Hacker News new | past | comments | ask | show | jobs | submit login

To be honest... None.

It's a choice. You might wholly disagree, but recent events aren't enough to get me to switch yet, because I think the competition has too many tradeoffs.

I can get my photos scanned against a CSAM database... or I can have Google tracking my location constantly regardless of what they say (as they've been proven to be misleading in the past)... or I can use a Linux phone and say goodbye to battery life and useful apps I need. I'll pick CSAM Scanning over my Location data being in the hands of Google, sorry.

And as for my laptop, macOS doesn't scan, and the M1 is too impressive and has me spoiled. And I have too many horror stories with both Linux and Windows and can't stand either of them. (Don't tell me switch to Linux - I've tried over a dozen distributions over the last decade. It's just not there yet.)




I find it funny how many people pick a random Chinese phone in their bid for privacy (???)


I think it's less about privacy and more about what the invading actor will/can actually do. People are less concerned about the Chinese government's reach vs. the NSA or other three letter agencies in the US. I suppose if you are important enough to the Chinese government whatever they have on you could be used as blackmail, but most 'regular' people don't fall into that category.


If one of the US TLAs has decided to target you you’re fucked. No amount of switching phones and OS is going to help you, short of completely disconnecting from the internet and not using any sort of financial infrastructure.


Likewise, if the criminal underworld has decided to target you, you are equally fucked.


> People are less concerned about the Chinese government's reach vs. the NSA

Wait what? You’re 180 degrees wrong.


Of the two, which government do I think is more evil? China's. Which government do I, a permanent resident of America, think could more immediately make my life harder by being able to invade my privacy? America's.


Well, as somebody who has travel to China for business, I would not touch any Chinese hardware or OS at all. In the US and EU you have a working legal system.


Thats moving the goalposts a bit though. The question wasnt in the context of those that go to, travel through or deal with Chinese government on the regular.

But rather in the context of those in America that largely only deal with American government officials and those outcomes.

And to my knowledge. China isnt abducting people or conduction renditions on american soil.


As I said, I am not such a person. Most of the English-speaking world consists of the same.

As I said - I agree that China's government is worse. In fact my previous employer had a policy that company devices just didn't cross that border, even when traveling for work. But it's still not a factor in which devices I purchase myself.


> Of the two, which government do I think is more evil?

But that's not what the original comment said.


I didn't say they said that. It's also not my whole comment. Not sure what you're getting at.


He is right. US has complete power over people on their soil and basically in Europe and Asia as well. They do a LOT of extraditions of other countries citizens when they go traveling or to business trips from their citizenship countries.

China, on the other hand, does not seem to give a single f* about foreigners, only about their own citizens. Most people are not so are not really endangered even if chinese spyers do know what they handle on their phones. So in battle between US spyers/China spyers I'd better give my data to Chinese, if I don't have a choice not to share my data at all.

China, as well, don't try to make extraterritorial laws (like financial regulations), so it's harder to even be targeted by CCP if your are a foreigner.


You should talk to this Swedish guy. He was captured in Thailand(!) by Chinese agents:

https://www.dw.com/en/china-sentences-swedish-publisher-to-1...


I do feel bad for the man, but he's not just a "Swedish guy."


I think the point is that the average person who resides in the US is more concerned with Orwellian overreach from the NSA than the CCP surveillance apparatus.

The Chinese secret police don’t present a threat to me, whereas the NSA has the means, motive (at the leadership level) and opportunity to violate my natural rights.


Depends on the person. Those of us with ties to lands within Chinese sphere of influence are rightly more cautious. Others just don’t care.


What I think is funny: There are more privacy for consumer laws for Chinese tech companies in China than for US tech companies in USA! It's wild west essentially in USA in this regard. I'm sure what Apple is doing is also against the European Union's GDPR privacy laws. US is missing out here...


GDPR specifically excludes law enforcement so it doesn’t apply here. The sad thing is Apple was legally required to allow law enforcement to search iCloud backups before they implemented this system, so nothing fundamentally changed.

However, after this backlash you can bet other manufacturers will continue to hide what their actually doing.


As you've written... why there has to change something when it works already for law enforcement.


I think Apple was actually designing this system internally as an improvement in terms of privacy. Doing Perceptual hashing on the phones is more open and thus auditable than doing the same thing on their servers. They set things up to require multiple different images to match etc.

However, the perception was very different.


This kind of technology should not be on phone. Industry standard is doing it on the cloud. It requires only little code changes (let's say in the time frame of 5 years) that law enforcement or whoever says: Please extend that to offline photos and then it's only a few code changes to make that happen. I don't want a ticking time bomb and Apple pinky finger promises that this will not be abused in future.


That’s not a bid for privacy, it’s a bid for spite.

Picking a Chinese phone based on financial circumstances, however, is understandable IMO.


That would be... literally all phones available today, wouldn't it? With the possible exception of the $2000 Librem 5 USA.

However, as one who's moved from an iPhone to a Nokia 8110 with KaiOS, which I in no way argue is as secure as iOS:

It has less on it. It has far less on it. It has my phone calls, a handful of text messages, and while it has email access right now, I'm experimenting with if I actually need that, or can remove it (leaning towards removing it). And my calendar.

The camera is horrible, so I just carry a pocket digital camera with me now if I care to take photos, which don't end up on the phone.

If I don't give it wifi privileges (which it currently has, but I've been running with wifi off and cell data off to see how that works, and the answer so far is "quite well"), there's simply not much it can really do to my accounts or network.


I might make this change. Are you using any kind of app for 2FA like Google Authenticator?


I still have a few things like Authenticator rooted on my iPhone. I mostly use hardware tokens, so Authenticator is nice to have, but not critical for daily use. Signal is another one, I'm currently using the linked devices, but I don't have a "new root" yet.

I believe there are some Google Authenticator apps for KaiOS, just not in the main app store, and I've not gone through the process of working out sideloading yet.


> Are you using any kind of app for 2FA like Google Authenticator?

I'd love to go feature phone, but would be missing two essentials for work purposes:

- A 2FA application (eg Google Authenticator, Authy)

- A password manager (eg BitWarden, KeePass, etc)

I can do without emails etc but not those two, yet whenever feature phones try and be more feature-some they do the same old emails, FB, WhatsApp etc instead.


You can use a password manager to do TOTP codes.

Google Authenticator is sort of a crap option for doing TOTP, all things considered.


Japan, Thailand, and Vietnam manufacture a lot of phones.


By "random Chinese phone", are we talking about PINE, or the various OEMs that make android phones?


The Pinephone seems good as far as being mostly open, cheap, physical switches but... I guess the modem is not open. Anyway have I personally tested that the switches actually work/no soft switch somewhere no... I'm mostly after the potential emerging market (apps) over privacy.

I have a KDE edition Pinephone that I intend to use more overtime but primarily an Android user.

