[HN Gopher] After criticism, Apple to only seek abuse images fla...
___________________________________________________________________
After criticism, Apple to only seek abuse images flagged in
multiple nations
Author : ldayley
Score : 107 points
Date : 2021-08-13 21:49 UTC (1 hours ago)
(HTM) web link (mobile.reuters.com)
(TXT) w3m dump (mobile.reuters.com)
| tehnub wrote:
| They put out a new paper [0] describing the security thread model
| they were working with, and this paragraph on page 9 stood out to
| me:
|
| The perceptual CSAM hash database is included, in an encrypted
| form, as part of the signed operating system. It is never
| downloaded or updated separately over the Internet or through any
| other mechanism. This claim is subject to code inspection by
| security researchers like all other iOS device-side security
| claims.
|
| Could someone tell me how that inspection works? Are there
| researchers who are given the source code?
|
| [0]: https://www.apple.com/child-
| safety/pdf/Security_Threat_Model...
| whytaka wrote:
| Conveniently, the other participating nations are all members of
| Five Eyes. Probably.
| metiscus wrote:
| This article misses the point completely. It was never about what
| they were looking for, it was that they were looking at all. The
| quiet part is, once they get acceptance of the snooping using the
| bogeyman of the day, it will eventually encompass other behavior
| up to and including political dissent etc.
| okamiueru wrote:
| There is also the part where plausible deniability is lost.
| Closed door arbitration of heinous crimes are the perfect tool
| to put away dissidents. A very convenient excuse to avoid
| proper checks and balances. "No, you cannot verify, because you
| aren't allowed to look at the illegal material that proves
| their guilt"
| hahajk wrote:
| Is this actually true? If I was arrested for an image on my
| phone, would no one in the judge/jury team be allowed to see
| the image that was flagged? I understand it's allegedly
| contraband, but if I were a judge I don't think I'd take an
| algorithm's word for it.
| heavyset_go wrote:
| > _it's allegedly contraband, but if I were a judge I don't
| think I'd take an algorithm's word for it._
|
| The prosecution can hire more expert witnesses with
| excessive credentials than you can, and they will explain
| how there's a one in one trillion possibility that the
| system is wrong, and that the defendant is assuredly a
| monster.
|
| Juries eat that up when it comes to bogus DNA, bite mark,
| fingerprint, or other forensic evidence claims. Most people
| think computers can't be wrong or biased, and people's
| perceptions of what can be deemed reasonable doubts or not
| seem to shift when computers are involved, or when smart,
| credentialed people tell them their reasonable doubts
| aren't reasonable at all because of that one in a trillion
| chance of the computers being wrong.
| jsjohnst wrote:
| I agree. Further, is there any doubt that these "CSAM"2 hash
| databases aren't already shared between countries? Because if
| there was doubt, there shouldn't be, because agencies do share
| across borders.
|
| 2 - reason for the scare quotes is because I have first hand
| knowledge of non-CSAM content being in NCMEC's database (most
| likely via data entry errors, but I can't be for sure).
| belorn wrote:
| Images of bonsai trees?
| jsjohnst wrote:
| > Images of bonsai trees?
|
| Ha! Come to think of it, I think that was one example. The
| main examples that came to memory (it's been almost 8 years
| since I was involved) when discussing this last week were
| essentially extremely common photos (like the stock Windows
| XP background, among others).
| deugo wrote:
| I think this is (quietly) already happening:
| https://www.reuters.com/technology/exclusive-facebook-tech-g...
|
| Instead of hashes looking for sexual abuse images, hashes look
| at signs of white supremacist behavior. Instead of reporting
| such racism or behavior to the government, it is shared with
| all the major tech companies, including AirBnB and Paypal.
|
| So, if Facebook deems you to be a political outcast, based on
| your conversations on their platform, you may find yourself
| without access to hotels or online payment platforms. The
| bogeyman of the day is the white supremacist, and coordinated
| snooping by big tech is the quiet part.
|
| > Over the next few months, the group will add attacker
| manifestos - often shared by sympathizers after white
| supremacist violence - and other publications and links flagged
| by U.N. initiative Tech Against Terrorism. It will use lists
| from intelligence-sharing group Five Eyes, adding URLs and PDFs
| from more groups, including the Proud Boys, the Three
| Percenters and neo-Nazis.
