Should this headline have the word Opinion: or something?
These are extremely strong claims, especially vis a vis facebook.
"In one fell swoop, Apple destroyed its reputation for privacy and security, surpassing even Facebook and Google in violating user trust".
I don't see any survey results.
So we are clear, most digital trust surveys show facebook is last in user trust - often 70% - 80% of users do NOT believe facebook protects their privacy. So this is a MAJOR change.
In general brand rankings Facebook does MUCH better, but apple still crushes them.
While some folks have legitimate concerns about any scanning, the majority of pushback isn't about the fact that scanning is occurring. It's about the fact that the scanning occurs locally on your device, which is meaningfully different, and rightly raises a million and one concerns about the future of such a feature.
The pushback is about the continued erosion of boundaries between what is "mine" and what is in Apple's purview.
Questions/criticisms about security theater aside, this is the difference between the TSA looking in my bags when I get to the airport vs. the TSA having the ability to look in all of my suitcases while I'm still at home.
One might immediately respond "but they can only look when you intend to take that bag directly to the airport to fly", to which I say "it's really fucking creepy that they can look in my bag while it's still sitting in my living room".
This is not equivalent to existing server-side scanning.
But it’s not “scanning” on your device. It’s uploading a hash at the same time as the photo, and the server then does additional work to determine if it’s a match or not.
Scanning implies you’re going over all my files with some frequency and then acting upon some violation. Here the system is designed so the device doesn’t know when the server has found a match or not.
And that computation is something that did not exist prior to the introduction of this feature, nor is that computation useful for anything other than the operation of this feature.
You can split hairs over terminology and call this "scanning" or "analysis" or "inspection", but the end result is the same. Your device is now computing information with the sole intent of using that information to make a judgement about the content you're uploading and about you/your account.
Without that "scan/inspection/analysis", the server-side process can't do anything on its own.
It could do all the same stuff because it’s getting the unencrypted photo currently. So it seems therefore that this is being done to allow for full encryption or to have that database of hashes more restricted by how they’re slowly distributed. Why else?
I don’t think it’s splitting hairs — semantics matter. Scanning your system for illegal stuff has a very different connotation, and if you read the comments on HN, even in this more technical audience there’s a lot of confusion and incorrect understanding. People are still thinking this is being implemented outside of iCloud photos, for instance. Go read all the browse cache worries in comments.
> Scanning your system for illegal stuff has a very different connotation
And yet, when you examine the end-to-end system, this is exactly what they're doing.
If I have a long, flexible piece of wood that's capable of bending, and a very strong string, and a dowel rod, feathers, and a sharp piece of metal, I can claim that "I just have a flexible piece of wood" or "I just have feather".
But if what I really possess is an unassembled bow, and upon assembly I can use it to fire arrows, suddenly I have a weapon. It would be disingenuous to claim that the individual parts I have are all harmless when their sole intent is to be used in combination in a manner that can inflict harm or death.
> So it seems therefore that this is being done to allow for full encryption
And to what end? What value would such a feature provide when the first end has been compromised?
I'm not sure what you mean by an unassembled bow here, or more specifically, what the bow is that you're referring to. People have worries that this could lead everything from to identifying dissidents that might be in possession of specific photos to identifying copyrighted materials on your device whether they were going to iCloud or not.
The construction of the system negates both of these things. It matters if it's tied to iCloud or not. Otherwise it is 'scanning' your system, which in this case, isn't something that is actually built anymore than it could be built at any time. It's not like Apple can't build whatever software/hardware it wants or needs. This was just as true before as it is now.
To me the bigger issue is the worry about what hashes will it be... will that expand past the intersection of two CP databases. Maybe? Maybe not? But that risk was the same before (or even worse since it could have been done fully in secret and targeted to specific individuals or regions) on a pure server-side solution. All this work isn't being done just to save some CPU cycles in Apple datacenter.
>And to what end? What value would such a feature provide when the first end has been compromised?
I don't understand your question, and I don't fully understand your compromised position. If the concern is finding all kinds of bad things on your phone independent of this CP thing, that always could have been the case and what was built isn't enough for that (it's hashes not classifiers, the db is distributed to the entire world and verifiable that its the same on all devices, you could always see the network traffic despite turning off iCloud services, etc).
> I'm not sure what you mean by an unassembled bow here, or more specifically, what the bow is that you're referring to.
Throughout your responses, you've downplayed the nature of the on-device "scanner/analyzer/whatever" and have seemingly implied that because that one component is pretty innocuous on its own, it shouldn't be a big deal.