Also I get super annoyed when Android bundles stuff on your phone. I realize you can get rid of it/the cheap phone has to get paid somehow... but like having notifications that you can't slide away... things like that. Want more control over I realize Linux phones are lacking in software, pretty bad... Plasma looked really nice, Phosh not so nice (home screen) but it works out of the box though particularly detecting external screens. Anyway I'm looking forward to it improving over time, a cheap Samsung Dex-like experience is my desire.


> I guess the modem is not open

The Pinephone modem is partially open already:

https://linuxsmartphones.com/hackers-develop-open-source-fir...


Ahh that's nice yeah I think the keywords were "proprietary blobs" or something like that, anyway that's cool

Edit: another thing to my parent comment, ads in your voicemail... the visual voicemail app in Android. Omg that annoys me so much, thankfully I have not been getting many voicemails anymore.


Exactly, I think people are just getting a little too worked up over this whole thing. Apple computes a hash of each image you upload to iCloud then check it against a list of CP hashes.

Of all the things in the world to get worked up over, this is ridiculous.

I get it, the mechanism they're using has apparent flaws, and maybe some whacko could somehow get access to your phone and start uploading things that trick the algorithm into thinking you have CP.

But, that alone is such a ridiculous phobia, if someone has that level of access to your phone, they could upload real CP and maybe even upload it to your Facebook for good measure.


Apple's using my electricity and my silicon to call the cops on me. We have no idea what hashes they're checking images against; we can't see the raw data, and we can't see the hashes, and we can't see what they're sending to their servers.

There is no technical reason why this needs to exist. If they want to scan iCloud photos for something, they can do that on their servers. iCloud is not end-to-end encrypted. Law enforcement can do whatever they want with the data you send there. Since they chose the client-side route, they have to be up to something, and it all smells very fishy. Today, they say it's for CSAM. Tomorrow, it will be for any discontent against whatever government wants to oppress its people this week -- and as time goes forward, that is not just third-world countries where you don't live, it could be your own.

Do you really want to explain to the police at your door at 3:30 in the morning why you read a website called Hacker News? This is the first step towards that reality.

Imagine I wrote a program that contained the phone numbers of people I don't like. The database is encrypted, and the only way to see if you're on that list is to install the app on your phone. The app does two things -- nothing if you're not on my list, or it sends me your location (at your expense!) if you are. Would you install that app? Absolutely not, that would be crazy. But that is basically what is bundled into iOS now.

I really like my iPhone and iPad Pro. I like how Apple handles privacy in general. But I can't accept this. It's a step too far. You don't have to draw the line there, but I draw the line there.


> Apple's using my electricity and my silicon to call the cops on me.

Okay.

> We have no idea what hashes they're checking images against; we can't see the raw data, and we can't see the hashes, and we can't see what they're sending to their servers.

Apple is getting the entire image regardless, this happens as part of the iCloud upload process.

> There is no technical reason why this needs to exist. If they want to scan iCloud photos for something, they can do that on their servers. iCloud is not end-to-end encrypted. Law enforcement can do whatever they want with the data you send there. Since they chose the client-side route, they have to be up to something, and it all smells very fishy.

It's a hell of a lot cheaper to distribute the load onto the device than to do it on GCP. However, this whole line of thinking is ridiculous, iOS is your operating system, it can send what it likes where it likes without you knowing about it. Why does this particular thing cause concern?

> Tomorrow, it will be for any discontent against whatever government wants to oppress its people this week -- and as time goes forward, that is not just third-world countries where you don't live, it could be your own.

> Do you really want to explain to the police at your door at 3:30 in the morning why you read a website called Hacker News? This is the first step towards that reality.

https://www.txstate.edu/philosophy/resources/fallacy-definit...

> Imagine I wrote a program that contained the phone numbers of people I don't like. The database is encrypted, and the only way to see if you're on that list is to install the app on your phone. The app does two things -- nothing if you're not on my list, or it sends me your location (at your expense!) if you are. Would you install that app? Absolutely not, that would be crazy. But that is basically what is bundled into iOS now.

Again, your overlooking the fact that this app is already coming from Apple the company that made iOS. They already control your phone, why would they need some additional app?


> iOS is your operating system, it can send what it likes where it likes without you knowing about it. Why does this particular thing cause concern?

Then I guess it's not my operating system after all.


From the Slippery Slope page, their first example of a false slippery slope: "We can't permit the sale of marijuana by doctor's prescription, because that will lead people to believe it's an acceptable drug; this will open the floodgates to the complete legalization of the drug for use by every pothead in the country."

Umm... that happened.


Your line is the maybe pennies of electricity over the lifetime of the phone? Weird. I can totally understand your line being the CSAM scanning itself but you seem to be fine with the exact same scanning being done with even more opaqueness and less transparency because it's done server side.

I also get the slippery slope thing since you don't really have any control over what your device does but that's been true since forever. Running some scan() method and posting matches to a URL is something that literally could have been done in the last 10 years. It's not like this tech is magically enabling something that wasn't possible before.

And I do get the using your resources argument but iPhones have had integrated DRM since forever.

The thing I don't get is why now? Surely you should have left ages ago?


Apple could scan on the cloud. Rumor is that Apple wants to use E2E on iCloud, and this is a necessary step to shut up the government's biggest critique of E2E and deploy it before the government can figure out a different excuse. We'll see if that pans out.


> But I can't accept this. It's a step too far.

So turn off iCloud photos?


For now. We see the direction apple is moving.


The direction of not letting people store child porn on their servers? That's pretty much what everyone in the cloud space is doing already.

This service exists so Apple can E2EE your data while still placating DOJ.


Totally missed the point. The direction of scanning everyone's phone for 'prohibited content', pushed on them by various governments. Be it political, fine in one country but not in another (adult homosexual), etc. And a future where the content scanning applies AI and reports you for doing such things such as taking pictures of police or protests.

It's a cop in your phone.


If that's your position, you cannot own a closed source device with binary updates. Because the device provider _could_ always do anything.

What they actually do is what is important. And what they actually do is publicly disclosed so you can make your choice appropriately.


Why should Apple let pedophiles store CSAM on iPhones just because they’re not uploading it to iCloud Photo Library? It’s morally reprehensible to not disable that flag when it’s such a simple thing they can do to catch so many more criminals!


This is obviously sarcasm but I'd preface it with an explanation since HN is multicultural and not not everyone here is brought up to catch it effortlessly.

Edit: The point here is that even if Apple tries very hard to make this be only about photos about to be uploaded to the cloud, if the percentage of phones that turns off iCloud storage increases as a response to this new "snitch-on-me" feature that will be a very good argument for law enforcement to ask for a list of IMEIs that are not using iCloud, and it will also tempt them to demand that Apple start scanning all files.


You own your iPhone. Apple owns iCloud servers.

It's very simple. You want to upload images to iCloud? Then let your phone scan it and upload it. You don't want your images scanned? Don't upload them to iCloud.


