With on-device CSAM scanning coming to MacOS 12, do you still trust your Mac?

[Colstan]

Unfortunately, politicians worldwide are utterly incompetent when it comes to tech.

Thus far, politicians in the U.S. have more interest in protecting the financial resources of big donors, than the interest of average citizens. In the U.S. Congress, the author of the most prominent anti-trust bill, Representative David Cicilline, changed the language of the legislation to remove Windows from regulation. It orignially targeted all operating systems. Now it's specifically says "mobile operating systems". This followed after a $5,800 donation to his campaign from Microsoft President Brad Smith. Microsoft successfully lobbied to get written out of the bill and now they wholeheartedly support it. They lost to Google and Apple in the mobile game, now they're trying to get the U.S. Congress to regulate their competitors.

It would be great if global governments were interested in the privacy and data of the average citizen, but that's not the world we live in. Expecting politicians to solve these problems is like asking carnies to clean up the circus.

 

[JMacHack]

Frankly, the government has to regulate the tech industry, but this must come in form of legislations that protect customer privacy and personal data, not violate them. Otherwise you get a Facebook and Cambridge Analytica phenomena where personal data is used as a manipulation weapon. Unfortunately, politicians worldwide are utterly incompetent when it comes to tech.

The problem with the idea of government regulation (in the U.S.) is that the scenario you describe would only benefit the citizens of the U.S.

It’s against the governments interest for people to have privacy. And moreover, analytics I can see being used (if not already) in political campaigns. Alphabet agencies abhor the thought of not being able to snoop wherever they please.

To put it simply, the powers that be are and will always be against the average person having privacy of any kind.

 

[poematik13]

Film Camera. Develop and print your own.
Problem fixed...

LOL. Develop your own. Good luck with that. It will look like crap.

And film labs have been reporting child porn for decades.

 

[GrumpyCoder]

You do not understand the CSAM hash database. This is not AI-based.

Odd, Apples own tech summary document says it is.

 

[uller6]

Film Camera. Develop and print your own.
Problem fixed...

The person I feel sorry for is the designer of dolls, you know, the plastic figures that go into the molds before they are dressed.
And the teacher who has a collection of life-like baby robots that are used to teach teenagers what it is really like to look after babies.
And the parents and grandparents who put scans of 'baby in bath' photos from the 50's and 60's up on FaceBook.
And the Paediatrician writing a book on baby diseases, including nappy rash and all its causes.
And the lawyer writing a book on FGM* with photos.

AI cannot, or ever will be 'Just Right'. It will either be too sensitive and bring up false positives, or not sensitive enough and miss illegal stuff.

It's the false positives that the AI will flag that worry me. Because once you are flagged, that's it.


* Look it up...

I don’t think you understand how this system works. The system only scans for known child porn images. That have been identified as preexisting child porn. It will not report your baby bath pics, butt rash pics, or even naked dolls.

You also don’t appear to understand that literally EVERY cloud storage provider in the USA is legally required to scan for known child porn images among uploaded photos. Flickr, photobucket, Google photos, Shutterfly…etc. if you don’t want your photos scanned for child porn then don’t use the cloud. Or move to another country.

 

[Mr. Awesome]

Regarding iCloud. We have to trust Apple's word the NeuralHash is only activated when logged into iCloud, but since it's happening On-device, it may be running at all times.. Even if it's not, since the system is already in place, it can probably be activated by means of a simple software update..

It only runs specifically when uploading a phot to iCloud. It’s designed to do that and only that.

 

[jz0309]

No reason for me to change my “trust”…

a very recent experience of mine: 3 weeks or so ago I copied my photos (about 75k) to OneDrive (Microsoft, I have Office365 and 1TB is included) as a 4th backup. Into plain folders, year/month, and I did not convert it into Photoalbums (which is something they offer). Earlier this week I started to receive emails: “your memories on this day” and sure enough, multiple photos from multiple years in the email body… so;
Microsoft IS scanning my content, they auto subscribe to “memory” emails…
That’s creepy…
I do not know if the OneDrive fine print T&cs point this out, maybe, still creepy.
What else are they scanning for? I’m sure CSAM is part of it and I’m ok with that, at least Apple is communicating…

 

[Kung gu]

Yes I do.
Do you trust your government??? They scan you all the time.

 

[Kung gu]

No. I wont be installing Monterey again or buying a new M whatever mac again for now.

Ok I will though. Because who can we trust. We all use google and MS services. Linux can also be compromised.

 

[DaveFromCampbelltown]

To those who have said that Apple only scans against known images.
It doesn't.
Apple have said they have made their system 'fuzzy' to cater for known images that have been altered slightly so they get the same hash signature.
IOW, two different images can generate the same hash signature.
How safe is that?

Read this

 

[Sema]

After reading up on the topic, I think the feature is well implemented and does not concern me at all.

 

[Kung gu]

I could turn off iCloud Photos. Heck I never used iCloud. This CSAM does not effect the way I use my Mac. I can still use Final Cut, Garageband and xCode.

Apple did not ban me from not using the Mac Apps on my Mac. Yes I will update to macOS 12.

 

[jseymour]

We all use google and MS services.

We do? <looks around...> Nope. No Google or MS services in use here.

Linux can also be compromised.

Anything can be compromised, but one can choose options that aren't compromised by design.

BTW: Been using Linux systems for twenty-three years--for everything from Enterprise servers, to Internet servers, to desktops, to laptops. Haven't had one compromised, yet, TTBOMK. YMMV.

 

[bobcomer]

Ok I will though. Because who can we trust. We all use google and MS services. Linux can also be compromised.

It certainly is each of our choices. I'll go both older versions of Mac OS and Windows. (Windows doesn't do on device scanning to report you)

If they really do cancel the on device scanning, maybe I'll trade in my M1 MBA for something newer in the future, but only if the scanning is cancelled. Otherwise, I've probably already purchased my last Apple device.

As for who can we trust, apparently nobody.

 

[Kung gu]

Windows doesn't do on device scanning to report you)

It acutally does not CSAM but it does scan your hard drives. It's in MS Windows EULA.

 

[bobcomer]

It acutally does not CSAM but it does scan your hard drives. It's in MS Windows EULA.

It doesn't do on device scanning to turn you in, period.

 

[smoking monkey]

Because once you are flagged, that's it.

That's it what?
What happens once you are flagged? Not what you think happens, but what does Apple do once that happens?

 

[smoking monkey]

It doesn't do on device scanning to turn you in, period.

Neither does Apple. It does match on device, but it's only once it's uploaded to iCloud that reporting can happen.

 

[bradl]

Trust, not really, but I have no choice since I need it for work and alternatives aren't any better. Windows is probably worse and Linux is a server os.

The development is worrisome to say the least, the tech is there so it will be abused 100%.
To be fair, systems haven't been save for a very long time with plenty of back-doors to get all of your data. However, the average end-user wouldn't be much of a target I'd imagine.

If you make a successful operating system or computer-chip, sooner or later the USA comes knocking and demands a backdoor. I believe Japan tried to make an OS back in the eighties and it was shutdown by the USA. It's extremely unhealthy that the whole world relies on operating systems from Apple, Microsoft and Google, which are all USA companies. I'm surprised the rest of the world, especially companies with trade secrets, are ok with this. However this is another discussion..

And if you'd ask me, this isn't about terrorism or child abuse, this is about making sure that the people who control the world, stay in control. And no revolution will ever emerge, unless it's beneficial to those in control. /tinfoil

This has to be stressed, because some FUD is being spread here. Linux is NOT a server operating system. You can run Linux in any desktop or end-user environment, fully equipped with browser, mail client, music platform, graphics editing programs, the entire lot. To say that you can't because it is only a "server OS" is very disingenuous.

By that reckoning, since MacOS has a Unix derivative running underneath it, MacOS is only a "server OS".

BL.

 

[Gnattu]

If they really do cancel the on device scanning,

They are reconsidering it:

Update as of September 3, 2021: Previously we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them and to help limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.

You can see it from here, on top of the page.

Child Safety

Expanded Protections for Children

www.apple.com

Let's hope the "improvements" including removing the on-device scanning system totally.

 

[jseymour]

... Linux is a server os.

It is?!?! <looks at Linux desktop upon which he's typing this, then over at his Linux laptop...> Huh.

 

[jinnyman]

You don't have to trust anyone, logout iCloud and block all outgoing connection to Apple(on your router if possible) and you will be fine.

The same thing can be said about windows and google. Were you this passive against google and windows back then?

 

[ForkHandles]

Apple solves problems and makes our worlds more convenient.
It hasn’t become the worlds richest company by solving problems that do not exist.

I would be willing to bet that Apple has already engaged in random scanning of photos for CSAM material. Furthermore that it has found significant evidence that some clients are uploading known images of 3yr old girls being abuse by absolute monsters.

I think this very public approach to CSAM is a warning shot to pedophiles to get off the Apple platform.
Another problem solved.

 

[bradl]

I think this very public approach to CSAM is a warning shot to pedophiles to get off the Apple platform.
Another problem solved.

I see what you mean, but also the converse poses a problem to Apple. Yes, Apple can say that this is a shot across the pedophiles' proverbial bow, but the backlash is also a shot across Apple's bow, that the pedophiles can not only call on, but can rely on. Should Apple revisit this and do it better (which today's news sounds like they are), those pedophiles can easily try to draw the ire of Apple's base and get them pissed off at Apple again all over this, making them reconsider and back down again. Wash/rinse/repeat until Apple gets it right with their base.

So this could go back and forth for who knows how long.

BL.

 

[cyanite]

Odd, Apples own tech summary document says it is [using AI for CSAM detection].

I think you’re conflating the two separate systems. But if not, why don’t you cite the relevant part of the document, then?