> Lockdown Mode basically cripples the phone, feature-wise. It's not quite to the point where I'd (even hyperbolically) say "why don't you just get an old dumb phone instead", but still...
The problem is that phones (of the "dumb"/"feature" variety) are running OSes that don't have nearly the security attention or hardware features related to them as iOS devices.
I carry a KaiOS feature phone as my personal phone (when I remember it). Apple pissed me off enough with the CSAM stuff that I wanted to experiment with alternatives, and I've done so. However, I don't pretend KaiOS is particular "hard" against attackers - it's almost certainly not. But neither does it have much of an attack surface. It doesn't even try to render emoji, they're just black rectangles. And neither does it try to, say, render weird old Xerox image formats.
I would trust an iOS device with "most of the complex attack surfaces turned off" far more than I'd trust a KaiOS or stripped Android device. You get all the hardware protections, regular OS updates, a bug bounty program focused on this mode, and the smaller attack surface window of Lockdown.
I'm incredibly excited by it, because it turns off all the stuff I don't want in a phone anyway.
Unfortunately, "crickets on CSAM" is a problem too. If they say they're not going to ship that ill conceived feature, I might move back to iOS. If not, well... I'll probably play with Lockdown mode for a week or two and then go back to the Flip.
If you opt out of/disable iCloud iPhoto Library then CSAM isn't active right? - It applies to iMessages only because iMessages integrates to iPhoto Library.
Again, the CSAM "scandal" was actually an improvement of what the other online photo services do (constantly scan your entire library of photos with no controls in place). Just the improvement involved on-device scanning that folks seem allergic to. But you can opt-out, so still better than KaiOS.
The claim is that if you opt out, it's disabled, yes. However, I object, fundamentally, to the entire concept of using my device to check my content for your legal requirements.
If I store content on your server, yes, absolutely, you can use your resources to check the stuff I've stored for what you define as badness.
But Apple's system is using my device to scan for their definition of badness. If they'd then said, "And this allows us to do iCloud E2EE," well, OK, this is a discussion to have. Except they didn't and haven't. It is, as designed, "I use my device to scan stuff for you, and then you can still scan it."
And as a direct result, the EU is now pushing for "badness scanning" in all sorts of E2EE channels, to include searching for "grooming" in text chats. "But Apple said they could do it! Why can't you do the same thing?" is a valid argument from a politician's point of view.
KaiOS doesn't have anything in the way of photo uploading in the first place.
But the scanning is only applied to photos being stored in the cloud. What difference does it make which piece of metal is doing the actual scanning if the practical result is the same?
Well, putting aside that CSAM isn't active at all at the moment, you're correct it didn't apply to iMessage (sending an image in iMessage couldn't trigger it unless the user saved the image), and that iCloud Photo Library needed to be on.
The problem is that phones (of the "dumb"/"feature" variety) are running OSes that don't have nearly the security attention or hardware features related to them as iOS devices.
I carry a KaiOS feature phone as my personal phone (when I remember it). Apple pissed me off enough with the CSAM stuff that I wanted to experiment with alternatives, and I've done so. However, I don't pretend KaiOS is particular "hard" against attackers - it's almost certainly not. But neither does it have much of an attack surface. It doesn't even try to render emoji, they're just black rectangles. And neither does it try to, say, render weird old Xerox image formats.
I would trust an iOS device with "most of the complex attack surfaces turned off" far more than I'd trust a KaiOS or stripped Android device. You get all the hardware protections, regular OS updates, a bug bounty program focused on this mode, and the smaller attack surface window of Lockdown.
I'm incredibly excited by it, because it turns off all the stuff I don't want in a phone anyway.
Unfortunately, "crickets on CSAM" is a problem too. If they say they're not going to ship that ill conceived feature, I might move back to iOS. If not, well... I'll probably play with Lockdown mode for a week or two and then go back to the Flip.