As skinkestek kindly pointed out, the point of my sarcastic comment was that now that the precedent of scanning the contents of users’ devices - as opposed to the contents of Apple’s servers - has been set, deciding whether to do so based on the state of a single “Store photos in iCloud?” toggle is going to start looking awfully arbitrary.


> iCloud is not end-to-end encrypted

Yet. Have you considered that this might be a necessary precursor to making iCloud e2e?


If the goal was to make iCloud e2e, why not release both features at the same time so people can see that they're codependent (in Apple's eyes)? Without any kind of announcment or promise of e2e iCloud, we're just speculating for possible reasons why this might be OK. Might as well guess that this is going to allow Apple to give us free iCloud storage, too, while we're coming up with wishlist features.


> we're just speculating for possible reasons why this might be OK.

Sure. All the statements about why it’s not ok are also just speculation.

> why not release both features at the same time

That’s not how Apple typically works. They release a feature, try to make sure it works as expected and only then release the features that depend on it.


Then doesn't that seem hypocritical to you to defend dropping Apple right now for the imagined future possibility that all local photos could be scanned (instead of just the uploads)?


There’s little point in E2E encryption if snooping is moved outside of either end. This measure is only necessary for implementing E2E in iCloud insofar as it allows the feds to do the very thing I want E2E to prevent them from doing in the first place.

It’s as if USPS invented a new type of envelope that is physically impossible to open for anyone whose name is not written on the outside of it. Just one caveat: before they’ll give you any of these envelopes, you must allow them to read the letters being put inside.

If your concern is someone intercepting your mail before it gets to its intended recipient, this is great news. If your threat model involves federal agencies reading your mail, you’re no better off than you would be without these fancy new envelopes.


> if snooping is moved outside of either end

Yes, but this isn’t snooping.


Necessary ... for the US government? Definitely not for me.


Scanning people's on-phone photos clearly has nothing to do with being a precursor to e2e encryption. The photos get transferred either way, so one has nothing to do with the other.


Except for giving the authorities a way in to replace the one they're losing.


That's not what was being argued, but you made an excellent point.


What was being argued was exactly this.


I know what I was arguing, and it was specifically mentioned, so no it was not what was being argued.


> Scanning people's on-phone photos clearly has nothing to do with being a precursor to e2e encryption

This is what you were arguing. It is false.


Followed by this, "The photos get transferred either way, so one has nothing to do with the other."

It was clearly a technical statement not a privacy statement, so only superficial reading might lead one to believe it meant something that it did not.

That is why I replied that the person who replied to my comment, where I said I had argued something different, but that what he wrote was an excellent point.

So, what on earth are you so invested in that you feel the need to argue minutiae that don't apply?


> "The photos get transferred either way, so one has nothing to do with the other."

That doesn’t change anything. It may be a pre-requisite from the perspective of their business. You replied to me and I didn’t constrain my point to just technicalities.

> So, what on earth are you so invested in that you feel the need to argue minutiae that don't apply?

It does apply. I’m simply pointing out that what you said is not correct.


> This is the first step towards that reality.

You know, I could respect your opinion that this is where you draw the line, but you ignore all of Apple's history if you think this is the first step. This isn't the first step, this isn't the first chapter, this is at best the middle of the book where the plot twist happens.

No, this is clearly no the first step. This is the first step you chose to see the reality of the situation. You'll look back and you'll see how everything was paved with good intentions and how people sounding the alarm were ignored.

This isn't the first step.


Also, all of the "situations" where this could be abused are already applicable on all other platforms. There's no reason your Ex couldn't upload CSAM to your Google Photos account, or to your Facebook account. Google Photos and predecessors have scanned since, what, 2013?, and would detect it, and would report it to law enforcement.

Despite this having been a possibility for almost a decade... there's a suspicious lack of headlines of this attack occurring.


Apple hashes all of your photos offline and then pinky promises to only check the hashes against the official on phone database when the user initiated an upload. The problem isn’t about wackos it’s about governments forcing Apple to do things with this new weapon


> Apple hashes all of your photos offline [...]

No, only the ones designated for upload to iCloud.

> [...] it’s about governments forcing Apple to do things with this new weapon

Governments can already force Apple to do any kind of scanning, "weapon" being built already or not.


> > Apple hashes all of your photos offline [...]

> No, only the ones designated for upload to iCloud.

How do you verify that?


If you turn off iCloud, the hash list will never get downloaded on your phone. No scanning will take place in that case.


How do you verify that? :) You're just quoting what apple says. Which may be all they're allowed to say due to the national security letter thing.


I'm trusting in the hacker community with this.

If Apple really is trying to sneak in a CSAM database on your phone with iCloud disabled, someone WILL catch it and raise so much hell we'll all hear it.


iOS is open source now?


Network sniffers are.


Says who? Apple? How much is that worth?


If Apple were going to lie about this process, they didn't need to announce it and go into so much detail at all. They could have just kept it quiet the way the current server side CSAM scanning is done by others already. The legal and market impacts of Apple lying would be severe.


Every other cloud storage provider has implemented scanning since 2011-2013.


I haven't seen a single person concerned about Apple scanning photos in iCloud. The problem is entirely that the scan is happening on your personal phone with apparently some janky implementation that in one week has already shown to have serious flaws.



> Exactly, I think people are just getting a little too worked up over this whole thing. Apple computes a hash of each image you upload to iCloud then check it against a list of CP hashes.

If that is what is supposed to happen, then it makes no sense for any new code to run on the device!

> Of all the things in the world to get worked up over, this is ridiculous.

Well, it is not crazy to get worked up over Apple saying they will check uploads to iCloud by checking what's on your phone - instead of simply adding code to iCloud. That seems obvious not ridiculous.


> If that is what is supposed to happen, then it makes no sense for any new code to run on the device!

The new code calculates the hash as part of the upload process. The comparison of the hash against known CP hashes happen on the server.

> Well, it is not crazy to get worked up over Apple saying they will check uploads to iCloud by checking what's on your phone - instead of simply adding code to iCloud.

They're still doing the checks in iCloud, but the hash is being computed on the client.


You simply repeated back to me what I wrote without addressing any of it.


Okay, well they're likely doing it to save money. I work in data engineering and I can tell you calculating the hash of every iCloud upload wouldn't come cheap.

Mystery solved?


You are completely missing the point. The answer to a privacy and security question shouldn't be, "it is easy for us to do things this way." You are inadvertently making the point that you are arguing against.


Going back to your original point, what makes you think checking for CP in images uploaded to iCloud is more private or secure when Apple's servers analyse the entire image, rather than having the client generate a hash of the image and having Apple's servers analyse that instead?

I work in data engineering and I can tell you what I'd rather do. Having Apple's servers check hashes rather than the entire image means you can segregate the original images from the CP-checker data processing pipelines. That's a much simpler and more secure security scenario.


What happens if someone with access to the database maliciously crafts innocent-looking images that collide with of the registered images?

Maybe include children so that on first glance the reviewer will just forward to the authorities.

You get these images, store it, then you get flagged.