|
| > The firms, which include Twitter (TWTR.N) and Alphabet Inc's
| (GOOGL.O) YouTube, share "hashes," unique numerical
| representations of original pieces of content that have been
| removed from their services. Other platforms use these to
| identify the same content on their own sites in order to review
| or remove it.
|
| As a company to become part of the Global Internet Forum to
| Counter Terrorism, you have to pledge your support to expanding
| from terrorism towards all online extremism. If you can't
| accept that, they will still send a speaker to educate your
| company.
| spoonjim wrote:
| And, just introducing this idea can make the concept real, even
| if Apple cancels this plan tomorrow. Country X could introduce
| a law saying "all companies that sell phones here must scan and
| report for these hashes" and based on recent trends, the
| companies will just roll over and say Uncle.
| 2OEH8eoCRo0 wrote:
| Wrong answer, Apple.
| pembrook wrote:
| This is by far the biggest misstep of Tim Cook's tenure at Apple
| thus far.
|
| If they don't kill this program soon, it's going to overshadow
| the entire upcoming iPhone event, and will follow Apple around
| like a dark cloud for _years._
|
| I can see the headlines now: "New iPhone launches amid massive
| new privacy concerns."
|
| Anytime someone praises Apple for privacy, anywhere on the
| internet, there will be a tidal wave of people bringing up this
| program in rebuttal. From people who would have previously
| defended Apple to the grave!
|
| I cannot fathom how on earth anybody thought this was a good
| idea. It's like taking decades and billions of dollars worth of
| hard won reputation for privacy and throwing it in the garbage at
| the worst possible moment.
| n8cpdx wrote:
| The folks who choose iPhone in part because of a perception of
| relative privacy and respect for the user (like myself) will
| think twice.
|
| My two concerns are that Android as an ecosystem is almost
| certainly still worse, and that the vast majority of users will
| not care.
|
| I'm tempted to jailbreak my devices going forward, although I
| guess the folks at Apple would say that makes me a pedophile.
| amq wrote:
| A backdoor is a backdoor.
| cletus wrote:
| And... Apple misses the point of the criticism completely.
|
| This problem is the capability, not what it's used for. Any such
| capability will be abused by new use cases be it terrorism, drug
| trafficking, human trafficking or whatever. Plus there will
| inevitably be unauthorized access.
|
| The only way to prevent all this is for the system not to exist.
|
| I don't buy into theories that Apple is being pressured or
| coerced on any of this. I believe it's far more likely this is
| just tone-deaf but well-intentioned incompetence. It's classic
| "why won't anyone think of the children?" and we've seen it time
| and time again with encryption backdoors and similar.
|
| The big question for me is how and why Tim Cook and Apple's board
| signed off on a plan to do huge damage to Apple's reputation and
| user trust. If they didn't know, it's a problem. If they knew and
| didn't realize the inevitable backlash, well that's a different
| problem.
| lucasyvas wrote:
| You are completely correct and I find this turn of events
| hilarious. They are onto the bargaining stage of grief.
| k2enemy wrote:
| > This problem is the capability
|
| > The only way to prevent all this is for the system not to
| exist.
|
| I've been having trouble following this argument over the last
| week. Isn't it clear that the capability already exists?
| Whether or not Apple goes through with its CSAM plan, the
| capability is evidently there.
|
| In other words, since Apple is a closed system, the capability
| was there before they announced the CSAM plans. Their
| announcement has changed nothing about capability other than
| reminding people that Apple has privileged access to the data
| on iPhones.
|
| I guess the question is, if Apple does the CSAM program does
| that make them more likely to cave to government pressure to
| search for other things? And to do so without telling users?
| n8cpdx wrote:
| There shouldn't be a single line of code, or single binary
| blob, on my device that can compute these photo DNA hashes.
|
| Apple could always go ahead and add that functionality in an
| update, but then there would be a big backlash and the
| opportunity to not update or switch providers.
| k2enemy wrote:
| Wouldn't users have the ability to not update or switch
| providers if Apple expands the scope of its search beyond
| CSAM?
|
| I guess I don't see the huge difference between the
| surveillance code existing on the phone but not used for
| objectionable purposes versus the line of code sitting in a
| different branch in git and not deployed on actual phones
| (yet).
|
| I'm completely against this move by the way -- not trying
| to defend it. But I want to be able to argue effectively
| against it.
| ipv6ipv4 wrote:
| There is a qualitative difference between tweaking an
| existing code base and coercing a company to dedicate teams
| of tens to hundreds of engineers over years to create a brand
| new code base from scratch.
| heavyset_go wrote:
| > _This problem is the capability, not what it 's used for. Any
| such capability will be abused by new use cases be it
| terrorism, drug trafficking, human trafficking or whatever.
| Plus there will inevitably be unauthorized access._
|
| Apple even says it themselves[1]:
|
| > _This program is ambitious, and protecting children is an
| important responsibility. These efforts will evolve and expand
| over time._
|
| [1] https://www.apple.com/child-safety/
| goodells wrote:
| I can't wait until /child-safety 404s or redirects to /safety
| and there's a wall of marketing blurb (possibly only in
| Chinese at first) that explains how 'national security'
| concerns are reported to the CCP.
|
| This has totally pushed me over the edge, though I'll admit I
| was oblivious to begin with. My plan is to replace the
| MacBooks with a Thinkpad P15 gen 2 running Ubuntu and replace
| the iPhone with something running Ubuntu Touch (Volla Phone,
| Fairphone, OnePlus One). Screw not having control.
| merpnderp wrote:
| That's a smart plan. Apple didn't misunderstand the
| criticism, they just have ulterior motives. It's the only
| rational explanation.
| hypothesis wrote:
| I also note that /child-safety page is only(?) accessible
| from outside search/link. There is no corresponding press
| article. This thing is just floating in the air somehow...
| hef19898 wrote:
| Same here. Just that I'll get rid of MS and Google. That
| means CalyxOS on my Pixel 2 and some version of Linux on my
| private ThinkPad. Once I find time that is, which to be
| honest can take a while. I think the last time I used my
| private laptop was over a month ago. Phone is different,
| but again time constraints. It will happen so.
| nimbius wrote:
| I just have to wonder who green-lit this idea to begin with.
| Every single other company is riding a post-covid tidal wave of
| sales. as WFH becomes a reality for so many workers, apple
| products are positioned to really take center stage for a
| massive segment of consumers...
|
| and then this. Apple intentionally injects uncertainty and
| controversy? what were they thinking?? sure its just phones
| right now but im sure mac users are wondering about
| workstations and laptops? the damage control being spun right
| now is absolutely overwhelming.
|
| im also surprised to see no other players like MS or Google
| rushing to take advantage of the outrage. even players like
| Purism seem to be ignoring the event.
| lethologica wrote:
| How much of an impact do you think this will have on the non
| tech savvy user though? Most people already don't care about
| ad tracking, location tracking, etc. I think your standard
| user will just shrug this off and go "eh, I have nothing to
| hide and it's good for the kids"
| laserlight wrote:
| > The only way to prevent all this is for the system not to
| exist.
|
| I'll go one step further. Apple should have implemented a
| system that makes these kind of backdoors impossible. I don't
| know how or if such a system is possible, but given Apple's
| track record, they are in a position to attempt it.
| finolex1 wrote:
| Unfortunately, I don't think this has been anything more than a
| small blip to Apple's reputation. If I were not on Hackernews
| (like 99+% of Apple users), I would have either not heard or
| given second thought to this move.
| musha68k wrote:
| It's on Reuters and many other news outlets. The press are
| still doing their job for the moment at least.
| busymom0 wrote:
| I think it dominating Reddit for last week might be
| bringing a lot of attention too.
|
| Kind of surprising how tone deaf Apple's response has been
| despite this.
| AnthonyMouse wrote:
| Bad press on tech sites is the _worst_ thing for a tech
| company 's reputation. They're the people other people go to
| when deciding what to buy.
|
| When Uncle Bob asks the family computer engineer about the
| pros and cons of a given platform and hears that one of them
| scans your device and a false positive could get you arrested
| for child pornography, Uncle Bob may develop an aversion to
| that platform.
