Apple's iPhone scanning scandal and the Mac

[dugbug]

I've seen nowhere that says it takes X number of images -- 1 would trigger it from what I've seen.

To quote Gruber:

Furthermore, one match isn’t enough to trigger any action. There’s a “threshold” — some number of matches against the CSAM database — that must be met. Apple isn’t saying what this threshold number is, but, for the sake of argument, let’s say that threshold is 10. With 10 or fewer matches, nothing happens, and nothing can happen on Apple’s end. Only after 11 matches (threshold + 1) will Apple be alerted. Even then, someone at Apple will investigate, by examining the contents of the safety vouchers that will accompany each photo in iCloud Photo Library. These vouchers are encrypted such that they can only be decrypted on the server side if threshold + 1 matches have been identified. From Apple’s own description:

Using another technology called threshold secret sharing, the system ensures the contents of the safety vouchers cannot be interpreted by Apple unless the iCloud Photos account crosses a threshold of known CSAM content. The threshold is set to provide an extremely high level of accuracy and ensures less than a one in one trillion chance per year of incorrectly flagging a given account.

 

[bobcomer]

Their documentation talks about a "threshold" that has been met before a partial decryption key is generated. Apple is physically unable to decrypt the images before that threshold is exceeded. I don't think they mention how large that threshold is.

If they don't mention it, it's 1, or can be changed to 1.

 

[leman]

Wow that's a lot to think about. What are you doing to push for functional legislation? What can I do?

I really don't know. Myself, I am in a bit of a weird situation since I changed my citizenship and them moved to a different country, which made me ineligible to vote. So here I am, an almost 40-ish guy who never really had voting rights in any place he used to live, which makes me effectively devoid of political presence. I suppose discussing these things, making your family and friends aware of the issues and lobbying your local representatives is always a good start...

 

[leviderschreckliche]

The most you can do is disable iCloud photos.

lets gooo!

 

[PsykX]

Of course Google, Facebook, and others have been doing this for years. Apple too. Apple is just doing it on device now instead of just scanning iCloud photo libraries.

I do hate the entire concept, it's a real harm to privacy.

But Apple might be the only business that's transparent about their practices and I'm glad they are.
As you said, of course other tech giants have done it for years, but they're silent about it.

 

[Shirasaki]

Then you'd need to connect your Mac to some USB computer and in turn the USB computer to a network. Sure, that can work. From a practical point of view, not an elegant solution as you'd still have to connect to the USB computer any time you want to connect to a new WiFi. I think I'd just hop on the full Linux train then.

I’m way too deep into apple ecosystem I don’t think I can really escape without massive change of my lifestyle, so that would be my compromise. Doesn’t really hurt having some sort of “options” I guess.

 

[4743913]

none of this is new... and it has never been about the children.

Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company's iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

www.reuters.com

this is what happens when the ovis aries (phone people) gladly give up their freedom to control their own devices in order to feel safe.. it doesn't end with a dos emulator. it will continue.

 

[JMacHack]

I’ve detailed my thoughts here:

https://forums.macrumors.com/thread...n-and-messages-scanning.2306957/post-30159407

I don’t like this change, but looking at myself critically, this change really change things for me. Any potential wrongthink that would land my ass in prison is already out there in public and any potential spying has already been done. (Let’s not forget that your isp does snooping themselves).

I recognize that I use Apple products for work and convenience. Privacy in the digital age is nigh impossible to get. I don’t blame anyone for being outraged over this, I am as well, but it’s time to recognize that digital privacy was an illusion. One that Apple has just shattered.

That said, my personal folder and gun and bomb making instructions are going to move to a harder to access drive.

 

[JMacHack]

On a more technical note:
The scan is only triggered when photos are uploaded to iCloud currently.

If this were to change sometime in the future, would a Linux VM with a file system that’s incompatible with the Mac (say, zfs) be readable by the process running on MacOS? There would likely be a way to make it so, but I’m spitballing ways to thwart the scanning.

Also, the daemon could be blocked by a firewall maybe? Like the Little Snitch issue before.

Of course there’s always dual booting, M1 Macs have “reduced security mode” still.

Again, the whole system reeks of malicious compliance to me. There’s so many holes that even basic tech knowledge can thwart the system (and it cannot check any NEW material made) that I can’t help but think this was made to address concerns by law enforcement. Maybe they got a message after announcing the iCloud onion router service.

