[newbamboo]

No, someone can still attack you by creating an iCloud account and pushing cp. There is no way to mitigate such an attack after purchasing an apple device as far as I can tell. And, apple pretends their devices are secure so they have incentive to not discover compromised devices (as if they could) even though it’s clearly a problem with Pegasus and probably many other non-consumer grade exploits. I think the only answer is a phone that cannot back up to the cloud at all. Which is what I suppose I have to shop for now. Hopefully this attack hits some senator or apple exec first. I don’t want to backup my phone, and at this point I don’t want a camera or location services. I want security which apple no longer offers.

[camillomiller]

>No, someone can still attack you by creating an iCloud account and pushing cp. There is no way to mitigate such an attack after purchasing an apple device as far as I can tell.

Could you elaborate? Totally unclear to me what kind of attack you're talking about.

[kemayo]

I think they're saying that if someone can completely hack your phone so as to have remote control of it, they can sign you up for an iCloud account and add CSAM to it.

This seems... implausibly convoluted. If you have full remote control of someone's phone, Apple or not, you could do all sorts of incriminating things "as them", and I don't think Apple's new system noticeably increases your risk from this.

[realce]

Like what? Buy illegal fireworks online?

It would take the flick of a switch for someone to ruin your life for a crime you could never explain yourself out of. Nobody will ever believe that you were framed because that means other convicted predators could also have been framed. As soon as your name hits an index-able news article, guilty or not, your life is over.

This is a blackmail machine.

[kemayo]

Well, the obvious option if you've subverted someone's phone so you can do whatever you want with it, and have access to illegal stuff, would be to store it on the phone and submit anonymous tips about the person to the police. Or upload it to random image-sharing websites, or Facebook, or email it to their coworkers with some "I found this on X's phone and thought you should know" note attached, or whatever.

I'm just saying that actually getting the attention of authorities is the most trivial part of this suggested attack. Apple's new stuff is a vector for that, sure, but anyone who is in a position to exploit it could easily do so in other ways as well.