Will you leave the Apple ecosystem because of CSAM?

[CasualFanboy]

On-device : I own my device and I can decide to keep an old version of iOS if I don't feel comfortable with a new one.

You can also watch as all the updated features, bug fixes, and security patches you supposedly paid for are no longer provided to you, and experience the bit rot resulting from unmaintained software.

I'm not sure how applicable this is to phones because I hate them for any real work, but just try to fire up a fresh installation of Snow Leopard or Mavericks and observe how many things won't work.

It's hard to believe you see absolutely no problem with someone hijacking your personal hardware.

 

[MacBH928]

You responded to my post.. but didn’t actually answer the question?

Do I want Apple to scan my files/photos? No… however, I do understand I am using their service. In any service there will be rules or regulations I have to abide by. As I said, it’s a tough position… I know it’s wrong to have the stance of I have nothing to hide then I have no problem with it.

But it’s one of those situations… where Apple can’t sit idle or on the sidelines.

I am using FireFox, ProtonMail, DuckDuckGo, VLC, uBlockOrigin...and guess what? they are all standing idle not scanning my computer and network traffic behind my back because they are "fighting for child rights".

Apple have rules and regulations to use their services, just like Google and FB does, and I do not use Google and FB because of their rules and regulations and I will stop using Apple now that they have turned into another FaceBook.

I can use Linux distro and store my files on ProtonDrive, getting the same services and the piece of mind that no one is monitoring me 24/7.

 

[jseymour]

I'm genuinely curious to hear you about why on-device scanning is worse than in-the-cloud.

Because I can avoid in-the-cloud scanning simply by not using the cloud. On-device scanning I can't avoid without not using the device.

Yeah, yeah: "Apple says..." But that's today. (And, as I noted previously, Apple's claimed a lot of things of a dubious nature over the years.) Once the software and supporting database is in there, it's in there. A little extra code or flipping a switch, and a database update in the future (the announcement of which could be suppressed by court order--it happens), and what are they looking at next?

IMO in-the-cloud scanning is worse because a cloud is a black box

And the on-device scanning is less a black box to you exactly how? I'm a retired systems, network, and telcom admin, and was once a software designer in a production environment. It would be a black box to me. Do you have some insight into just what Apple's code can and is capable of doing I do not?

Y'know, if it was just me I might begin to think maybe I was off in the weeds. But every security and privacy source I've seen says "This is bad. Very, very bad." I dunno... maybe it's confirmation bias, but I think not. So I'm going with "This is bad. Very, very bad," and taking what I feel to be prudent actions as a result.

 

[darw100]

Not to be too cynical, but what if this CSAM "feature" is Apple's cover for finally succumbing to governmental pressure around the world to build that back door into their software? Perhaps Apple concluded its "Privacy is a Human Right" mantra (whether sincere or not) was not going to fly long-term financially because government mandated surveillance is inevitable. Either build the back door or go out of business. Although there is lots of backlash over the CSAM "feature", maybe they calculated adding the back door feature without the CSAM cover would be worse.

 

[ikir]

I would not really call it "whining". Apple is integrating a dangerous backdoor to control the content of your devices. If they do that check on their servers, I do not care, but I definitely do not want to get a counter on my iDevice, which may trigger a control check by some clerk at Apple, who "approves" my content. Things on my devices do not have to be "approved".

It is not a backdoor. It is not a photo scan, it is a mathematical hash match.

 

[QueenTyrone]

I don't think you do. Congrats on being in the beta!

There are petitions that have been signed by many.

Just because you don't see it here, don't assume it's not happening. Same goes with your .5% assumption as well. Don't post info as fact without backing it up.

Beta is easy to join, not any have been started and shared here by macrumors members like I stated in my post, .5 is accurate given there’s a billion iPhone users. My .5 is def a fact….actually it’s probably going to be less than .5%

 

[Jayson A]

Not to be too cynical, but what if this CSAM "feature" is Apple's cover for finally succumbing to governmental pressure around the world to build that back door into their software? Perhaps Apple concluded its "Privacy is a Human Right" mantra (whether sincere or not) was not going to fly long-term financially because government mandated surveillance is inevitable. Either build the back door or go out of business. Although there is lots of backlash over the CSAM "feature", maybe they calculated adding the back door feature without the CSAM cover would be worse.

This is no worse than having the processes that index your files for spotlight or using AI to categorize your photos. How exactly can those on-device systems not be abused? Love to hear how that’s not a back door.

 

[VulchR]

That’s why they’re using 2 different sovereign jurisdictions not controlled by the same government to build the list from and only keeping what’s common between them. It’s an extra step to prevent inserting non CSAM hashes into the list. Then, Apple will only use I hash list for the world. They won’t have a separate one for China

So... two sovereign jurisdictions with precisely the same definition of what content is illegal? It will be intriguing whether individual nations agree to accept that Apple is using hashes determined in part by another country. Moreover, I wonder how long it will take for countries to require Apple to use specific jurisdictions, e.g., the PRC forcing Apple to use PRC plus NK for the scanning in the PRC. Sorry, even this plank of Apple's plan doesn't inspire confidence or enthusiasm.

 

[jseymour]

It is not a backdoor. It is not a photo scan, it is a mathematical hash match.

Depends upon how one defines "back door." And you are incorrect: It is not a mathematical hash in the same sense of, say, md5 hashes. It's a Neural Hash and it does require a photo scan.

 

[Jayson A]

Depends upon how one defines "back door." And you are incorrect: It is not a mathematical hash in the same sense of, say, md5 hashes. It's a Neural Hash and it does require a photo scan.

But the photo would have to be visually just about identical for the system to work.

3 false positives in 100 million isn't too bad. That's a 0.000001% chance of having 1 false positive in 100 million photos.

 

[Jayson A]

It will be intriguing whether individual nations agree to accept that Apple is using hashes determined in part by another country.

That's the thing though, Apple is only using the hashes that are the same for both countries and discarding the ones that are different between them.

 

[WarmWinterHat]

Because I can avoid in-the-cloud scanning simply by not using the cloud. On-device scanning I can't avoid without not using the device.

Yeah, yeah: "Apple says..." But that's today.

Apple has been able to do that since day 1, so it really doesn't matter. At least in this case, they are telling you. Any company could have started this exact same things months or years ago, on device, and it would have gone unnoticed for a long time. At some point, you have to trust someone. Even if you have a fully open audited OS, you are still trusting proprietary and largely closed hardware. You can't audit a processor die.

If you're truly concerned, the only way out to is to not use smartphones, at all, under any circumstances.

 

[jseymour]

But the photo would have to be visually just about identical for the system to work.

That's not how image recognition works. That's why there's a chance, no matter how small, of false positives.

Doesn't matter, anyway. Doesn't address the point: That they will be scanning images.

3 false positives in 100 million isn't too bad. That's a 0.000001% chance of having 1 false positive in 100 million photos.

Cold comfort if you end up being one of those three in 100 million. And it still misses the point: On-device snooping is very bad.

 

[Jayson A]

That's not how image recognition works. That's why there's a chance, no matter how small, of false positives.

Doesn't matter, anyway. Doesn't address the point: That they will be scanning images.


Cold comfort if you end up being one of those three in 100 million. And it still misses the point: On-device snooping is very bad.

Again, that's 3 in 100 million photos. That's nowhere near the 30 (in the same account) that is required for a human review.

So basically, it's a non issue.

You can stay here and have your photos scanned, or use another service and have your photos scanned. Either way, your photos are scanned.

Also, I guarantee there is not a process that's always running in the background scanning your photos for you. It's literally only active during an active upload of a photo. In other words... while it's on it's way to Apple's server.

It would be the same thing as having the TSA check you before boarding a plane.

 

[SamRyouji]

That's what I am thinking as well. At least Apple puts a lot of effort in documenting these things. I don't like where this is heading but I am not ready to ascribe nefarious intentions to Apple.

At any rate, what all of this proves is that we can't leave these kind of decisions to private corporations. Privacy protection has to come from the legislators, and I think it's really frustrating how the governments are either completely incompetent and naive in these matters, or simply evil.

The government? In most countries (if not almost all countries) are both incompetent, naive and evil.
.
Privacy will always be a double edged sword. If you build a system that could prevent malicious contents or acts (or vice versa: prevent any person to intrudes your provacy), and put some guardians in it, who would guard those guardians? Or, as the old wise man once said: "Quis custodiet ipsos custodes?"

Oh, and remember some messenger apps has a feature that could autosave whatever media that arrive on your chatrooms?
Let's say one troll send you an image/video that's explicitly a child abuse, the app automatically downloads and saves it to your Photos app, and you didn't know about it an back it up to your iCloud Photo Library. What gonna happen next is sure will be thrilling for you.

 

[Jayson A]

The government? In most countries (if not almost all countries) are both incompetent, naive and evil.
.
Privacy will always be a double edged sword. If you build a system that could prevent malicious contents or acts (or vice versa: prevent any person to intrudes your provacy), and put some guardians in it, who would guard those guardians? Or, as the old wise man once said: "Quis custodiet ipsos custodes?"

Oh, and remember some messenger apps has a feature that could autosave whatever media that arrive on your chatrooms?
Let's say one troll send you an image/video that's explicitly a child abuse, the app automatically downloads and saves it to your Photos app, and you didn't know about it an back it up to your iCloud Photo Library. What gonna happen next is sure will be thrilling for you.

You could, I dunno... delete it?

You'd have to get 30 of those in a row.

Edit: What's to stop that from happing RIGHT NOW? That's what I wanna know. If you have iCloud Photos enabled, anything that gets added to your photo library, automatically uploads to the cloud! OH NO

 

[jseymour]

You can stay here and have your photos scanned, or use another service and have your photos scanned. Either way, your photos are scanned.

Incorrect. I don't know, maybe you've been immersed in the Apple ecosystem for so long that it's outside your "box" to understand one is not obliged, on other products, to use only whatever the manufacturer supplies. (Or, in the case of Apple, allows.) Or perhaps you've never known anything else, But, when I had an Android phone I could simply plug it into my computer and download photos directly onto my computer. Just like I can my camera. (That's one of the things to which I'm looking forward if I move back to Android.)

There's also a thing called "OwnCloud," where you set up your own cloud server and sync to that. (I haven't looked into that lately. I have no idea how seamlessly it may work.)

It's like the music thing I mentioned in a post. On iOS I'm obliged to use iTunes if I want to place my music on "my" iThings and play it in any kind of reasonable manner. When I was on Android I could just dump it into a folder, point a music player at that folder, and play it. It is literally not possible to do that on an iThing. Sure, I can get my music into a folder. But there is no app available on Apple's App Store that will let me play but one track at a time--requiring me to manually select and play each track.

It's easier for me to get my music into my Jeep's system and play it than it is my iPhone. I put it on a formatted µSD card, plug it into the system, and there it is. It even supports industry standard play lists, shuffle, etc.

(I swear, this is like trying to explain the reliability and freedom that comes with using a Linux system to somebody who's never experienced anything but MS-Windows.)

Also, I guarantee there is not a process that's always running in the background scanning...

In its announced current implementation. This is the part you and the others that find this acceptable keep wanting to disregard.

 

[HyperliteG4]

Sign the privacy letter here: https://appleprivacyletter.com

 

[H3LL5P4WN]

Hint: Android doesn’t have to be related to Google

Android without el Goog is basically a dumb phone.

 

[H3LL5P4WN]

Incorrect. I don't know, maybe you've been immersed in the Apple ecosystem for so long that it's outside your "box" to understand one is not obliged, on other products, to use only whatever the manufacturer supplies. (Or, in the case of Apple, allows.) Or perhaps you've never known anything else, But, when I had an Android phone I could simply plug it into my computer and download photos directly onto my computer. Just like I can my camera. (That's one of the things to which I'm looking forward if I move back to Android.)

There's also a thing called "OwnCloud," where you set up your own cloud server and sync to that. (I haven't looked into that lately. I have no idea how seamlessly it may work.)

It's like the music thing I mentioned in a post. On iOS I'm obliged to use iTunes if I want to place my music on "my" iThings and play it in any kind of reasonable manner. When I was on Android I could just dump it into a folder, point a music player at that folder, and play it. It is literally not possible to do that on an iThing. Sure, I can get my music into a folder. But there is no app available on Apple's App Store that will let me play but one track at a time--requiring me to manually select and play each track.

It's easier for me to get my music into my Jeep's system and play it than it is my iPhone.

(I swear, this is like trying to explain the reliability and freedom that comes with using a Linux system to somebody who's never experienced anything but MS-Windows.)


In its announced current implementation. This is the part you and the others that find this acceptable keep wanting to disregard.

Plugging your phone (or camera) in to transfer photos or music is so third world.

 

[jseymour]

Android without el Goog is basically a dumb phone.

Incorrect.

Plugging your phone (or camera) in to transfer photos or music is so third world.

And spyware installed on "your" phone is...?

Thing is: On Android it's an option. Android gives the customer options. It's actually kind of nice

 

[CasualFanboy]

governments are either completely incompetent and naive in these matters, or simply evil.

I think it's usually both.

 

[Jayson A]

In its announced current implementation. This is the part you and the others that find this acceptable keep wanting to disregard.

Anything other than what they announced is just you being paranoid. So I'm not wrong. Anything was possible before this announcement and anything is possible after this announcement. I'm not going to lose sleep over what *could* happen.

If something bad happens at some point in the future, then I'll rethink my options. For now, there's no reason to worry about what may, possibly, maybe, perhaps, be sorta, hypothetically, possible in the future.

Go ahead and leave Apple and do your own thing for all I care, but it's literally not an issue for most of us. Lots of complaining about nothing.

 

[jseymour]

Anything other than what they announced is just you being paranoid.

Me, the EFF, and every other security researcher and privacy organization on the planet. Yeah: We're all paranoid.

Y'know, I retired from a SysAdmin position for a multi-million-dollar/year international corporation. My internal customers often hated me. (Comes with the territory.) One day in a company meeting being conducted by the President and CEO, I spoke up and allowed as how my "paranoid" policies often made me unpopular with many of my coworkers. "That's ok," the President & CEO replied, before the entire assembly, "we like you paranoid. You keep us safe."

You go ahead and trust. My "paranoia" has served me well.

 

[zakarhino]

Me, the EFF, and every other security researcher and privacy organization on the planet. Yeah: We're all paranoid.

Y'know, I retired from a SysAdmin position for a multi-million-dollar/year international corporation. My internal customers often hated me. (Comes with the territory.) One day in a company meeting being conducted by the President and CEO, I spoke up and allowed as how my "paranoid" policies often made me unpopular with many of my coworkers. "That's ok," the President & CEO replied, before the entire assembly, "we like you paranoid. You keep us safe."

You go ahead and trust. My "paranoia" has served me well.

"Only the paranoid survive" - Andy Grove