Apple will remotely install software to scan all US phones for child sex abuse images

[Mchart]

Fwiw there are some alternatives right now for anyone who is already looking to jump ship but still wants a smartphone.

GrapheneOS on a Pixel is probably the closest you’ll get to regular smartphone capabilities. https://grapheneos.org/

/e/ is another option. https://e.foundation/

purism: https://puri.sm/

there’s also Ubuntu touch. https://ubuntu-touch.io/

they all come with compromises.




Yikes. I hadn’t heard about that one. Just funnel all your internet traffic through their servers too, they’re obviously interested in preserving your privacy, and certainly not fingerprinting your information for later.




I think Apple needs to be using clear language about it.

they’ve stated they’re putting a database on your device that the fingerprinting will use as a reference.

it’s creating a ”hash” that it will compare to known bad ones using some fuzzy logic.

just because it doesn’t do anything with the report afterwards (unless the photo is uploaded to iCloud) doesn’t make it okay for them to be digging through your stuff.

I'm guessing you don't understand how HTTPS works. Beyond the metadata of the traffic, which Apple is now stripping as part of this service, they have no access to the content. They'd have to steal the TLS private keys from whatever server you're communicating with to decrypt the message contents.

Further, if Apple wanted to steal your information, they'd do so on the phone itself, they wouldn't need to wait for you to pass it through their relay. This is quite literally why this child porn detection thing has the scanning being done on the device itself to generate the ticket.

Anyways, have fun with your compromises. I'll be enjoying the fact that all my webtraffic on my phone can no longer be tracked by my ISP & other advertising agencies since i've got a double encrypted tunnel going out a cloud relay. (First hop to Apple, second/message content HTTPS encrypted anyways)

 

[Deleted member 89018]

I'm guessing you don't understand how HTTPS works. Beyond the metadata of the traffic, which Apple is now stripping as part of this service, they have no access to the content. They'd have to steal the TLS private keys from whatever server you're communicating with to decrypt the message contents.

give it a year or so before it turns into a private proxy that’s totally safe, we swear.

Further, if Apple wanted to steal your information, they'd do so on the phone itself, they wouldn't need to wait for you to pass it through their relay.

yes, they would just need some way to read all the data on your phone and do something without your permission. Which they have just told everyone they have.

Anyways, have fun with your compromises. I'll be enjoying the fact that all my webtraffic on my phone can no longer be tracked by my ISP & other advertising agencies since i've got a double encrypted tunnel going out a cloud relay.

I truly hope this doesn’t come back to bite everyone in the ass.

I would love to be wrong here.

 

[Highwind]

UltraTaco deletes her posts once she's near 500. I don't know why.

How ... did you come to find that out? Regardless, for some reason (lack of sleep? mental degradation?) I can't stop geeking in my chair about how funny that is.

And I guess since the thread is based on privacy/security, it merits mention that the quoted practice.. is ironically probably a very good security measure.

 

[Mchart]

give it a year or so before it turns into a private proxy that’s totally safe, we swear.



yes, they would just need some way to read all the data on your phone and do something without your permission. Which they have just told everyone they have.




I truly hope this doesn’t come back to bite everyone in the ass.

I would love to be wrong here.

The only people who wouldn't want something like this are people working for ISP's and/or advertising agencies. All of your fears are already realized with the reach the government has had into ISP's for years. Tunneling it through Apple's cloud relay first doesn't change the source of your fears. It only removes any remaining ability the ISP's & advertising agencies had left to track users via packet header info. Namely, largely correlating people's location, activities, etc with their IP. Between this and what Apple did with iOS 14 to require user notification that an app wants your unique device ID (And this is set to auto-deny by default for any iOS 14 device), Apple has done far more than anyone else to fight advertising tracking. Which you should like, given that most nation-states are just buying this advertising info to build profiles on people. No reason to budget for a mass-collection system ran by a government when all they have to do is pay advertisers for the same data anyways.

 

[Deleted member 89018]

Gasp! You’ve found me out! I’m a marketing shill for the shadowy ISP mega corporation attempting to rule the world! Cobraaaaaa!

