Apple plans to scan your images for child porn
-
@jaredbusch said in Apple plans to scan your images for child porn:
Inside the OS, nothing is encrypted anyway.
Sure, but it was at least private before.
-
@scottalanmiller said in Apple plans to scan your images for child porn:
@jaredbusch said in Apple plans to scan your images for child porn:
Inside the OS, nothing is encrypted anyway.
Sure, but it was at least private before.
Just being specific. Because privacy in the device and encryption are different things
-
@scottalanmiller said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
But the software doesn't have the ability. We're going round in circles.
But it does, Apple themselves said that it does. It scans the whole device looking for whatever third party non-profits (and the government) tell it to search for. They could not possibly be more up front and clear about that. They aren't hiding this. You're claims don't seem to be that Apple won't do something bad, but that Apple is lying to make itself look bad. Why are you taking a stance that Apple is a good company, but lying? It's a very weird position to take without any reason to do so.
You are saying that the government could force Apple to provide them with data held on my phone. Apple can't do this, they don't have access to the data that this software gets and holds privately on my phone. The scan results are private (until uploaded to iCloud). Apple simply don't have the means to access the scan results.
That's my last post on this, I can't discuss with someone who just calls me weird.
-
@carnival-boy said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
But the software doesn't have the ability. We're going round in circles.
But it does, Apple themselves said that it does. It scans the whole device looking for whatever third party non-profits (and the government) tell it to search for. They could not possibly be more up front and clear about that. They aren't hiding this. You're claims don't seem to be that Apple won't do something bad, but that Apple is lying to make itself look bad. Why are you taking a stance that Apple is a good company, but lying? It's a very weird position to take without any reason to do so.
You are saying that the government could force Apple to provide them with data held on my phone. Apple can't do this, they don't have access to the data that this software gets and holds privately on my phone. The scan results are private (until uploaded to iCloud). Apple simply don't have the means to access the scan results.
That's my last post on this, I can't discuss with someone who just calls me weird.
How do you know they don't? Because they said so? Lol. Apple explicitly stated that this software will upload results to iCloud, so there you have it. Conditions that trigger the upload are irrelevant at this point, the fact that it can upload anything is. Scott above explained perfectly that single warrant will force them to fork any data over.
-
@carnival-boy said in Apple plans to scan your images for child porn:
You are saying that the government could force Apple to provide them with data held on my phone.
If you are in the US, yes. That is the law. If Apple makes it possible to scan the phone, the government has the right to obtain data as to what is on the phone. The ability to do it under the law makes it accessible to the government.
-
@carnival-boy said in Apple plans to scan your images for child porn:
The scan results are private (until uploaded to iCloud). Apple simply don't have the means to access the scan results.
Can you find any source for this? Why are you the only one aware of this totally unknown, unannounced, and very dubious claim? This sounds completely made up. Nothing from any source suggests any such limitation and Apple certainly has not claimed to have created a limit like this.
There are two things that sound made up here:
-
That Apple does not use the data until connected to iCloud (but don't all phones always connect to iCloud anyway, so this is a moot point?)
-
That they have created a means by which the software cannot be forced to upload otherwise?
Because both points must be true for your claim to be possible. And from Apple has said, it appears that both points are totally from your imagination.
-
-
@marcinozga said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
But the software doesn't have the ability. We're going round in circles.
But it does, Apple themselves said that it does. It scans the whole device looking for whatever third party non-profits (and the government) tell it to search for. They could not possibly be more up front and clear about that. They aren't hiding this. You're claims don't seem to be that Apple won't do something bad, but that Apple is lying to make itself look bad. Why are you taking a stance that Apple is a good company, but lying? It's a very weird position to take without any reason to do so.
You are saying that the government could force Apple to provide them with data held on my phone. Apple can't do this, they don't have access to the data that this software gets and holds privately on my phone. The scan results are private (until uploaded to iCloud). Apple simply don't have the means to access the scan results.
