I think it's a bit funny that German government is complaining to Apple about a feature that is not even going to be active in Europe while simultaneously considering a law that requires communication providers to scan all emails and messages for inappropriate content...
> I think it's a bit funny that German government is complaining to Apple
The German government isn't complaining. Looking at the original German article it was a single parliament member from an opposition party that wrote a letter to Apple.
A new parliament will be elected in Germany on 26 September. Current polls do not see a majority for the ruling coalition of CDU/CSU (Conservatives) and SPD (Labour). It is expected that either the FDP (Liberals) or the Grünen (Greens) or both will be part of the next government. Both the FDP (the party of the MP who wrote the letter) and the Grünen have been very supportive of data protection and privacy in opposition. We will see if they stick to it in government.
This is hardly surprising. Governments are not unified bodies, they are inherently built of groups of at worst directly opposing or at best mildly aligned individuals claiming membership to some political ideal and/or club.
You are right, I'd be pretty surprised if such a statement came from the government itself. But this complaint is actually only from some members of the parliament belonging to the Digital Agenda committee with the chairman being a member of the opposition.
How is "in Europe" determined? Will it trigger for an american appleid while present in Germany? Will it trigger for a German appleid while present in the US?
And that's why we need to push our respective representatives to adopt laws that prohibit any kind of personal content scanning without a warrant. Personally, I would be ok if this scanning were applied to cloud-stored data that is shared to the public (e.g. social media platforms), but that's about it.
From the technical standpoint, Apple's implementation seems sound, although it does raise strong concerns about the future applications of the technology. Strong privacy laws can prevent abuse.
While it does sound hypocritical, it is good to see the democratic process working as intending, and some politicians trying to find the right balance between the "needs vs wants" of those elected to power.
Yes, there is a need to thwart the production and distibution of child sexual abuse material. Yes, there is a need to monitor communication (following due process) to protect a democratic nation against those who want to harm it. A government in power however, will often seek to go beyond its "needs". In this particular context, they want, and demand, the right to unleash surveillance on everyone, without any due diligence or monitoring. This obviously has more to do with their desire for more power and control, than the actual needs of the nation.
While "cloud scanning" has some how been grudgingly accepted by many of us, Apple's CSAM tools go beyond that and lays the foundation for a future surveillance network that the BigTech and power-hungry governments have long been desiring. With this kind of technology (with legal backing) the BigTech get unrestrained access to our personal data that they can monetise. The governments gets the power to scan all our devices for content the government deems inappropriate (anything they deem illegal and / or that threatens their hold on power).
Apple's CSAM tools are thus a direct assualt on our rights - with it, we are no longer considered "innocent, until proven guilty". We also lose our right against self-incrimination. In a democratic setup, if a government accuses anyone, the burden of proving the accusation is on them. But if Apple's CSAM tools is extended into a surveillance network that is always monitoring for "illegal" content, the whole process will be turned around where we citizens will now have to bear the burden of always proving our innocence. Our rights, and democracy, go for a toss with this.
We should laud the politicians who bought up this issue in Germany and are defending the democratic rights and values that we all want to see prevail.
> While "cloud scanning" has some how been grudgingly accepted by many of us
Reading through these discussions, this is the one question I haven't seen a good answer to. Would any of us be speaking out like we are right now if Apple had chosen to do server-side scanning instead of on-device scanning, just like every other company?
There are many options for personal server hosting where the hardware and software are open for reverse engineering and inspection, so you could, at least in theory, host a server you control without needing to use Apple's offering. On the other hand, smartphones are proliferated by a duopoly and there are no viable options for using one where both stacks are made completely open. No company has the capability to openly push a scanning feature like this into the Linux kernel in the same way that Apple can openly announce they're going to add their own version of such a feature to their own operating system, because the power dynamic is completely different.
It sounds like the magnitude of the backlash people are expressing can be partially explained by the fact that Apple has such a large foothold on the personal device market in a world where smartphones are increasingly becoming necessary to live one's life, and due to the inability to choose a privacy-respecting device that is also competent enough to satisfy society's new expectations for smartphone usage, there is no good place to hide.
> Would any of us be speaking out like we are right now if Apple had chosen to do server-side scanning instead of on-device scanning, just like every other company?
People had voiced concern when BigTech started cloud scanning - either motivated by profits (data mining users data) or to comply with government regulations. That's why we saw an increased awareness of encryption technology (and why governments have now started cribbing about how encryption needs to go). We also saw a boycott of cloud tech by many privacy advocates. But one of the reason it has been grudgingly accepted is because, to some level, we do understand that all business services are bound by some regulation to ensure they are not participant in something illegal. And we still have a choice to not use these services.
But, as you rightly pointed out, avoiding these services does limit users. And obviously people do feel outraged by the preposterous idea that just because you produce some content and want to share it with even a single person, you are now expected to submit to a scan of your device. This is such a subversion of our hard fought rights.
