In light of Facebook’s hiring and now Apple’s efforts to work around end-to-end encryption, I am curious if there are any other such efforts that anyone here has heard about.
I accidentally hit post before I finished really working my thoughts out, so this can just be a general discussion thread in the meantime.
4 Likes
What about state actors including the US as everybody seems to want to easdrop on everybody else in this day and age.
It would not surprise me that state sponsored efforts are already doing this and probably have been for years now.
1 Like
State actors you can just think of as standard adversaries, albeit with more resources; the situation now with Facebook and Apple is different because they are trying to undermine their own end-to-end encryption, that of WhatsApp and iCloud respectively.
As far as I know, Apple is not being compelled by the US government to construct this kind of backdoor/surveillance-system, it chose to do so, despite having the legal ability not to.
1 Like
EFF has a few good articles on this. Seems like a challenging problem for privacy oriented folks.
EFF on Apple specifically and on client-side scanning generally.
1 Like
The only winning move is not to play.
5 Likes
Louis has a good take and interviews experts
Initial coverage
Counter point
Interview
2 Likes
(post withdrawn by author, will be automatically deleted in 36 hours unless flagged)
There’s a lot of clickbait on this subject. It’s doing a hash match locally rather than scanning content, so that less data is sent back to Apple, and the messages scanning is opt-in parental control feature.
Not that this isn’t terrible and unacceptable and a very, very slippery slope but we need to be upset for what it is, not what it isn’t. If people go off on hysterics every time anything bad happens, it’s easy to paint the general population as ignorant and irrational, and push this stuff on them “for their own good”.
Clickbait and hysteria is part of the problem.
3 Likes
Ah ya they got me on this one. Deleted older message to avoid stoking the flames.
So essentially
- Don’t use iCloud Photos and your photos will not go through the hashing process.
- Don’t opt in to the Messages feature and they won’t scan messages.
Fair enough. I interpreted it as they are scanning all photos, even those only saved locally, and potentially sending those to NCMEC for review, which would potentially result in law enforcement knocking on your door. But if it’s only iCloud photos, then just don’t use iCloud. And I think that’s fair, because I never expect cloud storage to be totally private anyways unless it’s advertised as zero-knowledge. I still don’t like the idea that they’re doing it in the first place because I think it will be abused and expanded for more use cases in the future, but there are plenty of alternatives.
EDIT:
Just to clarify, I still think this is a regression in terms of privacy, because they’re still scanning files locally on your device, not just on their servers. They’re creating a system where in the future they could easily expand that to scan all files on your device and send that data back to Apple, then to an approved activist organization, then to the FBI regardless of whether you’re putting it on iCloud or not.
And it’s not just a case of “just don’t do anything illegal and you’ll have nothing to worry about”. Laws change, and people may be punished retroactively. The fact that the Apple guy basically said that is even more worrying, because IMO that kind of logic is basically an admittance that if you give them an inch they’ll take a mile and just keep using the same excuse. And sadly, I’d be willing to bet about 80% of the population is already okay with that.
On the plus side (relatively, not ideally), this could be Apple’s way of preventing the government from cracking down on them about encryption. Apple is still able to catch the bad guys while keeping your files encrypted. So assuming everything works as intended, doesn’t produce false positives, and isn’t expanded and abused later on, it’s actually a great solution compared to Google just handing over all your info to the government.
But I guess in the end we’re all going to be under a tech-thauritarian system where we’ll all have zero privacy and we’ll own nothing and be happy about it. So does any of this really matter?
2 Likes
This really looks to me like a preventative measure on Apple’s part, to avoid getting in trouble for no back door;
Politicians have been decrying the lack of back doors for ages, using kid protection as a publicly acceptable reason to illegally breach privacy.
This move by Apple looks to be removing that as an excuse.
I don’t like the idea of anyone being able to reach into my device and delete things it seems unacceptable , or much worse, report suspicions to Any authorities.
But, I’ve not bricked my phone in protest.
Next I guess is terrorists/terrorism pictures/video?
The year of the Linux phone cannot come any sooner. I wonder if this will spawn a BSD phone as well. My tin-foil hat would lean to a BSD phone because it would be even more obscure.
1 Like
Interesting thoughts on a *nix based mobile device, however I see here in the US ALL the carriers nixxing this as they can’t control things.
1 Like