undefined | Better HN

Skip to content

Top New Best Ask Show Jobs

0 pointsmarcellus234y ago0 comments

> Apple’s stated intents to actively incriminate you by scanning your photos on a personal device

More accurately put, their intent is to scan cloud photos for exact matches with known child pornography material (like every other cloud provider, including Google), and then have the case reviewed by a human only after multiple positives, and only then forwarding the case to law enforcement (based on photos you chose to upload to the cloud)

undefined | Better HN

0 comments

flutas4y ago

> their intent is to scan cloud photos

corrected: their intent is to scan all photos in your photo library, on your device, including images automatically pulled in from from various sources such as messages, if you have iCloud Photo enabled.

marcellus23OP4y ago

> images automatically pulled in from from various sources such as messages

As far as I am aware, this is false and there is no mechanism on iOS by which images are "automatically pulled into" the photo library from anywhere, Messages or otherwise. Do you have a source or an example of how that could happen?

(edit: people are mentioning Whatsapp, which I guess has an option to auto-save received photos. Fair enough, but that's a third-party app and requires you to enable photos access anyway, so it's pretty clearly not what the parent meant).

> their intent is to scan all photos in your photo library, on your device ... if you have iCloud photos enabled

Yes, that's what I said. Enabling iCloud photos uploads your photo library to the cloud, so it's scanning your cloud photos.

flutas4y ago

> As far as I am aware, there is no mechanism on iOS by which images are "automatically pulled into" iCloud photos from anywhere, Messages or otherwise. Do you have a source or an example of how that could happen? When I receive images from my friends, they don't go into my photo library until I explicitly tap "save".

Per Apple [0]

>Shared with You works across the system to find the (...) photos, and more that are shared in Messages conversations, and conveniently surfaces them in apps like Photos (...) making it easy to quickly access the information in context.

---

>Yes, that's what I said. Enabling iCloud photos uploads your photo library to the cloud, so it's scanning your cloud photos.

Being disingenuous about it is still a thing though. You stated

> More accurately put, their intent is to scan cloud photos (...) (like every other cloud provider, including Google)

which makes it appear that the photos are only scanned server side "like every other cloud provider". Client side scanning is something that no other provider does, in contrast to what you stated.

[0]: https://www.apple.com/newsroom/2021/06/ios-15-brings-powerfu....

I know Whatsapp photos that I never even opened (from groups I probably muted long ago) end up in the phone library whenever I do the (manual) monthly photo dump to my PC.

But yes, I agree with the comment, there's no reason to hide between details: Apple plans to introduce the capability of scanning photos on your local device and comparing hashes against an opaque (non-reviewable) list of hashes that they (along with governments) control (details about how they plan to initially employ this capability are irrelevant).

WhatsApp has a "Save to Camera Roll" option which automatically saves all images and videos to your photo library.

jodrellblank4y ago

"The CSAM scanning system is a part of the iCloud Photos upload process and it will be triggered once the upload is initiated. Keep in mind that it does not scan private photo libraries stored on iPhone devices" - https://medium.com/codequest/technologies-behind-the-apples-...

If you want to "correct" the claim to say their intent is to scan every photo, citation needed.

GeekyBear4y ago

Apple does not scan on device photos at all. It's something they announced they might do to images you upload to iCloud Photos some day in the future.

Google, on the other hand, has been scanning the entire contents of your account for the past decade.

>a man [was] arrested on child pornography charges, after Google tipped off authorities about illegal images found in the Houston suspect’s Gmail account.

https://techcrunch.com/2014/08/06/why-the-gmail-scan-that-le...

lern_too_spel4y ago

You do not have to use Google Photos if you do not want to on any Android phone. You can upload photos to your own server in the background exactly like the Google Photos app does. On iOS, only iCloud Photos can do that. It is strictly worse for privacy.

8note4y ago

I dont think you can verify that.

Apple claims to not scan your pictures, but that's unrelated to whether they scan your pictures

simonh4y ago

They do not have the ability to scan photos stored on your phone that are not uploaded to iCloud. The scan is only implemented in the iCloud photos upload system.

If that was the case they'd just implement it on their own servers, just like everybody else (it's not like iCloud is E2EE).

In reality they probably have a "photoscanner.so / .dylib" that currently is only linked in by the iCloud uploader thing, but at any time could be called in by any other part of the system (or offer exploits new avenues for data exfiltration), which was actually spelled out in their initial announcement (there will be a system API for accessing it).

