Apple is (going to) scan your Apple devices

[just_dave]

@LinusTechVideo about this and how Apple just burned years of their image as a privacy-conscious tech company 

[saltycaramel]

6 hours ago, just_dave said:

@LinusTechVideo about this and how Apple just burned years of their image as a privacy-conscious tech company 

 

Didn’t know you were a writer for LMG, you wanna also dictate how long should the video be and the release schedule? 

[pythonmegapixel]

13 minutes ago, saltycaramel said:

Didn’t know you were a writer for LMG, you wanna also dictate how long should the video be and the release schedule? 

I'm not sure what the meaning of your post is supposed to be @saltycaramel

[saltycaramel]

12 minutes ago, pythonmegapixel said:

I'm not sure what the meaning of your post is supposed to be @saltycaramel

 

Joking about the fact that he spoonfed the whole “hot take” of the video to LTT? Maybe they have a completely different and more nuanced idea about this?

[saltycaramel]

Since we’re at it, I’m gonna give some one-liner ideas to LMG writers for the video as well

 

1) “What is the sound of an on-device scan that falls in a forest if nobody is listening?” - the output of the on-device scan (called “security vouchers”) sits there doing nothing in the form of cryptographically unreadable gibberish until the pictures are uploaded to iCloud anyway, so the so called on-device scan may as well be a server-side scan for all intents and purposes

 

2) “Waiter, there’s some Apple in my iPhone, remove it at once!” - some people are just now realising Apple local background processes (not phoning home) are already inside their iPhones doing all sort of indexing and deep analysis to pictures. The humanity!

 

3) “BREAKING NEWS: iOS is not open source! More shocking news after the break” - So theoretically, potentially, they could be pressured by governments into doing anything! Anything could happen! Even bypassing data encryption completely or sending a selfie of you to Xi The Pooh every minute! 

[RejZoR]

So what if it's not open source? Everyone praising Android being open source and just ignoring the fat lump of Gapps bolted on top of it that do god knows what because they aren't open source. So, in the end it's the same shit.

[saltycaramel]

That was my point.

We already knew it’s not open source and that’s ok.

It was already a black box to us.

 

So suddenly giving the “slippery slope” treatment to any tool or feature “just because reasons” is preposterous.

 

We either trusted Apple already or we didn’t. Not much has changed. The so-called on-device scan would need to be modified heavily (since in its current implementation it’s  a cryptographic Fort Knox) to constitute an actual backdoor. We either think Apple has actually also implemented other stuff under the hood or we don’t. But that was true one week ago too. 

 

And we either understand that snowboarding over creepy slopes would pose for Apple an existential risk of being discovered red handed since actions have consequences or we don’t.

[RedRound2]

I think one info most people seem to have just forgotten or are unaware about is that this only applies to photos uploaded in iCloud Library, not on device only photos like what the leaks said.

So there isnt a precedent being set for scanning photos that only exists on your personal device

[Bombastinator]

5 minutes ago, saltycaramel said:

That was my point.

We already knew it’s not open source and that’s ok.

It was already a black box to us.

 

So suddenly giving the “slippery slope” treatment to any tool or feature “just because reasons” is preposterous.

 

We either trusted Apple already or we didn’t. Not much has changed. The so-called on-device scan would need to be modified heavily (since in its current implementation it’s  a cryptographic Fort Knox) to constitute an actual backdoor. We either think Apple has actually also implemented other stuff under the hood or we don’t. But that was true one week ago too. 

 

And we either understand that snowboarding over creepy slopes would pose for Apple an existential risk of being discovered red handed since actions have consequences or we don’t.

There seems to be an attitude in corporate action lately if “I don’t give two what problems I make unavoidable in the future as long as I can get paid and get out”.  Consequences from such things include the structure of the DMCA, housing projects under water, and most pollution.  I think this is what a lot of people are railing against. This is just potentially a latest example.