Now what? What’s your recourse when the FBI insists that you’re guilty, and your reputation is ruined?

There absolutely is a problem of pedophiles, but the process that Apple is using seems ripe for abuse.


> I get it, the mechanism they're using has apparent flaws, and maybe some whacko could somehow get access to your phone and start uploading things that trick the algorithm into thinking you have CP.

Whatsapp by default adds all received images into Photos. So all it takes is to send you few dozens of pictures while you're sleeping.


Maybe consider that CP is just the excuse for the backdoor.

So apart from every Apple user being treated like a proven-until-innocent owner of CP, at all times, this will (yes, a matter of time) be used for political purposes, to find and silence activists, journalists, to discredit opposition leaders, to prosecute Uyugur/Muslims/women/palestinians etc.

Do we really believe that CP owners store their collections in iCloud / google cloud / Dropbox and view them on their phones? And that this is an issue on a massive scale?

Please.

These are the most expensive phones on the market, with an incredible profit margin for Apple. The part of these devices that we actually own is a shrinking territory.

Why not have the mics on all the time in case “someone says something related to a CP ring?”


> if someone has that level of access to your phone, they could upload real CP and maybe even upload it to your Facebook for good measure.

Many messengers, including Whatsapp, save all the incoming pics into camera roll by default.


And if you have iCloud Photos turned on, those images are already being uploaded and then CSAM-scanned on Apple’s servers. The chain is just being configured differently, but this risk is already active.


The actual problem is not CSAM scanning.

The actual problem is that they've created a great surveillance tool which will inevitably get broader capabilities and they are normalising client-side data scanning (we need to eradicate terrorism, now we need to eradicate human trafficking, and now we need to eradicate tax evasion, oh, we forgot about gay russians, hmm, what about Winnie memes?).


But this was already true. There is no reason the governments couldn't have required this tool to be built at anytime all along. Remember EARN IT where Senators said figure something out (like this CSAM tool) or they'll do it for Apple? The EU is similar, with upcoming draft legislation saying they have to do it if they don't figure something (like this) out.


Back during the FBI/Apple fiasco where the government was lobbying Apple to install a backdoor to unlock phones, Apple argued that their 1st Amendment Rights were being violated, that the government could not force them to write software (since software is speech, and the government cannot force you to say something against your will)

One random article of many: https://money.cnn.com/2016/02/25/technology/apple-fbi-respon...

Edit: but through regulations they could probably say 'you're not allowed to sell phones without x backdoor' but maybe the government didn't want to spell out specifically what capabilities are required.


Which is why CSAM is possibly a really interesting compromise/counter-argument. Supposedly, the only actual crime that the FBI has repeatedly sent warrants to Apple about have been child pornography/trafficking and it's an interesting stance for Apple to take here: "we'll address the actual and specific crime you seem most interested in, but will still not give you a generic backdoor".

Many of the arguments/fears about CSAM is that it can be widened to be a generic backdoor, but as you point out in the arguments Apple has already argued in court Apple doesn't seem to think a generic backdoor is a good idea and have strongly fought against it and CSAM seems to be entirely designed to not be capable as backdoor, and especially not a generic backdoor.

I absolutely understand the fears of false positives and whatever processes the FBI and other TLAs choose to do with the results from CSAM (though many of those concerns apply to everything the TLAs do regardless of what technical tools they have at their disposal), but I'm not sure that I understand all the fears that CSAM is a generic backdoor (in the making) given what Apple have revealed about how it is built and what Apple's quite explicit reasons seem to be to build it to entirely avoid building a generic backdoor and that everything about it seems a "thumb your nose at the FBI by doing what they ask explicitly for but not what they really want to build" by entirely building something that can't be used as a generic backdoor and is very specifically built to only a tiny explicit use case the FBI has asked for. At least from what I've seen so far.


You still may donate to liberty and FOSS NGOs, switch to ungoogled Android and drop macOS in favour of Linux. Also you have your rights and opportunities for activism and peaceful protest. This is not illegal yet (effectively illegal in Russia/China though).


This kinda of sounds like "let them put a camera in my living room, I'm not doing anything wrong".

The biggest complaint here is clearly this is not where it'll end, and it's not a unique hash, so there will be false positives. And since it's publicly announced, this is very unlikely to catch any producers of CP, and would only catch the dumbest consumers. So it's an invasion of privacy with very little chance of having a noticeable impact.


This is only applicable in the US?


Yes - only the US has this "feature."


>Apple computes a hash of each image you upload to iCloud then check it against a list of CP hashes.

I don't think it computes a hash of the image, it's a tad more involved than that.

Simple hashing is easily evaded. They must be computing an identifier from the contents of the images in the CSAM database. This requires computational analysis on the handset or computer. If that's all that were happening that would be no problem, but of course there are management interfaces to the classifer/analyzer, catalog, backend, &c

The contents of the identifiers are purposefully opaque to prevent spoofing of the identifier database. I don't know what is included in the images; what if I take a picture at Disneyland with a trafficked person in the frame? Will that make it into the qualifier database? What is added to the CSAM signature database and why? What is the pipeline of hashesfrom NCMEC and other child-safety organizations->Apple's CSAM image classifer alarm?

>I get it, the mechanism they're using has apparent flaws, and maybe some whacko could somehow get access to your phone and start uploading things that trick the algorithm into thinking you have CP.

The CSAM analyzer could be subverted in any number of ways. I question how the CSAM identifiers are monitored for QA (I actually shudder thinking there are already humans doing this :( how unpleasant.) and the potential for harmful adversaries to repurpose this tool for other means. One contrived counterfactual: Locating pictures of Jamal Kashoggi in people's computer systems by 0-day malware. Another: Locating images of Edward Snowden. A more easily conceived notion: Locating amber alert subjects in people's phones, geofenced or not.

To my eyes, it appears we will soon have increased analysis challenges. Self analysis of device activity and functions for image scanning malware (for example) is slightly harder, we have added a blessed one with unknown characteristics running on the systems. Does this pose a challenge to system profiling? How/does this interact with battery management? Is only iCloud scanning, or is everything scanned and then only checked before being sent to iCloud? (this appears to be the case[X])

There should be user notification too. If some sicko sends me something crazy somehow, I would surely want to know so I can call the cops!!

All in all this makes me feel bad. There is not a lot of silver lining from my perspective. While the epidemic of unconscionable child abuse continues, I question the effectiveness of this approach.

I would not consider jailbreaking my iPhone but for this kind of stuff. I would like to install network and permissions monitoring software on my iPhone such as Bouncer[0], Little Snitch[1], although these are helpfully not available for iOS.

I feel grateful that I am unlikely to be affected by this image scanning software, I'm planning to continue my personal policy of never storing any pictures of any people whatsoever. I don't even store family photos this way. My Life is not units in a data warehouse.

[0] - https://play.google.com/store/apps/details?id=com.samruston....

[1] - https://www.obdev.at/products/littlesnitch/index.html

[X] - Apple's Whitepaper: https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni...


