[hughrr]

This is why I just noped the fuck out of the Apple ecosystem. I won’t support anything which relies on opaque blacklisting to ruin lives.

In this example as well on iCloud shared galleries you can upload to other people’s ones you have been invited to. What could possibly go wrong?

[heavymark]

Who did you switch to? As I assume you are aware Google has already been doing this as well as Facebook. Apple was simply the last of those to start doing it. Facebook reported 20 million instances of csam to ncmec last year alone.

[zabatuvajdka]

Who says you need any of the above? Cloud storage is overrated. When is the last time you lost files? I have stuff from an old lexar jump drive early 2000s doing just fine.

For more sensitive materials back up when the data changes and store in a disaster proof safe.

I think the fear of losing things is a problem. People take so many photos anyway and who even looks at all of them? Memories are great and we should cherish them but… this is one of those cases where folks don’t need to rely on big tech.

[dahfizz]

Or, just encrypt your files before sending them to sit on someone else's server.

[14]

Gasp, are you saying anyone worried about getting caught simply could encrypt their photos first and this system won’t work? So an extra step for the bad guy, a system that is invasive for all users, and a system that is easily avoided by the bad guy. What are you doing Apple, this feels like a cheating partner here.

[camillomiller]

Then in this case you could still use an Apple device, considering that if you don't use iCloud Photos, there's no scanning on your device anyway. I think that radical stances and refusing a dialogue, albeit critical, it's something that in this case won't really go anywhere.

[newbamboo]

No, someone can still attack you by creating an iCloud account and pushing cp. There is no way to mitigate such an attack after purchasing an apple device as far as I can tell. And, apple pretends their devices are secure so they have incentive to not discover compromised devices (as if they could) even though it’s clearly a problem with Pegasus and probably many other non-consumer grade exploits. I think the only answer is a phone that cannot back up to the cloud at all. Which is what I suppose I have to shop for now. Hopefully this attack hits some senator or apple exec first. I don’t want to backup my phone, and at this point I don’t want a camera or location services. I want security which apple no longer offers.

[camillomiller]

>No, someone can still attack you by creating an iCloud account and pushing cp. There is no way to mitigate such an attack after purchasing an apple device as far as I can tell.

Could you elaborate? Totally unclear to me what kind of attack you're talking about.

[kemayo]

I think they're saying that if someone can completely hack your phone so as to have remote control of it, they can sign you up for an iCloud account and add CSAM to it.

This seems... implausibly convoluted. If you have full remote control of someone's phone, Apple or not, you could do all sorts of incriminating things "as them", and I don't think Apple's new system noticeably increases your risk from this.

[zionic]

Nope, Apple announced this tech is coming to 3rd party apps via API.

iCloud was just the start, it wasn't the end.

[samrolken]

Source?

[x2r]

https://www.macrumors.com/2021/08/09/apple-child-safety-feat...

[vineyardmike]

Most HN crowd presumable isn't actually worried about CSAM detection itself - its the local-side scanning where you lose control over your own hardware.

[hughrr]

Exactly that.

[ipaddr]

Why would you use any of these ?

[hughrr]

Linux, dumbphone (sms/calls only) Fastmail, no other cloud services.

I’ve been on the verge of doing this for a few years so had my exit strategy well planned.

[Odenwaelder]

What did you switch to? Google? Are they handling this issue any better? Or are you using a dumbphone?

[dmm]

Android without google services, using lineageos or calyxos.

[gary17the]

There's also GrapheneOS, which excludes Google APIs completely and is additionally hardened down to its memory allocation implementation, at the cost of performance and app compatibility[1].

[1] "GrapheneOS vs CalyxOS ULTIMATE COMPARISON (Battery & Speed Ft. Stock Android & iPhone)", https://www.youtube.com/watch?v=7iS4leau088

[dmm]

> which excludes Google APIs completely

lineageos and calyxos should as well, unless you opt-in. I guess they would still use the google captive portal detection? Is that what you're referring to?