That's my last post on this, I can't discuss with someone who just calls me weird.
How do you know they don't? Because they said so? Lol. Apple explicitly stated that this software will upload results to iCloud, so there you have it. Conditions that trigger the upload are irrelevant at this point, the fact that it can upload anything is. Scott above explained perfectly that single warrant will force them to fork any data over.
Right, and you said it there... THIS software initiates the upload to iCloud! That's like saying a mugger will never shoot you until they've pulled the trigger. Um, sure, you are just saying the same thing twice. If this software initiates the upload to iCloud, then of course they "never get your data until it connects", it's that very connection that we are discussing! Carnival might as well have said "but it never steals your data until it steals it!"
Um.. duh.
-
@scottalanmiller said in Apple plans to scan your images for child porn:
@marcinozga said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
But the software doesn't have the ability. We're going round in circles.
But it does, Apple themselves said that it does. It scans the whole device looking for whatever third party non-profits (and the government) tell it to search for. They could not possibly be more up front and clear about that. They aren't hiding this. You're claims don't seem to be that Apple won't do something bad, but that Apple is lying to make itself look bad. Why are you taking a stance that Apple is a good company, but lying? It's a very weird position to take without any reason to do so.
You are saying that the government could force Apple to provide them with data held on my phone. Apple can't do this, they don't have access to the data that this software gets and holds privately on my phone. The scan results are private (until uploaded to iCloud). Apple simply don't have the means to access the scan results.
That's my last post on this, I can't discuss with someone who just calls me weird.
How do you know they don't? Because they said so? Lol. Apple explicitly stated that this software will upload results to iCloud, so there you have it. Conditions that trigger the upload are irrelevant at this point, the fact that it can upload anything is. Scott above explained perfectly that single warrant will force them to fork any data over.
Right, and you said it there... THIS software initiates the upload to iCloud! That's like saying a mugger will never shoot you until they've pulled the trigger. Um, sure, you are just saying the same thing twice. If this software initiates the upload to iCloud, then of course they "never get your data until it connects", it's that very connection that we are discussing! Carnival might as well have said "but it never steals your data until it steals it!"
Um.. duh.
I don't want to get in the middle of this at all but what I think @Carnival-Boy is saying is that if you don't use icloud to backup photos, it won't be uploaded to icloud. They would have to force you to use icloud for it to work that way, so if they are then that answers the question. If you have the option to not use icloud, then it wouldn't ever be sent there.
I think this is bad overall, but I believe that's his point.
-
@stacksofplates said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
@marcinozga said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
@carnival-boy said in Apple plans to scan your images for child porn:
But the software doesn't have the ability. We're going round in circles.
But it does, Apple themselves said that it does. It scans the whole device looking for whatever third party non-profits (and the government) tell it to search for. They could not possibly be more up front and clear about that. They aren't hiding this. You're claims don't seem to be that Apple won't do something bad, but that Apple is lying to make itself look bad. Why are you taking a stance that Apple is a good company, but lying? It's a very weird position to take without any reason to do so.
You are saying that the government could force Apple to provide them with data held on my phone. Apple can't do this, they don't have access to the data that this software gets and holds privately on my phone. The scan results are private (until uploaded to iCloud). Apple simply don't have the means to access the scan results.
That's my last post on this, I can't discuss with someone who just calls me weird.
How do you know they don't? Because they said so? Lol. Apple explicitly stated that this software will upload results to iCloud, so there you have it. Conditions that trigger the upload are irrelevant at this point, the fact that it can upload anything is. Scott above explained perfectly that single warrant will force them to fork any data over.
Right, and you said it there... THIS software initiates the upload to iCloud! That's like saying a mugger will never shoot you until they've pulled the trigger. Um, sure, you are just saying the same thing twice. If this software initiates the upload to iCloud, then of course they "never get your data until it connects", it's that very connection that we are discussing! Carnival might as well have said "but it never steals your data until it steals it!"
