Interesting observation. This might be more damaging to Apple than anything else.
Without iMessage/Facetime, a large part of the peer pressure teens get for having an iPhone is gone. Now they might start asking for a Galaxy or something like that.
The CASM scanning happens on device, right? At least so we’ve heard.
My sense is Apple is trying to keep CASM off their servers. Scanning phones before it gets there was their solution to what I assume is a government demand/ultimatum. “Do this or we repatriate your foreign entity taxes” or some other shit.
I too feel that Apple just caved and eroded trust that took decades to build up. The only way this gets sorted is the “screeching minority” continues to screech and brings other in. Notify state attorneys general, FTC, etc. will that do anything? Who know? My bet is that it’s the DOJ behind all of this.
Hopefully the plaintiff bar which are already preparing class action lawsuits will find a way to get documents in discovery that allude to government coercion. But then again I’m sure there would be a clever way those are not produced under some “national security” bullbaiting reason.
That's my theory as well. I see all those people selling their iPhones that will instead use Android, upload all their photos in Google Photos, and Google will happily share all those those same photos. Yes, yes, yes, I know, one is done on device, the other one is done in the cloud, for me that is pretty much 2 sides of the same coin.
As I understand it (and I've not spent too long on this, just picking at various articles) - there are two separate things at play here.
Firstly - CASM scanning is done via fingerprinting - the image is fingerprinted on device and when uploaded to iCloud that fingerprint is compared with the "dodgy images" fingerprints and an alert raised if a threshold of matches is reached (what's the threshold and with whom?)
Secondly - there is on-device AI image recognition - when you send an image to someone else (via iMessage or the share sheet) it is checked for nudity and if the iCloud account in question is registered to a 13-year old or younger, their parents are alerted.
In both cases the fingerprinting/scanning is on-device and is triggered by the images leaving the device.
> the image is fingerprinted on device and when uploaded to iCloud that fingerprint is compared with the "dodgy images" fingerprints and an alert raised if a threshold of matches is reached (what's the threshold and with whom?)
Nope. The comparison is done on the device and the threshold is set there as well.
I am not sure how alarmed I am yet at this whole affair but I do know that maybe 50% of posts I read about this have glaringly incorrect information which definitely dampers my alarmism.
> Nope. The comparison is done on the device and the threshold is set there as well.
As I understand it the fingerprinting and comparison is done on device, but it only happens as part of the upload-to-iCloud process. So the grandparent's phrasing isn't unreasonable.
It isn’t being circumvented. It is intended to work on photos that are uploaded to iCloud. If you don’t use that (via turning it off or via selling everything Apple and switching to Linux) then you aren’t using it.
No. The intent is not that it works on iCloud. The intent is catching pedos.
This is obviously not effective given that you can get around it that easily if you want to. Coincidentally though, it will be totally effective at surveilling the 99.999% that are normal users and won’t go out of their way to disable iCloud. The whole CP thing is such an obvious farce.
The theory would be that many people are stupid. Of course we only know about criminals who get caught and that tends to be because they made a mistake, so it looks like most criminals are stupid.
So, you trust Apple to install this spyware and only use it in the way they currently describe. Great!
But what happens the second they get an order from $GOVERNMENT that tells them to use the spyware to also look at other documents on the device?
I think it's pretty obvious what Apple will say. They'll say "OK." They have no plausible deniability to tell $GOVERNMENT to go pound sand - they have demonstrated the capability already! Telling the spyware to scan different files is a trivial change from a technical perspective.
They could have done what you describe at any time in history. This doesn't change anything in that regard. Either you trust Apple enough to use their products or you don't.
> They could have done what you describe at any time in history.
That doesn't make sense. The issue is that Apple is very publicly signaling they are changing their approach to privacy now. Companies change approaches to any number of things all the time, they're not static entities. As such you have to evaluate their nature as a consumer on an ongoing basis, not one time forever. It's true of food, it's true of consumer electronics, it's true of general product or service quality, it's true of privacy issues or censorship, and so on. Apple even knew the consequences ahead of time - per the insider notes - and don't care, they charged ahead regardless.
They could have done that any time because their code is proprietary, their hardware closed & won't boot code not signed by apple + they gate keep all third party apps from their walled garden.
It would be much harder for them to pull of if the system was open with user actually in control.
Probably, at least until someone successfully gets a court to say otherwise, by which time it'll be irrelevant because everyone will either have installed & enabled it to get the updates or (less likely given how entrenched many iDevice users have become) moved to other products.
And after the case to stop them refusing security updates for those without it installed+enabled, there will need to be another one to force them to allow it to be disabled, then a few circuits around the court of public tattle to make it really disable and not magically re-enable itself at random intervals.
Interestingly, iOS 15 is the first version of iOS in history to be optional if you want security updates. You will be able to choose if you want to go to iOS 15 and get the new features (including the CSAM prevention stuff), or you can stay on a security update only channel for iOS 14 (for a unknown period, but I'd guess until WWDC 2022? N-1 seems reasonable).
Can Apple force people to install this even on devices they already sold?