It would scan photos you were uploading to iCloud, not private photo libraries on your phone. I'm sure you'll agree it's important to correct such a misunderstanding as one of those is a lot more invasive than the other.
It would scan the private photo library on your phone. There is no “public” photo library on my phone, and the default photo library contains extremely personal photos that I consider private and have not shared with anyone else, so I see no value in torturing language to pretend that this is not my private photo library. You are correct that it would only scan my private photos conditioned on a switch being turned on that would also cause those photos to be uploaded to my private cloud backup account. However this does not make that data any less private to me, and it is very different than scanning my photos in the cloud.
Since late 2022 Apple has enabled Advanced Data Protection, which encrypts all photos before they’re uploaded to cloud storage. With ADP on, my photo library is “private” not just in the common-language sense (it contains extremely personal data I have not shared with others) but also in an opinionated technical sense that these files are accessible only to me. If Apple’s CSAM scanner was deployed today, it would be scanning those photos in cleartext on your phone before unreadable data was sent up to the cloud. You could argue that Apple was making a trade: “hey, it doesn’t matter whether we can read the private data you’re storing, the price of sending even unreadable encrypted private data to our infrastructure is that you must run local software that scans the private photos on your phone,” and that’s a trade you might accept or reject on the merits. However I think it’s extremely important to say it exactly this way and not play language games. Apple was going to mandate local scanning of private photos as the cost of using their infrastructure even to store opaque private bits.
To add more detail to that, Apple's proposed CSAM scanning worked by computing a hashed value for each photo on your device then compare that to a list of known CSAM image hashes downloaded from Apple. Entirely on your device, aka the "client," as in "client side scanning" (to clarify, Apple's cloud is not the client, your personal device is). Then if you have photos that hashed to a value on the known CSAM hash list (which this isn't MD5 or similar bullshit hash algo, so that would only happen if you either engineered a hash collision or actually had CSAM content) they'd send them over to have a human look at. That's multiple photos, cause 1 match could well be a false positive.
It did a great job at freaking people out hearing about their photos getting scanned and it could be defeated by making a 1 pixel change to any photos a pedo would hide on their phone (since any changes to the image would totally change the hash).
>could be defeated by making a 1 pixel change to any photos a pedo would hide on their phone (since any changes to the image would totally change the hash).
This isn't the way those hashes work. A 1 pixel change would still hash similar enough to be matched. Maybe there are adversarial 1 pixel changes that could break the hashing, but I doubt it.
Even cropping, watermarks and other manipulations like that would still match. "Perceptual hashing", very different to cryptographic hashing. It's basically checking if an image looks "similar enough".
I believe this is why they needed multiple matches, because otherwise there must have been too many false positives.
This may be too oversimplified, but imagine that in a series of CSAM images, there might be, for example, a wall or furniture or something, that could appear similar enough to a wall in one of your own photos. That's a match, off to the gulag with you!
At the time of the announcement in 2021 there were no encrypted photos in iCloud. There was "private photo library only on your device" and "photos shared with Apple (not private)". The scanner would not have scanned private device-only photos.
> "If Apple’s CSAM scanner was deployed today, it would be scanning those photos in cleartext on your phone before unreadable data was sent up to the cloud."
Or enabling Advanced Data Protection could have disabled the scanner, we don't know. Even if it went the way you said, you could still not use iCloud and have private photos on your device, whereas your phrasing is trying to imply that there would be no option to do that.
Apple has been working on end-to-end encrypted iCloud since at least 2018 [1]. In fact they’ve been gradually implementing it since 2015. They finally deployed ADP in 2022. It is ludicrous to believe that in 2021 they designed a client-side photo scanning system whose only conceivable purpose is to be part of an end-to-end encrypted backup system, and yet also believe that system was not intended to be turned on as part of their ongoing (and ultimately successful) encryption rollout.
I think we will have to agree to disagree about the idea that turning on cloud backup suddenly makes my private photo library “not a private photo library.”
Yeah, important to mention that. Still, I don't want my phone to even be capable of doing that, nor do I see the reason behind it when iCloud could just do the scanning itself. That's one big step closer to the described full-private scanning (and just a flag flip away).
> "Still, I don't want my phone to even be capable of doing that,"
Not capable of what, running software? Communicating with a HTTPS endpoint? Having library code? Running stuff in the manufacturer's interest rather than your interest? All those things happen already in some form or other, and there isn't a cutoff to make the phone incapable of it without hobbling the phone.
> "That's one big step closer to the described full-private scanning (and just a flag flip away)."
iPhone already does scan offline private photos for face and object recognition purposes. And run big blobs of unknown Apple-provided code. It's only your trust in Apple that makes you think it doesn't report anything back now - and nothing at all stopping them from being arm twisted by the authorities to make that scan for something the government dislikes and report on it, as you say a flag flip away. It already does send your location and your surrounding WiFi signals and your voice when you use Siri unless you toggle the privacy settings, and that all came in quietly on regular updates.
Apple walked a fairly narrow line when they announced it, and when they publicly stated that if the authorities asked them to extend the scope of the scanning that they would refuse.
