Privacy focused alt. to Apple?

[iterva]

The more I read about those, the more annoyed I am that Google does not release the Pixel phones in my country. Wish they can support more phones.

I´m right there with you. Even though i could import from another EU country but if anything happens with it and i need service/any kind of warranty then i can´t turn to Google for assistance. Would love to try out a Pixel with CalyxOS as my daily.

Oh well. Maybe one day ?‍♂️

 

[Shanghaichica]

Can someone explain this privacy thing to me? I’m getting conflicting reports.
Some are saying that are scanning photos that are uploaded to iCloud and if you opt out of iCloud they won’t be able to access your photos. However on Reddit they are saying they are going to be scanning your photos on your device?

 

[Expos of 1969]

Can someone explain this privacy thing to me? I’m getting conflicting reports.
Some are saying that are scanning photos that are uploaded to iCloud and if you opt out of iCloud they won’t be able to access your photos. However on Reddit they are saying they are going to be scanning your photos on your device?

Difficult to say. Watching Craig F. almost have a seizure when trying to explain (make up?) the algorithm process in his interview with Joanna Stern was hilarious but also pathetic.

 

[JahBoolean]

Can someone explain this privacy thing to me? I’m getting conflicting reports.
Some are saying that are scanning photos that are uploaded to iCloud and if you opt out of iCloud they won’t be able to access your photos. However on Reddit they are saying they are going to be scanning your photos on your device?

A scanning algo will be running on your device and scan photos as they are readied to be uploaded to the cloud.

They won't be scanning your photos per se, simply comparing a mathematical abstraction of the pixel values array inside of your photo with said abstraction of known child pornography and missing person pictures.

The whole backlash seems a bit creepy to me, but this opens some ethical quandaries, who will control the image data bases, can it be extended to police other type of content in oppressive regimes and is the scanning really contained to the data stream of images going into the cloud.

TL;DR

This should be a non issue if not using the icloud service, people do not have a good handle on what privacy on the internet means so they flip. When using icloud, so long as you're not being a bad actor, you will be allright.

 

[Apple_Robert]

Can someone explain this privacy thing to me? I’m getting conflicting reports.
Some are saying that are scanning photos that are uploaded to iCloud and if you opt out of iCloud they won’t be able to access your photos. However on Reddit they are saying they are going to be scanning your photos on your device?

According to Apple, if you have iCloud Photos turned off, there will be no scanning done on your phone.

 

[ian87w]

Can someone explain this privacy thing to me? I’m getting conflicting reports.
Some are saying that are scanning photos that are uploaded to iCloud and if you opt out of iCloud they won’t be able to access your photos. However on Reddit they are saying they are going to be scanning your photos on your device?

Scanning happens on-device. The database of the hashes is coded directly in iOS15.
The iCloud stuff is just that the result of the scan (the positive vouchers) will only be uploaded to Apple if you use iCloud Photos.

The problem is not this specifically. The problem is that the system itself is being implemented, on firmware level on your device. Whatever Apple's intention would be, no matter how noble, the fact that this mass worldwide scanning system (this firmware is global, even on non-US iPhones) is in place opens up quite a lot of potential issues. You really have to trust Apple, and trust that there won't be bad actors inside Apple or the organizations making the databases themselves.

Those who have leisure lives in "free" societies like the USA might not feel any issue. For some who lives in countries with authoritarian governments/known corruption/extreme morality laws, what Apple is doing is quite chilling.

 

[Shanghaichica]

A scanning algo will be running on your device and scan photos as they are readied to be uploaded to the cloud.

They won't be scanning your photos per se, simply comparing a mathematical abstraction of the pixel values array inside of your photo with said abstraction of known child pornography and missing person pictures.

The whole backlash seems a bit creepy to me, but this opens some ethical quandaries, who will control the image data bases, can it be extended to police other type of content in oppressive regimes and is the scanning really contained to the data stream of images going into the cloud.

TL;DR

This should be a non issue if not using the icloud service, people do not have a good handle on what privacy on the internet means so they flip. When using icloud, so long as you're not being a bad actor, you will be allright.

I have no issues with using iCloud. I have nothing to hide. My main concern is if they are scanning my photos on my device as that seems very invasive. iCloud is fine because I’m trading privacy for convenience but on mi device I’m not happy about as it seems like spyware to me.

 

[BigMcGuire]

I have no issues with using iCloud. I have nothing to hide. My main concern is if they are scanning my photos on my device as that seems very invasive. iCloud is fine because I’m trading privacy for convenience but on mi device I’m not happy about as it seems like spyware to me.