A government often does need to monitor the communication of foreign agents / spies or suspected terrorists to protect the nation. Monitoring one-to-one connection between these kind of agents working against the nation, is a legitimate exercise in the interest of national security. However, who the government can accuse or suspect as a foreign agent or terrorist, to spy on them, should be preferably after following due process through the judiciary.
>A government often does need to monitor the communication of foreign agents / spies or suspected terrorists to protect the nation.
Sorry but it's not really working like that anymore...the metadata here is much more important then the call itself. And humint is getting more and more important too...again
We have no parties in the greens/efa group and the lefties are just the true believers that miss the times before '90, commonly held means of production, the Stasi, so no. Representative democracy fail.
Even if they end up canning the idea, they have been gaslighting their user base in the past week or so. Their CSAM implementation betrays their earlier statements on privacy, so they are dead to me already.
Since a few days, I have finished switching over from a Mac Mini (M1), iPhone and Watch to a desktop (with a proper graphics card, unlike the M1), a phone with LineageOS (and microG, so no/little Google) and an Amazfit GTR 2e watch.
Apple is missing out on 3-4k in purchases from me in this year alone.
Glad I’m not the only one. By the end of this week I’ll have:
- synology nas to replace iCloud
- XPS 13 (hopefully running Linux, or at worst a heavily locked down Windows 10)
- Pixel 4 with grapheneOS
I’ll be selling my 12 Mini, M1 Mac Mini, Watch 6, and iPad; Apple services subscriptions have already been canceled. Signal seems to be a capable replacement for iMessage so far.
I was really looking forward to the fall hardware announcements, but I’m glad I found out Apple is an untrustworthy actor before I gave them any more $$$
As a data point, make sure you have some kind of backup for that NAS too. Preferably not stored in the same location as the NAS itself (just in case). :)
New customers too, I was thinking about going to pretty extreme lengths just to use an iphone (I'm not willing to give up on usb-c + headphone jack, but loved the privacy aspect, so was considering a usb-c charging case with a small DAC strapped to the back of it), but with the privacy aspect gone, that seems a bit pointless.
I'm not gonna sell my iPad or anything, but I have no plans on vaulting into the walled garden now
If you're still in doubt about the phone, I recommend OnePlus devices, because they seem to generally work well with the microG variant of LineageOS (https://lineage.microg.org/), which allows you to break free from Google too.
Alternatively, Pixel devices also support a wide range of ROMs, including LineageOS.
With microG to replace Google Services, you still get push notifications, but without having to log in with a Google account.
I've got a OnePlus 8T for 3 days now. The OnePlus 9 sadly isn't yet supported by LineageOS, and the 9 Pro has some downsides that I don't like.
Are there any smartphones definitely made outside of China? I know that Apple has a new factory in India (or similar) but still does some production in China.
That looks like a great watch! Thanks for the suggestion. I'm in the process of leaving the Apple ecosystem as well and have been looking for a Watch replacement. It's this or the Galaxy Watch 4.
You're welcome! If you want more features, the GTR 2 (regular, not "e") is only ~20 EUR more and gives you WiFi and some storage for music and some other extra features.
The GTR 2e supposedly last much longer on a charge though.
I've got the "always on display" feature activated and I project to have 7-10 days of battery life.
I guess Apple makes too much revenue and tries to get rid of customers. They have to have counter incentives for customers, or they won’t be able to provide everyone.
But my personal boycotts of mainstream social media, advertising, and weaponised viral clickbait have had absolutely no effect on the general adoption of such practices.
Collective action and regulation are what is required here. Parliaments are the effective mechanism. Possibly class-action suits.
Without arguing the merit of your personal position, "this isn't Minority Report" is a terrible argument. Minority Report is about pre-crime. If someone has CSAM on their phone (and it's not a false positive), they are already actively committing a crime.
Ridiculous. So if I use malware to insert CSAM on your iPhone, you're "actively" committing a crime? CSA is a crime, but a person suspected of that must be properly tried through the judicial process. Private entities can also monitor what passes through their premises, but they have no business planting continuous surveillance functionality on your premises without a court warrant.
Everyone knows that the worst CSA happen in lawless countries and regions. This is mere pretext to build generalised surveillance infrastructure, or more importantly, normalise the concept of being continuously surveilled by faceless entities. That is the big push society is heading generally towards. It started with CCTV and will end with brain implants, unless society decided enough is enough at some point instead of endless hair-splitting.
The law still views willful possession as a crime, otherwise we wouldn't be here. I agree that does open up the possibility that you could frame somebody by planting CSAM on their device. Building mass surveillance features into the device only makes that easier to accomplish than before.
But everybody agrees that outlawing the possession of CSAM in general is the right thing to do. This was the case even in a time when the Internet was still in its infancy.