"The bow" here is the end-to-end solution Apple is implementing. The point I'm trying to make is that the on-device component must be judged based on how it interacts with the whole system and should not be downplayed just because it appears innocuous in isolation.
> I don't understand your question, and I don't fully understand your compromised position.
Generally speaking, E2E encryption means that the owner of the data holds the keys and nothing else can read that data except for the owner.
In the system we're discussing, any subsequent application of "E2E" encryption would be meaningless, because Apple stands between you (the first "E") and their servers (the second "E").
> It's about the fact that the scanning occurs locally on your device, which is meaningfully different
Yeah it IS different, most people feel much better about things that happen on device.
Since this only happens for photos on their way to iCloud, in your analogy it would be like searching the bags when you put them in the cab to go to the airport.
Furthermore, it would be like TSA had a machine that could search your bags for guns, without any human even seeing an x-ray of them. Plus the machine would need 30 gun alerts before it takes any action at all.
I don't know about you but I would not have any issues whatsoever with that.
> Since this only happens for photos on their way to iCloud, in your analogy it would be like searching the bags when you put them in the cab to go to the airport.
I think this would be more like if the TSA installed scanners in everybody's houses that scan everything as you put it in your suitcase. Yeah, it only scans things on the way to the airport, but the scanners are in my house. I don't want them there. My house is my domain.
It's the same way with my phone. I don't want the government/Apple evil detector running on my phone. I know that a false positive is unlikely and I know that Apple and the government have made very clear they will only look for Real Evil. I still don't want the scanners on my phone.
> most people feel much better about things that happen on device
This indicates you may be misunderstanding why people generally feel better about things happening on device.
Apple's own tagline "What happens on your iPhone, stays on your iPhone." includes a very strong hint. That hint is:
> Stays on your iPhone
Nothing about the features we're discussing here stay on your iPhone. Doing something locally is no longer meaningful if the express intent of doing that thing is to phone home when certain conditions are met.
Even more funny, as Apple's method of scanning the photos you upload to it's online server is much more private than Google or Facebook's method.
Apple can't see the results of the scans until a threshold of 30 matches is reported by your device. To protect against false positives, Apple's servers have no idea a single match has occurred until you cross that threshold.
Google and Facebook see the results of each individual CSAM scan performed on their server and retain that data where it's open to misuse by anyone who can issue a subpoena.
We've seen Google's data horde about everyone lead to abuse before.
>Innocent man, 23, sues Arizona police for $1.5million after being arrested for murder and jailed for six days when Google's GPS tracker wrongly placed him at the scene of the 2018 crime
Right - but without getting into the merits of apple's approach - what is the support for this claim that apple has worse reputation here than facebook etc?
I see the links to EFF groups which have (repeatedly) gone crazy over this. But the broader public? Are we even clear that the public doesn't like the new features (snitching on porn going to kids / CSAM detection)?
These types of things tend to be pretty politically popular. In other words, if govt does get involved - will it actually block apple from blocking porn sent to children to help prevent apple from "destroying" their users trust? How does that even work politically?
I get the HN crowd is majorly against this in aggregate - but that is not the general public (and obviously not all HN folks are making the kinds of claims we are seeing get upvoted here - destroyed all trust, committing felonies etc).
IMO, the degree of violation has a lot to do with the history of each of these companies up to today.
Drawing a somewhat crude analogy, if a person is a serial cheater in their relationships, and they are known for such cheating, and they don't really claim to be anything but a cheater, it doesn't really surprise anyone when they cheat.
If someone agrees to be in a relationship with such a person with the full knowledge that they tend to cheat, that person cheats, no one is very surprised.
On the other hand, if someone is known as "generally a standup individual", and they're generally seen as trustworthy, reliable and faithful, and someone starts a relationship with that person, the degree of betrayal when that "trustworthy" person cheats is much greater than the betrayal of the serial cheater.
Basically, Google/Facebook haven't built their business on claiming to care about privacy. Apple has. Even if Apple does exactly the same things that Google/Facebook are doing, it's a greater betrayal.
Interesting - the sales numbers for the new iphone will test these claims very concretely indeed given this massive betrayal!
Either they will flop as people reject apple for this betrayal, or they may be amazing if it turns out these claims of worse than google and facebook are totally false.
You seem to have concluded that sales numbers somehow change the nature of what Apple is doing here.
Good sales numbers would be a strong signal that users don't care (or don't understand). This doesn't change the fundamental issues with these changes.
We are getting lots of claims that apple has "destroyed" it's reputation. Other comments say that apple has "destroyed" is brand.
This is a very significant set of claims, because apple's brand is KEY to what apple offers, what they charge, and what they sell.
In other words - $X in parts cost $Y with the apple brand on it - because of users trust in apple.