> I think people are just getting a little too worked up over this whole thing.

They aren't, but the blame is misguided. This isn't a problem with Apple. What is Apple going to do if they do detect something identified as CSAM on your device? Refuse to sell you another? Oh well. The real worry is what other parties will do if they get ahold of the information. That is what needs to be fixed. Apple is exposing the underlying problem, not causing the problem themselves.


Apple have said what they're going to do. If the number of hash hits reaches 30, then they'll scale the image down and send it off to their manual review team. If they confirm it's CP, then they call the police.


Exactly. They're not going do much of anything. It is what happens after the final step outlined that actually concerns people, and that is where the real problem lies. Apple is simply exposing the problem; or perhaps more accurately bringing the problem we all understand exists into the limelight. Had Apple not implemented this feature, or implemented it differently (scanning server-side, for example), the problem would still be there.


If a pedophile takes their computer (loaded with CP) to a repair shop and they find CP they call the police.

If a pedophile uploads CP to the internet and the host finds CP they call the police.

Both seem like reasonable responses to me.


Totally reasonable response. I would like Apple to notify me so that I can call the police after my threshold of one NCMEC and other child-safety organization image identifier matches on my personal computer systems.

This will violate my IT device usage policy! Apple is not my IT department!! We have a ZERO TOLERANCE IT device usage policy. By not calling the local police department after one violation, we violate the policy. There is also a form which must be signed before HR (Girlfriend) so they can be present on the call to LE or else be subject to disciplinary action up to and including termination.


Again, it is what happens after that which has people worried. Apple is simply bringing attention to it.


The police investigate the matter and a case might be brought to trial?


As it turns out, people don't like having to deal with police, nor do they like the idea of potentially losing a trial (especially in the court of public opinion).


Then it sounds like you should be arguing for for a repeal of CP laws. A controversial stance.


I have no feelings towards the topic. I am merely summarizing what the consensus is writing on places like HN towards what Apple is doing.

The general sentiment does appear to be that the laws are misguided. That does not necessarily mean repeal is necessary. Augmentation may also provide a solution that satisfies their concerns. However, that is moving well beyond the topic at hand. There is no indication I can find that some kind of change is controversial. There is clear worry about the status quo based on the potential outcome of what information Apple may glean.

What remains is that Apple isn't anyone's real concern. An inanimate corporation can't do much to you. Apple is simply bringing attention to what actually concerns people, which is something that was already there all along.


Again, how can you verify that's what they'll do?


There are plenty of Android flavours that don't have Google apps, like https://lineage.microg.org/ In my limited experience so far, LineageOS works much better than it used to on my HTC Desire. Battery life has been better than any of my iPhones (3G, 4S, 5S, 7 and XS) ever had.

That said, if I had to chose between a Google Android phone and an Apple phone, I'd still pick the Apple one. Luckily there are more choices these days.


I haven't used Android as a daily phone since the EVO (I know, its been a while). One issue I had with Android and custom firmware was the time involved. Being on a computer all day, and often times at night, having to deal with tech support issues on my device is a hard stop (for me, personally, plenty of people love it).

That's the nice part of Apple's ecosystem - its pretty simple and requires minimum intervention.


As someone who had an Evo with custom FW back in the day, I can attest the process is much simpler in recent years. If you do your research and ensure the device you are purchasing has official lineage support, the entire setup procsss takes less than an hour. Lineage includes built in update support as well, although to upgrade between major versions you still need to use a computer if I remember correctly.

I purchased my first iPhone since the 3G this year, and it is currently for sale on swappa. I am willing to compromise on a slightly less polished UI and subpar camera to get the UX of android back; at least for me, iOS was lacking many features I could consider essential.


To be fair, once you get past the initial setup, everything mostly Just Works™. But still, I completely understand not wanting to deal with installation and the potential consequences if something goes wrong. (I nearly bricked a device from a botched installation once, so I know how stressful that is.)


I don't doubt that it just works nearly as well as an iPhone, but I want someone else to be responsible if things do go wrong.

For similar reasons, I don't self-host important services like email despite having my own domain. If shit goes wrong, I want the company I'm paying to have their people take care of it. I don't want to have to rush to fix it myself.


android is no where near competitive with apple’s user XP. i was a long term android user until 3ish years ago. i’ll never go back to a fragmented device ecosystem again if i can help it.


It's like QWERTY vs Dvorak. The best one is the one you're used to. I personally find Windows and iOS frustrating, but I know it's because I'm used to Linux and Android.


that’s not true. i just gave an example of switching from what i was used to, to something new that i thought was superior.


Why would fragmentation be a problem as an Android user?


google doesn't control for device screen sizes, software that other vendors load on, or the CPU/ram/storage on the phone, watch, or tablet. they also allow 3rd party app stores. this creates an experience that is out of google's control and in a lot of cases is sub optimal for the user. it's not as stream lined or polished as it could be.


Any example? I've been using both iOS and Android devices of all shapes and form factors since both launched (and I work at a mobile app editing co) and have no idea of the inconvenience for end users.


pagerduty on a nexus 5 brought the phone completely to it's knees due to low ram, and probably some amount of responsibility on the pagerduty app not doing something gracefully. this was the google flagship phone at the time, pals with the current iphone didin't have that problem so i switched.


To each their own. I switched to an iPhone early this year after always having used Android before, and I won't be buying another one. Apple nails the big picture stuff, but they have really dropped the ball on some of the details in their UX. Just a few arbitrary gripes off the top of my head:

* The Clock app doesn't let you set a snooze length? Seriously?!

* Not having a notification LED or some other indicator really sucks. I might set my phone on the counter while I'm doing other things, and with Android, it was nice to be able to look up and see if I've gotten something without walking up to the phone and checking. (I know Apple will likely never implement this because it's a great pitch for their watch.)

* Face ID is slow and inconsistent compared to a fingerprint reader (especially during COVID), and I'm bummed that Apple ditched the latter. It works well about 80% of the time, and the other 20% I'm that crazy-looking person that's making faces at his phone trying to get it to unlock.

* If you had any sort of media app open previously and then connect some Bluetooth headphones, the media controls for that app open up and take up most of the lock screen, and there is no way to swipe them away; you have to kill the app to get them to disappear.

* I miss the inline notification controls. On Android, apps can give their notifications extra buttons, so you can do things like delete an email right from the notifications bar without having to open the app.

* My friend and I regularly send each other voice memos. First of all, the built-in voice memo feature in iMessage is atrocious (no seek and you have to restart from the beginning if you leave the screen), so we use the Voice Memos app to send each other audio files. Except, when you play an audio file inline through either iMessage or Mail, the screen will still turn off and lock, which pauses the file. You have to save it to Files, then open it via the Files app to ensure that it continues playing in the background. How are you supposed to know this?!

* If your iCloud storage is close to full, Apple will continually notify you every few days via your phone and email, and there is no way to disable these notifications.