I don't know why they chose to do it on the endpoints rather than in the cloud, but acting like doing it on the cloud would give you any level of protection from them putting intrusive software on your phone is not reality. (Same with Google, Samsung, et al).
Not loaded with trained models on illegal content and wired up to alert the authorities if it finds a match, with presumably several teams within Apple built around that feature. I'm thinking about more than the technical aspects of this.
> It's only your trust in Apple that makes you think it doesn't report anything back now
Yeah, exactly. I trust them enough right now to run tons of stuff without my knowledge on my phone. I don't have the time or knowledge to audit my phone, even if it were Android. If they announced that new feature is going live like it's a thing customers are meant to be ok with, I'd trust them a lot less.
The supposed argument was that they wanted to keep the scanning they do in iCloud now (I believe they do it) and yet make iCloud encrypted so that they can't see the images once they leave your device.
Did Apple actually say they wanted to do e2ee iCloud photos when they announced CSAM scanning, or were people only speculating this? I don't remember / can't find an announcement on that. Also curious if there's some law preventing them from doing e2ee without the scanning.
I believe it was speculation based on them saying they wanted e2ee (and now it's available IIRC).
It honestly seems to me like they thought they could negotiate a middle ground without pissing off the Feds or the customers, but they maneuvered it quite badly.
Oh cool, didn't know that. It's this new "advanced data protection" feature that makes everything in iCloud e2ee except the classic mail/contacts/calendars combo that wouldn't really work with that. https://support.apple.com/en-us/HT202303 is a nice resource on this, and I wish more companies would publish things like this.
> It would scan photos you were uploading to iCloud, not private photo
There was no way to separate the private photos from iCloud-uploaded photos. It was all-or-nothing, like Android permissions: “Allow govt to scan all your private pictures, or do you wish to have no backup?”
I was perfectly feasible to design the ability to have private photos, but Apple chose not to. Or Apple, in collaboration with the government, chose not to.
The wording "scan your phone" misleads by implying that the photos are scanned because they are on your phone, when really the photos would be scanned because you sharing them with a third party, by the third party. Yes it was all-or-nothing, what it wasn't is all-, there was a nothing and that nothing would have kept your photos private.
(Yes it was feasible to design the ability to have a local photo store which isn't uploaded to iCloud, separate from other photos which are, and call it "private photos", but that's another matter).
It would start at only scanning content that was going to be uploaded to iCloud. There's literally nothing stopping the process from scanning all images whether they're going to be uploaded to iCloud or not. Such an expansion would use the exact same justification as the iCloud-bound content scanning.
It's a slippery slope that ends up with your phone/computer snooping on texts, call contents, or anything else and then submitting your "crimes" to the authorities.
They could have designed it to do that in the first place, and not announced it at all just hid it away in a point release. They didn't.
> "Such an expansion would use the exact same justification as the iCloud-bound content scanning."
One of the justifications was that Apple are/could be legally responsible for criminal images hosted on their servers, that exact same justification wouldn't apply to offline content scanning.
> "It's a slippery slope that ends up with your phone/computer snooping on texts, call contents, or anything else and then submitting your "crimes" to the authorities."
Not "crimes" in quotes, crimes without quotes. Generally people think law enforcement is important, especially regarding crimes against children. "A slippery slope" which leads criminals being punished is not the argument winning logical fallacy you think it is. The argument against it is around invasion of privacy, rights not to self-incriminate or to remain silent, ownership of device and software, freedom from unreasonable search without prior evidence, whether you can be found guilty by algorithm, et al.
> Not "crimes" in quotes, crimes without quotes. Generally people think law enforcement is important, especially regarding crimes against children. "A slippery slope" which leads criminals being punished is not the argument winning logical fallacy you think it is.
You're missing my point. Content scanning will start with the Four Horsemen of the Infopocalypse[0]. Then it'll move on to "crimes" like blogging about a public figure[1].
This is a person who is linking to an article that literally says the opposite of what they are claiming it says.
> The media erroneously reported [a statement from September 2021] as Apple reversing course.
Linking to an article from December 22, 2022 in which Apple is quoted as literally saying “We have further decided to not move forward with our previously proposed CSAM detection tool for iCloud Photos.”, ie actually and literally reversing course.
If this person cannot comprehend an article, should I trust that they actually checked that what they were seeing was what they were paranoid about?
In short, paranoid people are good to use as indicators for further investigation, but are rarely to be trusted as sole sources—even less so when they attempt to ascribe intent.
"erroneously" is referring to his later claims about Apple still continuing to scan. I guess it's a poor choice of words, but I don't see much problems with that.
Your note about that domain is interesting though. I don't regularly use Apple devices, so I'm not particularly concerned by that anyways.
If you turn on ADP those photos will be encrypted with a key Apple doesn’t have. They will still be private photos, of course. Even turning on unencrypted backup doesn’t make my private photos not-private.
You say that sharing your photos, unencrypted, with a third party you don't trust, doesn't make them "not-private" and you accused me of twisting language.
Yes there can be private conversations between two people, but there can't be private conversations between two people where one of them isn't trusted but can hear the conversation and simultaneously, what, can't hear it to keep it private?