| kevin_thibedeau wrote:
| > The big question for me is how and why Tim Cook and Apple's
| board signed off on a plan
|
| "Do us a favor or the AG launches an investigation into your
| business practices."
| norov wrote:
| The only explanation that makes sense to me is that they are
| doing huge damage to their reputation and trust for bigger
| reasons. Perhaps there are international or national security
| issues they are told to comply with that are not quite in the
| public view yet.
| heavyset_go wrote:
| Occam's razor says they aren't playing 11th dimensional chess
| and that they just fucked up. It happens.
| frickinLasers wrote:
| "Build this. Don't explain why" is not chess. It would be a
| perfectly logical order from the power structures Snowden
| exposed.
| babesh wrote:
| I wonder what the other countries will be and whether they will
| be disclosed?
|
| My bet is on Canada, UK, Australia, and New Zealand.
|
| https://en.wikipedia.org/wiki/Five_Eyes
| codezero wrote:
| I expect any powerful nation could "share" with a desperate ally
| or otherwise leverage them into adopting the same database,
| creating a false overlap.
| bellyfullofbac wrote:
| Yeah. "Dear debtor countries, the attached file contain hashes
| of new files deemed illegal for the harmonious well-being of
| peoples for this month, please enter them into your databases."
| [deleted]
| paulie4542 wrote:
| Trust lost last week. This doesn't matter.
| tgsovlerkhgsel wrote:
| I wouldn't say "this doesn't matter", I'd say "this makes it
| worse" because they're reaffirming that they want to push
| forward with this despite the criticism.
| newsbinator wrote:
| Of course it matters- if Apple does a 180o reversal I'll
| applaud and buy more Apple products. I _want_ companies to be
| able to acknowledge mistakes unequivocally and fix them.
|
| If Apple says "we heard the backlash, we're sorry, we'll never
| do it again", I'll be more of a supporter than I had been
| before.
|
| Until they do, trust lost.
| firebaze wrote:
| I'm not sure if this addresses the main point. Apple promised
| privacy, as long as you're not violating laws. The most recent
| move changed this: now you're a suspect by default, your photos
| will be scanned even on your local device, and you won't know
| what the criteria are to flag you, since they're hidden from your
| knowledge and you can't defend yourself against that hidden
| criteria.
|
| So what's gotten better by this? In the kindest interpretation,
| you'll be safe from Fascististan's hashes. But what if
| Fascististan has been bribed by China or the US? And so on.
|
| A line which should never have been crossed was crossed.
| cblconfederate wrote:
| lol, so first it's "at least 30 images", then it's "multiple
| nations" (how many? which pairs are allowed?)
|
| Soon your pictures will be subject to a 3-week review period to
| decide whether they 're fit to be scanned
| heavyset_go wrote:
| This does not address the issue of perceptual hash collisions and
| false positives at all, nor does it address the issue of on
| device scanning nor their claim that, according to Apple[1]:
|
| > _This program is ambitious, and protecting children is an
| important responsibility. These efforts will evolve and expand
| over time._
|
| People don't want their property spying on them and reporting
| them to the police. They don't want people looking at their
| photos or thumbnails. It's patronizing, invasive and embarrassing
| to have your privacy violated like that.
|
| [1] https://www.apple.com/child-safety/
| concinds wrote:
| You may be interested in this:
|
| Security Threat Model Review of the Apple Child Safety Features
| [pdf] (apple.com) https://news.ycombinator.com/item?id=28173134
| swiley wrote:
| They're willing to kill the platform over this? What's going over
| there on the west coast?
| ud_0 wrote:
| They know they can essentially wait out the public outcry, plus
| they can even buffer things a little bit by calling their
| critics "confused" and introduce measures that don't address
| anything but sound reasonable to lay persons in an effort to
| distort the conversation.
|
| The platform is not in danger. But if it were, then yes, I
| think they'd still risk it. It's either that or getting shut
| out of markets gradually by law enforcement and governments.
| swiley wrote:
| > It's either that or getting shut out of markets gradually
| by law enforcement and governments.
|
| How come that's not happening to desktop Linux then?