* Needing a special charger sucks. Everything else I own is either USB-C or microUSB at this point, but my iPhone needs its own charging cable that nothing else uses.

* All of the special treatment that only Apple's apps get is frustrating. For instance, why does only Apple's Clock app get a special timer UX on the lock screen, and everyone else's has to use a notification? Why does only Safari support ad blockers? And why is the camera button on the lock screen limited to the built-in Camera app? They really push their own apps with these artificial benefits, which detracts from the plethora of apps in the App Store.

* Syncing files (in both directions) without iCloud is a pain, and I'm not going to pay for an iCloud subscription. There are lots of different ways to achieve this, but none of them are as easy as simply using SyncThing on Android.

Even though Android is lacking in certain areas, I find the UX to be a lot more consistent than that of iOS, and I would take the consistency and flexibility of Android over all of Apple's corner cases and attempts to predict how I will use my device. But again, that's my personal preference, and to each their own.

(Sorry, this turned out to be much longer than I expected. I guess I'm more frustrated by iOS than I realized!)


microG is still sending information to Google in order for apps and services to work. It does NOT free you from Google.


Use Lineage without microG then.


Plus, in the same use case (photos in the cloud), they’re still being scanned for CSAM and probably piracy and whatever else Google scans for.


Google has been scanning photos for CSAM for... what, almost a decade now?

Also, as an iPhone user, contrary to the recent Hacker News fight, I actually view this CSAM scanning with a sign of hope, because this hints that we could get end-to-end encryption on iCloud Storage. The CSAM scanning is rumored to be just a prerequisite to get the government to shut up with their biggest critique of E2E, so that Apple can then turn it on.

If I can get E2E storage from iCloud but accept CSAM scanning on my device to satisfy the law... I'm OK with that choice. You might not, in which case, Android (and I'll probably buy a backup Android phone "just in case").


Oh yes, I'm sure the FBI will be satisfied with using the backdoor to only find CSAM, they definitely will not use the access for 'anti-terrorism' and drug enforcement. That sounds just like the FBI.

What good is E2E encryption when they can scan your client with a backdoor? All Apple is doing with this hashing is giving themselves plausible deniability when this access gets abused down the road. "Oh we didn't know they would use those hashes to arrest those protesters, we couldn't have foreseen this"


E2E with some scanning at the onramp is still much better than no E2E. If iCloud was compromised, your data is still safe, among many other reasons. If the US Military physically raided the data center and carted out all the hard drives, my data would still be secure. It's still a better alternative. It's not perfect by any stretch, but it's better than what we have now.

Also you are aware Google Photos, Facebook, etc. do scanning anyway and have for almost a decade?


Doesn’t Apple have a front door to change your phone at the FBI behest? Weren’t they already able to upload data (telemetry etc)? It doesn’t make sense to pretend that there was an existing state where Apple couldn’t get data off your phone if the FBI ordered surveillance.


There was a huge court case about Apple refusing to update the OS of a particular phone that was in fbi possession in order for the fbi to see its encrypted contents. https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_d...


Yes, we are one warrant away from just sending all data to the FBI using this system.


But this was already true! I don't get why this is the thing that's made people realize that they have zero control over their phones and that Apple could have any time in the last decade just uploaded all of your data to the FBI if compelled to.


There is no privacy on the internet and on your phone. People really need to get over this.


I won’t get over it. You need to get over people not getting over it.


This^

For me it boils down to ecosystem and integration. I can have a fragmented set of devices and tools, or I can deal with CSAM having literally zero impact on me.

I also have an M1 laptop, it's insane that this little MacBook Air with 16GB ram is walking all over a 16'inch Macbook Pro with 64GB ram.


AOSP/FDroid would be a middle ground for your requirements, no?


I've tried that too. But I work from home and not having the ability to use Banking apps on AOSP without a ton of patching and hacks that could fail anytime afterwards is an issue. Also the camera performance on AOSP is noticeably worse in my experience, and I'm not alone.

To make AOSP "usable" for my life, I need to install the Play Store. At which point I've already lost and would prefer an iPhone for my privacy.


> To make AOSP "usable" for my life, I need to install the Play Store. At which point I've already lost and would prefer an iPhone for my privacy.

To be fair you don't need to, I use Aurora Store, they have a guest mode where you don't need to register any account.


It's only a matter of time before Google starts doing the same thing. I can't imagine Google wont do it eventually.


I don't think they will. They already scan it all in the cloud, and the benefit of doing it on device is for user privacy, that's not something google gives a shit about.


All it takes is "Pedophiles are using Android to share images with one another in person by disabling uploading images to the cloud" or something like that to be a headline and the pressure will be on to follow Apple's direction.


Or does it already and didn't feel the need to make a press release.


macOS has been announced to scan just like iOS


Incorrect. It will use a generic model to warn children that they could be exposed to nudity, but that runs on-device and sends nothing to Apple. (It's just a generic nudity detection model).

On iOS and iPadOS, they will implement the iCloud Photos CSAM scanning, but Apple left out macOS as having that for now. Rumoredly according to GitHub reverse-engineers of the system, it's due to the mathematical precision of the NeuralHash algorithm being processor-dependent on ARM and not Intel.


From https://www.apple.com/child-safety/ :

> These features are coming later this year in updates to iOS 15, iPadOS 15, watchOS 8, and macOS Monterey.


In that case, I'm not sure. The people reverse-engineering the algorithm say they aren't quite sure if that's because the system hasn't shown up in MacOS Developer Previews yet (where it has in iOS and iPadOS), or if that's because they are referring to the generic nudity detection instead of the database matching system.

For now, the security experts looking at this say that the nudity detection model is on all platforms, but the database matching in iCloud Photos is only on iOS and iPadOS and it's unclear whether it will come to macOS.


It's a bit confusing; 2 paragraphs above that line:

"Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy."

That implies macOS isn't getting the CSAM scanning stuff (yet?).


That's at the end of a summary of all 3 features. Each one has the specific OSs listed though:

> iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online


> Rumoredly according to GitHub reverse-engineers of the system, it's due to the mathematical precision of the NeuralHash algorithm being processor-dependent on ARM and not Intel.

If true, it's highly probable that Apple can just port it to macOS and have it work especially for the Apple Silicon line up rather than Intel.

But only Apple knows. But so far, it seems like ignoring the M1 hype was the smart thing do.


Agreed, I use Linux as my desktop PC (gaming and tinkering), Mac as my work PC and the Windows computer I had just died (Surface Pro 4). My mobile is an Android.

I don't any hardware or software developer... I don't really care if the US is reading my emails, images, chats and whatnot. I choose not to worry about those sort of things.

My product choices are more related to functionality and basic ROI.


> I can get my photos scanned against a CSAM database... or I can have Google tracking my location constantly

That's a false dichotomy. There are competitors offering various levels of maturity and functionality. Jolla exists, PinePhone, Xiaomi, Librem 5, dumb phones, POTS landline, no phone...