On the contrary, with passive detection you don't have to risk tipping the person off to the police yourself, so it becomes even easier to frame people.
By crossing your fingers and hoping that the Apple reviewers mistake the grey blobs for porn, the NCMEC reviewers mistake the grey blobs for porn, and the police, DA, and judges all mistake the grey blobs for porn, and that the person being targeted doesn't notice the mysteriously appearing grey blobs on their phone in time for that entire process to happen?
And why would anybody be more interested in framing somebody with an image that looks so similar to child porn that it convinces dozens of professional child-porn investigators and yet technically isn't, instead of just sending the actual child porn?
They neeed to already have the original image to make the hash collision. In your scenario, what does the attacker gain from sending a visually-indistinguishable collider instead of the original?
Yes, it would, because they need to have the original CSAM image in order to forge the hash collision. This method doesn't work unless you have the original photo to look at, meaning that your device will be raising alerts just as much as the targets, except you will be the only one incriminated since the target doesn't actually have any CSAM, only the hash-collided fake that you've made.
You don't need to, you only need the hash itself to create a collision. Which means that you only need a malicious actor to steal and/or sell the hashes.
And how then are they going to make an image that is visually indistinguishable from the original?
Remember: the hash collision is only the first step in the process. You also need to convince the Apple reviewers that the image is pornographic, and convince the NCMEC reviewers that the image is in fact the same as the one that it met a hash match with (apparently by magic, since you're imagining that the original image that you have to make a visually-indistinguishable match to isn't available).
I ask again: how is this process any more potent than any regular old fashioned pornography framing?
The tragic but most likely outcome of this debate will be: most people just won't care, they will continue to buy and use Apple hardware as if nothing happened. The average consumer does only hear about the idea of protecting kids and approves this noble goal. Most consumers just do not care about the consequences this can have on their privacy.
If people would really care about their privacy, Facebook and Instagram wouldn't be as big as they are, nobody would use facebook messenger for communication and a lot fewer people would use Windows and Android. Despite the warning of privacy advocates, experienced users, etc, people don't seem to care and I doubt this will change with the CSAM debate.
I could argue that this actually might be different since Facebook and Instagram is opt-in. I think regular users understand that if they willingly upload a picture to a social media site, even if it is in a DM, it _might_ be "hacked", so you can choose not to upload that how-the-fuck-do-i-look-naked-from-behind mirror selfie and be completely confident that no-one will see this (cloud sync off). But now, if the general public will find out that every photo you take, period, is "analyzed", maybe people will start choosing otherwise. I think we will have to see.
On could argue that this is scanning is also opt in, it requires you to purchase an iPhone. Also, at least according to Apple's provided material, the scanning only affects images which are uploaded to the iCloud, so not every image on the device. However, how long that restriction actually holds once the system is in place is questionable. Also, the risk of abuse by authorities as well the fact that there is no way to monitor the system as a user is a huge part of the problem.
I agree with this sentiment fully. Apple's CSAM is laying the foundation for a surveillance network to spy on its users - (Apple is Preparing to Comply with Indian Govt's New IT Rules - iPhones (and other Apple devices) will soon start deploying built-in surveillance to spy on its users.https://old.reddit.com/r/unitedstatesofindia/comments/oyqjq0... ).
Please make your substantive points without fulminating or calling names, no matter how wrong other people are or you feel they are.
Believe me, I know how frustrating it is when nearly everyone on the internet is wrong (or you feel like they are), but comments like this don't help, they just make things worse. If you want to patiently provide correct information, in a form people can actually learn from, that's great. If you don't want to do that, not posting is also an option.
The main concern seems to be that people are afraid that other governments can use this technology to have iPhones scan for other types of images. (The "Tank Man" photo is often given as an example)
Apple say they won't do that, but it's perfectly healthy to not trust Apple on that aspect.
But the fact that they're scanning for CSAM images doesn't change the above in any way. If they back down and stop scanning for CSAM images, that won't have any effect on the above. The governments can still pressure them to add this to their phones. Or even worse. Maybe they have.
It's like people disabling exposure notifications because they don't trust Apple. If that's the case, why do you trust the toggle to actually do anything?
You either trust Apple that they won't bow down to pressure, or you don't, in which case, buy a phone from a company that you trust more.
As someone said on a podcast recently, this isn't a technological problem, it's a government problem. The solution is to vote, not to change your mobile phone.
This is a much better comment. If you had posted it originally there would have been no need for a moderation scolding and if you post like this in the future, all will be well. Thanks!
But I think this is honestly a good thing Apple are doing with respect to CSAM. And before we get on the "slippery slope" band-wagon, read about what kind of pictures are on that database, and then get back to me.
For everyone wondering why Apple is doing this scanning, remember there was a certain "EARN IT Act" that nearly passed in the US last year. This is a preferable alternative to that potentially coming back.