| concinds wrote:
| These stories have been top of HN for more than a week,
| indicating fascination. Yet non-technical mainstream articles
| make the bulk of it, and Apple's just released detailed (and
| convincing) threat report PDF is getting buried. An unfortunate
| recipe that'll solidify misunderstandings and keep the
| conversation much more emotional than it should be.
|
| Security Threat Model Review of the Apple Child Safety Features
| [pdf] (apple.com) https://news.ycombinator.com/item?id=28173134
| tgsovlerkhgsel wrote:
| > solidify misunderstandings
|
| The key issue here is the very concept of "Apple turns your
| iPhone into a snitch", and I haven't seen any misunderstanding
| around that.
| kook_throwaway wrote:
| This perfectly illustrates the problem: the content being scanned
| for can change arbitrarily and on a whim. Gun, meet foot.
| adrr wrote:
| How does that stop a FISA subpoena with a gag order? The system
| exists that any secret government order can exploit.
| ls612 wrote:
| A FISA subpoena or an NSL can only compel Apple to give certain
| types of information that Apple already has. They can't compel
| Apple to gather information they don't already have.
| heavyset_go wrote:
| Check this out[1].
|
| [1] https://en.wikipedia.org/wiki/PRISM_(surveillance_program
| )#/...
| kook_throwaway wrote:
| You have far more faith in a system of secret courts and gag
| orders than I do.
| busymom0 wrote:
| Yep. FBI Lawyer, Kevin Clinesmith gets to lie to the FISA
| court, fabricate emails to get 2-hop warrants and then gets
| zero days in prison and as of this month is allowed to
| practice law again. It's an absolute joke.
| captainredbeard wrote:
| Hahaha an NSL can do more than that.
| adrr wrote:
| That can't be true because the old pen/trap orders required
| installation of a device to record the calls.
| thepasswordis wrote:
| We could probably increase the vaccination rate if we snooped on
| peoples' phones to find out if they are participating in vaccine-
| hesitant behavior, and then rate-limited traffic to websites and
| apps that peddle this dangerous misinformation.
|
| How many people have to lose their lives in the service of some
| pedantic idea of "privacy"? It's a computer looking at it, it's
| not even a human person.
|
| I think tech companies need a hippocratic oath similar to "first
| do no harm". Apple should not be engaging in misinformation
| trafficking, and should at the very least be working to minimize
| harm by preventing people form falling victim to dangerous,
| unsubstantiated, and un-fact-checked information. This is
| especially important when our elected officials use the
| considerable power that has been gifted to them by the people to
| put peoples' lives in danger by spreading dangerous
| misinformation.
|
| What role did apple's inaction on this have in the pandemic? In
| the January 6th insurrectionist's attempt to overturn a
| validated, secure, and duly certified democratic election? What
| role did Apple's inaction play in the attempted kidnapping of the
| governor of Michigan?
|
| By refusing to help, they are partially responsible for these
| things. It's time for us to demand that they do their fair share
| of helping. Inaction is itself an action.
|
| --
|
| This is sarcasm, of course. For how long?
| PierceJoy wrote:
| It was not that long ago that Apple wrote this letter
| https://www.apple.com/customer-letter/.
|
| > Building a version of iOS that bypasses security in this way
| would undeniably create a backdoor. And while the government may
| argue that its use would be limited to this case, there is no way
| to guarantee such control.
| post_break wrote:
| Apple these days is the type of company to make a mistake, think
| they are never wrong, blame anyone but themselves and then change
| a little bit, only for it to go over like a dead balloon. It
| reminds me of the Apple Silicon dev kit. No refunds, ok refunds
| but you have to spend them in a certain time, ok fine you can use
| them for a longer period and for anything.
|
| They are probably completely flabbergasted that people are upset
| about this so they make this change after a week, completely
| missing the point.
| adventured wrote:
| They've been like that since the early days of the company,
| it's core to their culture, which was built by Steve Jobs.
| Apple has always had an elitist snobbery at their center, such
| that if you don't get a thing then you're wrong. That's what
| Think Different is all about, that's a hyper arrogant
| proclamation that could only be spewed out of an elitist never-
| wrong orifice, it's borderline assholic in nature. Part of the
| cult of Apple has always been that attitude, the Apple fans eat
| it up, they love the idea that buying Apple products made them
| feel different (or it used to, before Apple became mainstream),
| made them feel separate from the masses. Steve Jobs points that
| out in the D5 interview in 2007 with Gates, how Apple needs the
| inferior taste of the masses to prime their superiority off of
| (which is another way of saying: they're wrong, we're right).