Apple's justification for scanning on your device is because your data is encrypted once it leaves your phone to iCloud (data is encrypted on your phone but can be viewed on your phone because you have the key to your encrypted data on your phone). So scanning on the device allows the "CP" scanner to check your photos for CP without having to compromise the encryption of your data on iCloud servers (for Photos). It's comparing hashes of known CP photos and has to positively identify 30 before sounding the alarm back at Apple before it is reviewed and possibly handed to Law Enforcement.

 

[Shanghaichica]

Scanning happens on-device. The database of the hashes is coded directly in iOS15.
The iCloud stuff is just that the result of the scan (the positive vouchers) will only be uploaded to Apple if you use iCloud Photos.

The problem is not this specifically. The problem is that the system itself is being implemented, on firmware level on your device. Whatever Apple's intention would be, no matter how noble, the fact that this mass worldwide scanning system (this firmware is global, even on non-US iPhones) is in place opens up quite a lot of potential issues. You really have to trust Apple, and trust that there won't be bad actors inside Apple or the organizations making the databases themselves.

Those who have leisure lives in "free" societies like the USA might not feel any issue. For some who lives in countries with authoritarian governments/known corruption/extreme morality laws, what Apple is doing is quite chilling.

I’m sure even if apple have the best intentions in the world this could be hacked by others for nefarious purposes considering that it’s something which is built into the OS and this present on the device.

 

[BigMcGuire]

I’m sure even if apple have the best intentions in the world this could be hacked by others for nefarious purposes considering that it’s something which is built into the OS and this present on the device.

I think most people are more worried about Apple conceding to other countries demands in order to do business in that country. Using this as a tool to identify political dissidents, or people of a sexual orientation, religious affiliation, etc... in order for Apple to sell iPhones in XYZ country (and even abused in USA someday depending on Govt in power).

 

[JahBoolean]

I’m sure even if apple have the best intentions in the world this could be hacked by others for nefarious purposes considering that it’s something which is built into the OS and this present on the device.

As echoed above, I see Apple turning the blind eye to foul play with their own system as more likely than any other "intrusive" modification. If someone was able to change the codebase pushed for ios updates, they would have problems order of magnitudes larger than this.

 

[ian87w]

As echoed above, I see Apple turning the blind eye to foul play with their own system as more likely than any other "intrusive" modification. If someone was able to change the codebase pushed for ios updates, they would have problems order of magnitudes larger than this.

Probably. And Apple is not some kind of church, Apple is a publicly traded company where increasing their shareholders' value is their upmost motivation. Apple will not sacrifice huge markets like China, and will compromise.

 

[JahBoolean]

Probably. And Apple is not some kind of church, Apple is a publicly traded company where increasing their shareholders' value is their upmost motivation. Apple will not sacrifice huge markets like China, and will compromise.

In the grand scheme of things, and I'm playing devil's advocate. They have more urgent problems when it comes to privacy and computational censorship than CSAM hash scanning. I'd be very skeptical of routing information in to the cloud without any sort of E2E encryption or complex routing. But again that is what will come bundled with the new icloud+ package so this (hashscans) is the minimum compliance needed for further anonymity (at least when provided by a consumer company ).

 

[5105973]

A scanning algo will be running on your device and scan photos as they are readied to be uploaded to the cloud.

They won't be scanning your photos per se, simply comparing a mathematical abstraction of the pixel values array inside of your photo with said abstraction of known child pornography and missing person pictures.

The whole backlash seems a bit creepy to me, but this opens some ethical quandaries, who will control the image data bases, can it be extended to police other type of content in oppressive regimes and is the scanning really contained to the data stream of images going into the cloud.

TL;DR

This should be a non issue if not using the icloud service, people do not have a good handle on what privacy on the internet means so they flip. When using icloud, so long as you're not being a bad actor, you will be allright.

Wait, it scans for missing persons pictures, too? A lot of people on FB that I used to know when I was on it, save and share missing persons photos for prayer groups or just to increase public awareness and help look for these people. Is that going to trip the tripwire? It seems like an odd thing to scan for as it’s not a crime to save photos of people, missing or otherwise.

 

[JahBoolean]

Wait, it scans for missing persons pictures, too? A lot of people on FB that I used to know when I was on it, save and share missing persons photos for prayer groups or just to increase public awareness and help look for these people. Is that going to trip the tripwire? It seems like an odd thing to scan for as it’s not a crime to save photos of people, missing or otherwise.

We won't have the specifics of the ML model they are using, but rationality tends to suggest that they have made accomodations for those false positives inside of their modelling.

 

[ghanwani]

Apples proposed CSAM implementation apparently will not work if one is not logged into iCloud Photos. So another cloud storage option would be needed for photos storage, if there are concerns.

One concern I have heard, is that when a photo is flagged, a human person will be reviewing the photo, which could lead to privacy issues.

Reminds me of the TSA body scanners that showed the full body parts to a reviewer - the scanners were then adjusted to block out certain body parts.

