[HN Gopher] Bugs in our pockets: the risks of client-side scanning
___________________________________________________________________
Bugs in our pockets: the risks of client-side scanning
Author : azalemeth
Score : 76 points
Date : 2021-10-26 20:24 UTC (2 hours ago)
(HTM) web link (arxiv.org)
(TXT) w3m dump (arxiv.org)
| amatecha wrote:
| Completely agree with the final sentences in their
| conclusion/recommendations:
|
| _" In a world where our personal information lies in bits
| carried on powerful communication and storage devices in our
| pockets, both technology and laws must be designed to protect our
| privacy and security, not intrude upon it. Robust protection
| requires technology and law to complement each other. Client-side
| scanning would gravely undermine this, making us all less safe
| and less secure."_
| snvzz wrote:
| Quite the roster of names behind the article.
| flerchin wrote:
| It's not their device to scan.
| aidenn0 wrote:
| While I don't like client-side scanning, that's overly
| reductive.
|
| "Client side scanning" (both in general, and in the recent
| Apple kerfuffle) is talking about a network client, that will
| be talking to servers that _are_ owned by "them." If they wish
| to enforce rules over what is stored on their server then to
| enforce that right, the only two choices are to disallow E2EE
| or to perform client-side scanning.
|
| Really client-side scanning is only up for debate when E2EE is
| used. The Javascript that checks validity of forms before you
| submit them is a form of client-side scanning, but most of the
| time[1] nobody cares because it's data that you intend to send
| to the server anyways.
|
| 1: Inadvertent pastes into fields that phone-home for e.g.
| autocomplete can reveal otherwise private information, so "most
| of the time"
| a1369209993 wrote:
| > If they wish to enforce rules over what is stored on their
| server
|
| The whole _point_ of end-to-end encryption is that what is
| stored on their server is statistically uniform binary white
| noise. If they wish to enforce that, there are a plethora of
| server-side tools (like the Diehard test suite) with which to
| do so.
| Shish2k wrote:
| You are completely correct from a computer science
| perspective - unfortunately, this is not a computer science
| discussion. As far as the FBI are concerned, "storing
| encrypted child porn on behalf of people with the keys to
| decrypt it" still counts as "storing child porn".
|
| You can disagree with that (and there are many good reasons
| to do so) - but "it's encrypted so it's fine" isn't going
| to convince anybody who matters.
| vondur wrote:
| I agree with you, but if the FBI wanted to serve a
| warrant to search my device, they can compel me to do so.
| Failure to unlock that device could put you into jail
| until you comply with the warrant.
| mulmen wrote:
| This is the part where we need laws to protect privacy.
| This is arguably an overreach by the FBI in the first
| place and if it is legal it shouldn't be.
| aidenn0 wrote:
| It's not even the just FBI; if the majority of your
| competitors claim to prevent child-porn from being stored
| on their servers and you don't, the reputational damage
| is real. Apple doesn't want to be the "Child Porn
| friendly cloud service."
| perihelions wrote:
| But none of these conundrums could exist if Apple had no
| access to the user's device, nor control over the software
| running on it. "Who owns your computer" is still the central
| question; we're just Sapir-Whorfing ourselves around it
| within the implicit language of walled gardens. "Apple owns
| your computer" is the unspoken premise, and it's not
| axiomatic.
|
| Stallman was very, very right.
| aidenn0 wrote:
| There's a huge tangle of things with "Apple owns your
| computer" but I don't think most of it applies to the
| icloud question.
|
| If you wanted to store photos in icloud on a Windows
| machine, you'd be using the Apple icloud client. Apple has
| at least _some_ control over what software they write and
| ship does[1]. They can break 3rd party clients almost at
| will, so if they choose to be hostile to 3rd party clients
| that control is fairly strong.
|
| Arguing over what amount of control Apple should exercise
| over what software runs on a device purchased by a consumer
| is mostly orthogonal to arguing over what amount of control
| Apple should exercise over what software can connect to
| their servers.
|
| 1: On a general purpose machine, debuggers and emulators
| can influence what software does, obviously, so the control
| isn't absolute.
| dylan604 wrote:
| Client side scanning of inappropriate pictures is of content
| you'd ordinarily be sending them as anyways as well. The
| proposal was only to do this if cloud services were/are
| enabled.
| inetknght wrote:
| > Client side scanning of inappropriate pictures is of
| content you'd ordinarily be sending them as anyways as
| well. The proposal was only to do this if cloud services
| were/are enabled.
|
| I have an iPhone. The Photos app keeps telling me that it's
| unable to upload things to iCloud because my account is
| full.
|
| I never turned it on. I never intended to upload _any_
| photos to the cloud.
|
| I haven't signed into my iCloud account for _years_ because
| I don 't use it. Nonetheless, iCloud has a magical way of
| uploading things to something that I've literally never
| used.
|
| Next you'll be arguing that people using Windows should
| have simply turned off online logins if they didn't want
| their Windows computer to phone home. Bullshit, Microsoft
| shoves that shit down people's throats.