|
| Go back to their response over the iPhone 4 reception problems
| ("you're holding it wrong"), same asshole culture then as now,
| and that culture has been in place for decades:
|
| https://www.engadget.com/2010-06-24-apple-responds-over-ipho...
| istingray wrote:
| What happened to it being USA only?
|
| This sounds like one of those errors where they double down on it
| and call it a "solution".
|
| Sounds like they're misunderstanding people's concerns pretty
| badly. Sorry if we miscommunicated. Kill this "feature"
| yesterday. Thanks Tim!
| dannyw wrote:
| This is just business. Governments around the world are
| thinking of breaking up the app store, and Apple is saying
| they'll help governments surveil on their citizens inside their
| walled garden. Would be a shame if users can escape from the
| surveillance by choosing alternates outside of the walled
| garden, wouldn't it?
|
| Expect an App Store rule soon - all photos apps must scan for
| CSAM.
|
| In a year, expect Signal to be banned from all app stores, just
| like how it's already banned from some countries.
| treesprite82 wrote:
| USA-only referred to which accounts would be scanned. Whereas
| it's theoretically a good thing to require the CSAM hashes to
| be verified by organisations in multiple countries (rather than
| a single US government-tied organisation that dismissed privacy
| concerns as "the screeching voices of the minority").
|
| I'm hoping for something along the lines of _" iOS will reject
| hashes that haven't been signed by independent organisations in
| US, Russia, China, and India"_ to make it very difficult to
| push through anything except actual CSAM. Won't be much of a
| guarantee if it's just Apple saying _" we promise we're only
| using hashes that have been checked by Australia and the US"_.
| sergiomattei wrote:
| We don't want it pushed back, we want it dead in the water.
| SnowProblem wrote:
| I have a 4" iPhone SE. Love it, but Apple has continued to push
| me away these last four years. I no longer use any other Apple
| products except for this 4-year-old phone. What alternatives are
| there for small phone fans? Sony used to make an Xperia Compact
| that was nice, but I think they discontinued it.
| swiley wrote:
| I think there's an out of tree kernel for the SE. You could
| give PostmarketOS a shot if you have a _lot_ of patience.
| Invictus0 wrote:
| It should be obvious by now that Apple has been coerced into
| building this scanning system, and the CSAM scanning is just the
| front for a much more broad "national security" backdoor. Apple's
| PR team has surely been shitting bricks for the entire week--this
| is the worst PR debacle they've had since the iPhone 4
| Antennagate in 2010.
| istingray wrote:
| Completely agree. A friend of mine asked what was happening,
| and I just said "it's a big deal, biggest thing in a long
| time". Antennagate is a good comparison -- though this seems
| bigger. Impacts of Antennagate long term seemed minimal.
| klipklop wrote:
| Sadly this will likely be little to no impact on Apple long
| term either. I too agree this is coming from the government.
| They have found their loophole of using "private industry" to
| do all the dirty stuff they cannot directly do.
| tgsovlerkhgsel wrote:
| Given that privacy has been what Apple was using as they
| key selling point in their ad campaign, and now they've
| completely subverted that and mainstream media is picking
| it up and people are noticing, I suspect this will impact
| them far more than they expected.
|
| While Apple deserves all the fallout they're getting and
| more, I'm disappointed that the NCMEC that pushed for this
| isn't also receiving more scrutiny and criticism. Multiple
| people have now pointed out that their database contains
| false positives, which is absolutely terrifying. Completely
| legal, harmless, no-nudity-no-humans pictures can get your
| life ruined. The truth coming out later doesn't matter when
| your home gets raided and it slips out that you were caught
| sharing multiple images that matched hashes from the NCMEC
| child porn database.
| musha68k wrote:
| This is way bigger than any RF engineering mishap.
|
| I'm going to actively evangelize alternatives to Apple
| devices and that's coming from someone who has been doing
| Apple evangelizing since OSX Panther days. Tens of thousands
| of dollars of bought devices and services not including all
| the people I convinced to make the switch over the years.