Sending photos over iMessage will also be affected.

From what I gather, there was also a piece for child safety that uses on-device AI/ML to try to determine if images received on (or being sent from) a minor's phone are of an explicit nature, and either block the image from viewing and/or notify the parent. Is that part also dependent on iCloud?

 

[Shanghaichica]

From what I gather, there was also a piece for child safety that uses on-device AI/ML to try to determine if images received on (or being sent from) a minor's phone are of an explicit nature, and either block the image from viewing and/or notify the parent. Is that part also dependent on iCloud?

No it’s on device but your have to opt into that.

 

[ian87w]

Wait, it scans for missing persons pictures, too? A lot of people on FB that I used to know when I was on it, save and share missing persons photos for prayer groups or just to increase public awareness and help look for these people. Is that going to trip the tripwire? It seems like an odd thing to scan for as it’s not a crime to save photos of people, missing or otherwise.

Right now, whatever hashes Apple would be matching with are the CSAM hashes provided by the NCMEC. The CSAM database is coded in iOS15, so your iPhone won't just "expand" what it is scanning on its own. Whatever addition to the database would have to be added through iOS update.

The issue is not necessary about the CSAM database, it's the scanning capability itself, built-into iOS on a firmware level. The only thing between it and any potential abuses is just Apple's pinky promise.

 

[ghanwani]

The only thing between it and any potential abuses is just Apple's pinky promise.

This reminds me the first couple of quotes here:

John Dalberg-Acton, 1st Baron Acton - Wikipedia

en.wikipedia.org

 

[MrTSolar]

Back to the main topic in the ever-shrinking US cage of freedom (to paraphrase Jon Anderson), I'm switching from iCloud to my Sandisk Ibi. While it uses cloud servers to route information, the actual store of information is a small device in my house. When on the same network, the app connects directly to the device and can quickly back up large amounts of photos/videos. Outside the network, it relay-connects through Sandisk's servers to my device and can back up over the internet. Their terms of service promises that everything is encrypted in a way that Sandisk can't read my information, although there is no subscription charge once you purchase the device. I'm inclined to have some trust in them since selling hard drives is Sandisk's main business, but then again the same can be said for Apple.

I'm trying to figure out if I want to get a second one to use as a file server. The device itself is $89 and can hold 1 TB of data on a 5,400 RPM hard drive (yes, slow, but cheap).

 

[Mr. Heckles]

According to Apple, if you have iCloud Photos turned off, there will be no scanning done on your phone.

What I don’t get, what criminal would have iCloud photos on after hearing this?

 

[Michael Scrip]

What I don’t get, what criminal would have iCloud photos on after hearing this?

Maybe that's the point!

All this nonsense just to get criminals to stop storing illegal CSAM images in Apple's iCloud data centers.

You know Apple doesn't want that crap in there. No company does.

So they pull this stunt and then all the criminals will go to the Dark Web... where they belong!

 

[jdoll021]

Does anyone think it’s possible that we might be able to learn more, or even disable the scanning, with a jail broken iOS 15? I might be willing to take a stab at jail breaking my phone if that’s the case.

 

[nickdalzell1]

If it's anything like rooting an Android today, it's going to be quite limited. I do know when iOS 7 came out there was not even a jailbreak method that would bring skeuomorphism back. Rooting on Android you could do anything back when the newest version was 2.3 (God, I miss CyanogenMod 7.1!) but today all a custom ROM does is maybe give your 'unsupported' phone a later version of Android, and possibly remove some apps or Google apps. Xposed was killed off long ago so any form of real true customization is dead, and I wouldn't be surprised if half the stuff I did when I jailbroke iPhones such as the 3GS wouldn't even be possible today.

 

[Lowhangers]

I'm planning on switching from Apple because of the recent news especially as I read more from the experts analyzing this. I think it's finding a system that works for you. For me I would be fine with using an Android phone such as a Pixel but using as many non-Google apps as possible. A few examples:

Instead of YouTube use Newpipe.
Instead of Gmail, use ProtonMail or Tutanota.
Instead of Chrome, use Firefox.

But, if you're looking to really dive into more privacy focused you can run "degoogled" versions of Android such as GrapheneOS (https://grapheneos.org/) or CalyxOS (https://calyxos.org/).

And if you want to go even further, you could use something like Cryptomator (https://cryptomator.org/) to encrypt your backups before you place them in any cloud hosting service.

Data is going to be collected regardless of which device you use and it depends on how many hoops you want to jump through. It's just finding what you're comfortable with and what you're willing to do for more privacy. It's a rabbit hole though so be careful.

I recommend Brave as an alternative to Chrome instead of Firefox. Firefox has this weird location crap built into it now. Creeped me out, that browser is a big mess. Brave is much more privacy focused.