"But [Apple executives] said they expected any [implication by malicious actors] attacks to be very rare and that in any case a review would then look for other signs of criminal hacking."<p>Oh, all right: Apple, already being in possession of hard evidence of a hideous crime and already being required by law to forward such evidence to proper authorities, will also - pro bono publico! - sacrifice significant amount of time of a significant number of their in-house computer forensics experts, each enjoying a significant billing rate, to relentlessly look for "other signs of criminal hacking", until there is no significant doubt that the accused is, indeed, guilty. We're all safe, then.<p>I don't know whether to laugh or cry.
I've read this whole situation as a signal to China and other authoritarian regimes that Apple has finally seen diminishing returns from the "Apple is more secure" angle and is now looking elsewhere for growth. It's just business.
I stopped using stock Android and went back to iPhones because I thought Apple cares more about privacy than Google does. Not exactly correct in all cases I know (ie. they both suck in terms of privacy), but it seemed like Apple users are buying in, so it might work.<p>Now I think my next mobile OS is going to be GrapheneOS.<p>Like others have mentioned, this is as big of a warning as anyone's going to get to get out of that locked-in ecosystem. On that note, the outrage is kind of useless if you don't skip buying the next iPhone. You should fully own what you fully pay for.
Apple is smart enough to determine what's in an photograph, but if I paste text into a sentence in iOS I still need to manually add spaces and format punctuation.<p>I will never forget the time iTunes deleted my music library, or it's inability to deduplicate identical songs.<p>Power.
Don't like it? Call your Senator. Apple has to comply with the law.<p>"You’re going to find a way to do this or we’re going to do this for you.
We’re not going to live in a world where a bunch of child abusers have a safe haven to practice their craft. Period. End of discussion."
- Sen. Lindsey Graham<p>The system they recently announced is a step forward from how they currently do it. <a href="https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/" rel="nofollow">https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-...</a>
Apple have already been doing this for sometime:<p><a href="https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/" rel="nofollow">https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-...</a><p>This is about the new PSI system:<p><a href="https://www.apple.com/child-safety/" rel="nofollow">https://www.apple.com/child-safety/</a><p>In which photos are scanned on the users device. This appears to be a report of a new press conference after the initial announcement? Does anyone have a transcript of this press conference?
Nothing Apple says about this modern day surveillance tool will make me more accepting of it. If you think this isn't about establishing complete control of your communications, you are a fool. If you think this about protecting the children, you are a bigger fool.<p>I do not want AI making such decisions affecting humans. No matter how good it is. I also don't want John from Apple looking at my profile and assigning me a score on a scale of 1-10 of how "pedo" am likely to actually be.<p>What I actually want is for people to stop thinking that technology will solve every human problem we have.<p>You have to be either naive, conceited or just lazy (avoiding the real work) to actually believe this is possible.
Just an FYI for everyone: you can use a local backup system with iOS. Fully encrypted local backups over WiFi (connect your iPhone to your Mac or Windows iTunes, use full backups - encrypted, and enable backups over WiFi).<p>Your phone will backup when charging overnight on the same WiFi network as your designated backup Mac/PC. The backup files are encrypted with a different password chosen when you set it up so it doesn't rely on only keeping your backup computer secure.
Who needs SWATing when you can send a CP pic (either real or with hash collision as per the thread few days ago) from a virtual overseas number/service and get FBI van to show up as well?<p>What about injecting code into a public website to download same pic into local browser cache without user’s knowledge?<p>The simplicity of the attack vectors here that would trigger the “manual” investigation is just dumbfounding and ripe for abuse/misuse.
Well, this morning I got my Pixel 5 delivered. Installed CalyxOS in 5 minutes. Locked bootloader.<p>The experience is not that bad. In-app purchases aren't working, GPay doesn't work either. And the camera is, well, bad. Apart of that everything seems to be smooth and fine.<p>Try it and donate the iPhone price difference to Calyx Institution.<p>You don't even have to give up on your old iPhone and update its OS.
Maybe someone can comment on this: Does Google scan the cloud fotos of its users for CP? Have we seen an uptick of false positives/SWATings since they do that?<p>Apple is - rightfully and understandably IMO - criticized for their plans, but does anyone know how Google handles this?
I don't care about the technicalities. The issue is that we would be constantly watched with a government defined black list. They could find all "troublemakers" with a simple query. This gives immense power to goverments, and completely destroys any notion of individual freedom.<p>If you support Apple on this, you support totalitarianism.
So Apple wants to use my electricity/computation instead of doing it on their own servers. Disregarding the privacy issues that’s pretty scummy IMHO.
If you haven't seen it already, Alex Stamos (former head of Security for FB) has a really incredible Twitter thread on this:<p><a href="https://twitter.com/alexstamos/status/1424054568275439617" rel="nofollow">https://twitter.com/alexstamos/status/1424054568275439617</a>
This is one of those things where you can align with the intent --child abuse is a horrible thing-- and yet, at the same time, cringe at the prospect of what doors we might open.<p>I don't use iCloud. I have no need for it. Then again, most people on HN do not fit the profile of the average Apple user. When you are technically capable some of these things don't have the same value they may have for you parent, uncle or grandma. In my case, I had a couple of problems back in the iPhone 3 days and just opted to ignore it completely. Today, my iPhone X isn't using iCloud and all is well.<p>That said, I have seen people do things like take pictures of tax and other documents and message them to others. I can't possibly imagine what people take pictures of and unwittingly keep in their phones and on iCloud. ID, paychecks, that wart in their crotch, anything. The average user has no clue how any of this works. It's magical. And, yes, it's simple. And, yes, it comes with potential consequences.<p>And now, all of it is up for evaluation for potentially criminal activity? By an anonymous a team with no legal accountability to anyone? Without and before being accuse of anything?<p>Wow.<p>What doors are we opening?