|
| I'm sure I'm not the only one in this regard.
| akomtu wrote:
| Translating from corporatese: "Apple hasn't given up the idea and
| is looking for a better excuse to push their surveillance
| solution."
| schappim wrote:
| With this much bad PR (and Apple hates bad PR), why is Apple
| pretty much holding its position?
| tgsovlerkhgsel wrote:
| They put themselves into a position where backing out is also
| extremely costly.
|
| a) it means they have to publicly admit that what they did was
| a bad idea, which will fuel another news cycle
|
| b) backing out of it will get them criticized for "protecting
| pedophiles", maybe even the NCMEC (who privately praised them
| in the "screeching voices of the minority" memo) will now
| publicly criticize and shame them to get what it wants
|
| c) now that they've put this idea on the table, there will be
| even more government pressure to mandate/implement it. Even if
| they back out of the implementation, just by bringing this
| proposal up, Apple may have just destroyed not just the privacy
| of their users, but of everyone.
| klipklop wrote:
| Because this is likely not about making money, it's about
| expanding surveillance. Once this becomes accepted they can
| ratchet it up bit-by-bit. Each the the outrage will be less and
| less.
|
| For example imagine creating a new tax for 1% of purchases.
| People would be outraged. Now imagine raising sales tax instead
| by 1% (ex 7% to 8%.) Sure some people would be upset, but it
| would be a smaller number than the "new" tax. The reason is
| because people are already used to paying a sales tax. What is
| "normal" is more easily accepted.
|
| If Apple can get past the initial outrage (like when sales tax
| was implemented in many countries in history) they can increase
| the surveillance once scanning local files becomes the "new
| normal".
| bpodgursky wrote:
| The reason Apple actually cares about the feature though is
| probably to maintain sales in China (which will require this
| kind of surveillance soon).
| adventured wrote:
| You can't have a massive new fake war - the War on Domestic
| Terorrism - without ideally having new ways to track and
| surveil anyone (everyone) that is going against the machine
| politically. They need new capabilities and they're
| absolutely going to put them into place, asap. Did you see
| their reaction to the populist Trump circus? The globalists
| viewed it as a mortal threat. Everything they built since WW2
| was in jeopardy as far as they were concerned. Their ability
| to launch more forever wars, endless foreign adventurism,
| obsessive (psychotic) superpower global meddling, all of it
| under threat from rising populism (represented by both Trump
| and Sanders) and a growing rejection of the entirely failed
| decades-long approach by the globalists that has led to the
| US being buried under nearly $30 trillion in debt and
| numerous catastrophic wars. Just look at what these monsters
| are saying publicly on MSNBC, CNN, et al. They're telling
| everybody what they're planning to do, they're putting it
| right out there. Look at their framing: we're going to target
| the domestic population; they're de facto saying that. They
| couldn't be more open about the authoritarian nightmare they
| have in mind. They perceive _their_ system as being under
| risk from populist revolt against them and their agenda, and
| they 're launching a counter offensive (the empire is
| striking back), it's under way right now. Bet on it.
| CommieBobDole wrote:
| The thing that strikes me as most suspicious is their
| insistence on keeping the client-side scanning feature while
| wrapping it in all sorts of supposed restrictions so it's
| essentially server-side scanning, just implemented on the
| client device for some reason.
|
| If the problem is "We need to scan stuff on iCloud for CSAM"
| then "Let's build a client-side scanning agent and distribute
| it to hundreds of millions of devices and figure out a way to
| protect the hashes from the end user and then figure out a way
| to lock it down so it can't be used to scan other things even
| if we wanted to or somebody ordered us to" is a singularly (and
| suspiciously) inelegant solution to the problem.
|
| Just scan the files on your own servers, like everybody else
| does. Anything else is rightly going to make people suspicious
| that you've got some ulterior motive.
| cf499 wrote:
| Maybe they're telling you to run.
| chrischen wrote:
| Potentially something like a national security letter and they
| can't reveal the real reason behind it. I agree this feature is
| off-brand for Apple and came out of the blue.
| underseacables wrote:
| What would happen if Apple reveal the national security
| letter? What's the government going to do, arrest Tim Cook?
