[judge2020]

> The only one I agree on is the image scanning for CSAM. The idea of a device I own acting as a state informer using AI to detect what it thinks is a crime is not my idea of a step forward.

The likely reasoning behind this, although unspoken, was to (at some point in the future) enable E2EE for iCloud Photos. Currently, Apple doesn't do nearly any CSAM scanning on iCloud Photos[0], so the FBI et al. are pushing for them to change that - instead of licensing PhotoDNA, they tried to create something that would keep image data out of their hands while not further enabling CSAM distributors.

0: "According to NMEC, Apple submitted 205 reports in 2019 (a third my my reporting volume). Apple increased a little, to 265 in 2020, but then dropped in 2021 to only 160 reports. That's nearly a 22% decrease over two years!" https://www.hackerfactor.com/blog/index.php?/archives/955-NC...

[nathancahill]

Yeah, I'm a huge privacy advocate but the part people are missing with this fiasco is that client-side scanning before _anything_ is uploaded is objectively less invasive than every single photo being scanned on iCloud (the direction legislation is heading). Again, this is an _opt-in_ behavior when you enable iCloud Photos, for photos that you're trying to upload (currently not E2EE) anyway. The feature comes with the potential upside of allowing Apple to enable E2EE for all photos, while credibly proving to the government there's no CSAM.

[hardnose]

>client-side scanning before _anything_ is uploaded is objectively less invasive than every single photo being scanned on iCloud

That's like saying cyanide tastes better than strychnine. It might be true, but I'd rather just not have either one.

[nathancahill]

I mean, iOS uses the same client-side machine learning to "scan" your photo library for tons of things. You can search "Dog" and get results, with nothing ever touching Apple's servers. We're happy with this but not happy with the other?

[hardnose]

>We're happy with this but not happy with the other?

Yes?! What's hard to understand about the difference between:

1) An application using AI to scan photographs to provide categorization benefits to the owner/operator/user

2) An application using AI to scan photographs to provide accusation and punishment to the owner/operator/user

...especially when feature #1 can be turned off, but feature #2 cannot be turned off?

iCloud mischaracterizing a baby picture as a "dog" might cause some dinner table chuckles, but it's never going to cause meaningful harm. iCloud mischaracterizing a baby picture as a child abuse image can VERY plausibly cause extremely severe harm.

As a matter of principle, my devices shouldn't be designed to act against my will as an active informant for the authorities against me. The point that they do is the point that I join the flannel and wooly beard set out in the mountains eschewing technology and living "off the grid".

[judge2020]

> but feature #2 cannot be turned off?

The CSAM scan would not be enabled if you had iCloud Photos turned off. All it did was move the scan on-device, it still only ran if those photos were destined for the cloud.

[dns_snek]

> We're happy with this but not happy with the other?

One carries the risk of not finding a photo you're looking for.

The other carries the risk of a possibly life-ruining criminal investigations being opened against you.

This is a new surveillance vector that explicitly gives your phone the required functionality to report any flagged content on your device directly to the authorities, something that is clearly a slippery slope with questionable effectiveness at best. I'm not sure how you can compare it to strictly local face recognition AI.