[HN Gopher] Bugs in our pockets: the risks of client-side scanning ___________________________________________________________________ Bugs in our pockets: the risks of client-side scanning Author : azalemeth Score : 76 points Date : 2021-10-26 20:24 UTC (2 hours ago) (HTM) web link (arxiv.org) (TXT) w3m dump (arxiv.org) | amatecha wrote: | Completely agree with the final sentences in their | conclusion/recommendations: | | _" In a world where our personal information lies in bits | carried on powerful communication and storage devices in our | pockets, both technology and laws must be designed to protect our | privacy and security, not intrude upon it. Robust protection | requires technology and law to complement each other. Client-side | scanning would gravely undermine this, making us all less safe | and less secure."_ | snvzz wrote: | Quite the roster of names behind the article. | flerchin wrote: | It's not their device to scan. | aidenn0 wrote: | While I don't like client-side scanning, that's overly | reductive. | | "Client side scanning" (both in general, and in the recent | Apple kerfuffle) is talking about a network client, that will | be talking to servers that _are_ owned by "them." If they wish | to enforce rules over what is stored on their server then to | enforce that right, the only two choices are to disallow E2EE | or to perform client-side scanning. | | Really client-side scanning is only up for debate when E2EE is | used. The Javascript that checks validity of forms before you | submit them is a form of client-side scanning, but most of the | time[1] nobody cares because it's data that you intend to send | to the server anyways. | | 1: Inadvertent pastes into fields that phone-home for e.g. | autocomplete can reveal otherwise private information, so "most | of the time" | a1369209993 wrote: | > If they wish to enforce rules over what is stored on their | server | | The whole _point_ of end-to-end encryption is that what is | stored on their server is statistically uniform binary white | noise. If they wish to enforce that, there are a plethora of | server-side tools (like the Diehard test suite) with which to | do so. | Shish2k wrote: | You are completely correct from a computer science | perspective - unfortunately, this is not a computer science | discussion. As far as the FBI are concerned, "storing | encrypted child porn on behalf of people with the keys to | decrypt it" still counts as "storing child porn". | | You can disagree with that (and there are many good reasons | to do so) - but "it's encrypted so it's fine" isn't going | to convince anybody who matters. | vondur wrote: | I agree with you, but if the FBI wanted to serve a | warrant to search my device, they can compel me to do so. | Failure to unlock that device could put you into jail | until you comply with the warrant. | mulmen wrote: | This is the part where we need laws to protect privacy. | This is arguably an overreach by the FBI in the first | place and if it is legal it shouldn't be. | aidenn0 wrote: | It's not even the just FBI; if the majority of your | competitors claim to prevent child-porn from being stored | on their servers and you don't, the reputational damage | is real. Apple doesn't want to be the "Child Porn | friendly cloud service." | perihelions wrote: | But none of these conundrums could exist if Apple had no | access to the user's device, nor control over the software | running on it. "Who owns your computer" is still the central | question; we're just Sapir-Whorfing ourselves around it | within the implicit language of walled gardens. "Apple owns | your computer" is the unspoken premise, and it's not | axiomatic. | | Stallman was very, very right. | aidenn0 wrote: | There's a huge tangle of things with "Apple owns your | computer" but I don't think most of it applies to the | icloud question. | | If you wanted to store photos in icloud on a Windows | machine, you'd be using the Apple icloud client. Apple has | at least _some_ control over what software they write and | ship does[1]. They can break 3rd party clients almost at | will, so if they choose to be hostile to 3rd party clients | that control is fairly strong. | | Arguing over what amount of control Apple should exercise | over what software runs on a device purchased by a consumer | is mostly orthogonal to arguing over what amount of control | Apple should exercise over what software can connect to | their servers. | | 1: On a general purpose machine, debuggers and emulators | can influence what software does, obviously, so the control | isn't absolute. | dylan604 wrote: | Client side scanning of inappropriate pictures is of content | you'd ordinarily be sending them as anyways as well. The | proposal was only to do this if cloud services were/are | enabled. | inetknght wrote: | > Client side scanning of inappropriate pictures is of | content you'd ordinarily be sending them as anyways as | well. The proposal was only to do this if cloud services | were/are enabled. | | I have an iPhone. The Photos app keeps telling me that it's | unable to upload things to iCloud because my account is | full. | | I never turned it on. I never intended to upload _any_ | photos to the cloud. | | I haven't signed into my iCloud account for _years_ because | I don 't use it. Nonetheless, iCloud has a magical way of | uploading things to something that I've literally never | used. | | Next you'll be arguing that people using Windows should | have simply turned off online logins if they didn't want | their Windows computer to phone home. Bullshit, Microsoft | shoves that shit down people's throats. | | So your statement of "you'd ordinarily be sending them as | anyways as well" is ludicrous. That's