(twirls mustache)

All I’m saying is maybe we should think twice before we put all that data in the same place, which is (per this discussion) the hands of a company that is now willing to use your own property in ways you can’t control.

(and to be clear - as I’ve said before in this very thread - it’s not the cloud part that surprises me. I assume that happens. It’s the on-device part, the part you ostensibly own and have some kind of control over. Had.)

it’s a massive marketing dissonance on Apple’s part.

 

[TheSlySyl]

While this is absolutely a fucking terrible idea for all the reasons stated in the past 5 pages.
Why the fuck would you announce it so far in advance? Why the fuck do something this massively privacy intrusive and give people the time to fucking clean their tracks or ditch their iPhone before it even goes live.

Fucking get a few hits and at least announce it with some news like "we caught whole bunch of pedos!*" First.

*Also btw we totally invaded the privacy of every apple user to do it.

 

[sfsuphysics]

Don't agree with Apple about this? Here's what they think of you:

https://twitter.com/kaepora/status/1423738825369604106
"Apple distributed an internal memo today which referred to pushback against its new content surveillance measures as "the screeching voices of the minority." I have nothing to add."

And here's the relevent part of the memo:
View attachment 382646

It's the screeching minority because the majority falls into one of the following two categories, ignorant (either willfully or not) as they don't know what is being done or delusionally happy i.e. the "I have nothing to hide" "yes it's good to get pedos they shouldn't have rights" basically unable to see the bigger picture.

 

[TheSlySyl]

I also really, really, really don't want to know what the fuck database they use to train these image networks on. Like that has to be the most awful fucking set of images that exist and you know someone had to create it.

 

[Mchart]

I also really, really, really don't want to know what the fuck database they use to train these image networks on. Like that has to be the most awful fucking set of images that exist and you know someone had to create it.

Yes, and it sucks. However, when you put these scum behind bars it makes it worth it.

 

[Mchart]

While this is absolutely a fucking terrible idea for all the reasons stated in the past 5 pages.
Why the fuck would you announce it so far in advance? Why the fuck do something this massively privacy intrusive and give people the time to fucking clean their tracks or ditch their iPhone before it even goes live.

Fucking get a few hits and at least announce it with some news like "we caught whole bunch of pedos!*" First.

*Also btw we totally invaded the privacy of every apple user to do it.

Because if they didn’t announce it you people screaming about it now would have conniption fits when it was found out anyways.

 

[Mchart]

No it doesn't. Taco doesn't want to give up part of her private privacy as a sacrifice. Find better ways to catch scumbags instead of searching everyones fone!

That’s not at all what I said.

 

[DukenukemX]

It would be naive to think one could avoid this by simply ditching your iOS devices and moving to (Android).

It depends on how you go about using a phone. If you use it like an iPhone then yes. If you use it like a Windows or Linux PC then no. My current Moto X4 has LineageOS on it and nobody is going to get data off it easily. I had a situation where an officer wanted my phone for something not related to me for court but came back half an hour later complaining their machines couldn't extra the data easily and were wondering I didn't password my phone. I don't password my phone because you have a computer experts phone in your hands. I can track you. I'm not dumb enough to use cloud services or store sensitive data on my phone. As long as the phone is on I can remote control it, erase it, and tell me it's location. If the phone is locked then it'll be given to a phone expert who can erase it and make use of it.

Let's face it, surveillance on a wide scale is already here and here to stay. There's no avoiding it. And the vast majority of the population couldn't care less!

I'd say the population is ignorant to what's happening. If you're a generation z then most don't have the computer background to understand what's going on. Millennials are too busy working to pay attention and if you're older then you think it's made of magic. Probably demon magic. If it's brought to the light then people will shit bricks but it's not like TikTok or CNN are talking about these issues.

They will continue to cover their webcams, renew their NordVPN subs and think they are "safe".

You're not safe but you're better off.

Yet the very devices they keep on their person every single day with their multiple mics of great sensitivity can listen surreptitiously around the clock like a silent thief in the night all telling and all knowing and everyone thinks that is OK. ;-)

Install Linux or buy a smart phone you can install LineageOS onto. There's too many smart eyes on these OS's that nobody is going to be able to sneak by and circumvent your security. Certainly nobody is going to use your phone images to look for nudes.

 

[1_rick]

There's an additional point that puzzles me. What is Apple doing with these images in the first place? Apple is not law enforcement and therefore having the images is literally against the law. Even if Apple only has hashes and not the images, where did Apple get the hashes since the actual pictures are against the law to possess? The only way this makes sense is if Apple is knowingly and willingly working on behalf of government. That would make Apple an extension of the government and therefore a state actor.

Presumably, they're getting the hashes from NCMEC.

 

[1_rick]

I mean, where does it stop? Do they scan your messages where you spoke to a lawyer about tax evasion? Maybe you are collecting unemployment checks illegally?

Recording police brutality videos? What about banned content in certain other countries, like those Winnie the Pooh satire images in China? This is not good.

Not yet. That comes later. Gotta get their users used to the tip, first.

 

[cpufrost]

No phone is 'safe'. Even without a sim card! I have an Ericson PCS (Sprint Spectrum service circa 1994) that has no service yet it can still call 911!
Find my works on iOS devices starting with iOS15 even if the device has been turned off and is running on "fumes".
Fact is if you don't want to be traced, ditch the phone. Drive a 70s muscle car devoid of ECU. And take off the plates. ;-)
Oh and be sure to wear a full mask when pumping gas as the (pumps) record you.
The cop cars have readers in many states so APB'd plates flag the officer to do a U-turn immediately and apprehend. No worries if you don't break the law of course. ;-)
/sarcasm

A false sense of safety/security is worse than none at all. ;-)

Just wait until PC hardware gets locked down like phones. No running anything deemed 'insecure' where insecure is something the authorities cannot access. Samsung KNOX and locked bootloaders are an example. I used to be an avid rooter and rom programmer/themer. They pretty much killed it off and only the international versions are do-able and tend to have shittier processors (Snap vs. Exynos) and poor mobile band support (forget about Big Red!). If computers start to get taciturn then I guess I'll go back to playing with boats and planes but they'll manage to muck that up too! By the time they manage to muck up power saws I'll be dead or too old to care so there's that. ;-)

 

[1_rick]

The scan happens on the device, but the ticket that is generated is never looked at unless the photo is uploaded to iCloud.

This year, at least.

 

[1_rick]

How ... did you come to find that out?

Someone asked her about it, back when she was trimming her post count to keep it under 1000.

 

[1_rick]

screeching minority

How do you feel--just in general--about a company that's so contemptuous of part of its customer base, and is willing to say so where it can be leaked out? Personally, if I were a high-level person at a company and someone wrote this in an email, they'd probably be looking for a new job the next day. Personally, I'm very very careful about what I write in a work email, although the worst thing I've ever accidentally said about a customer by hitting Reply All instead of Reply was "I don't understand why he's calling the wrong number for support" and I felt pretty bad about it.

 

[1_rick]

I also really, really, really don't want to know what the fuck database they use to train these image networks on.

They're not. They're using hashes that have already been generated by others, meaning that--for now--they can only identify known pictures.

 

[1_rick]

However, when you put these scum behind bars it makes it worth it.

Without wanting to sound like a jerk, I'm curious to know what would be a bridge too far for you.

 

[1_rick]

I have an Ericson PCS (Sprint Spectrum service circa 1994) that has no service yet it can still call 911 [without a SIM]!

Well, yeah, that's a special case. Certainly the cell towers can talk to your phone even without a SIM, they just won't send or receive data, except for when you call 911, and I believe that's due to a law, not because of the telco's own generosity.

 

[1_rick]

The cop cars have readers in many states so APB'd plates flag the officer

They'll do more than that--they'll flag the officer if they see a car whose registration is lapsed.

 

[Mchart]

Without wanting to sound like a jerk, I'm curious to know what would be a bridge too far for you.

You've got to have a warrant to start really building a case against anyone. If you've got months if not years worth of a papertrail, to include what Apple is handing over to the private org, I would say it's very damning for that individual, and most judges would happily sign off on a warrant to confiscate their devices. From what i've seen with my years working various forms of IT/cybersecurity, and other jobs, most of these pedophiles get to the point where they can barely hide it anymore. It's like they want to get caught. They'll even be doing this shit on work equipment. Unfortunately, by the time you discover it on their work computer, they've already spent years either producing or acquiring this shit, and ruining lives in the process. Usually it's their own kids if they have any, unfortunately.

 

[noko]

Fwiw there are some alternatives right now for anyone who is already looking to jump ship but still wants a smartphone.

GrapheneOS on a Pixel is probably the closest you’ll get to regular smartphone capabilities. https://grapheneos.org/

/e/ is another option. https://e.foundation/

purism: https://puri.sm/

there’s also Ubuntu touch. https://ubuntu-touch.io/

they all come with compromises.




Yikes. I hadn’t heard about that one. Just funnel all your internet traffic through their servers too, they’re obviously interested in preserving your privacy, and certainly not fingerprinting your information for later.




I think Apple needs to be using clear language about it.

they’ve stated they’re putting a database on your device that the fingerprinting will use as a reference.

it’s creating a ”hash” that it will compare to known bad ones using some fuzzy logic.

just because it doesn’t do anything with the report afterwards (unless the photo is uploaded to iCloud) doesn’t make it okay for them to be digging through your stuff.

Very useful information, thanks! /e/ looks interesting and not only that a fully 2021 phone with it is available, albeit more a basic smart phone but very tempting. Supports following carriers: T-Mobile, Metro by T-Mobile, AT&T, Simple Mobile, Speedtalk Mobile, Ultra Mobile, Red Pocket Mobile, Ting, Tempo, Walmart Family Mobile, Pure TalkUSA, Straight Talk.

https://esolutions.shop/shop/e-os-teracube-2e/

My S9 for the second time has a cracked screen and I refuse to spend another $300 to fix it. I am not so worry about what I put on my phone or what I do with it, more worried about what others can do with it either intentionally or unintentionally. Privacy is a form of safety for yourself and family. Letting others, without any knowledge on your part if they are good or just plain evil, having information about you, as in how much money, where stashed, when home or not, your location, your routines, puts you and your family at risks out of the blue from bad people, good intention but maybe misunderstanding people like police and others and then bad actors in governments and businesses, to bad criminal originations and governments. You keep things private for you and your family protection, it is a form of self defense against bad people in general. Criminals love when people have nothing to hide and keep their most valuable possessions which can include ideas and plans out in the open for them to be stolen. This can include political, religious and ideological, racism pointed attacks with information provided unsuspectedly by you.

 

[Mchart]

Very useful information, thanks! /e/ looks interesting and not only that a fully 2021 phone with it is available, albeit more a basic smart phone but very tempting. Supports following carriers: T-Mobile, Metro by T-Mobile, AT&T, Simple Mobile, Speedtalk Mobile, Ultra Mobile, Red Pocket Mobile, Ting, Tempo, Walmart Family Mobile, Pure TalkUSA, Straight Talk.

https://esolutions.shop/shop/e-os-teracube-2e/

My S9 for the second time has a cracked screen and I refuse to spend another $300 to fix it. I am not so worry about what I put on my phone or what I do with it, more worried about what others can do with it either intentionally or unintentionally. Privacy is a form of safety for yourself and family. Letting others, without any knowledge on your part if they are good or just plain evil, having information about you, as in how much money, where stashed, when home or not, your location, your routines, puts you and your family at risks out of the blue from bad people, good intention but misunderstood people like police and others and then bad actors in governments and businesses. You keep things private for you and your family protection, it is a form of self defense against bad people in general. Criminals love when people have nothing to hide and keep their most valuable possessions which can include ideas and plans out in the open for them to be stolen. This can include political, religious and ideological, racism pointed attacks with information provided unsuspectedly by you.