So they absolutely have the ability to scan photos on your phone; the fact that they don't intend to currently use it outside of the iCloud uploader is totally immaterial to this debate (the thing I don't want on my phone is photoscanner.so or any such capability).

alexmcc814y ago

> exact matches

Not exact matches. Hashes. Hashes that were quickly show to have collisions that the company brushed off.

tehnub4y ago

That's why they require that you reach a certain threshold number of matches before its sent for human review. The threshold allows them to take the probability of a false collision, which they can estimate from data, and set the probability of an overall false-flag by requiring a certain number of these collisions. They've released that the threshold, to start, would have been 30 (Page 10 of https://www.apple.com/child-safety/pdf/Security_Threat_Model...). They claim that, given the probability of a false collision, and the threshold that they've set, the probability of your photos being sent for human review falsely is 1/trillion.

fisherjeff4y ago

They mention a “very conservative false positive rate” - doesn’t 1/trillion imply that they used 1 / (1e12 ^ (1/30)) = ~40% as the false positive rate? If so, that does seem extremely conservative to me!

kfprt4y ago

You are incorrectly assuming a non adversarial environment. Swatting 2.0.

Accurate, but note that intent as OP referred to is not the same as implementation. Fucking up doesn't mean you intended to fuck up.

With Google you can be absolutely sure that their intent is to eat all your personal information and data for short-term profit. With Apple it was "just" a stupid attempt at legal (over?) compliance.

lern_too_spel4y ago

That's the narrative that Apple's marketing department is selling, but I'm not buying it. The fact is that Apple devices slurp up more data to Apple that you cannot turn off without making your phone essentially useless than Google devices slurp up to Google.

servercobra4y ago

They probably brushed them off because a malicious/accidental hash collision would lead to a human reviewing them and then not going to law enforcement.

saiya-jin4y ago

Or they will, depending on reviewer, photo clarity, current political climate, potentially location and so on. You have no say in this process, nor anybody else on this forum, or elsewhere.

Its not the law enforcement that's the main issue, but various greedy 3-letter agencies who are already well known to have ambition to have profile on every person in this world (not unlike Facebook but for different purposes).

This is not privacy anymore no matter how you bend it, it has been cancelled and Apple realizes this very well. And it still doesn't care. Literally the only serious selling point for many new buyers not invested in ecosystems, blowing it off with a nice double barreled shotgun shot.

psychometry4y ago

Thus the manual review. No one's going to be going to prison over a hash collision here.

gameman1444y ago

But a manual reviewer in Cupertino or elsewhere still gets access to your personal (possibly very intimate or otherwise private) photos. Privacy from law enforcement is hardly the only privacy that people value.

b1124y ago

I used to work in the same building, as a department with legal authorities (purposefully vague here), and the burn out rate was astronomical.

Good, descent people, waking up screaming, cold shakes, permanently damaged from what they could not unsee.

You couldn't pay me enough to go through images of such sickness.

Outside of all the yes/no, on/off phone stuff, how are they going to hire, and keep staffed, a department of people having to look at this stuff.

How are they going to insure it?!

Jtsummers4y ago

Right. Requiring exact matches for this kind of material is absurd as a single pixel change would foil any detection. So everyone, practically speaking, trying to detect it is going to use some form of hash algorithms. And every hash algorithm, by definition, permits potential collisions and false positives. Which is why any sensible program will use a manual review process before pushing anything forward to law enforcement. Apple's system, requiring ~30 matches, means that you'd have to have 30 or so false positives that also happen to look like CSAM to manual reviewers to end up getting a false case sent off to law enforcement.

taylorlapeyre4y ago

Additionally, the while the publicity of that announcement was terrible PR for apple, it was really a request for comment. They got comments from security professionals, and then they acknowledged the problems, retracted the announcement, and are working with those professionals on a system that will be better from a privacy perspective.

Try getting that behavior from Google, a company who's existence is dependent on surveillance advertising.

Source for that? The most response I saw was a "sorry-not-sorry" and they were just going ahead.

taylorlapeyre4y ago

https://www.cnbc.com/2021/09/03/apple-delays-controversial-p...

Or more more accurately, their stated intent is to scan for anything any government deems illegal in any country where they operate.