This is why brand surveys are done. You can see that brands (alone) make a huge difference in pricing / sales power vs basic functionality (sometimes ridiculously so in things like handbags).
You are making my point for me. It is possible - very possible - that despite the outrage on HN at these efforts around child porn, the demands that govt criminally prosecute apple etc, that in actual fact users may not care or may LIKE these types of features, and that similarly, govt may not prosecute apple for the supposedly felonies they are committing but will LIKE what they are doing here and thank them for it.
In the end apple may not have "destroyed" users trust so that they are seen as worse than facebook (!!) but may continue to be trusted (at least as much as facebook - which is NOT AT ALL), and be able to sell products at a premium etc.
When you say Apple is worse than facebook - that is a VERY strong claim. Do folks on HN not understand this? When folks claim apple is committing felonies those are strong claims. So you need some strong evidence.
Apple is a business - they may decide they want to take an anti-child porn stance. Is this bad for business? We will see. They will make the argument I'm sure that they will continue to do privacy as well - but the balance there is different than what HN wants, but may be fine by users.
It just gets a bit tiring hearing that apple is destroyed (which comes up in lots of ways) when my own read is they are long way from being destroyed.
The existence of a market and the purchaser's willingness/happiness with the product do not confer value judgements onto the products they're purchasing.
You seem to be arguing that consumer sentiment trumps all, and that if customers are still buying, then everything must be ok.
> Is this bad for business? We will see.
We will see, but this is not the most important metric to track. Half of the people I know won't even comprehend the change, and even fewer will understand the farther reaching consequences if we do indeed slip down the slippery slope that everyone worries about.
If at the end of the day, we're at the very bottom of that slope, and dissidents are getting arrested pre-emptively for views that don't align with their governments, no one will care that "Apple users were still happy to buy the phone".
You must evaluate these kinds of solutions / policies on their merits (and downsides), not solely on their popularity.
In a world where every consumer is well educated and can understand the nuances of this change, then I'd be more open to your position. Since we don't live in that world, I stand by the comments above.
I feel like this is one of those “the media creating a story where there isn’t one” situations. Not in terms of apples new changes - there’s definitely a story there and many people are upset about it. But I’d wager it’s a minority. And I still trust apple more than Facebook.
I see a lot of Applelogism here.
From techies with Apple fetish. I understand, as long time Apple user it is hard.
And nothing resembling proportional response from them.
Silence is golden.
PR stunt from Federighi with scripted narrative aired trough WSJ and technical documentation.
This comes from a company with recently removed black billboards with advertising slogan : What Happens On Your iPhone, Stays On Your iPhone.
And even Apple sells a lot of iPhone's, the "normies" already have being alerted. So do not be so sure about hyperbole.
No sane professional will trust a workstation with "scanning" functionality defined by third party given parameters and Apple Police in the background.
This is a community of early adopters and also early disposers. I could be wrong but for the first time in my life I am getting a real sense that Apple could be making a huge mistake here.
Average customer doesn't know. I go to dog parks everyday and talk to people randomly. I mentioned this to some of the dog park friends and they had no clue and didn't care/understand the implications of CSAM.
Not an inch. Since most people trust Facebook with their photos and google with all their emails, both of them mining your personal data for ads, obviously they will not mind Apple scanning their photos to prevent horrific crimes.
> obviously they will not mind Apple scanning their photos to prevent horrific crimes
But Apple scanning all phones for CSAM makes it look like you're guilty unless proven otherwise. It's not even about preventing crimes -- Apple will only flag your device if it has a photo from the CSAM database. In that sense, the most horrific part of the crime, i.e., the abuse of a child, has happened already.
All the other major services already scan your photos with similar algorithms, the only difference is that apple is trying to do it in a much more robust and privacy preserving way.
“It’s now crystal clear why Apple tried to exclude dozens of its own processes from network monitoring last year; to pave the way for total (and leaky and dangerous) control over our digital lives.”
The hashes get uploaded with the photo up iCloud. You don’t need to prevent a firewall as you could just block both.
This article is a lot of conjecture presented as fact. I’m sad HN is so willing to entertain clickbait these days.
As someone who has always despised Apple, more than the rest of FAANG, I disagree with this. It's not even true for me. I view them as user hostile, but less than the rest due only to the nature of their business model being less dependant on selling user data.
As a game developer I can't really ignore or boycott the iOS market, but as a user, I don't think I'll ever use an Apple powered device for anything else than testing my builds.
I don't see the point, their products are becoming more bland, pricier and less reliable over time, and I simply don't like or trust the company.