| silasdavis wrote:
| Is that consistent with the amount of time this feature took
| to implement?
| vmception wrote:
| Maybe this is the warrant canary
|
| Lets push that idea so allies in the government can go
| looking and void it
| Overton-Window wrote:
| Their handlers have them on a tight leash.
| asteroidbelt wrote:
| This sounds like a conspiracy theory unless you provide more
| explanations with some evidence. For example, who are these
| handlers? What are their motives?
|
| The simplest explanation is usually the correct one. The
| simplest explanation would be some director in Apple wants to
| get promoted to VP so he or she started this project, pitched
| it, and very few people opposed it because who wouldn't to
| prevent harm of children?
| floatingatoll wrote:
| They're convinced that it's worth the benefit to abused
| children to let the tech community vent fears about the world
| at them for a while. I don't really blame them. My views don't
| align with the mob here, so it would be a waste of my time to
| discuss them while y'all are upset and angry about this; best
| just to hold my position, remain silent or reserved, and wait
| for the pitchfork mob to find another target or exhaust itself.
| I'm honestly surprised Apple even commented at all.
| tgsovlerkhgsel wrote:
| > I'm honestly surprised Apple even commented at all.
|
| I think they commented because they expected a brief storm of
| outrage that quickly dies down, but instead it has become a
| growing wave that is spilling into mainstream media, with a
| mostly negative reaction, and threatening to completely
| destroy their "Privacy. That's iPhone" mantra that has been
| the core of their marketing campaign this year.
| grishka wrote:
| It's a policy decision, while the technical one is still there,
| unchanged.
| havelhovel wrote:
| We've known Apple would use sources besides NCMEC since day one.
| This is neither news nor a solution to any of the issues that
| have been raised. From their website on August 5th: "...the
| system performs on-device matching using a database of known CSAM
| image hashes provided by NCMEC and other child safety
| organizations."
| (https://web.archive.org/web/20210805194603/https://www.apple...)
| underseacables wrote:
| Still not good enough. That's like an invading army saying they
| have a "kinder, gentler machine gun hand."
| mikeiz404 wrote:
| Apple's published paper from the article talks generally about
| the CSAM scanning threat protections starting on page 5 here --
| https://www.apple.com/child-safety/pdf/Security_Threat_Model...
|
| Side Note: These protections rely on the client (phone) services
| and their subsequent updates to be implemented correctly and as
| stated for these claims to hold. So trust is inherently required
| in Apple, much like trust is requires in the developer of any
| closed source client which is supposed to enforce security
| guarantees (not that open source guarantees security but it does
| potentially add evidence in its favor). They do state that
| security audits are done.
| fennecfoxen wrote:
| In before China starts diplomatically leaning on "multiple
| nations" to flag dissident imagery for review.
| dkersten wrote:
| So they're still retaining the ability to look on users devices?
| I have nothing against them looking at the abuse material, I have
| a problem with them having power over my device, which could be
| piggy-backed on by state actors (or others) for their own
| purposes later.
|
| Nobody is against them trying to prevent child sexual abuse,
| pretty sure we all agree that fighting that is important, but
| doing so by creating what is essentially a back door of sorts
| into my devices isn't the right approach to doing so.
|
| It sounds to me that this is still allowing them that access, so
| this changes absolutely nothing.
| dwighttk wrote:
| Don't use iCloud photos
| thoughtstheseus wrote:
| Don't use Apple products. The scanning is on device.
| uninformedhn wrote:
| ...if you use iCloud Photos.
|
| How is it day 47 of HN arguing about this and you all still
| can't get basic facts right, and oh boy, you showed me
| downvoting me twice in 60 seconds for pointing out a lack
| of fundamental comprehension of what you're actually upset
| about
|
| This community is obnoxious
| wilkystyle wrote:
| This is as unhelpful as saying "don't have CSAM on your
| phone." As has been reiterated many times, the problem is not
| the capability it is claimed to start off with, it is how the
| capability will be evolved, abused, and exploited as time
| goes on.
| justinzollars wrote:
| You need to read what they are doing. It's on-device
| scanning. You have no privacy or choice. May as well have a
| Facebook Phone.
___________________________________________________________________
(page generated 2021-08-13 23:00 UTC)