And yes, Linux on the desktop is also a valid choice. It most likely won't track you either.


There's a reason why that's 98%+ of the market. There is a dichotomy between the two camps in the smartphone market, everyone else is fringe. On the fringe, good luck using banking apps, transit apps, vehicle rental apps, or other apps increasingly necessary and useful.

I don't think you know what you are talking about when you mentioned Xiaomi as an option. That would be among the dumbest options you could possibly choose.

Linux on the desktop is a valid choice, but as I said above, don't tell me to switch to it, it's just not practical in my life. I've tried over a dozen distributions since 2011 and probably over fifty releases of them, and Linux isn't there.


> On the fringe, good luck using banking apps

Tried that yesterday on CalyxOs with anonymous MicroG account and my banking app works fine. No problem with contactless nfc payments.


Aren't anonymous microG accounts illegal though? (Or at least a violation of the TOS.)

Also you can't use any paid apps with this method.


Maybe a violation of TOS, but I guess it's one of these things that would not be enforced at all. Same way as Oracle can't do much about Google using Java or Microsoft doesn't do anything about Wine.

Regarding the second point - that's true. I've heard there are some plans to add payments to the Aurora store/F-Droid (which are alternative app stores) but right now you can't use paid apps.

I consider this to be a plus though - gives me a chance to switch to open-source / self-hosted apps.


There isn't always an open-source alternative to what you need. Especially for people who use their computers for work.


True. That's why for work I still use a MBP. But I decided to separate work equipment/data/apps. That's a good thing to do anyway because of many reason.


> That would be among the dumbest options you could possibly choose.

You don't get to dismiss others' concerns by saying "it's a choice", and at the same time dismiss choices others present...


> Linux on the desktop is a valid choice, but as I said above, don't tell me to switch to it, it's just not practical in my life.

For Desktop, if I have to choose between macOS CSAM spyware of paying users or the Linux ecosystem and its tiny userbase of unpaid users I would go for using and targeting the paid users since they are the ones paying the bills and thats where the money is.

For smartphone alternatives, the phones themselves are still immature as well as the Linux phone software ecosystem which is again still light years behind. If they can't even run the same Android apps on modern Android devices, then it is close to no chance.

If they don't hurry up, Google Fuchsia will steam-roll them silently.

> I've tried over a dozen distributions since 2011 and probably over fifty releases of them, and Linux isn't there.

Likewise, with the GUI software I'm writing, 'Defining Linux support' is something that is not worth doing given that there are tons of distros out there and by selecting one or two distro's there will always be an endless amount of people asking to support X distro or Y distro.


> Likewise, with the GUI software I'm writing, 'Defining Linux support' is something that is not worth doing given that there are tons of distros out there and by selecting one or two distro's there will always be an endless amount of people asking to support X distro or Y distro.

There was a major game developer (sadly forgetting the name) who decided to support Linux as a test around 2018ish. The Linux users were only a few percent of their users but ~20% of the support tickets. They said never again.


Surprised to see Xiaomi on your existence list of maturity.


I'm not sure why, because: a) it exists, and b) it exists on a maturity scale :)


When a pedo gets released from prison, in some jurisdictions they are required to have scanning software installed on their devices. Apple makes every customer a suspected pedo. If you are comfortable with being treated this way, whatever floats your boat. Not everyone fancy receiving the same treatment as criminal on parole.


I'm reasonably confident that Google listens to every conversation I have within earshot of my phone. It isn't uncommon to find things in my news feed that are related to things I have no interest in but a friend or coworker had just mentioned to me in passing.


The conspiracy that never dies. I think it's so sticky because people feel very uncomfortable when they realize how much Google knows about you without having to listen.


It is not conspiracy. There is literally an option on your Google account to stop using mic for collecting data. On older accounts, it is enabled by default.


Are you referring to the voice assistant telemetry? That's not passively recorded according to Google, but if you have evidence to the contrary I can think of a number of news outlets (and prosecutors in 2 party consent states) that would love to have it.


The option was there before voice assistant existed in 2013 or something. That is when I figured it out myself. I don't know how the description of that is changed during the years.


At work you have the same IP. Your coworker may have googled what he was taking about. This is a much easier explaination than a constant mic monitoring for arbitrary phrases


Don’t people have data caps where they’d notice if a ridiculous amount of audio was sent to a server?


If you did all of the analysis on device, even quite cheaply, you could just transcribe key words and phrases into a text file and upload that. That would only be a few kilobytes of data tops per day of unique words and phrases, I should think. And if you've ever tried to monitor data usage on an Android phone, you'll know that the monolith of Google Play Services phones home all the time with all kinds of pings and datapoints, so it wouldn't be hard at all to upload that data.


and you'd have no battery inside an hour.

watch words are simple to listen for, generalised transcription is far harder.


Doesn't your phone stay on charge sometimes?


There are a lot of people at this company, and my news feed doesn't diverge enough to account for all of their varied google searches.


No, but it would be easy to tell that you associate with your co-worked by correlating Bluetooth beacons, which many apps do for exactly this purpose.


More realistically, your co-worker googled it on their phone. They also email/chat/sms/call you once in a while, so they know you're connected.

Now, it's only logical that you may share certain interests, so why not show ads for things they bought/googled for to their contacts?


Yeah I can't decide on this one. Part of me thinks this can't be happening, and that someone would have realised. But there's been a couple of occasions that go beyond the "creepy coincidence" ads to something that I was speaking with my wife about that day and neither of us had put into the internet, suddenly we get ads for it.


People really aren’t capable of conceptualizing how intimate normal data collection and analytics are capable of being. You think your phone is listening because you assume that’s the only way the ads can know so much, and ironically the truth is far more invasive.


I doubt they are listening - What is more likely is Google can use your lat/lng and knows that you and your co-worker work near each other, etc and is making recommendations based of proximity.


It's plausible, but I still don't buy it because I don't see divergent things when I, say, sit next to a complete stranger in the break room cafeteria.


Have you considered an even scarier alternative: that Google simply has such an enormous amount of data about yourself and the people around you that they can make incredibly accurate predictions like this?


What do you say about the people who have tested this and found nothing?


There's a good chance I'm wrong, but it certainly seems like that's what's going on. I haven't seen anyone's testing of this, but it is also possible their methodology is flawed.


AB testing?


Maybe Google heard them say that they were going to test!


you don't need to listen at every conversation. Your friend was tagged with those topics, and there is a connection to you. It's simple enough to "copy" those topics over to you, cause you're maybe also intrested. :)


https://news.ycombinator.com/item?id=28118619

macOS does _something_ related to this system. It's unclear what though.

I agree with how impressive the M1 is. I've replaced my 16" fully specced i9 with a 13" M1 Air. The only thing I sometimes miss is the larger screen but not by much.


> It's just not there yet

Respectfully, it is there. You are not. Which is fine - I prefer a Mac for general purpose computer use, word processing, web browsing, that sort of thing. But Linux can do these things just as well, it just requires you to configure them, which is strictly a "you" constraint and not a failure of the system.