Knowing that it only scans (currently) for known material, the political abuse potential seems low currently. If you save a lot of memes on iCloud then you have to worry, but memes are often transient and shared on social media, not saved to a device typically. So any entity likely already knows your political leanings from social media. And the current system can’t address any new material (such as photos from protests).

None of this is to say that it will not be expanded in the future (which I believe WILL happen). But it buys us time to think of countermeasures.

 

[dugbug]

I’ve detailed my thoughts here:

https://forums.macrumors.com/thread...n-and-messages-scanning.2306957/post-30159407

I don’t like this change, but looking at myself critically, this change really change things for me. Any potential wrongthink that would land my ass in prison is already out there in public and any potential spying has already been done. (Let’s not forget that your isp does snooping themselves).

I recognize that I use Apple products for work and convenience. Privacy in the digital age is nigh impossible to get. I don’t blame anyone for being outraged over this, I am as well, but it’s time to recognize that digital privacy was an illusion. One that Apple has just shattered.

That said, my personal folder and gun and bomb making instructions are going to move to a harder to access drive.

what exactly is the issue you guys have?

1. the parental feature 'objectional material identification' is totally on device and with parent for children 12 and under. No authorities (or apple) are notified ever regardless of your choices.
2. For icloud photo users ONLY: The hash #s are for *IDENTICAL* matches to MULTIPLE images of known offender imagery using hashes and a voucher packet that does not contain your image. Even then NO authority is notified until the voucher contents are validated by apple.
3. at no point is your photo sent anywhere.

This is some impressive work if you read the detailed document they posted to show how it works. I think if folks read how it works (just like COVID exposure notification privacy panics) its actually well done.

-d

 

[JMacHack]

what exactly is the issue you guys have?

1. the parental feature 'objectional material identification' is totally on device and with parent for children 12 and under. No authorities (or apple) are notified ever regardless of your choices.
2. For icloud photo users ONLY: The hash #s are for *IDENTICAL* matches to MULTIPLE images of known offender imagery using hashes and a voucher packet that does not contain your image. Even then NO authority is notified until the voucher contents are validated by apple.
3. at no point is your photo sent anywhere.

This is some impressive work if you read the detailed document they posted to show how it works. I think if folks read how it works (just like COVID exposure notification privacy panics) its actually well done.

-d

I’m indeed impressed, and I do think Apple went to great lengths to make this as private as possible. They could easily have just blanket scan and reviewed any possible match without hashing. But they went out of their way to reduce the level of exposure.

But this is still an invasion of privacy. We know how rabid governments are to spy on their own citizens, and how untrustworthy they are with our information. We all have something to hide. Read “three felonies a day”. Currently, the system isn’t objectionable. But we’re looking ahead for possible (and probable) abuses of this system.

We’re looking to protect our collective asses in case some government bureaucrats decide they don’t like us very much.

 

[turbineseaplane]

We’re looking to protect our collective asses in case some government bureaucrats decide they don’t like us very much.

And it shouldn't be overlooked that there are places around the world where this will be an issue - nearly immediately.

For many people it isn't some "down the road" thing to maybe worry about, etc.

(Yes, I know - Apple says it's slow rolling it - sorry, don't buy it for a second when it comes to stuff like this. They are getting chirped in the ear from governments all the time and the news cycle is always behind actual implementation of things that State actors want)

 

[GrumpyCoder]

And now, according to the latest news on MR, Apple is willing to open this up to 3rd party apps. What could possibly go wrong having WhatsApp, Snapchat & Co. "sniffing around" on everyones iPhone... if this whole thing is taking off, I guess it's "goodbye and thank you Apple, it's been a few great decades with you".

 

[turbineseaplane]

And now, according to the latest news on MR, Apple is willing to open this up to 3rd party apps.

Whoa...really?
I missed that - where does it mention that?

 

[auxbuss]

Whoa...really?
I missed that - where does it mention that?

See here: https://www.macrumors.com/2021/08/09/apple-child-safety-features-third-party-apps/

 

[JMacHack]

And now, according to the latest news on MR, Apple is willing to open this up to 3rd party apps. What could possibly go wrong having WhatsApp, Snapchat & Co. "sniffing around" on everyones iPhone... if this whole thing is taking off, I guess it's "goodbye and thank you Apple, it's been a few great decades with you".

I want to know the technical details of this. Does this mean 3rd party image databases? Is this restricted that the 3rd parties only see the hash? Or is it raw dog “use the image scanning for whatever”?

