[sparker72678]

1) The DB must be updated on both the server and the client. Apple's solution requires the DBs to match, essentially. So you can't update the DB without everyone knowing it was changed.

2) Apple has trillions of dollars to lose by selling out to a shitty change like that.

Do those things mean nothing bad can come of it? Hell no. But, right now we have FISA courts and silent warrants sucking in data without anyone knowing or being able to talk about it. It's not like we're a panacea at the moment.

Apple's approach creates a possibility of slowing down the politics already trying to move against E2EE data.

This is a political fight, and if we all act like ideologues we're going to lose it all in the end.

[ScoobleDoodle]

Apples move gives away another piece of the puzzle to mass monitoring and surveillance.

Apples move brings it one step closer for FISA courts and silent warrants to have access beyond what we send over the network to now what resides on our phones.

Apple is giving mass surveillance a foot hold into living on and monitoring data on our personal phones.

Apples has created the back door for increased surveillance: https://www.eff.org/deeplinks/2021/08/if-you-build-it-they-w...

Tell Apple don't scan our phones: https://act.eff.org/action/tell-apple-don-t-scan-our-phones

[xkcd-sucks]

> Apple's approach creates a possibility of slowing down the politics already trying to move against E2EE data.

This is "appeasement" or "Danegeld", and we all know how that works out in the end

[jtbayly]

Apple can’t be selling out if they literally have no way of knowing what is in the database of illicit content.

That is why they said that the content has to be in two separate nation’s databases. Of course, there is no information that I’ve seen about what other nation’s db they would use. And without another nation, there will be no content in the database? I doubt it.

Regardless, it’s a moot issue, since we already know that the 5 eyes all conspire and would gladly add content for each other, the same as several middle-east nations.

[sparker72678]

Five eyes already does whatever the heck they want, and this isn’t going to change that.

[jtbayly]

It very well may change it.

Right now they have no ability to scan every photo on every iOS device for “objectionable” content (as defined by them on that day, based on their mood). But soon they will. All they have to do is add photos to the ncemc and an equivalent db in another country.

[TimTheTinker]

> 2) Apple has trillions of dollars to lose by selling out to a shitty change like that.

Apple has trillions to lose by building this system in the first place. All it takes is one court order to do non-CP scanning with the existing system.

[zepto]

It really doesn’t have much to lose. None of the non-tech people I have spoken to think of this as a bad thing.

[TimTheTinker]

My family, my wife's family, and much of our extended families are all privacy conscious (we chat over Signal, just like we close our window blinds at night)... and they are all alarmed over this and ready to ditch Apple if they don't change their stance on this.

All it takes is a wiretap warrant and Apple would have to scan on-device pictures and iMessages for whatever the wiretap says. This is true even if the phone has iCloud switched off (most of us already do), since all Apple has to do is change a Boolean variable's value, or something similar requiring no creative effort (and hence legally coercible).

[zepto]

> All it takes is a wiretap warrant and Apple would have to scan on-device pictures and iMessages for whatever the wiretap says.

This is total and utter bullshit. It is a complete misunderstanding of how the system works.

If you and your family think this is true, then of course you are alarmed.

[TimTheTinker]

> This is total and utter bullshit. It is a complete misunderstanding of how the system works.

No it's not. It's an extrapolation based on known facts.

Governments can and will coerce companies into changing things about their systems, but the main limitation is that at least in the US, the government can't coerce creative work.

But that's just the thing - flipping a bit here or there, or adding non-CSAM image hashes to the database, is all possible and accessible to wiretap warrants, since doing so is a simple change to a system that already exists.

There's a principle here: trust good security system design, but do not trust system operators, since they can be coerced (legally or otherwise). A secure system that requires trusting particular people who operate it is not designed well.

[zepto]

> It's an extrapolation based on known facts.

No it’s not. It’s bullshit based on a complete lack of understanding of the system.

Read any of the public documentation on how it works, and you’d know it’s completely wrong.

There are multiple good reasons to oppose this system. But this:

> All it takes is a wiretap warrant and Apple would have to scan on-device pictures and iMessages for whatever the wiretap says.

Is still complete bullshit. No part of it is true or an extrapolation of known facts. It’s neither true as a technical possibility not even as a legal one.

[salawat]

>1) The DB must be updated on both the server and the client. Apple's solution requires the DBs to match, essentially. So you can't update the DB without everyone knowing it was changed.

Yes... Because it is impossible for different servers to be configured as backends depending on where handsets are destined to be sold. It's not like it's possible to quickly whip up a geolocation aware API that can swap things out on the fly. C'mon. This isn't even hard. These are all trivially surmountable problems. The one thing standing in the way of already having done this, was there was no way in hell anyone would have been daft enough to even try doing something like this with a straight face. For heaven sake, even Hollywood lampshaded it with that "using cell phones as broadband sensors" shtick in the Dark Knight or whatever it was.

>This is a political fight, and if we all act like ideologues we're going to lose it all in the end.

The fight was lost the moment someone caved to "think of the children". Every last warning sign that has been left all over the intellectual landscape ignored, history, risk, human nature, any semblance of good sense ignored.

Honestly, I'm sitting here scratching my head wondering if I took a wrong turn or something 20 years ago. This isn't even close to the place I lived anymore.