Apple inspects every file on the local device Before its uploaded. It’s just pinky promise only matched with the on device database when an upload is intended.
Apple controls the hardware, software, and cloud service. It was always a pinky promise that they wouldn't look at your files. I don't know why we should doubt that pinky promise less today than we did a month ago.
They don't control the database used, any country can thru legal means attach additional hashes for search and reporting.
Apple has already proven it will concede to China's demands.
They are building the worlds most pervasive surveillance system and when the worlds governments come knocking to use it ... they will throw their hands up and feed you the "Apple complies with all local laws etc.."
Do any of the other companies control the database of hashes they use? A government could have already done what you’re suggesting but I can’t find a source where this has been the case.
They can upload any software to iPhones that they want. They may not create the database of hashes, but they can choose whether their software uses that database.
They control what goes into the on-device database that is used.
>The on-device encrypted child abuse database contains only data independently submitted by two or more child safety organizations, located in separate jurisdictions, and thus not under the control of the same government
It's bizarre to me that people are freaking out about governments adding client side hashes but no concern that they could be doing server side checks.
Have you tried disabling various iCloud features? Disabling iCloud is incredibly buggy.
I tried disabling iCloud keychain and it just flips back on. Sometimes it asks for a login first. Sometimes it shows a cancel/continue modal. Either way, it magically flips back on. No error message.
I tried backing up my device to my hard drive (with Photos already on iCloud) and it kept complaining that there wasn’t enough space. It throws error message after warning message that your content will be deleted. It created additional copies of my photos each time my phone synced.
To properly back up, I had to copy the photos directory to an external hard drive, delete the original, mark the external hard drive one as the system one and then finally free up enough space to back up. iCloud and the device backup weren’t smart enough to free up space for my backup. In fact, I first backed up all my photos to iCloud first because they said that it would free up space on my hard drive as necessary. LOL.
BTW, iCloud keychain is still on for me. Fuck Apple.
Should they even be doing that though? It seems like a matter of time before it's possible to SWAT somebody by sending them a series of hash colliding image files given how not cryptographically secure the hash algorithm is.
I think I'm not the only one who'd rather not have my devices call the cops on me in a country where the cops are already way too violent.
But this doesn't change any of that. It only changes whether the scanning happens on your device as part of the upload process instead of on the server after the upload.
Ethics aside, on-device scanning has the benefit of Constitutional protection, at least in the USA. Any attempt by the Government to compel Apple to expand the on-device searching of privately owned devices to find other things would be a clear-cut 4th Amendment violation.
You could already just send them CSAM. That is a lot easier than finding a hash collision that also appears to be illegal content when downscaled and viewed by a human.
The human review phase is supposed to explicitly prevent that. Im not sure I would but my faith there, especially if its a flood of colisions and they are rated/paid on case clearance rate.
Further, this is step 1 of a process they have explicitly said they are looking to expand on [1], even going as far to state it in bold font with a standout color.
So theres no telling that they wont expand it by simply scanning everything, regardless of icloud usage, or pivot it to other combat "domestic terrorism" or "gun violence epidemics" or whatever else they feel like.
Its an erosion of trust, even if not a full stop erosion, its something they intend to expand upon and wont be taking back.
What is "this promise"? Because I would consider it "we will only scan files that you upload to iCloud". That was true a month ago and that would be true under this new system. The only part that is changing is that the scanning happens on your device before upload rather than on an Apple server after upload. I don't view that as a material difference when Apple already controls the hardware and software on both ends. If we can't trust Apple to follow their promise, their products should already have been considered compromised before this change was announced.
Why is the scanning done on the device in the first place? Photos uploaded to Icloud are not encrypted (because the US government was apparently opposed to that idea), so why not do what Google and Facebook does and do the scanning once the image reaches their servers. What is the benefit in running the scan on the device?
How are those two examples different than before? You can't unupload a photo under either the old or new system. I don't know why we would expect that the scanning feature will be more prone to accidentally scan too many photos compared to the uploading feature accidentally uploading too many photos.
>Many people did trust Apple to keep their files private until now.
And that was my original point. If a pinky promise from Apple is not enough to trust them, then Apple should have never been trusted.
> You can't unupload a photo under either the old or new system.
You can choose to upload many pictures. They will start uploading. Then, you change your mind. Some pictures were not uploaded yet. But they were scanned by the new algorithm.
Why do people expect anything different? Every corporate promise is subject to change. When you hand your belongings to someone else, those things are liable to be tampered with.
That is the problem. CSAM is just smoke and mirrors paired with appeal to emotions to win approval more easily.
I don't want anyone, neither Apple, nor Microsoft, Google and others to sneak into my files. Did anyone realize that in the 21st century our cellphone is essentially our wallet?
Exactly, and 100% Google and Microsoft have on device scanning as well. We are saying "Apple are bad for admitting it" what about the others that are not?
The point is that until devices and all their software/firmware become fully auditable, there's no way to be 100% safe, and we must resort to trust.
That wouldn't be a problem in an ideal world, but the one in which we live is far from even resembling one. Mining data is already a huge business, and governments everywhere would love tools to use to get advantage over people they don't like.
There's huge motivation and demand for those tools at all levels, and at least governments have the resources to buy them and the power to force whoever implements them to stay silent.
I'm not implying that spyware tools exist in any phone, PC, smart TV, car, etc. because we can't prove they don't; that's the argument used for UFOs, witches and unicorns, no thanks, but we better think like they do because technology, resources and demand for their adoption are real, and the rest is probability.