[modernerd]

No, but the person who sent that message could get in trouble.

In the case you linked to the person was reported for sending email to a friend with attached CSAM, not for receiving it.[1]

Apple's system scans images client-side if they're due to be uploaded to iCloud. That process can happen without user consent or action. For example, WhatsApp and other messaging apps save images to photos, which are auto-synced to iCloud. (If you use WhatsApp and iCloud you'll find your Photos section full of memes from WhatsApp group chats when you log in at icloud.com, for example. This was a surprise to me at first.)

So the risk of malice seems higher with Apple's system than with the long-running PhotoDNA implementations backing Gmail/Google Drive/OneDrive etc.

Gaining access to someone's email and sending attached CSAM is likely to cause them more issues than receiving it. But that's harder because you need their login info and not just their email address/phone number, which is all that an attacker potentially requires to trigger action from Apple's automated scans.

[1]: https://nakedsecurity.sophos.com/2014/07/31/google-tips-off-...

> The investigation was apparently sparked by a tip-off sent by Google to the National Center for Missing and Exploited Children, after explicit images of a child were detected in an email he was sending.

[GeekyBear]

> No, but the person who sent that message could get in trouble.

Is there some reason to imagine the person sending the message couldn't do so with burner email accounts or by abusing open/vulnerable email servers?

Has Google suddenly prevented spam from landing in your spam folder without anyone noticing?

It's much simpler to send email than it is to take control of someone's device.

[modernerd]

Right, the sender isn’t going to use their own email address in an attempt to incriminate you. My point was that receiving material by email from a stranger doesn’t make you liable for its contents (unless there is a record of you requesting the content). It makes the sender liable (if they can be traced).

Apple’s approach does not seem to provide the same safeguard. Your account will be flagged for review if there are n flagged images destined for upload on your device. The description of the process does not mention if or how provenance or intent to receive those images is established.

[Clubber]

I mean you think that would be how it works, but say a system found the image stored in your mail's temp directory and notified the police, do you think they would be that interested in finding the person who sent it, or do you think they would think, "You had kiddie porn on your phone, that's against the law. 30 years." Win.

[ant6n]

Is there even a way to get iCloud or Google photos on the iPhone to only upload photos taken with the camera, to not spam one's photo account with chat garbage?

I was trying to figure out a way, but got side tracked on the issue, then my phone got stolen and I lost a bunch of family/baby pictures (thanks Google/apple).

[modernerd]

WhatsApp has a setting you can disable:

Settings → Chats → Save to Camera Roll

Not sure about other messaging apps.

[jxdxbx]

Google Photos are also scanned. Just after they're uploaded.