s an endless uphill battle Until either I lose or Apple gives up plugging the holes.

 

[leman]

Here here! All this phone-home stuff is a non-starter. Apple thinks we don't have any options. And the thing is, they're right...for now, for this quarter. Alternatives suck.

But consumer demand is a game changer. Vote with your dollar -- I'm just not entirely sure where yet. Ideas?

It's not about consumer demand, it's about legislation. We need functional legislation protecting consumer data. In the USA, the data is not your own to begin with. In the EU, the situation is somewhat better but also worse at the same time, as recent developments show — with government mandating obligatory communication surveillance agains the citizen's wishes.

You can vote with your dollar all you want, it makes no difference if the ISP/storage provider/communication company is really obliged to spy on you. And the "free" alternatives will always be a niche case as they lack the convenience and functionality of the commercial products. In fact, if everybody would drop Mac and Windows overnight and move to Linux, it would just take a couple of weeks before Linux would be flooded with malware. The only reason why Linux is "secure" is because most Linux installations run carefully setup server configurations behind professional security equipment and because it's desktop user share is so negligible that hackers simply don't care.

Apple can’t control third party hardware firewall behaviour, so one can attempt to block such connection outside Of macOS using something called USB computer stick. Dunno how routing traffic through it works but might worth a try. Or just good old fashion raspberry pi.

But then, apple can detect if Such connection exist, and stop the function altogether if monitoring can’t be continued. This means even deeper analysis needs to be performed to block that, until it is no longer possible.

Right now in my mind Apple is planning to go all out to plug every single loophole customer might come up with and enforce client based mass surveillance in the name of (insert good cause here). Apple has become a big villain.

Well, let's not go overboard with this either. Sure, Apple is opinionated, but I see no immediate reason to ascribe this kind of nefarious intent to them. They do not control third-party firewalls, and while they did try to exempt some system services from the filter API, they did quickly reversed their course when met with minimal resistance.

 

[Shirasaki]

Well, let's not go overboard with this either. Sure, Apple is opinionated, but I see no immediate reason to ascribe this kind of nefarious intent to them. They do not control third-party firewalls, and while they did try to exempt some system services from the filter API, they did quickly reversed their course when met with minimal resistance.

Safari is so bad I can’t even quote messages easily anymore.
I assess this move as an ever changing matter. They may not do it now, but who knows what’s happening several years down the line. Hardware firewall will always be on my card from this point on.

 

[crymimefireworks]

It's not about consumer demand, it's about legislation. We need functional legislation protecting consumer data. In the USA, the data is not your own to begin with. In the EU, the situation is somewhat better but also worse at the same time, as recent developments show — with government mandating obligatory communication surveillance agains the citizen's wishes.

You can vote with your dollar all you want, it makes no difference if the ISP/storage provider/communication company is really obliged to spy on you.

Wow that's a lot to think about. What are you doing to push for functional legislation? What can I do?

 

[Shirasaki]

View attachment 1816540

Sure. Who needs computer for transmitting information anyways? How our ancestor lived all these millions of years without internet. /s

 

[GrumpyCoder]

I saw somethjng related to this the other day - 1Password looking into self hosted options:

That is certainly an option for passwords. LastPass is too. I'm not there yet, but have those on my list.

I dunno if it's as simple as you described. It is an image analysis tool that has the ability to detect that same image after cropping, colour changes etc. The image processing course I took many many moons ago involves lots of transforms and computation. They could be using a neural-network that's been trained to generate the hashes. So I'm thinking it's not so straight forward.

Well, for now I'd focus on comparing hash values. They can do that for any file. Search functionality is already in the OS, what's new is the ability to radio results back to Apple. That's really the problematic part. Everything else is on top of that and a different can of worms. How they show me all dog pictures on my system when I type dog into spotlight, is a different problem. They can easily compare hashes for websites, audio files, whatever they want. There's no difference.

Apple can’t control third party hardware firewall behaviour, so one can attempt to block such connection outside Of macOS using something called USB computer stick.

Sure, you can use external firewalls and "fix" the issue. But let's be honest. Except for your home, how often can you dictate firewall rules? When using my devices at home, there's no problem. As soon as I go to the office, this won't work anymore. And it certainly won't work for my iPhone unless I activate airplane mode. Not the solution I'm looking for.

 

[Shirasaki]

Sure, you can use external firewalls and "fix" the issue. But let's be honest. Except for your home, how often can you dictate firewall rules? When using my devices at home, there's no problem. As soon as I go to the office, this won't work anymore. And it certainly won't work for my iPhone unless I activate airplane mode. Not the solution I'm looking for.

The stuff I’m talking about is like a computer powered by USB. You connect it to a USB port, and it’d power on and execute programs etc.

Some lovingly refers to them as “streaming stick” but they could easily be used for hardware firewall. But I have no idea how this would possibly work, just a thought.

 

[GrumpyCoder]

The stuff I’m talking about is like a computer powered by USB. You connect it to a USB port, and it’d power on and execute programs etc.

Some lovingly refers to them as “streaming stick” but they could easily be used for hardware firewall. But I have no idea how this would possibly work, just a thought.

Not sure how that would work. The functionality is embedded deep into the OS, so it wouldn't really help with the issue unless it's rewriting macOS.

 

[dugbug]

Or the hashes matched.

not even then. X number of images in your library also have to match to trigger notification. For a hash to match one is.... extremely unlikely. For it to have to match multiple hits would be like one in a trillion? (someone check me on the quote)

-d

 

[Shirasaki]

Not sure how that would work. The functionality is embedded deep into the OS, so it wouldn't really help with the issue unless it's rewriting macOS.

Yeah but when data is sent outside of macOS, Apple has no control. The USB computer would receive the signal, process it, and send the signal to router or wifi ap or whatever. Basically, that USB computer is a mini router for the Mac.

 

[dukebound85]

I wonder where the "one in a trillion" number came from. There are fewer than eight billion people in the world and I'm pretty sure not all of them own Apple devices. One in a trillion means that nobody is ever going to have their photos seen until the population of Earth reaches a few trillion and then one person will get an oopsie?

there are trillions of photos out there

 

[GrumpyCoder]

not even then. X number of images in your library also have to match to trigger notification. For a hash to match one is.... extremely unlikely. For it to have to match multiple hits would be like one in a trillion? (someone check me on the quote)

Check the link that's already been posted to a blog of someone who works with this stuff and gives regular talks at DefCon.

Yeah but when data is sent outside of macOS, Apple has no control. The USB computer would receive the signal, process it, and send the signal to router or wifi ap or whatever. Basically, that USB computer is a mini router for the Mac.

Then you'd need to connect your Mac to some USB computer and in turn the USB computer to a network. Sure, that can work. From a practical point of view, not an elegant solution as you'd still have to connect to the USB computer any time you want to connect to a new WiFi. I think I'd just hop on the full Linux train then.

 

[dukebound85]

Absolutely invalid and ridiculous analogy. With an iPhone you're licensing the use of iOS as you are with MacOS. I own my home lock stock and barrel. I'm not licensing use of it. LMAO try again.

no, it's quite fitting

you are just arguing semantics

by the way, you do not own your home lock stock and barrel.......try not paying property taxes to test your "theory". you are effectively leasing your home from the government

 

[bobcomer]

Not sure how that would work. The functionality is embedded deep into the OS, so it wouldn't really help with the issue unless it's rewriting macOS.

It would work because you'd use it as your gateway/proxy server. We do the same thing on a much bigger scale on a company's LAN using a real hardware firewall. (ours is a firebox) It wouldn't even be all that hard to set up.

That said, there's always a way around it either using different or rotating ports and different destination addresses. (assuming you allow any traffic out at all)

 

[bobcomer]

no, it's quite fitting

you are just arguing semantics

by the way, you do not own your home lock stock and barrel.......try not paying property taxes to test your "theory". you are effectively leasing your home from the government

You do own the iPhone itself though... (assuming no contract)

 

[bobcomer]

not even then. X number of images in your library also have to match to trigger notification. For a hash to match one is.... extremely unlikely. For it to have to match multiple hits would be like one in a trillion? (someone check me on the quote)

-d

I've seen nowhere that says it takes X number of images -- 1 would trigger it from what I've seen.

 

[leman]

I've seen nowhere that says it takes X number of images -- 1 would trigger it from what I've seen.

Their documentation talks about a "threshold" that has been met before a partial decryption key is generated. Apple is physically unable to decrypt the images before that threshold is exceeded. I don't think they mention how large that threshold is.