Um.. duh.
I don't want to get in the middle of this at all but what I think @Carnival-Boy is saying is that if you don't use icloud to backup photos, it won't be uploaded to icloud. They would have to force you to use icloud for it to work that way, so if they are then that answers the question. If you have the option to not use icloud, then it wouldn't ever be sent there.
I think this is bad overall, but I believe that's his point.
Ah, that's very different from what he said, completely. And not at all what Apple has said (from anything that I've seen.) They claim that they don't report you until stuff goes to iCloud, but that's very different from having scanned or having uploaded the data and the upload, like many aspects of iOS, to iCloud is automated.
People have pointed out that WhatsApp will automatically download images sent to you and place them on iCloud so the entire process could happen via a third party, end to end, for a person who no longer has the phone (or could even be dead) and trigger the whole thing without even having access to the phone (but the phone would have to be powered on an unencrypted.) I'm sure that there is a way to stop that, but at least default settings make everything automatic and as the scanning uses iCloud, it triggers the requirement simply by existing.
-
It's worth pointing out that iCloud cannot be disabled in iOS. You can disable it for individual apps or features, but not entirely. And, of course, as the scanning "app" is part of the OS, it always has iCloud access no matter what setting you choose.
-
@scottalanmiller said in Apple plans to scan your images for child porn:
Ah, that's very different from what he said, completely.
It's not? He said this:
The scan results are private (until uploaded to iCloud).
Which would be true if uploading photos to icloud is disabled and they aren't forcing you to back up photos with icloud. Those mean the same thing.
-
@stacksofplates said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
Ah, that's very different from what he said, completely.
It's not? He said this:
The scan results are private (until uploaded to iCloud).
Which would be true if uploading photos to icloud is disabled and they aren't forcing you to back up photos with icloud. Those mean the same thing.
Uploading photos to iCloud would be a different operation than uploading the scan results (which are not photos) to iCloud. Photo uploads are controlled by the end user, the scan uploads are not (as they have no setting in the OS.)
It is the uploading of the scan results to iCloud that is the issue at hand. It's not a step along the way, it is the very problem. So "until" doesn't apply since that is the end result we are concerned about.
-
And I think that we all automatically agree that the entire process logically only works for its claimed intent if it does not require the iCloud piece, so logically it does not (and Apple has made no such claim, only Carnival has.) If someone was doing something truly awful on their phone and was able to block being scanned (or the utility of such a scan) by disabling iCloud, then they would just do so. That's trivial. Almost to the point of "opting in" to being scanned.
Obviously that would totally defeat the claimed purpose of the tool and if there was even a suggestion that that might be true then Apple fanbois would be all over pushing that framing of the situation. But it's totally nonsensical as it would completely undermine both the claimed purpose and the assumed purpose here (of enabling governments to keep tabs on political dissidents and discourage journalism.) Even if the government never actively uses the tool, it serves to create fear in those that might oppose the status quo - no matter what, that component is already serving its purpose by scaring people.
So both from a "what Apple says" and from a "what the lawyers have said" and from a technical "what has to be to make any sense at all", it all lines up that it has to be "scan on device" and not "voluntarily uploaded".
-
@scottalanmiller said in Apple plans to scan your images for child porn:
@stacksofplates said in Apple plans to scan your images for child porn:
@scottalanmiller said in Apple plans to scan your images for child porn:
Ah, that's very different from what he said, completely.
It's not? He said this:
The scan results are private (until uploaded to iCloud).
Which would be true if uploading photos to icloud is disabled and they aren't forcing you to back up photos with icloud. Those mean the same thing.
Uploading photos to iCloud would be a different operation than uploading the scan results (which are not photos) to iCloud. Photo uploads are controlled by the end user, the scan uploads are not (as they have no setting in the OS.)
It is the uploading of the scan results to iCloud that is the issue at hand. It's not a step along the way, it is the very problem. So "until" doesn't apply since that is the end result we are concerned about.
