this post was submitted on 08 Dec 2024
211 points (96.9% liked)

Technology

59985 readers
2566 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s
[email protected]
[email protected]
L4s
enu
211
Apple sued over abandoning CSAM detection for iCloud | TechCrunch (techcrunch.com)
submitted 1 week ago by fne8w2ah to c/technology
42 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] lepinkainen 2 points 1 week ago* (last edited 1 week ago) (7 children)

There was no "huge privacy issue".

First of all: You could turn off the local scanning by turning off iCloud sync - which would've sent the images to the cloud for scanning anyway. That's it, nothing else, nobody at Apple would've touched a single super-private file on your device.

The local scanning required MULTIPLE (where n>3, they didn't say the exact number for obvious reasons) matches to known and human-verified CSAM. This database is the one that would've been loaded from iCloud if you had it turned on. This is the exact same database all cloud providers are using for legal reasons. Some have other algos on top - at least Microsoft had an is_penis algorithm that shut down a German dude's whole Live account for his kid's pics being on OneDrive.

After the MULTIPLE matches (you can't get flagged by "accidentally" having one on your phone, nor would pics of your kids in the pool trigger anything) a human checker would have had enough data to decrypt just those images and see a "reduced resolution facsimile" (Can't remember the exact term) of the offending photos. This is where all of the brainpower used to create false matches would've ended up in. You would've had to create multiple matches of known CP images that looks enough like actual CP for the human to make an erroneous call multiple times to trigger anything.

If after that the human decided that yep, that's some fucked up shit, the authorities would've been contacted.

Yes, a Bad Government could've forced Apple to add other stuff in the database. (They can do it right now for ALL major cloud storage providers BTW) But do you really think people wouldn't have been watching for changes in the cloud-downloaded database and noticed any suspicious stuff immediately?

Also according to the paper the probability of a false match was 1 in 1 trillion accounts - and this was not disputed even by the most hardcore activists btw.

tl;dr If you already upload your stuff to the cloud (like iOS does automatically) the only thing that would've changed is that nobody would've had a legit reason to peep at your photos in the cloud "for the children". But if you've got cloud upload off anyway, nothing would've changed. So I still don't understand the fervour people had over this - the only reason I can think of is not understanding how it worked.

[–] [email protected] 0 points 1 week ago (3 children)

You don't understand or you refuse to acknowledge this is a back door into your device an Apple is actively scanning your files meaning your device is now compromised.

Or are you shilling for anti-privacy?

My device, my files. I don't want your scanning.

What's so hard to grok about that unless you are anti-privacy?

[–] lepinkainen 1 points 1 week ago (2 children)

The files WILL be scanned the second they leave your device to any major cloud.

If they don't leave your device, then turning off iCloud (and thus the "back door") wouldn't have had any impact on you.

[–] Lutra 2 points 6 days ago

Just clearing up the argument.

  1. The files will be scanned
  2. They've been doing for decades

There's a difference here in principle. Exemplified by the answer to this question: "Do you expect that things you store somewhere are kept private?" Where, Private means: "No one looks at your things." Where, No One means: not a single person or machine.

This is the core argument. In the world, things stored somewhere are often still considered private. (Safe Deposit box). People take this expectation into the cloud. Apple, Google, Microsoft, Box, Dropbox etc - only made their scanning known publicly _after they were called out. They allowed their customers to _assume their files were private.

Second issue: Does just a simple machine looking at your files count as unprivate? And what if we Pinky Promise to make the machine not really really look at your files, and only like squinty eyed. For many, yes this also counts as unprivate. Its the process that is problematic. There is a difference between living in a free society, and one in which citizens have to produce papers when asked. A substantial difference. Having files unexamined and having them examined by an 'innocuous' machine, are substantial differences. The difference _is privacy. On one, you have a right to privacy. In the other you don't.

an aside...

In our small village, a team sweeps every house during the day while people are out at work. In the afternoon you are informed that team found illegal paraphernalia in your house. You know you had none. What defense do you have?

load more comments (1 replies)
load more comments (1 replies)
load more comments (4 replies)