Update: false alarm | Apple scanning images on MacOS (and maybe iOS too)

[quadra_]

Update: turns out this is due to a firefox feature: 

--

 

This thread just made it across my TL and I think it's worth sharing here. I hope it gets enough attention to get a meaningful response from Apple given their privacy-centric brand positioning that we all know and love/hate.

 

The tl;dr is that this person was experimenting with "canary tokens" in this case, QR codes that phone home when someone scans them which can be useful for alerting you that a system has been breached. Basically a digital tripwire that's fairly low tech, free, and easy to deploy. Canary token generator here, longer explanation here.

 

They recently started getting hits off of a QR code image they had recently downloaded but otherwise hadn't touched. They figured out those hits were coming from their own IP, using a user agent that matches the one used for iMessage's app crawler. 

Anyways, it seems pretty pad from a privacy perspective that Apple is scanning images in the background without the user's knowledge and especially bad that they're going as far as to resolve QR codes and sending outbound traffic as part of these scans. I'm aware that genuinely useful features like recognizing text from images in Mac apps require some sort of scanning, but I didn't realize that was a background process being run on all of my images and it's concerning that it's doing more than simply OCR. I'm curious what else my Macs are doing without my knowledge.

Edited October 5, 2022 by quadra_

[Zando_]

33 minutes ago, quadra_ said:

but I didn't realize that was a background process being run on all of my images

Yeah, didn't they make... not a big deal about it, but put it down as a feature of recent mac/iOS updates? I can search for a truck, GPU, flower and my phone will find photos with those in them, and it can look up stuff about them, such as for flowers where it can pretty accurately guess at what flower it is. It isn't able to do all that without checking through all the photos. Like so where it recognizes what kind of hibiscus this is: 

 

I do see how this'd be a privacy concern, it just isn't something Apple has been doing in secret either. They just don't announce that they're specifically scanning images, and I guess people don't think through "hmmm how would it recognize all this text or object without checking against an external reference". 

 

I haven't looked into whether it's something you can switch off, but it very much should be, or I can see a lot of people feeling really uncomfortable about it. 

[duncannah]

Confirmed wrong:

Was quite obvious because no one else could replicate it

[quadra_]

Yep, just saw his update, glad it's a false alarm! I'll update the topic.

[Herr.Hoefkens]

On 10/5/2022 at 10:46 PM, quadra_ said:

Yep, just saw his update, glad it's a false alarm! I'll update the topic.

i wouldnt cheer to soon , since most agree that however postponed , its ineviteble :

Apple Insider on CSAM