> and is additionally hardened down to its memory allocation implementation

That's really interesting. Do you use GrapheneOS? Is it easy to lock the bootloader on Pixel devices?

[Odenwaelder]

How well does this work as a daily driver? I heavily rely on my smartphone.

[the_third_wave]

It is just Android minus the nosy bits, it works just fine. I've used AOSP-derived distributions since 2011 and never felt I was missing out on anything, au contraire. Longer battery life, no ads, no spying other than through the radio firmware (which is part of all devices from all manufacturers using all operating systems [1]), no nonsense.

[1] I seem to remember that RIM (of Blackberry fame) made devices which used combined radio and systems firmware so those would be an exception to this rule

[dmm]

It's all I've ever used. I think it works great but I think your experience will depend heavily on your expectations.

I don't use any proprietary apps and only install them from fdroid or build them myself.

But if you do, you're going to have a different experience. Let's say you want to run Whatsapp. From what I can tell you basically have three options:

1) Install google apps.

When you install your rom you will also download a gapps bundle and install it. This will be a very vanilla android experience but with the ability to uninstall whatever you want, root, etc. You can open the play store and install Whatsapp. Everything should work OOTB. However you're running all of the google service including google play services, so privacy-wise this is not significantly different than stock android.

2) Install microg

When you install your rom you can also install microg. This is an install time option in Calyxos. Microg replaces many of the google apis. You can install Whatsapp through Aurora store, which can install apps from the play store. Whatsapp will use the microg FCM implementation. FCM is google's notification service. It allows your phone to make a single persistent connection to receive notifications, allowing for better battery efficiency b/c you don't have many apps activating the radio. FCM just communicates that an app has a notification, it doesn't carry the contents of the message. Unlike play services, microg registers the FCM connection with an anonymous.

So google knows your device is running whatsapp and when you get notifications, but not what they are.

3) No gapps / no microg

Don't do either of the above. You won't get push notifications with whatsapp. Many free/libre apps have alternative notification schemes involving separate persistent connections. This is less power efficient but works without involving google. I use Signal and Element like this and my battery still lasts >24 hours.

Several developments

[npteljes]

I use it as a daily driver for 2+ years now (LineageOS without gapps, or even microg). I use the f-droid store for my app needs, and the occasional proprietary app I download with Aurora store, or use whichever APK hosting site seems the least shady. I sometimes use MS Teams - complains on each start about needing the G framework, but works just fine regardless. Or, I played another game that had in game purchase, and it worked fine until I opened the in-game store, when it froze. Otherwise perfectly playable.

From the f-droid store I use a ton of apps, games, mostly utilities. For navigation I like Organic Maps.

[bogomipz]

Could you or someone else say what are the better options in terms of hardware for this setup? Pinephone?

[dmm]

The Google Pixel phones are the easiest to run alternative Android roms on because Google provides the sources and allow you to unlock the bootloader.

They also pay Qualcomm more so you can re-lock the bootloader.

The Pinephone is great but it's most appropriate for developers interested in linux phones at this time.

[foobar33333]

None of the systems current or proposed scan local files. They all work on cloud storage. You could not use icloud and none of this change would affect you. Also I don't believe anything in icloud is encrypted so they could have scanned it at any time.

[least]

On device hash generation is 'scanning local files.' The fact that this process is only initiated by being flagged to being uploaded to iCloud doesn't change the fact that it is being done on-device, and increases the capacity for surveillance significantly.

[loopdoend]

Yup. Good luck telling repressive regimes that the technology doesn’t exist. How is the hash list to be trusted, especially in foreign countries? Who will be reviewing the images in foreign countries?

[ursugardaddy]

A smartphone is not a requirement for life.

[Odenwaelder]

Neither is a car or a dishwasher. Yet, they are convenient to have.

[hughrr]

Correct. Totally agree. It’s a convenience at most.

[themaninthedark]

Nither is Air Travel. And we had the same arguments after 9/11 about the No Fly List and possible abuses. And the same reassurances.

Guess what?

Everyday people who didn't want to become informants:

https://www.cnn.com/2014/09/11/opinion/hu-shamas-no-fly-list...

https://www.nytimes.com/2020/02/24/us/supreme-court-case-no-...

https://ccrjustice.org/home/press-center/press-releases/laws...

>The lawsuit is brought on behalf of four American Muslim men with no criminal records who were approached by the FBI in an effort to recruit them as informants. Some of our clients found themselves on the No Fly List after refusing to spy for the FBI, and were then told by the FBI that they could get off the List if they agreed to become informants. Our other clients were approached by the FBI shortly after finding themselves unable to fly and were told that they would be removed from the List if they consented to work for the FBI.

Journalists

https://www.cnn.com/2008/US/07/17/watchlist.chertoff/index.h...

>A House representative said Thursday she is requesting an investigation after learning a CNN reporter was put on the federal no-fly list shortly after his investigation of the Transportation Security Administration.

Whistleblowers

https://www.latimes.com/archives/la-xpm-2010-apr-27-la-oe-ra...

https://whistleblower.org/in-the-news/buffalo-news-governmen...

>In my case, I started having trouble flying after I blew the whistle in the case of “American Taliban” John Walker Lindh, the first terrorism prosecution in the United States after Sept. 11. As the Justice Department ethics attorney in that case, I inadvertently learned that my e-mail records had been requested by the court. When I tried to comply, I found that the e-mails, which concluded that the FBI committed an ethics violation during its interrogation of Lindh, had been purged from the file. I managed to recover them from the bowels of my computer archives, gave them to my boss and resigned. I also took home copies in case they “disappeared” again. Eventually, in accordance with the Whistleblower Protection Act, I turned them over to the media when it became evident that the Justice Department withheld them from the court.

[jstx1]

Maybe wait to see how it's implemented and how it works first?

I really think that the HN crowd is having a giant knee-jerk reaction to all of this.

[roenxi]

It isn't exactly a knee jerk; it has been quite likely that this sort of thing would happen sooner or later.

This is just a great point for if anyone is going to do anything. Apple is going to start scanning my phone looking for reasons to put me in jail. I don't want my phone's CPU time spent looking for reasons to imprison me and I don't want to be funding it either. This system will make mistakes.

[nathanaldensr]

Exactly. Despite countless occurrences of automated systems getting things wrong--there is no such thing as AI, remember, just fallible developers and their fallible formulae--somehow the naive continue to trust in these systems. It's insane, and those of us who do know how insane it is are left to pay the price for the naivete.

[bilekas]

Its harder to take back policies like this than it is to object and get them stopped initially.

Also people have a habit of 'forgetting' about it later. Until stories of how it is misused are found. And then it's another attack vector we need to be conscious of.

[ElFitz]

And that’s how France still has VAT & revenue taxes.

Revenue tax? Have to pay for that expensive WWI war effort, you understand? For all the good it did.

Same with the VAT. Have to rebuild after WWII, you understand.

We also have an "Exceptional and Temporary Contribution" (CET), recently renamed to "Technical Equilibrium Contribution" (still CET. Smart one, that one).

A funny one, for a change?

When the Germans invaded in WWII, they changed France's timezone to theirs. After the war, we still called it "the German time". There were talks of going back for a few years…

Guess who still has noon at 2pm in the summer, decades later?

Change, no matter how ridiculously small or sensical, even when nobody benefits from the status quo (ie the damn timezone) is horrendously difficult.

Thus one should always assume that once it’s here, whatever "it" is, it’s here to stay.

[candiodari]

There is still one constant: how the state system cares for victims of child abuse is still the same as in WW2.

https://www.kansascity.com/news/special-reports/article23820...

You would think money would go into the "backend": caring for kids where the state is responsible for everything BEFORE more money goes into the frontend: finding more kids to throw into the hellhole that is child services.

