[adriancr]

You could stop buying iStuff on principle otherwise they'll just continue with this crap.

As for alternatives, anything would do. Android doesn't do client side scanning of files since that's your chief concern. If you want more you can always root and play around.

> I want to leave Apple, but I can't find a good alternative and iMessage might be the dollar-store adhesive keeping me to the lesser of two evils.

Can't learn unless you try things.

I for one am happy with stock android and signal/telegram/whatsapp/sms.

I have freedom to root/modify as much as I want, I'm not forced to accept arbitrary company policies.

[dividedbyzero]

> You could stop buying iStuff on principle otherwise they'll just continue with this crap.

I very much doubt losing a handful of sales from angry nerds will change that.

[adriancr]

if that handful turns into a lot more they will care.

Hearing normal folk asking "will I get in trouble for photos of my baby" kind of shows its not just a bunch of angry nerds. Angry nerds will just put gas on fire with simple "yes" answers.

[amelius]

One problem is that there is a significant number of "nerds" who make money on Apple's platform. There's this quote: it's difficult to understand something if your salary depends on you not understanding it.

[adriancr]

True, so then me arguing here is pointless, thanks :)

[zepto]

"will I get in trouble for photos of my baby"

This is a reasonable question, and absolutely something people should wonder about.

> simple "yes" answers.

This is an outright lie. The only honest answer is no.

Keep doing that and angry nerds will end up looking like tinfoil hat wearers and will lose any influence on future civil liberties.

[adriancr]

> This is an outright lie. The only honest answer is no.

Are you sure about that?, I'm not... And all the news so far reinforces that oppinion...

Getting falsely accused of something like this will ruin you even if in the end you win.

Here's apple fucking up human review and destroying a teens life https://www.theregister.com/2021/05/29/apple_sis_lawsuit/

Imagine that with CSAM... Perceptual filter there seems pretty poor in terms of collision resistance

[zepto]

>> This is an outright lie. The only honest answer is no.

> Are you sure about that?,

Yes.

> I'm not... And all the news so far reinforces that oppinion...

There are no news articles that explain how anyone will be falsely accused for having pictures of their own baby.

> Perceptual filter there seems pretty poor > in terms of collision resistance

I don’t think you know anything about how poor the filter is. What is the false positive rate on randomly selected photos?

The system is even resistant against intentionally created false positives.

Here is the relevant paragraph from Apple’s documentation:

“as an additional safeguard, the visual derivatives themselves are matched to the known CSAM database by a second, independent perceptual hash. This independent hash is chosen to reject the unlikely possi- bility that the match threshold was exceeded due to non-CSAM images that were ad- versarially perturbed to cause false NeuralHash matches against the on-device en- crypted CSAM database. If the CSAM finding is confirmed by this independent hash, the visual derivatives are provided to Apple human reviewers for final confirmation.”

https://www.apple.com/child-safety/pdf/Security_Threat_Model...

...

[adriancr]

> There are no news articles that explain how anyone will be falsely accused for having pictures of their own baby.

Umm... hash collisions that everyone keeps warning about is not enough?, all the discussions so far, I'll just go ahead and assume your comment here is in bad faith.

> The system is even resistant against intentionally created false positives.

Famous last words... Here's one of the top posts for reddit.com/r/apple

https://old.reddit.com/r/apple/comments/p930wu/i_wont_be_pos...

Here's a really high quality collision: https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX//issu...

Here's 2 totally different images off by a single BIT: https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX//issu...

Here's a dog and a kid colliding: https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX//issu...

It took a few days after extracting the model to show how flawed it is... Apple's only 'security' feature here was obscurity...

It's so broken the person doing analysis above stopped as Apple will only change the hash function to include his pictures as training data instead of fixing the whole system.

Are you still convinced?

Having a second 'perceptual' hash doesn't really add much value... I'm not an expert, here's a better view on why: https://news.ycombinator.com/item?id=28243031

Also funniest bit from that on how broken it is

"Finding a SHA1 collision took 22 years, and there are still no effective preimage attacks against it. Creating the NeuralHash collider took a single week."

[skinkestek]

They will think twice when they realize the people who found them cool and did unpaid marketing for them doesn't anymore.

There is also a massive backlash going on against them. It hit a major tech news outlet here in Norway and was linked from the biggest national newspaper just a few days after it became known, so I guess there will be multiple waves of backlash.

[Redoubts]

This reminds me of the scene from the Simpsons, where Homer is yelling “you just lost yourself a customer” to Moe. But Moe can’t hear him over the cash register being continuously stuffed full of money.

These “vote with your dollar” comments all have the same energy.

[istingray]

How do you suggest change happen then?

Your comment may be interpreted as "sit down and shut up". Perhaps that's not your intent.

[Joeri]

Android does the CSAM image scanning on the server if you sync your photos to the cloud. On iphone if you don’t use icloud there is no scanning. I would call that “same difference”.

If you’re running stock android you’re running a closed OS that can be set up to spy on you just as easily as iOS. The existence of AOSP does not confer any “protection” if you run stock android, because you can’t know what other code google added onto it.

[adriancr]

> would call that “same difference”.

As much as they might want, Google cant scan local phone files with server side code...

Apple on the other hand just has to break a small pinky promise, code and infra is already there.

See the difference?

One is relying on a pinky promise, one is knowing they cant if you dont upload.

> If you’re running stock android you’re running a closed OS

Here's the source code: https://source.android.com/

What parts are closed source? How does this compare to Apple where everything is closed source?

> because you can’t know what other code google added onto it.

There are security researchers you know? the shitstorm that would appear on funny business will rival the one you see now.

[foobar33333]

Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.

In this day and age, if you don't trust your phone vendor with your data, you shouldn't be using it. They can do anything at any time and you wouldn't know. Even if there is no tracking code on your phone at this moment, they can put it on at any time.

Can't find the news article anymore but there was an incident where Google accidentally turned on airplane mode for every pixel at once via their remote control tools.

[miles]

> Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.

Not all Pixel devices; mine doesn't even have Play services installed:

https://calyxos.org

https://grapheneos.org

https://news.ycombinator.com/item?id=28090024

https://news.ycombinator.com/item?id=20148771

[adriancr]

> Google literally has remote control over all pixel devices and can push arbitrary code via the play services at any time without user approval.

Apple does too, its called software updates.

Here's the deal:

- Google could develop software/infrastructure to scan on your phone client side.

- Apple has it deployed already.

[zepto]

> Here's the deal: > - Google could develop software/infrastructure to scan on your phone client side. > - Apple has it deployed already.

This is just false.

What Apple has deployed doesn’t do anything nefarious, and is not easily repurposed.

Both companies would need to deploy a new mechanism via software update.

[adriancr]

> and is not easily repurposed.

Seems like it's very easily repurposed since it's already activated (by mistake?) - https://news.ycombinator.com/item?id=28285567