Also who is reviewing this known child pornography list? Hopefully nobody because it is Child pornography but also hopefully somebody because what if somebody slips something in there… Say a offensive political cartoon or a ethnic group symbol or a picture of Tiananmen Square. This list of “offensive images” needs to be auditable.

Also it is crossing a line in the sand because it is on your personal device not in their servers. All you can hope for is that they don’t alter the deal further.

crummy4y ago

> Also it is crossing a line in the sand because it is on your personal device not in their server

Seconds after they scan it the files will be on their server, right?

They are scanning files on your device. The rest is just implementation details

Having my photos warantlessly rifled through by a machine and then a human really puts me at ease!

> known child pornography material

For some definition. Russia's FSB might have a very different idea of what this is. Anti-Putin memes, for instance. Navalny support materials or brochures. You'll have to watch what you download, because your phone might upload it and incriminate you.

Or China's MSS. Winnie the Pooh, Tiananmen Square, Free HK, etc.

Or even the FBI. Financial or political leaks, Wikileaks, etc.

Once they know who you are and why they don't like you, they can incriminate you in other ways. This helps them find and flag you. They don't even need to monitor and decrypt traffic - they can just upload hashes of things they don't like and let Apple's dragnet do all the work.

Don't buy into "CSAM" scare. It's never the intent. The powers that be don't give a damn about children. It's about power.

theshrike794y ago

The definition is from NCMEC[0] and ONLY from NCMEC. No FSB, no MSS, no FBI.

This is the EXACT SAME database EVERY cloud provider has been using for about a decade. Look up Microsoft PhotoDNA.

The only difference is that the company doing it was Apple, who wanted to do the checks on-device BEFORE upload. And with multiple redundancies and human review.

Not like Microsoft, who have - for example - shut down the MS account of a German man for having photos of his own children on a beach. No human review, no way to complain. Everything gone from Outlook mail to Xbox account.

[0] https://en.wikipedia.org/wiki/National_Center_for_Missing_%2...

Longbets 10 years $10,000 we see this used by Apple (or a government agency) in a way that deviates from your attestation?

I'll eat my hat if this system doesn't hurt someone innocent.

kfprt4y ago

NCMEC is their US database because of federal law. This does not apply to the rest of the world.

kaba04y ago

Hyperbole is a logical fallacy for a reason

That's a characterization roughly equivalent to "you have nothing to hide".

Our defense of privacy should be paramount, and we shouldn't defend the fruit company for assailing it just because we like the pretty things they make.

Every word of Stallman's warnings about computing freedom was right. He was prescient. And just like his arguments, there are many people that view this move by Apple as a huge erosion of privacy. We all have a very legitimate fear that shouldn't be dismissed.

You can attack and trivialize my arguments, but mark my words, history will show we're making a huge mistake here.

boppo14y ago

You mean, setting a precedent for expansion of personal device scanning

artificialLimbs4y ago

This is the stated initial iteration.

lern_too_spel4y ago

The difference is that if you don't want your photos scanned by anybody but you still want your photos uploaded in the background, you can do that on Android, but you can't do that on Android. People who value privacy do not use iOS devices.

weikju4y ago

Or rather: People who value privacy do not upload their photos to someone else' servers

darth_avocado4y ago

Correct, but there have been known False positives that have hash collisions in this system. That is something to care about considering the trust in law enforcement is eroding day by day

theshrike794y ago

The false positives are matches with absolute gibberish generated photos.

RF_Savage4y ago

People have had tons of fun finding collisions and seeing how far they can take an image until the apple neuralhash algo thinks it different. It very much is not an exact match like what you would get with MD5 for example. But a "perceptual hash" that means that it gets the same has even if you crop it by a couple of pixels or change some pixels.

quitit4y ago

The person arguing with you has misinterpreted how Photos works, the information you have provided is correct - they are merely surfaced in the Photos app and the software provides the user the option to save them to their library. Sometimes users on this site play dumb or falsely represent the facts for the sake of their argument.

gjsman-10004y ago

You know that Google Photos scans everything, server-side, since like 2012 right?

Maybe the point is that's on the server, not on the device.

selykg4y ago

On the device means it's going to the server in Apple's case. The option is only enabled when you have the iCloud Photos feature enabled, which means the photos it's scanning are photos that are on their way to the cloud.

If you turn the iCloud Photos feature off, no more scanning is happening.

This seems pretty simple to me.

j / k navigate · click thread line to collapse