deliberately burying | your head into he sand against the fact that big business | sets defaults to settings that users often have no idea | were set or are buried behind huge warnings against turning | them off. | dylan604 wrote: | I've had an iDevice since 2007. I've never signed up for | the paid iCloud. I get the standard 5GB plan that all | Apple accounts receive. I have never accidentally | uploaded a photo to it. I have never enabled it. I don't | understand how your situation happens as it has never | happened to me. It makes no sense other than someone | (maybe you forgot, a significant other, a kid) played | around with some settings? There's no other explanation | that makes sense to me. | inetknght wrote: | There's nothing better than knowing everything and never | having to play around with settings to discover what they | do, never forgetting what you've set your settings to, | and not having children, family members, or friends do | the same. There's no way any _reasonable_ person could | ever have their uploads accidentally turned on without | their full knowledge and consent so that definitely | invalidates any reason to argue against the idea that | client-side scanning is unreasonable because it only | happens to things that you _wanted_ to upload anyway. | | There's definitely no way a new version could patch your | system and turn something on without your knowledge. No, | there's absolutely never been a situation where some new | setting has shown up and you didn't know what it does or | inspected what it was set to by default. And there's | absolutely no way you could have restored a backup and | not had all of your settings transfer over correctly. No, | there's no way you'll ever turn the setting on and forget | that it's on when you plug your device into some network. | And you know you will _never_ be the victim of any | malicious activity that could screw you over in some way. | You 've never had some app automatically connect to | something that you didn't know it could even connect to. | You'll never have someone else pick up your phone and | take random pictures or recordings that you don't know | about because those would _never_ get automatically | uploaded because, of course, you didn 't turn on that | setting for yourself. You'll never have to worry about | your battery going low because you turned on automatic | uploads and not only did your upload happen but your | device also scanned your uploads too. You never use your | phone for work because your work definitely pays for a | new device for you to use for work. | | Gosh it sure is weird hat so many people don't want | client-side scanning. Scanning your device before | uploading anything is just a very reasonable thing to do. | | /s | dylan604 wrote: | I don't want client side scanning, and I don't want the | cloud. If only wishing made it so. | | People not being able to understand the devices they use | is why devs have gotten us to this point. People are too | uneducated to do proper back ups, so some enterprising | people came up with a way to do that for you. Peeps still | get it wrong. Some other asshats come along and take | advantage of uneducated people, and do malicious stuff. | Fuck 'em. We should just end the cloud because we as a | society can't handle it or the responsibility of | operating our own equipment. /s | haswell wrote: | > _since 2007_ | | I'm speculating here, but I wonder if part of your | experience is based on the fact that you're a long time | user. Features like auto-uploading to Photo Library are | new, and Apple is generally decent about informing you of | new features before opting in. | | Brand new account setups are a different story. You're | encouraged to use all of the latest/greatest stuff (and | why not, current topic notwithstanding?). | | Bottom line: it's extremely easy for an average user to | start uploading their stuff without really realizing it. | dylan604 wrote: | Maybe. I'm very anti-cloud from the first moments I ever | heard of it and saw the first puffy shapes in slide | decks. I don't trust it. It's not in my control and I | don't know who does control it. That scares the bejeebus | out of me. | | I'm not the unsuspecting dupe that devs are targeting to | get a new user tricked into something. I'm very much | aware of the shenanigans devs try and pay attention to | that shit from the go. | | Having said that, I do read the crap and choose no where | necessary. People just haphazardly pressing okay to get | to new shiny almost deserve whatever they've agreed to. I | say almost because these dialogs can be worded like "Vote | No for Yes" kind of BS. | | If you're one of the asshat devs FUCK YOU for making this | a thing we even have to discuss in the first place. Edit: | Royal You Devs | nitrogen wrote: | _Bullshit, Microsoft shoves that shit down people 's | throats._ | | As an example of this, I never once opted into any kind | of data sharing, set telemetry to the lowest allowed | setting, and don't remember ever signing into a system- | wide Microsoft account, yet when I eventually discovered | deeply hidden privacy options I found that my MS account | had a log of every single application I had ever used on | my W10 laptop. | haswell wrote: | A significant number of concerns aren't about the feature | as proposed by Apple, but the slippery slope it creates. | fsflover wrote: | More about this slippery slope: | https://news.ycombinator.com/item?id=28309202. | jt_thurs_82 wrote: | According to the TOS and their enforced end to end control of | binaries and user actions, it is. Oops. ___________________________________________________________________ (page generated 2021-10-26 23:00 UTC)