[gherkinnn]

> Well, they decided all of their phones

Announced but not (yet) implemented.

> analyze your locally-stored photographs for child photography

Nope. Only the ones on iCloud.

> and upload questionable photos to the cloud for human review

Also a misrepresentation.

> or content that they disagree with (e.g. pornography).

True. And yes, I should have a wank to whatever I please. Legality permitting.

It is so easy to criticise Apple. So many angles to attack them on. So don't misconstrue facts. There's really no need.

[dijit]

> > analyze your locally-stored photographs for child photography

> Nope. Only the ones on iCloud.

Nope. Only the ones your device intends to send to iCloud.

They’re already scanned on iCloud, this was on device scanning before upload. Likely it was a requirement for them to add encryption on the files they store and not have the unsealing keys.

Sort of a pre-emotive avoidance of certain political conversations.

[nomel]

> Only the ones your device intends to send to iCloud.

From a practical perspective, for most everyone, "intending to send" and "on iCloud" is probably a 300ms delta in time.

[dijit]

It’s a capability problem. Once they scan files that are due to be uploaded it’s not very difficult to just.. scan all files.

It’s the motte and bailey.

[nomel]

I don't understand "capability". Surely you realize the capability is already there. Scanning an image and sending a "bad detected" message is absolutely trivial. The image classification algorithms that run locally, used for categorical search (like "dogs") are already there.

[dijit]

When I say capability I mean the functionality currently exists to do that, it’s implemented and functioning, and the evidence for it existing is not a surprise.

If WhatsApp has the function for Facebook to read messages, then it’s not going to be a surprise when reversing the program to see that code; but if they claim that there is no capability to do that and you discover it then it’s much more damning.

Also; if functionality exists it’s easier to argue for a scope change… much easier than arguing for new functionality to exist.

[smoldesu]

Well, 900ms now that we have to start up a process to scan it before it's sent off.

[dwaite]

> They’re already scanned on iCloud

They are not. Other file and photo hosting platforms do not encrypt the data, so they are able to scan server-side. The content is encrypted for iCloud, and the encryption keys are not known by the hosting infrastructure.

This means as an example that shared iCloud albums could be used as a distribution mechanism for child pornography, operating silently until one of the members' accounts gets subpoenaed or they confess and share the list.

[threeseed]

Apple uses AES encryption for iCloud Photos: https://support.apple.com/en-us/HT202303

Underlying cloud providers that Apple uses e.g. AWS may not have the key but Apple definitely does. And that key could be embedded in a CSAM detection app.

So unless you work for Apple and have definitive proof that they do not have such an app I think we should assume they do.