Hacker News new | ask | show | jobs
by neolog 1771 days ago
Without the technology deployed, Apple can (and did) say they don't have the ability to break into users' phones.

If Apple deploys on-phone scanning, governments can just tell Apple to support a new list. It won't be the NCMEC CSAM list. It will be a "public safety and security" list. I wouldn't rule out underhandedness either. [1]

[1] https://www.nytimes.com/2020/07/01/technology/china-uighurs-...
1 comments
floatingatoll 1771 days ago
Apple already has technology deployed to perform binary file scans of every file on macOS and iOS, and the ability to at any time release signatures for those scans, that are very difficult for normal users to prevent updates for. They've had that for years, maybe even a decade by now, and so far to date we have seen no abuse of that list.

How is Apple's new CSAM list somehow increasing the chances of Apple going rogue, given that we've all been living with that risk for the past X years?

link
neolog 1771 days ago
What technology are you referring to as already deployed?
link
floatingatoll 1771 days ago
For macOS, I'm talking about XProtect and MRT. I don't know the exact subsystem names on iOS, apologies.

https://support.apple.com/guide/security/protecting-against-...

Each system is closed source, provides a mechanism for checking content signatures against files on disk, and is thought to report telemetry to Apple when signatures are found.

How is CSAM scanning new and different from those existing closed-source systems?

link
neolog 1771 days ago
I'd say the primary differences are that the CSAM scan is a perceptual hash rather than a regular file hash, and that the technical infrastructure of the CSAM system is designed from the ground up to be used against (rather than for) the user and report them individually to authorities for violation.
link
floatingatoll 1771 days ago
Do you have an alternate design in mind that is both "used for the user", and is also effective at reporting CSAM content being uploaded from the device, without allowing CSAM abusers to opt-out of that reporting? I haven't been able to come up with anything myself, but maybe you've had better luck.
link
neolog 1771 days ago
I can only point to other people who know more than me.

https://stratechery.com/2021/apples-mistake/ is a smart tech commentator

https://www.nytimes.com/2021/08/11/opinion/apple-iphones-pri... are two security/encryption experts

link