Hacker News new | past | comments | ask | show | jobs | submit login

I’m a cryptographer and I just learned about this feature today while I’m on a holiday vacation with my family. I would have loved the chance to read about the architecture, think hard about how much leakage there is in this scheme, but I only learned about it in time to see that it had already been activated on my device. Coincidentally on a vacation where I’ve just taken about 400 photos of recognizable locations.

This is not how you launch a privacy-preserving product if your intentions are good, this is how you slip something under the radar while everyone is distracted.






In engineering we distinguish the "how" of verification from the "why" of validation; it looks like much comments disagreement in this post is about the premise of whether ANY outgoing data counts as a privacy consent issue. It's not a technical issue, it's a premises disagreement issue and that can be hard to explain to the other side.

reply


The premise of my disagreement is that privacy-preserving schemes should get some outside validation by experts before being turned on as a default. Those experts don’t have to be me, there are plenty of people I trust to check Apple’s work. But as far as I can tell, most of the expert community is learning about this the same way that everyone else is. I just think that’s a bad way to approach a deployment like this.

reply


Apple of course thinks their internal team of experts is enough to validate this.

reply


To play Apple's advocate, this system will probably never be perfect, and stand up to full scrutinity from everyone on the planet. And they also need the most people possible activated as it's an adverserial feature.

The choice probably looks to them like:

  A - play the game, give everyone a heads up, respond to all feedback, and never ship the feature

 B - YOLO it, weather the storm, have people forget about it after the holiday, and go on with their life.
Wether B works is up to debate, but that was probably their only chance to have it ship from their POV.

reply


To give you feedback in your role as Apple's advocate:

"we had to sneak it out because people wouldn't consent if we told them" isn't the best of arguments

reply


Agreed. This two/three years in particular, there has been more instances where what's best for Apple hasn't been what's best for their users.

reply


Did a variation of A already happen in 2022, with "client-side scanning of photos"?

reply


Yes. That also was a thoroughly botched version of A, but I think even a good version of A won't see them ship anything within this century.

IMO giving up on having it widely used and just ship it turned off would be the best choice. But it's so obvious, there must be other ceitical reasons (good or bad) that's not an option.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: