Just a point of clarification — the CSAM detection was against a set of known hashed CSAM material, and was not designed to use machines learning models of what might be said material.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Abandons Controversial Plans to Detect Known CSAM in iCloud Photos
- Thread starter MacRumors
- Start date
- Sort by reaction score
Just a point of clarification — the CSAM detection was against a set of known hashed CSAM material, and was not designed to use machines learning models of what might be said material.
Great news. Wonder where the mass surveillance defender clowns on this forum are now.
Not really, if by "scan" you mean create a hash (not scanning), then sure. That isn't "looking at your photos' content" That is adding up all the pixels into a formula (say SHA-256) and matching them to the hash of known shared images. This would not have detected new photos (as in you filmed your pedi-porn using your iPhone, but rather you stored a pornographic photo you got from the web that was already known by law enforcement. If this truly ran on-device not sure how it would create the backdoor for law enforcement mentioned in the article (in fact I'd be shocked if the photos app doesn't already hash the photos just for the duplicate detection mechanism) Storage wise is would have negligible effects (photos are huge, hashes are tiny). The one thing that seems a tad sketchy is if apple can hand verify a flagged photo is in fact CSAM, that would imply the encryption at rest is done with a mechanism that apple can decrypt? I thought they always bragged that not even they can decrypt your iCloud stuff... I thought it needed the data in your T2 chip?
I think this is the right answer. Backdoors, once installed, widen and widen and widen...
It's not like I want CSAM to go unnoticed, but the fedgov has reduced it's credibility so far at this point that they can't be trusted with that kind of a tool.
I try not to go down conspiracy rabbit-holes.
If there was a National Security need, I'm sure the NSA already has the power and authority to compel whatever organization to produce what they need without something being in place prior to the NSA "request".
Of course, this would be classified and we'd never hear of it.
Thanks for pointing that out.
However, I feel my concern remains as things like this have a way of becoming the monster they set out to kill. Once we allow CSAM detection, what is, or is not, considered CSAM is subject to change, with or without public input.
Unfortunately CSAM is still alive and well. This method of CSAM detection is dead before arrival.
And of course, to quite a few significant digits, "everybody" was and will remain unaware this was even a discussion.
Should those of us in the rounding error be happy? Depends on how things go from here. More victims won't make people happy. A high profile case where someone kept a massive cache of CSAM in iCloud giving an excuse for a politician rather than Apple's technologists making rules won't make people happy. If we get through the future with little additional harm and all of us keeping this extra modicum of privacy, it'll make people happy.
A lot of people are missing that this isn't about CSAM as much as it is about opening Pandora's Box when it comes to allowing big tech and governments access to be able to match and snoop anything they want on your encrypted device that you own.
This is very good news not just for Apple users, but for everybody.
If Apple went ahead and implemented CSAM scanning algorithms, then Google, Amazon, Microsoft, Samsung would have probably followed with their own implementation of cloud data scanning algorithms.
This is a win for everybody.
If Apple went ahead and implemented CSAM scanning algorithms, then Google, Amazon, Microsoft, Samsung would have probably followed with their own implementation of cloud data scanning algorithms.
This is a win for everybody.
Last edited:
People keep referring to CSAM as if it were software written by Apple. It is not. It's Child Sexual Abuse Material, which is supremely awful. What Apple had was a proposal, design, and prototype software to scan for CSAM in a particular way. Stop conflating the two! Unless you're trying to imply that actual CSAM isn't really all that bad.
I don't think any of us you referenced portrayed it as software written by Apple. It was alleged earlier that Apple was planning on implementing CSAM surveillance which was heavily criticized.
I’m certain the red mop head made sure they were all destroyed first… 😉
Last edited:
Apple folded, and it was all for money. The anime hentai owners squawked and apple heard their cries from their parents' basements. What a disgrace. The victims will ultimately not receive justice because of Apple's greed. Every other tech company with cloud storage is using this. Google, FB, MS, etc.
Pedophiles are gonna love iCloud. Quite the humanitarian huh Timmy?
Pedophiles are gonna love iCloud. Quite the humanitarian huh Timmy?
Unless you're distributing pictures of your kids in a bubble bath where they could become part of a law enforcement database, it can't become part of the hash with our without public input. If your concern is that the method of detection changes and starts looking for potential CSAM versus hashing against known CSAM, then the rules can still change now just like they could if the original method went forward.
It's like saying the PCR test gives you covid.
Which, now that I say it, I'm sure I've read people claiming too... nevermind... I expect too much of people...
The problem is there is no way to do it right. Once the capability is introduced, once Apple caves, it's a downwards spiral towards worse and worse privacy/human rights.
The people of China have recently learned about this - total surveillance was all fine and good when it was applied to those "terrorists" far away in the west of the country, but then when they protested against too much government control that same surveillance was turned against them, much to their surprise.
It's better if the capability is not there at all in the first place.
It's better if Apple publicly denounces the whole "Think of the children!!!1111" mantra.
I understand that there are criteria for CSAM and I understand that the criteria would be substantial. However, if the technology is not implemented, then there is no criteria to be changed.
As Apple killed the implementation of the technology, combined with today's announcement for Advanced Data Protection allowing iCloud information to be completely encrypted, hidden even from Apple; it is my understanding, and I could be wrong, that this would make it difficult, if not impossible, for nefarious actors to use personal iCloud information to suppress dissent.
I am all for utilizing technology to stop the horrific crimes being committed. I am simply unsure of the harm:good ratio considering that billions of people live in suppressed societies.
My take:
If Apple decided to back-down on this CSAM, it means they really invested time to delve into the matter, and found out that it actually WAS dangerous.
So, as far as I'm concerned, hats off to admit being wrong.
If Apple decided to back-down on this CSAM, it means they really invested time to delve into the matter, and found out that it actually WAS dangerous.
So, as far as I'm concerned, hats off to admit being wrong.
A hash of known circulating CSAM provided by at least two child protection agencies operating under different governments. At least 30 matched known CSAM images must be detected before triggering an alert. Matches confirmed manually before notifying law enforcement. Implemented and documented:
It's so hard to know how much of the outrage is about what Apple was planning to do and how much is about what people imagined Apple was planning to do...
I’ve still yet to hear how exactly this step could be done without violating state and/or federal laws in the United States regarding the possession and distribution of CSAM.
Apple's willingness to even entertain the idea of scanning user's photo libraries to see if they find something makes me think they've been drinking too much tea with Chinese government officials. I'm glad they walked it back but I'm not suddenly all rosy and full of faith about about Apple's personal privacy claims.
It says the hash is encrypted with a "visual derivative". I don't see a description of what that comprises, but the language suggests Apple never possesses CSAM, only CSAM derivatives. It presumably has to be different enough that they don't have employees bleaching their eyeballs.