|
| So your statement of "you'd ordinarily be sending them as
| anyways as well" is ludicrous. That's deliberately burying
| your head into he sand against the fact that big business
| sets defaults to settings that users often have no idea
| were set or are buried behind huge warnings against turning
| them off.
| dylan604 wrote:
| I've had an iDevice since 2007. I've never signed up for
| the paid iCloud. I get the standard 5GB plan that all
| Apple accounts receive. I have never accidentally
| uploaded a photo to it. I have never enabled it. I don't
| understand how your situation happens as it has never
| happened to me. It makes no sense other than someone
| (maybe you forgot, a significant other, a kid) played
| around with some settings? There's no other explanation
| that makes sense to me.
| inetknght wrote:
| There's nothing better than knowing everything and never
| having to play around with settings to discover what they
| do, never forgetting what you've set your settings to,
| and not having children, family members, or friends do
| the same. There's no way any _reasonable_ person could
| ever have their uploads accidentally turned on without
| their full knowledge and consent so that definitely
| invalidates any reason to argue against the idea that
| client-side scanning is unreasonable because it only
| happens to things that you _wanted_ to upload anyway.
|
| There's definitely no way a new version could patch your
| system and turn something on without your knowledge. No,
| there's absolutely never been a situation where some new
| setting has shown up and you didn't know what it does or
| inspected what it was set to by default. And there's
| absolutely no way you could have restored a backup and
| not had all of your settings transfer over correctly. No,
| there's no way you'll ever turn the setting on and forget
| that it's on when you plug your device into some network.
| And you know you will _never_ be the victim of any
| malicious activity that could screw you over in some way.
| You 've never had some app automatically connect to
| something that you didn't know it could even connect to.
| You'll never have someone else pick up your phone and
| take random pictures or recordings that you don't know
| about because those would _never_ get automatically
| uploaded because, of course, you didn 't turn on that
| setting for yourself. You'll never have to worry about
| your battery going low because you turned on automatic
| uploads and not only did your upload happen but your
| device also scanned your uploads too. You never use your
| phone for work because your work definitely pays for a
| new device for you to use for work.
|
| Gosh it sure is weird hat so many people don't want
| client-side scanning. Scanning your device before
| uploading anything is just a very reasonable thing to do.
|
| /s
| dylan604 wrote:
| I don't want client side scanning, and I don't want the
| cloud. If only wishing made it so.
|
| People not being able to understand the devices they use
| is why devs have gotten us to this point. People are too
| uneducated to do proper back ups, so some enterprising
| people came up with a way to do that for you. Peeps still
| get it wrong. Some other asshats come along and take
| advantage of uneducated people, and do malicious stuff.
| Fuck 'em. We should just end the cloud because we as a
| society can't handle it or the responsibility of
| operating our own equipment. /s
| haswell wrote:
| > _since 2007_
|
| I'm speculating here, but I wonder if part of your
| experience is based on the fact that you're a long time
| user. Features like auto-uploading to Photo Library are
| new, and Apple is generally decent about informing you of
| new features before opting in.
|
| Brand new account setups are a different story. You're
| encouraged to use all of the latest/greatest stuff (and
| why not, current topic notwithstanding?).
|
| Bottom line: it's extremely easy for an average user to
| start uploading their stuff without really realizing it.
| dylan604 wrote:
| Maybe. I'm very anti-cloud from the first moments I ever
| heard of it and saw the first puffy shapes in slide
| decks. I don't trust it. It's not in my control and I
| don't know who does control it. That scares the bejeebus
| out of me.
|
| I'm not the unsuspecting dupe that devs are targeting to
| get a new user tricked into something. I'm very much
| aware of the shenanigans devs try and pay attention to
| that shit from the go.
|
| Having said that, I do read the crap and choose no where
| necessary. People just haphazardly pressing okay to get
| to new shiny almost deserve whatever they've agreed to. I
| say almost because these dialogs can be worded like "Vote
| No for Yes" kind of BS.
|
| If you're one of the asshat devs FUCK YOU for making this
| a thing we even have to discuss in the first place. Edit:
| Royal You Devs
| nitrogen wrote:
| _Bullshit, Microsoft shoves that shit down people 's
| throats._
|
| As an example of this, I never once opted into any kind
| of data sharing, set telemetry to the lowest allowed
| setting, and don't remember ever signing into a system-
| wide Microsoft account, yet when I eventually discovered
| deeply hidden privacy options I found that my MS account
| had a log of every single application I had ever used on
| my W10 laptop.
| haswell wrote:
| A significant number of concerns aren't about the feature
| as proposed by Apple, but the slippery slope it creates.
| fsflover wrote:
| More about this slippery slope:
| https://news.ycombinator.com/item?id=28309202.
| jt_thurs_82 wrote:
| According to the TOS and their enforced end to end control of
| binaries and user actions, it is. Oops.
___________________________________________________________________
(page generated 2021-10-26 23:00 UTC)