> "But they said they expected any such attacks to be very rare ..."<p>Well, ransomware has been rare almost forever, then suddenly became the norm.<p>> "and that in any case a review would then look for other signs of criminal hacking."<p>Good luck finding a malicious app that downloads child porn from an encrypted remote
server, plants it in the target device, sends "by mistake" an example to social media using
the owner credentials, then deletes itself.<p>This is crazy. Child porn traffickers will find a way to circumvent this while it would offer
governments just another weapon against people they don't like.<p>Also they completely ignore that we're talking about child porn; if someone is wrongly linked with the subject for just one second by the media, no matter how many times the news is being rectified afterwards, his life may be ruined forever. It's not like being accused of avoiding taxes or theft; any mental association with things like child porn or rape is not going away easily.<p>Any technology that could be (ab)used to plant evidence in such cases would be the ultimate weapon to destroy individuals without actually killing them. Better not to have it than to risk that it ends in the wrong hands.
I had a highly upvoted comment about this whole thing a couple of days ago:<p><a href="https://news.ycombinator.com/item?id=28069528" rel="nofollow">https://news.ycombinator.com/item?id=28069528</a><p>I have come to one more nuance about the viewpoint. If people are spreading CP by signing into the same Apple account from multiple devices and using iCloud to automatically share the photos, I think that's a different situation than a single person signing into one computer and one phone that are mostly used on the same networks together.<p>Not that I've really changed my view that I wrote before, just there is a bit of grey here.
Wow. This could be messed up for attorneys, DCS, social workers, etc. They allude more to child pornography, but I hope it doesn't extend to physical abuse.<p>Those photos are usually taken on phones by spouses, doctors, schools, etc. to be passed to the above on their phone for evidence for a DNN or similar case.<p>Glad my kids have aged out of baby bath photos.<p>And those poor people who I know are going to have to provide an auditing safeguard. I hope they take care of their mental health.
Q1) Is apple responding to government lawmakers:<p>EARN IT seeks to deal with the scourge of online child exploitation by coercing service providers to more aggressively police such content on their platforms. <a href="https://www.congress.gov/bill/116th-congress/senate-bill/3398/text" rel="nofollow">https://www.congress.gov/bill/116th-congress/senate-bill/339...</a>
Similar laws in UK and others.<p>Maybe this will short circuit the need for a government backdoor to snoop in icloud photos?<p>Q2) Didn't people agree to no illegal KP with the icloud TOS? Doesn't all this do is move the scanning from apple's servers to the distributed ARM processors?<p>Q3) Is that more environmentally friendly or less? I am sure it is cheaper for apple to have the iphone scan than add additional servers, cooling, space, etc.<p>If one doesn't use icloud photos this does not affect them, for now.
This is apple’s answer to not decrypting / unlocking phones for authorities. They found a way to keep our data private, while still being able to detect criminal activity. Oddly enough, most ISPs already scan for CP on the wire. So not even sure this is a necessary next step.
I'm confused. I was under the assumption that they were only going to do <i>client</i> side detection, is this article claiming they will be running the scans in the cloud as well?
How is this supposed to be helpful? Wouldn't a perpetrator simply turn off iCloud syncing for their photos? Why would they even store them in the photos app in the first place?
How politicians will abuse this:<p>-upload hash of meme you find offensive that the political opposition is using to subvert your authority<p>-receive addresses of ‘offenders’
I don't use Apple devices, but I'm wondering -- are the type of people who use iPhones significantly more likely to be engaged in exchanging child pornography than people on Android?<p>Perhaps there's a real problem here that needs to be addressed (though not in this way that opens the door to all kinds of surveillance)?
Another thought I've had: I'm not sure hiring tens of thousands of people to look at porn and child porn is really the future solution set that we all want. We'll have another subclass of of our culture, like military vets, who'll have trauma and PTSD as part of their job experience.
A natural extension of these systems would be to enforce copyright, no? Of course it would be cause press to sue anyone possessing copyrighted content. A more measured response would be to have it disappear from iCloud, with a message that it has been put in the memory hole.
> And so the threshold allows us to reach that point where we expect a false reporting rate for review of one in 1 trillion accounts per year<p>The actual algorithm isnt accurate to 1/1T - they're claiming the human review process is that acacurate.
I find a marked difference on HN about the attitude towards end-to-end encryption, and anonymous transactions in cryptocurrencies.<p>The former can enable the latter. And so much more. Organizing sex trafficking, terrorism and so forth. Nevermind the copyright protection stuff.<p>The latter can enable tax evasion, money laundering and financing unsavory activities. States don’t want people to be able to do that.<p>Yet many on HN applaud attempts to doxx everyone and every transaction in crypto, calling it a scam/for criminals, while at the same time decry any attempts to lessen encryption, however subtle or careful, of personal files and communication.<p>What is a consistent position on both these topics, given that there are dangers on both sides of the argument? I tried to present the core issue here:<p><a href="https://news.ycombinator.com/item?id=28117289" rel="nofollow">https://news.ycombinator.com/item?id=28117289</a>
Maybe this would be an unpopular opinion but for anyone who loves Apple ecosystem you can have an Apple device with minimum private stuff and a secondary non-google phone for private related stuff?.
Can someone please explain to me how this comparison would work? It seems so trivial to alter any image containing CP slightly such that its hash doesn't compare anymore?
I am totally making an npm package that secretly generates a CP image during the postinstall script.<p>Developers created this and developers must suffer from this.
"The disclosure came in a series of media briefings in which Apple is seeking to dispel alarm over its announcement last week that it will scan users' phones, tablets and computers for millions of illegal pictures."<p>Yes, this definitely "dispels" my alarm. Thanks, Apple.