Has the same species of alien that Mark Zuckerberg is take over Apple? Is this a Pod People situation?

 

[crymimefireworks]

And now, according to the latest news on MR, Apple is willing to open this up to 3rd party apps. What could possibly go wrong having WhatsApp, Snapchat & Co. "sniffing around" on everyones iPhone... if this whole thing is taking off, I guess it's "goodbye and thank you Apple, it's been a few great decades with you".

Yeah looks like they're doubling down. This isn't "a mistake".

Installing Linux on my 16" MBP today....exciting times!

 

[GrumpyCoder]

I want to know the technical details of this. Does this mean 3rd party image databases? Is this restricted that the 3rd parties only see the hash? Or is it raw dog “use the image scanning for whatever”?

I don't know, we'll have to wait and see. But we've heard the argument that this is only limited to iCloud Photos and can be "deactivated" by disabling it and all would be good. If 3rd parties can use it now (no matter how), we're not done with turning iCloud Photos off, we have to turn off all the apps.

Has the same species of alien that Mark Zuckerberg is take over Apple? Is this a Pod People situation?

To be honest, I'm not sure what's happening here. Maybe I'll wake up at some point. I'm not saying others are not worse in what they do, but they do it on the web. I can choose not to use Facebook and nothing of stuff they do is finding its way on my device, but Apple is forcing me now to put it on my device. And that's not ok for me.

 

[Irishman]

Apple explains how iPhones will scan photos for child-sexual-abuse images

Apple offers technical details, claims 1-in-1 trillion chance of false positives.

arstechnica.com

Yep, it'll be included on Monterey as well.

Screw this.

What are you worried about? I heard on the Macbreak Weekly podcast from Rene Ritchie that the hashing that Apple is using for the feature cannot yield false positives. (1 in a trillion case), so, unless you're viewing, or committing child sexual abuse and taking pictures of it, you don't have to worry about anything.

 

[Maconplasma]

Wrong thread?

Yep. Thanks for pointing that out. Removed it.

 

[ader42]

I am sure Apple is actually just getting ahead of the curve as I think it will soon enough become a legal requirement for all cloud storage providers etc. to scan for CSAM. With Apple doing it this way (on device) maybe they can more effectively protect the privacy of what they are not legally required to “scan”. Time will tell, I don’t like it, I never wanted my computer supplier to become the police. iOS 14 and Big Sur may be the end of the Apple road for me.

 

[GrumpyCoder]

What are you worried about? I heard on the Macbreak Weekly podcast from Rene Ritchie that the hashing that Apple is using for the feature cannot yield false positives. (1 in a trillion case), so, unless you're viewing, or committing child sexual abuse and taking pictures of it, you don't have to worry about anything.

Rene Ritchie said so? Oh damn, why didn't you mention that earlier. Problem solved. Let's trust the creative folks making youtube videos instead of the experts in the field. And yes, that was irony. Hint, some people read linked articles pointing to people who give regular talks at conferences like Def Con.

 

[crymimefireworks]

I am sure Apple is actually just getting ahead of the curve as I think it will soon enough become a legal requirement for all cloud storage providers etc. to scan for CSAM. With Apple doing it this way (on device) maybe they can more effectively protect the privacy of what they are not legally required to “scan”. Time will tell, I don’t like it, I never wanted my computer supplier to become the police. iOS 14 and Big Sur may be the end of the Apple road for me.

Indeed. Don't forget to disable automatic updates!

re: legal requirement for cloud storage -- that's why encrypting it on the device was so promising. Don't ask, don't tell, all you see is encrypted noise.

 

[turbineseaplane]

Great piece on all this from Ben Thompson - don't miss it all

Apple’s Mistake

While it’s possible to understand Apple’s motivations behind its decision to enable on-device scanning, the company had a better way to satisfy its societal obligations while preserving…

stratechery.com

 

[turbineseaplane]

Rene Ritchie said so? Oh damn, why didn't you mention that earlier. Problem solved. Let's trust the creative folks making youtube videos instead of the experts in the field. And yes, that was irony. Hint, some people read linked articles pointing to people who give regular talks at conferences like Def Con.

I was about to say...
I don't even trust Rene for a balanced take on an Apple dongle review, let alone something like this.

Folks need to realize that a huge swath of Apple hot take bloggers/vlogggers/podders are really just an extension of the Apple PR department.