This is a pretty bad argument. You can apply that "you're the constraint" logic to tons of bad designs and products and claim they're not actually bad.

Linux is not necessary a bad system, but usability (degree of effort, burden of knowledge, misuse risk) are absolutely a core determination on where or not a piece of technology is "there yet"


> degree of effort, burden of knowledge, misuse risk

I don't understand what you mean. My non-technical relatives use Linux just fine. There is no "burden of knowledge".


What would they have to do to lose your business? Literally get you arrested?

You're financially supporting the creation of an Orwellian dystopia.


If you're uploading your photos to someone else's computer, you've already accepted this state of things. It's a trade-off for convenience.


I'm not and you shouldn't either.


I'm not telling you what to do, am I?


Every other cloud provider has scanned since 2013. We're already in the Orwellian dystopia.


Can someone explain this to me --

The whole premise is that Google and Facebook and everyone else are just doing this on the unencrypted photos you upload, in their cloud, with their own (presumably, but correct me if I'm wrong) undocumented algorithms and datasets.

Now here comes Apple, documenting almost everything except the dataset itself, and everyone is freaking out because it's happening on your own device. But then it's encrypting the whole thing and uploading it to Apple where they presumably do no additional scanning.

What is the actual difference if it's being looked for on-device vs. by the provider? Supposedly in preparation for a bigger push of encryption of the photos themselves, if they are not already encrypted in the cloud.

Am I missing something more than "but it's happening on-device!"?


I think part of it is that Apple has always said "what happens on your iPhone stays on your iPhone". People expect Microsoft to be evil, and (post "don't be evil") Google to be evil. Apple was supposed to be the good guys in this. So it's more surprising and feels more like a betrayal when Apple decides to be evil.

Also, it's actually pretty easy to mess with Android and get it un-googled. Google don't make most Android phones, so there's less hardware-level enforcement of rules, and more independent alternatives. This is less so for Apple devices. If Apple decides to do something you don't like to your phone, you are SOL; you can only accept it or ditch Apple and switch to Android/something else.


> "what happens on your iPhone stays on your iPhone"

Well, technically this is still true. Files you are putting to iCloud by yourself voluntarily are not staying in your iPhone in the first hand. Everything which is against this, is only speculation currently.


Except that this is all about analysing files that are not on iCloud, but on the device. So what is on your phone is now being reported to people who might decide to trash your life. Hardly "staying on your iPhone".


That is not true if you read the technical details. Scan applies for files (and only for those) which are prepared to be uploaded into the cloud.

If you don't trust that, that is another story. System is full black box.


Yes, but it happens on your iPhone. So what happens on your iPhone isn't staying on your iPhone like they said it would.


So when I said:

Am I missing something more than "but it's happening on-device!"?

Your answer is "no".


I think you're deliberately missing the point here.

It's not whether it happens on-device, off-device, in the cloud, in the tubes, or anywhere.

It's that Apple said that they would not do this, and now they're doing this. You can make technical quibbles that what they promised was slightly different to what they're doing, but they're irrelevant. The core promise of "what happens on your iPhone stays on your iPhone" is being broken. It's that breaking of the promise that people are angry about. Does that make sense?


> Am I missing something more than "but it's happening on-device!"?

People think that this kind of capability was not there already, while it was. The simplest example case is normal iCloud sync. It scans your files and gets metadata, finally comparing to cloud to know which files to sync.

Other concern is, that this can be easily expanded to other kind of content, or whole device (outside of iCloud files). While, this sounds like valid concern, government who can force this change, could have forced it already. "Technology does not exist" is not valid excuse, never was. There are pretty expensive consults used by politics to prove these excuses otherwise.


I think Apple is the only major company who tries at least a little to resist Orwellian dystopia. Business model of other companies cannot allow resisting.


Are we talking about the major company that is happy to give access to all of their users content if the country (eg China) asks? If they were really serious about privacy they would not operate under those conditions.


Company can't operate in the country, if they don't follow country's rules. Sad truth. They should have left the China in that case. On their defense, they have given only information which is stored by their system, not actively increasing the collection of it or creation of backdoors.


Lineage and Linux exist and they're incredible. You've simply give up.


Lineage requires the Play Store to have paid apps or things I now pretty-much need for everyday life, at which point you've lost and it doesn't really matter whether it's Lineage or stock Android.

Linux is incredible... and still unusable for many everyday apps and workflows, and simply not an option for many people including myself. I've tried Linux distributions since 2011, they aren't there yet.


> Linux is incredible... and still unusable for many everyday apps and workflows, and simply not an option for many people including myself. I've tried Linux distributions since 2011, they aren't there yet.

I have actually totally dumped Windows recently (I have tried it past 5 years), because now Linux is getting very close for everything I need, and this same applies for many people. Can you give some examples which aren't there yet?


None of those things matter as much as a future where corporations don't have carte blanche over your information.

Support the continued freedom you enjoyed in your youth for future generations.


It never will be there. A focused group of devs who care about details will always beat design by committee. Always.


Same here.


this. It's 21st century people, we care about usability...

What simplifies in my life if I'm moving away from any ecosystem that tracks me to the OSS way, do I have to compile my own Chromium over the night? "oh, my Linux segfaulted, let's reinstall the OS"

time. Saving time on these operations is worth more than some X-company sniffing my network traffic. Yes, I care about privacy, I always decline the cookie pop-ups, always ask for GDPR contract before handing over my phone no./email to recruiters et. al. I'm doing my best without breaking usability & affecting time spent on these operations.


> I think the competition has too many tradeoffs.

I believe that, for example, anticorruption activists and gay people in Russia who may be subjected to state-imposed surveillance won't agree with you. Apple won't leave even the russian market in case the government demands to expand capabilities of the system. And they will never leave chinese market.

> macOS doesn't scan

I'm afraid I have some bad news for you:

"Features to detect child abuse material stored on iCloud coming in updates to US users iOS 15, iPadOS 15, watchOS 8, and macOS Monterey."


> Apple won't leave even the russian market in case the government demands to expand capabilities of the system. And they will never leave chinese market.

Who will? Google? Microsoft? HP? Dell? Huawei or Xiaomi or Lenovo (lol jk)? Which computer or phone manufacturers or service providers refuse to do business in Russia and China?


JFYI Google left China. Not sure about Russia. Anyway that's not an excuse for implementing such a neat surveillance tool.

Fortunately for now you have some escape hatches.

I believe that it would be a smart move for everyone to stop paying for nooses for their own gallows and start investing into privacy. There are some realistic ways to do it, just buy a damn Fairphone for a no-brainer start.


> JFYI Google left China

I know they did briefly after some attacks, but I also know that they had very little market share to lose at the time and have subsequently worked to get back in. Do you have a good summary of their current position there?


> Do you have a good summary of their current position there?

Nope, why would I? Also I'm pro-google, just pointed to a fact I know.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: