Armed Polite Society
Main Forums => Politics => Topic started by: Ben on August 05, 2021, 09:03:46 PM
-
This is definitely a "nose under the tent". Obviously everyone wants child molesters wearing cement shoes at the bottom of the lake, but what happens when they expand to Gadsden Flags and guns?
They claim this creates better privacy than the technology they currently use to scan iPhone imagery (apparently in the cloud).
Apple announced Thursday is it planning to scan all iPhones in the United States for child abuse imagery, raising alarm among security experts who said the plan could allow the firm to surveil tens of millions of personal devices for unrelated reasons.
In a blog post, the company confirmed reports saying that new scanning technology is part of a suite of child protection programs that would “evolve and expand.” It will be rolled out as part of iOS 15, which is scheduled for release sometime in August.
Apple, which has often touted itself as a company that promises to safeguard users’ right to privacy, appeared to try and preempt privacy concerns by saying that the software will enhance those protections by avoiding the need to carry out widespread image scanning on its cloud servers.
“This innovative new technology allows Apple to provide valuable and actionable information to [the National Center for Missing and Exploited Children] and law enforcement regarding the proliferation of known CSAM,” said the company, referring to an acronym for child sexual abuse material. “And it does so while providing significant privacy benefits over existing techniques since Apple only learns about users’ photos if they have a collection of known CSAM in their iCloud Photos account. Even in these cases, Apple only learns about images that match known CSAM.”
More at:
https://www.theepochtimes.com/apple-will-scan-all-iphones-for-illegal-child-abuse-images-sparking-privacy-debate_3935633.html
-
While I prefer a wood chipper for child abusers, this can and will be abused.
-
if they have a collection of known CSAM in their iCloud Photos account. Even in these cases, Apple only learns about images that match known CSAM.
Make me wonder what kind of person they hire to sit down and go through thousands if not millions of images all day long 5 days a week to create the database of known CSAM
-
Further validation for being old-fashioned and using a camera to take photos.
-
Make me wonder what kind of person they hire to sit down and go through thousands if not millions of images all day long 5 days a week to create the database of known CSAM
Probably something looking for flesh tone colors, at the start of the chain.
-
If they can scan for data and push updates they can plant evidence.
Watch for surprising number of right wing thorns in the side of the left to be found with criminal evidence on their apple devices.
-
“Match known CSAM” makes me wonder if they are doing checksum matching or something.
AI matching might work. They have porn identifying AI and facial recognition that will guess ages. I don’t know why the two couldn’t be combined. But if it is device level I would think that kind of analysis to be power hungry and resource intensive. Maybe run it when the phone is charging or something?
In any case, creepy as heck.
-
And the Patriot act was to stop terrorists. ;/
-
And the Patriot act was to stop terrorists. ;/
How cute.
That's SOOOOO naive ...
-
Just reinforces my decision to not purchase an Iphone.
-
Just reinforces my decision to not purchase an Iphone.
Coming soon to Android phones near you.
-
My guess is not as quickly as you think.
There are a LOT more companies that make Android-OS phones... as far as I know, Apple is the only company that makes phones with the IOS.
So each of those companies would have to sign on to any plan by Android to roll out such software... And as Android has found out in trying to roll out some features in the past... not everyone is happy to roll out all of those features.
-
My guess is not as quickly as you think.
There are a LOT more companies that make Android-OS phones... as far as I know, Apple is the only company that makes phones with the IOS.
So each of those companies would have to sign on to any plan by Android to roll out such software... And as Android has found out in trying to roll out some features in the past... not everyone is happy to roll out all of those features.
This. The rooting/costom rom community will explode
-
If they can scan for data and push updates they can plant evidence.
Watch for surprising number of right wing thorns in the side of the left to be found with criminal evidence on their apple devices.
RKL, stop reading my mind - you posted MY first thought as I read the OP.
-
My guess is not as quickly as you think.
There are a LOT more companies that make Android-OS phones... as far as I know, Apple is the only company that makes phones with the IOS.
So each of those companies would have to sign on to any plan by Android to roll out such software... And as Android has found out in trying to roll out some features in the past... not everyone is happy to roll out all of those features.
I think there will be less resistance than you expect. Given most large tech companies are going "woke", and now openly competing to be the most "woke", I think many would happily climb on board. Their compliance would be even more willing once they realize that the technology could be easily adapted to target those expressing conservative beliefs. It would be presented as a tool for flushing out white supremacists.
-
"Given most large tech companies are going "woke", and now openly competing to be the most "woke","
You really think Samsung gives a corporate *expletive deleted*it about American psychotic wokism OR American conservatives?
Or Nokia?
-
Their compliance would be even more willing once they realize that the technology could be easily adapted to target those expressing conservative beliefs. It would be presented as a tool for flushing out white supremacists.
Well since it's a well known "fact" all conservatives are white supremacists and that all white supremacists are child molesters ..........
-
It's important to understand what this means technically.
Android has been weak about supporting true end-to-end encryption. The reason being they don't control the phones and so they have limited ability to ensure/force the appropriate hardware security chips. Apple on the other hand does and they have steadily increased their phone security over the years which has sometimes got them criticized for doing things like requiring fingerprint sensors to be changed only by Apple Stores. Android could never do something like this across the Android ecosystem.
It is clear that law enforcement can subpoena any datacenter data they want. And if it's encrypted on the cloud they can also compel cloud provider to decrypt it because the provider refusing to decrypt data that they know how to decrypt would simply be obstruction or contempt. And the provider can't stand on any legal principle that the user has a right to privacy because law enforcement already has a warrant authorizing them to have the data.
Also there have been recent scandals about cloud platform employees, whether phones or cloud security camera companies or whatever, accessing and leaking cloud data, which despite whatever "controls" in place is possible in principle through various leak potentials that exist even if the data is "encrypted".
Apple seems to actually care something about user privacy, as long as it's aligned with shareholder value which it plausibly is if it helps them sell more iPhones. So the workaround to this cloud data security problem is true end-to-end encryption, where apple doesn't have the ability to decrypt the information at all, because the encryption keys belong to the user only. A system where Apple has no idea what the data is, and couldn't provide it to LE if they wanted to, because the private encryption key is held by the user on his phone, which has to be located and cracked, if that's possible to do without destroying the keys. It's common for security microprocessors to hold the private keys in volatile memory which can be automatically flushed on command in any attempt to recover the keys. I used to work for a company that made such processors and they have thought about lots and lots of potential attacks and errors, even obscure ones only used by sophisticated attackers who have the ability to disassemble the chip. So even probing to hardware itself can be hard, besides the fact that making LE have to physically locate the phone and crack it is already a huge (security benefit for user = hindrance to LE) vs. LE just sending an email with a rubber stamped warrant to Apple, which through FOIA requests, we know they do hundreds of times per year.
-
.... continued
Despite all the security advantages of end to end encryption I am aware of very few, make that zero, real-world implementations that are widespread. It's a real problem when the provider cannot help you recover lost keys and has to tell you your data is lost forever and cannot be recovered. This is not a consumer friendly situation. So I'm actually excited that if anyone can do it, it would be Apple. It could really be a new era of capability and also a needed competitive advantage for the iPhone which is struggling to distinguish itself as android phones become cheaper and more capable. A capability like this would boost iPhone right where it would stick the best...in an area enabled by Apple's deep advantage in curated hardware. Clearly one of the reasons they haven't is public relations as much as technical:
If you imagine you have a phone that is the world's only phone and cloud storage system with truly airtight end to end encryption, then obviously the technology is going to be adopted by all criminals. This might be forgiven by Joe Public who are tired of the drug war anyway and no longer fear terrorists after learning that most terrorist plots are engineered by the FBI anyway. However, exploitive porn is an obvious killer app for the technology and Joe Public won't look kindly towards a company inventing a widespread technology that enables it and hobbles enforcement. At least that's the way it will be sold by detractors. That's already the way it's being sold by detractors...
You might not know it or like it but any images that you back up to a cloud service are already scanned for child porn. This has been going on a long time and way longer than fancy image recognition technology like Google uses to categorize images has existed. It's not a matter of identifying the contents of photos, it's just checking the photos for fingerprints against known photos. Something like doing a basic check of the light/dark values and hashing them and checking against a DB. Any cloud service is already doing this to your photos when you upload them or when they become automatically backed up to the cloud. This is impossible to do in the case of end-to-end encryption because the data would be encrypted when Apple gets it. So doing end to end would mean they lose this capability which they might not want to do for PR or liability or potentially because the government, possiblity behind closed doors, won't let them. If you want to preserve this capability then you need to move this operation to the phone itself before the encryption and upload. As far as I can tell, that's what this is about. Apple is planning something big related to encryption security and their hand is forced to move more functionality to the handset from the cloud. This will also impact mundane things like photo processing which might have something to do with why Apple have been so interested in building their own chips and just ditched Qualcomm. I wouldn't be surprised, with all the cash Apple has in the bank, to see them start to invest more in their own fabs so they don't even have to work with external chip foundries. Apple already has fabrication facilities and they are probably already used for certain security chips, but they don't have any factories that can fab their advanced CPUs.
If you ask yourself why Apple would be so desperate to hide your information from the government... consider WHICH government is in question, and don't forget China is a massive market for Apple and also a major source of heartburn for them since china forces apple to hand over data surely as often or more and for even worse reasons than the US.
-
"Given most large tech companies are going "woke", and now openly competing to be the most "woke","
You really think Samsung gives a corporate *expletive deleted*it about American psychotic wokism OR American conservatives?
Or Nokia?
Samsung has sales, marketing, and service arms in the US. You can pretty much bet those groups are woke. If this privacy-invading feature becomes a required thing to sell Android-based phones in the USA, those Samsung US groups will inform corporate in Samsung Town, Seoul. Samsung will then find they do care if they want to maintain their large market share in the USA.
-
How many of you have photos of your guns on your phones?
-
How many of you have photos of your guns on your phones?
Plenty, and I have more than once turned off auto-uploading to Google photos, which seems to randomly turn itself back on.
I don't even use Google photos, I use Flikr, but Google seems to want to force me to automatically send any phone photos to Google photos. I would imagine that there are plenty of people with a Google account on their Android who have no idea that their photos are being automatically sent to the cloud.
-
Zahc, if I am reading you correctly, you are suggesting that this may be a step toward a good thing because it would make the content more secure, not less. Is that right? As in a step toward true zero knowledge encryption?
If that is the case, why does Apple reference decrypting images for law enforcement if the match threshold is met?
-
Apple confirmed yesterday that images are only scanned just before uploading to iCloud. Supporting my theory. If the scanner detects badness presumably they can tag the bad photo as bad or avoid encrypting it it phone a copy home before upload. For now, they say you can avoid the scanning if you turn off upload to icloud.
Remember China forced apple to build cloud servers in china and I guarantee the CCP has physical as well as digital keys to those cloud servers. I still think this is 90% about subverting the CCP spying. Apple has caved to the CCP by following their demands for access but I don't think they like it and are trying to get around it by technical means. There's no other reason they would risk this PR nightmare.
-
"If this privacy-invading feature becomes a required thing"
And yet it's not a required thing, is it? But... If if if if if! Right?
No.
It's Apple doing this on their own volition.
And remember, it's REQUIRED that these corporations comply with court orders to unlock user phones in the course of a criminal investigation.
Just how well has THAT requirement worked out?
As in... not at all. There have been THOUSANDS of court orders issued for these companies to unlock phones, and the number that have actually been unlocked is minuscule in comparison to the number of court orders.
Once again, this is Apple doing this. It's NOT a requirement of government.
So we're right back at IF.
Don't hold your breath.
-
maybe a good argument, here, for doing computer-y things with a computer, not a phone. If I didn't need G00gle Authenticator for a couple things, I could be by fine with a basic flip phone.
-
You think your Windows computer is any better on privacy and/or data hoovering?
-
And remember, it's REQUIRED that these corporations comply with court orders to unlock user phones in the course of a criminal investigation.
Just how well has THAT requirement worked out?
It was Apple who refused the government access to the San Bernardino shooter's iPhone. Reportedly the phone's encryption was then cracked by an Israeli firm
-
And this just popped up a few days ago.
July 26, 2021 (LifeSiteNews) – A collaborative investigation into the use of next-generation cyber surveillance software by government agencies, supposedly to be used to track terrorist targets, has revealed that the spyware was in fact employed to hack the smartphones of thousands of journalists, lawyers, businessmen, and politicians across 20 countries.
The technology in question, Pegasus, was designed and sold by Israel-based technology firm NSO Group, which sold and distributed the hacking software to the governments of eleven countries. But a report in The Guardian claimed that at least 10 of those states, including Saudi Arabia, India, and Hungary, abused the powers granted by the spyware.
Israeli firm accused of enabling global spying by authoritarian gov’ts via Pegasus hacking software
https://www.lifesitenews.com/news/israeli-firm-accused-of-enabling-global-spying-by-authoritarian-govts-via-pegasus-hacking-software/
-
You think your Windows computer is any better on privacy and/or data hoovering?
Windows on it's own isn't really all that secure and never has been, it has just enough security to keep out the curious. This is also largely true for Mac OS and well as Linux despite what many may think although they are a little bit better. If you want your PC data secured there are 3rd party apps for that. Things can be a bit different with the server versions though.
-
It was Apple who refused the government access to the San Bernardino shooter's iPhone. Reportedly the phone's encryption was then cracked by an Israeli firm
I know, but they're not the only one who has refused. All of the manufacturers have refused to comply.
-
Apple doesn't actually need to scan phones. They could just scan all the online traffic and cloud storage. If someone was involved in trafficking of minors or that material, they would still find evidence. The phone isn't being used like a flash drive. It is going across the phone networks.
-
I ran across this WSJ article from 2018:
https://www.wsj.com/articles/techs-dirty-secret-the-app-developers-sifting-through-your-gmail-1530544442 (https://www.wsj.com/articles/techs-dirty-secret-the-app-developers-sifting-through-your-gmail-1530544442)
According to the article, "Google said a year ago it would stop its computers from scanning the inboxes of Gmail users for information to personalize advertisements, saying it wanted users to “remain confident that Google will keep privacy and security paramount.”"
It goes on to say that google does allow vendors to scan @gmail inboxes, which is apparently, "a common practice." With no WSJ membership I was unable to read the entire article.
These scans are for marketing and advertising purposes, but it's possible to scan for any keywords, and probably images, etc. Online privacy is long gone, unless one makes a dedicated effort, in which case the authorities have to try a bit harder, if one is doing anything the authorities might be interested in of course.