You might want to look into how that OS and phone is developed. Given the nature of it, it'll be just as easily compromised by governments compared to anything else. The reality is that you could use any phone and not have the issues you describe as long as you don't use your phone to store/transmit personal data.

 

[noko]

You might want to look into how that OS and phone is developed. Given the nature of it, it'll be just as easily compromised by governments compared to anything else. The reality is that you could use any phone and not have the issues you describe as long as you don't use your phone to store/transmit personal data.

I understand what you mean, governments/bad actors of all sorts may be more interested in folks going to something like e/. Still if secure or more so, it is something to consider. Just GPS tracking is enough information to do a lot of damage to someone, from robbing when your not home, kidnapping, to find out your routines, banking etc. It is definitely best not to be paranoid as well. Sometimes the best way to hide is being in plain sight.

 

[sfsuphysics]

How do you feel--just in general--about a company that's so contemptuous of part of its customer base, and is willing to say so where it can be leaked out? Personally, if I were a high-level person at a company and someone wrote this in an email, they'd probably be looking for a new job the next day. Personally, I'm very very careful about what I write in a work email, although the worst thing I've ever accidentally said about a customer by hitting Reply All instead of Reply was "I don't understand why he's calling the wrong number for support" and I felt pretty bad about it.

I would like to say I feel outraged, but I honestly think this is the norm for big companies. People have to be quite delusional to think that companies actually care about them, or what they care about, unless it's something that would cause some sort of PR or financial disaster for said company.

 

[scojer]

I would like to say I feel outraged, but I honestly think this is the norm for big companies. People have to be quite delusional to think that companies actually care about them, or what they care about, unless it's something that would cause some sort of PR or financial disaster for said company.

Exactly. All big companies care about is their bottom line, and how to make that number as big as they can.
In this case, they're pandering to the "save the children" folk, as well as opening the door for using this tech in other ways, as mentioned earlier in this thread, and that they'll sell to the highest bidder.

It's all about the money, that's it, nothing more, nothing less.

 

[noko]

Exactly. All big companies care about is their bottom line, and how to make that number as big as they can.
In this case, they're pandering to the "save the children" folk, as well as opening the door for using this tech in other ways, as mentioned earlier in this thread, and that they'll sell to the highest bidder.

It's all about the money, that's it, nothing more, nothing less.

How does this new upcoming Apple policy help the bottom line?

 

[Deleted member 89018]

How does this new upcoming Apple policy help the bottom line?

this is something that’s got me puzzled. They spend all that time talking up privacy and security and do a lot of marketing based on it. Why do the exact opposite now?

sfsuphysics 1_rick not that this makes Apple look any better, but that “screeching” comment was included in an internal Apple memo but was actually a statement from a director at NCMEC, basically telling them “good job forcing your customers to submit to involuntary review of their personal data! It’s totally fine and anyone who says otherwise isn’t worth your time.”

i think it’s important to note that there are “Crusaders” who truly believe that, in the pursuit of child abuse, the ends justify the means. And that appears, in this case, to have convinced Apple to build a back door into iOS.

And while I appreciate the motive, due process exists for a reason.

also anyone know if making your own property scan your private files for illegal activity without your permission counts as a violation of fifth amendment rights?

 

[Mchart]

this is something that’s got me puzzled. They spend all that time talking up privacy and security and do a lot of marketing based on it. Why do the exact opposite now?

sfsuphysics 1_rick not that this makes Apple look any better, but that “screeching” comment was included in an internal Apple memo but was actually a statement from a director at NCMEC, basically telling them “good job forcing your customers to submit to involuntary review of their personal data! It’s totally fine and anyone who says otherwise isn’t worth your time.”

i think it’s important to note that there are “Crusaders” who truly believe that, in the pursuit of child abuse, the ends justify the means. And that appears, in this case, to have convinced Apple to build a back door into iOS.

And while I appreciate the motive, due process exists for a reason.

Again, it doesn't help to use exaggerated statements like this. Either you don't understand what that means, or you're intentionally exaggerating.