Without the "backend" being in order and working well, raising well-educated, stable kids, the frontend is completely immoral. "Saving" kids from abuse, only to throw them into a slightly different kind of abuse ... if any person did that (e.g. a guy marrying a woman (or I guess vice-versa) with that resulting in that person abusing their new spouse's kids) would be considered a despicable crime. Somehow child services, who do the exact same thing (and they use violence to do it) is not a despicable crime.

Somehow just because the state does it, makes such things all a-okay.

But frankly this is merely the hole in the justification, all this should merely tell you one thing: any government that doesn't work hard to fix the child services backend does not have children's interests at heart when making these sorts of laws (and mostly they're making budget cuts in the backend, of course). Because fundamentally these laws throw children into the child services system. THAT is the real effect these efforts have on the actual children behind this. THAT is what is meant by "saving kids".

And if that system is full of abuse, how is that any better than what paedophiles do? It's not.

Which means the state is not attempting to help abused or disadvantaged children. In fact, they're doing the opposite.

[wutbrodo]

> We also have an "Exceptional and Temporary Contribution" (CET), recently renamed to "Technical Equilibrium Contribution" (still CET. Smart one, that one).

This is amazing

[ElFitz]

Oh, there’s a lot more where that came from.

Just an example. During a heatwave some summer over a decade ago, many elderly people died.

So what did the government do? They instituted a "day of solidarity", of course!

What does it mean? If you are salaried, then you get to work an extra day, during a holiday of your company’s choosing, and not be paid. The day’s salary will go to a public fund dedicated to helping promote the autonomy of elderly people. And your employer gets an extra day of employees supposedly producing value out of it.

Many people instead take the day, either on their paid leave or their Work Time Reduction days (RTT).

That’s on top of all the other social "contributions" (sounds better than taxes), of course.

Payslips used to be quite funny to decipher[1][2]. They’ve simplified those a bit since then; mostly by regrouping items[3].

[1]: http://cdn-s-www.ledauphine.com/images/F9FED7FA-778E-40CA-8F...

[2]: https://cap.img.pmdstatic.net/scale/http.3A.2F.2Fprd2-bone-i...

[3]: http://s-www.ledauphine.com/images/39A7BC0B-D6E2-456D-800D-5...

[sneak]

Devices betraying their owner to serve a remote master in ways the owner does not consent to is abhorrent, regardless of the purpose of such spying.

[tpush]

Presumably you consent by turning on iCloud Photo Library.

[sneak]

This will happen with or without iCloud; the photos in iCloud are already not end to end encrypted and could easily be scanned on the server side because Apple can read all of them today.

The only reason to do this clientside when the data is already readable on the server is to do it to images that aren't hitting the cloud.

[tpush]

> This will happen with or without iCloud;

You don't know that.

> The only reason to do this clientside when the data is already readable on the server is to do it to images that aren't hitting the cloud.

Or to eventually e2e encrypt all of iCloud. Or because Apple doesn't want to decrypt images server-side if they don't have to. Etc.

But the point is that currently, only photos that will be uploaded to iCloud Photo Library will be scanned. Making definitive points about possible future scenarios isn't particularly insightful, especially because the current system isn't much of a precondition of those scenarios.

[sneak]

None of this is happening "currently"; both of these claims are speculation about future changes based on Apple's statements.

Apple has made 3 announcements and released one research paper and held a press conference. Now we have to reconstruct what is likely going to be the truth from their carefully crafted statements.

[jstx1]

> Devices betraying their owner to serve a remote master

This is the type of dramatic over-the-top reaction that I'm talking about.

[sneak]

It's an accurate and objective description of the situation; there is no opinion involved. If you think facts are over the top, perhaps the situation is actually outrageous.

[dzhiurgis]

I this is sarcasm?

[sneak]

No, I am sincere.

[hughrr]

Yes I’m fully aware of all the flaws in the technical, ethical and political arenas.