Where do you see that? You're making assumptions. The scan results would have to include the photo. That doesn't make any sense. What is the human verification for if the photo isn't uploaded?
Again, theae are all assumptions on your part about how this works. No one here knows how it works currently, so telling them they're wrong is infantile because you can't prove you're right.
The whole thing is bad, but don't get into arguments about things that you can't possibly understand how they work yet.
-
@stacksofplates said in Apple plans to scan your images for child porn:
The scan results would have to include the photo.
Actually no, the scans on-device create a hash record (MD5 or SHA256 probably) and then are compared against a known database of CSAM.
Anything that matches would start sending up red flags.
The actual photo may never get uploaded to iCloud.
-
@stacksofplates said in Apple plans to scan your images for child porn:
What is the human verification for if the photo isn't uploaded?
The human verification is only once an account has passed a threshold of known CSAM hash records being discovered on a individual Apple device.
Once that threshold is hit, someone at Apple has to check and confirm that the content is CSAM (subjective to the person and training) and then if it is, they lock your account and notify the authorities.
-
@stacksofplates said in Apple plans to scan your images for child porn:
The whole thing is bad, but don't get into arguments about things that you can't possibly understand how they work yet.
My responses to you (granted you're talking to @scottalanmiller) is from what Apple posted on this announcement itself, and taken directly from their announcement.
We can make an well educated guess in how this will work, even with it not being deployed.
-
@dustinb3403 said in Apple plans to scan your images for child porn:
@stacksofplates said in Apple plans to scan your images for child porn:
The scan results would have to include the photo.
Actually no, the scans on-device create a hash record (MD5 or SHA256 probably) and then are compared against a known database of CSAM.
Anything that matches would start sending up red flags.
The actual photo may never get uploaded to iCloud.
That's a joke right? You didn't read the article. They're using a neutral network to compare an image to a database of checksummed images. Presumably by features like face, exif data, etc. Then a human verifies it's a match to content in the existing checksummed image.
A 4 year old could get around comparing two images by checksum. That's clearly not what's happening here. Just change a single pixel and it's different. You don't need a neural net to compare checksums.
By the explanation in the article, they have to have the photo to compare.
-
@dustinb3403 said in Apple plans to scan your images for child porn:
@stacksofplates said in Apple plans to scan your images for child porn:
What is the human verification for if the photo isn't uploaded?
The human verification is only once an account has passed a threshold of known CSAM hash records being discovered on a individual Apple device.
Once that threshold is hit, someone at Apple has to check and confirm that the content is CSAM (subjective to the person and training) and then if it is, they lock your account and notify the authorities.
So to get around the checksum method you are describing, you just crop the picture a tiny bit and would never catch any new photos that aren't a part of that database. Again, hardly need a neural net for that. Could do that on a raspberry pi.
-
@stacksofplates said in Apple plans to scan your images for child porn:
@dustinb3403 said in Apple plans to scan your images for child porn:
@stacksofplates said in Apple plans to scan your images for child porn:
The scan results would have to include the photo.
Actually no, the scans on-device create a hash record (MD5 or SHA256 probably) and then are compared against a known database of CSAM.
Anything that matches would start sending up red flags.
The actual photo may never get uploaded to iCloud.
That's a joke right? You didn't read the article. They're using a neutral network to compare an image to a database of checksummed images. Presumably by features like face, exif data, etc. Then a human verifies it's a match to content in the existing checksummed image.
A 4 year old could get around comparing two images by checksum. That's clearly not what's happening here. Just change a single pixel and it's different. You don't need a neural net to compare checksums.
By the explanation in the article, they have to have the photo to compare.
Wrong, the on-device code is creating a hash, and that hash recording is getting compared. Read the announcement again from Apple.
The machine learning comparison doesn't come in until the image is in iCloud. That's where the comparison happens, and then if a threshold is hit a human compares the images/hashes