This is very early to call it a dead brand, given their huge treasure chest and market inertia, but I think Apple is declining and I don't see them coming back.
I think you have a very particular point of view. The vast majority of iPhone buyers haven't given this issue more than 2 seconds of thought. The vast majority will buy the next iPhone (or the one after that). And they'll buy another iPad for their kids. And they'll keep using MacBooks.
Our family was like that. We had every single device version up to iPhone 11.
Then Apple bent to the will of the Chinese government and removed apps used by HK protesters. I don't live in Hong Kong, and I'm not affected, but it was a red flag (no pun intended).
Then they bent to the will of the new US administration, removed Parler, and threatened Telegram. I use neither, but again, red flag.
Now this. Textbook definition of hypocrisy, maybe?
We were in a holding pattern on Apple upgrades since the HK decision, and now we are two generations behind on iPhones, and (I think) four generations behind on iPads. The thought of upgrading and giving Apple more money is not appealing to any of us, so we'll keep our current devices for as long as they work, while searching for an exit from the Apple ecosystem.
It's just anecdotal, and I'm sure Tim Cook won't lose sleep over losing three iPhone and three iPad sales.
Law, order, morality.. those are things defined by a democratically elected legislative branch, and enforced by the judiciary branch, not by rich suits in closed off board rooms.
In my mind, this is just a cooperation between law enforcement and big tech to get around the 4th amendment protection.
We're going through a period of history of where we're asking the question who controls whom: do governments control corporations or do corporations control governments? A lot of people want governments to be able to control corporations since many governments are beholden to their citizens, whereas corporations are not.
> Law, order, morality.. those are things defined by a democratically elected legislative branch, and enforced by the judiciary branch, not by rich suits in closed off board rooms
I'm confused - you complain about "rich suits in closed off board rooms" making decisions (corporations control governments), yet you also complain about Apple "bent to the will of the Chinese government"? Well, which way do you want it? Who do you want to control whom? You can't have it both ways.
Maybe.
But from my experience, our crowd tend to underestimate its predictive power.
We tend to see ourselves as living in a niche, remote area.
I remember in 2002-2005, when talking about the possible emergence of Smartphones, most of my friends and co-workers had the opinion that this kind of nerdy devices would never have any appeal to the general public.
They should just scrap any plans they have to roll out end to end encryption of photos and instead just do server side CSAM scanning as Facebook and Google already do.
Turns out they were, as is industry practice. And their right, as owners of the servers hosting the content.
I really hope it gets dropped too. It accelerated a contingency plan of mine where I take the safe assumption that all closed software is actually a cop.
Title might want to add "in my opinion" or something. At first glance this claim seems absurd however Apple has really sold itself as megacorp champion of privacy whereas the other two haven't. Perhaps not as ridiculous as it looks but hardly factual.
None of the articles adequately address 'why' Apple is taking this risk, and I haven't seen any plausible explanation from the company. I can't help but want to connect all the noise in the antitrust arena to this development.
The facts remain that: a) Apple's new system is strictly superior to PhotoDNA in every respect people complain about, including malicious insertions of non-CSAM hashes (since you'd need 30 matches with Apple, and 1 with every other online service); and b) concerns about the local implementation mostly rely on fear of the unknown and illogical arguments (Apple's system makes it no more likely than before that we'll see backdoors in their OSes, and if that ever happens researchers would certainly discover it).
Or, more obviously, the internal memos from Epic trial saying Apple has a CP problem coupled with a desire to create a system they could run on encrypted photos (assuming this is a missing piece for full E2E).
That's exactly it! The entire C-suite is left defending Apple's brand in an antitrust trial on the basis of propriety ,[1] that Apple has the adults in the room, which has been the impetus for the abrupt hard turn away from privacy. That narrative leaves me feeling very little sympathy for Apple, unfortunately.
The problem is, you are only "this" far away from Apple engineers and third parties perusing your private photos due to a photo that triggers false positives.
“Surpassed Facebook and Google” — are you kidding me? I’m quite upset about the recently announced on device scanning, but the wording of the title here is just nonsensical. Apple would have to do something like the CSAM implementation a thousand times or more to be close to the abuses by Facebook and Google. You have no clue if you’re putting Facebook and Google ahead of Apple on privacy and user trust.
These are extremely strong claims, especially vis a vis facebook.
"In one fell swoop, Apple destroyed its reputation for privacy and security, surpassing even Facebook and Google in violating user trust".
I don't see any survey results.
So we are clear, most digital trust surveys show facebook is last in user trust - often 70% - 80% of users do NOT believe facebook protects their privacy. So this is a MAJOR change.
In general brand rankings Facebook does MUCH better, but apple still crushes them.