[Tristerin]

Pixel 4 and GrapheneOS, do as Edward does.

[saltycaramel]

iPhone with disabled iCloud Backup (could be subpoenaed) and disabled iCloud Photos (if one is paranoid about this new system in the news) is plenty secure.

[Bombastinator]

2 minutes ago, Tristerin said:

Pixel 4 and GrapheneOS, do as Edward does.

Which Edward?

[Zodiark1593]

11 hours ago, just_dave said:

@LinusTechVideo about this and how Apple just burned years of their image as a privacy-conscious tech company 

Given his history of bad takes with hasty responses, I’m certain that if Linus does choose to make a video in the topic, he’ll probably want to be damn certain of all his facts (technical and otherwise) before getting the script going.  The only decisive thing we’ve really got that is adverse to Apple is “Slippery Slope”.

 

Aka, have patience. I too would like to hear his composed thoughts on this, but only when he has all the facts. 

[saltycaramel]

Apple’s just confirmed to TechCrunch, for the first time in an completely unequivocal manner, that if iCloud Photos is disabled the NeuralHash won’t be running AT ALL.

 

In previous posts I had compared this to a tree falling in a forest when nobody is listening, but looks like the tree won’t even fall at all. Even better. Basically no reason to consider this an “on-device” scan, privacy-wise. Yes technically it’s on device but only if your data is ON ITS WAY to Apple’s servers anyway.

 

 

 

 

 

 

[saltycaramel]

Basically Apple’s has devised a way to search for known CSAM in a way that’s EQUIVALENT to server-side searches (that every other company do) but without decrypting our data when it’s already on their servers.

They are spared costs (more human teams, etc.) and problems with the law (by keeping that crap out of their servers). 

 

We are spared our data being decrypted once on servers unless MULTIPLE pics are matched to the known CSAM hashes, basically impossible (Apple claims it’s 1 in 1 trillion chance for that to happen by accident). 

 

Win-win.

 

The real jackpot for us would be if the theory that this is in preparation for complete E2EE (end to end encryption) for iCloud, every part of it bar none, will prove to be true. 

 

Coincidentally with the release of iOS15 new “Call a friend” account recovery options will be rolled out for both when you’re dead and when you’re still alive…this would fit with the above theory..

[saltycaramel]

 

[JZStudios]

On 8/5/2021 at 4:25 PM, IkeaGnome said:

I'm torn. On one hand. Why isn't this already a thing?

On the other hand, this opens a whole can of worms I don't want open. "We already search their photos for abuse, why not add this activity, or that activity"

 

Edit: I'm more worried about what it COULD turn into them monitoring later on. 

"We see you have looked at pictures of guns 2 times the last week, but you live in a place where they are illegal. Let's notify authorities" or "We see you searched for 'how to avoid police radar scanners' time to turn you in"

I have an Apple fan buddy who pretty regularly watches To Catch a Predator. Would he be flagged?

[Bombastinator]

25 minutes ago, JZStudios said:

I have an Apple fan buddy who pretty regularly watches To Catch a Predator. Would he be flagged?

Weird bugs happen, but If he would be so would many thousands of others at the same time. The impression I get is he would have to save episodes to iCloud for it to even be possible which it still might not be. Such shows do no show actual pornography in general but they might show a non pornographic image of a victim or former victim which could conceivably still be in the database (would go to the contents of the database.  I don’t know what is in it) 

[hishnash]

On 8/12/2021 at 5:33 AM, Bombastinator said:

Weird bugs happen, but If he would be so would many thousands of others at the same time. The impression I get is he would have to save episodes to iCloud for it to even be possible which it still might not be. Such shows do no show actual pornography in general but they might show a non pornographic image of a victim or former victim which could conceivably still be in the database (would go to the contents of the database.  I don’t know what is in it) 

Yer you would need to be taking screenshots/screen recordings uploading and uploading them it iCloud photos (the scanning takes place as part of the upload code, the phone does not scan images on the phone just the images while they are being prepared for upload) and the tag is attached to the image/video so if your not uploading an image/video it is impossible to tag something (it can't tag items that are not uploaded since there is not endpoint for the phone to send the tag to the tag much be sent as part of the offending image to iCloud photos). 
 

On 8/11/2021 at 9:29 AM, saltycaramel said:

Basically Apple’s has devised a way to search for known CSAM in a way that’s EQUIVALENT to server-side searches (that every other company do) but without decrypting our data when it’s already on their servers.

 

The key reason for doing this client side is it makes it much easier for apple to say `no` if they law enforcement request they scan for other content. Since client side changes require code changes on users devices apple can use the same legal defence they used in the past. Doing this client side results in a much less slippery slop than doing it server side. 


 

 

On 8/9/2021 at 9:24 PM, Bombastinator said:

The answers to questions 4 and 5 seem like hedging and assumptions about what Apple will or will not be able to forsee or resist.

What you need to remember is any change to how this works would require a code change client side, that means a software update, this is not something that can be changed through a server side toggle.  Any update down the road that makes changes would be easy for third party researches to detect and would become public knowledge very soon this is why doing this scanning client side is much better than server side were changes (forced or otherwise) would be hidden from third party observers. 

Legal apple is in just the same position before as they are after this change when it comes to not shipping code to client side to scan devices, it all falls down the the ability for the gov to compel apple to write new code and sign it (since any change would require new code).  So i don see why adding this type of scanning (to the upload pre-prossosor of iCloud photos, not the photo library) makes any changes to apples legal defence when it comes to not being forced to ship other client side scanning solutions.  Compared to doing server side scanning this solution is much better as well since when flagged you need at least 20 images to end up flagged before they are decrypt-able (there is some fancy math involved here) this is better than any server side scanning solution were as soon as a single image gets flagged (possibly a false positive) there is a legal obligation to report. The threshold of a number of images before the crypto lock is released will mean a much more private solution than any other cloud photo storage.

 

[Bombastinator]

3 minutes ago, hishnash said:

Yer you would need to be taking screenshots/screen recordings uploading and uploading them it iCloud photos (the scanning takes place as part of the upload code, the phone does not scan images on the phone just the images while they are being prepared for upload) and the tag is attached to the image/video so if your not uploading an image/video it is impossible to tag something (it can't tag items that are not uploaded since there is not endpoint for the phone to send the tag to the tag much be sent as part of the offending image to iCloud photos). 
 

The key reason for doing this client side is it makes it much easier for apple to say `no` if they law enforcement request they scan for other content. Since client side changes require code changes on users devices apple can use the same legal defence they used in the past. Doing this client side results in a much less slippery slop than doing it server side. 


 

 

What you need to remember is any change to how this works would require a code change client side, that means a software update, this is not something that can be changed through a server side toggle.  Any update down the road that makes changes would be easy for third party researches to detect and would become public knowledge very soon this is why doing this scanning client side is much better than server side were changes (forced or otherwise) would be hidden from third party observers. 

Legal apple is in just the same position before as they are after this change when it comes to not shipping code to client side to scan devices, it all falls down the the ability for the gov to compel apple to write new code and sign it (since any change would require new code).  So i don see why adding this type of scanning (to the upload pre-prossosor of iCloud photos, not the photo library) makes any changes to apples legal defence when it comes to not being forced to ship other client side scanning solutions.  Compared to doing server side scanning this solution is much better as well since when flagged you need at least 20 images to end up flagged before they are decrypt-able (there is some fancy math involved here) this is better than any server side scanning solution were as soon as a single image gets flagged (possibly a false positive) there is a legal obligation to report. The threshold of a number of images before the crypto lock is released will mean a much more private solution than any other cloud photo storage.

 

I don’t even remember what these were about. In any event Apple apparently released  further clarification after these posts were made so they’re too old to be relevant.