 

[noko]

Well I can see some reasons, if the reasons or even if applicable is another thing. Be warned, tin foil hat time. For Apple to grow even further, being the largest corporation value wise in the World (the truly to big to fail moto should maybe be applied), they may have to satisfy or court anything that could shut them down, break them up, cause endless court and public cases affecting their brand and so on. The other is once money does not satisfy the unending thirst for more, power becomes more a motive. Power to control which is akin to feeling safe when you are in control that nothing can hurt you, human instinct reinforced by constant or frequent positive feedback from childhood and on -> being in control = safety, fun, more freedom . . .

 

[Deleted member 89018]

Again, it doesn't help to use exaggerated statements like this. Either you don't understand what that means, or you're intentionally exaggerating.

/shrug, seems pretty clear to me.

https://www.eff.org/deeplinks/2021/...t-encryption-opens-backdoor-your-private-life

You just here to nitpick then?

 

[1_rick]

My S9 for the second time has a cracked screen and I refuse to spend another $300 to fix it.

You oughtta be able to find someone to do it for much closer to $100.

 

[1_rick]

also anyone know if making your own property scan your private files for illegal activity without your permission counts as a violation of fifth amendment rights?

It's probably going to take a long, drawn-out court case to answer that.

 

[Gavv]

this is something that’s got me puzzled. They spend all that time talking up privacy and security and do a lot of marketing based on it. Why do the exact opposite now?

sfsuphysics 1_rick not that this makes Apple look any better, but that “screeching” comment was included in an internal Apple memo but was actually a statement from a director at NCMEC, basically telling them “good job forcing your customers to submit to involuntary review of their personal data! It’s totally fine and anyone who says otherwise isn’t worth your time.”

i think it’s important to note that there are “Crusaders” who truly believe that, in the pursuit of child abuse, the ends justify the means. And that appears, in this case, to have convinced Apple to build a back door into iOS.

And while I appreciate the motive, due process exists for a reason.

also anyone know if making your own property scan your private files for illegal activity without your permission counts as a violation of fifth amendment rights?

The courts will have to decide this unfortunately. I share your concerns.

 

[noko]

You oughtta be able to find someone to do it for much closer to $100.

It's probably going to take a long, drawn-out court case to answer that.

Original + Battery $259.99 for S9
https://www.batteriesplus.com/service/cell-phone-repair/samsung/galaxy-s9/galaxy-s9

I don't think it would even go to a court case since if the police arrive at your door, you can allow and even invite them to search your residence. That example can be applied to your phone when you agree to the terms of use of your iPhone. Now the case could be argue that you have that choice at a specific time and not a one time invitation which allows the police to randomly at anytime come and search your residence plus the key difference is you know when the police will look and a chance to say no the next time. So maybe your right too. A blanket endless permission which may change as time goes on seems over the line to a large extent.

 

[cybereality]

James Madison is rolling in his grave.
https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

 

[Gavv]

Original + Battery $259.99 for S9
https://www.batteriesplus.com/service/cell-phone-repair/samsung/galaxy-s9/galaxy-s9

I don't think it would even go to a court case since if the police arrive at your door, you can allow and even invite them to search your residence. That example can be applied to your phone when you agree to the terms of use of your iPhone. Now the case could be argue that you have that choice at a specific time and not a one time invitation which allows the police to randomly at anytime come and search your residence plus the key difference is you know when the police will look and a chance to say no the next time. So maybe your right too. A blanket endless permission which may change as time goes on seems over the line to a large extent.

With this it can change because you can allow but you can also make them get a warrant and they have to convince a judge to say yes.

With this you’re suggesting an over reach of mega proportions. What you saying is they came once and someone may have said yes which then gives them permission for all subsequent visits.

What I object to is someone coming in essentially reading a diary and then being prosecuted for it. Under the guise of finding the pedo’s where does it stop? What if I’m writing a novel (murder mystery) and they go so far as to read my notes? Where exactly is this magical line?

Which how do we know everyone checking these things are ethical? trained? And have any background at all in law?

 

[emphy]

On a completely unrelated side note, NASA managers claimed a 1 in 100000 failure rate for the space shuttle right up to one of them exploded.