Apple will remotely install software to scan all US phones for child sex abuse images

And as Project Veritas has endlessly proven, BigTech Corps are over flowing with individual's with malicious intent galore.
Even on a personal level, they are literally doing this.
Case in point (worth the watch, and even the FBI got involved with investigating and charging corruption and crimes going all the way up to ebay's Chief Communications Officer):

 
Uh, that's the point. You're complaining about this, when you could already DO that. You don't need apple reporting that you've taken a pedo image on your phone and uploaded it to iCloud to get people in trouble for pedo material. The very instant that person visited a known host w/ the child porn, you'd be flagged anyways.

There are already a million snort/zeek/whatever sensors between your phone and the child porn server sending sirens to the FBI if you download child porn onto a phone. If you download child porn that is in this LEO child porn hash database onto any host you own - Your IP has been flagged already by every ISP in that chain already, couple that with the fact that most child porn servers are traditionally watched by LEO for months so they can build a case against every sicko downloading from them, oh, and you can be sure they already cracked said servers and have stolen the private keys for TLS/SSL anyways so encryption is moot.

Pretty much this. Apple got a lot of heat back then with the whole battery thing for lack of transparency. At least here, they're announcing it before a few pissed off tech enthusiasts that don't even own an iphone get mad about it. These are the types of people that live life constantly in fear that the government or whoever else, is spying on them.

If people really believe that other companies and agencies aren't already doing this, then IDK... NSA anyone?
 
To the crowd that say, if you don't have anything to hide - just wait until you are falsely accused of something due to a technical glitch or something is used against you from your phone in a completely unrelated accusation.

We are living in dangerous times.

Um, a flagged photo/video will most likely go through several tiers before being reported to the authorities.
 
Last edited:
Another angle (not sure if this has been mentioned) is that Apple is just saying this to get the pedos to move off their platform and over to Android.

However, I would think this is a small part of it if so.
 
Its things like this that make me laugh. We have security cameras all big stores like wallamrt and in big city's, most give out their life story on facebook and so on. But the second their tech does something like this you have folks getting angry over it.
BTW most modem NVR cameras system used in bigger stores have facial recognition and can automatically pick up on car plates and so on. No one wines about this.
I feel like this is a non-sequitor not relevant to the issue, to be honest. Yes, there are cameras in big stores. However, from time to time, wives (or husbands) might send husbands (or wives or mistresses or whatever) photos to entice their partner. They might take these photos on their iPhone thinking their iPhone is relatively "secured" by the fingerprint access, voice ID and that it'll lock or even auto-erase if the passcode is put wrong 'x' times according to their settings. It's pretty likely they are shot in the safety of their home or somewhere remote outdoors, far from Wal-Mart security camera's locations. Thus, they don't fear, "Apple Tech Guy Bob" seeing their ___ up close or ___ dressed in _______ with a ___ etc. The smart money would probably be to use polaroid's or something non-digital or at least a digital camera with no wireless communication. However, as it is, I don't think anyone excepts a ____ photo to publicly accessible to Apple Tech Guy Bob.
 
It would be naive to think one could avoid this by simply ditching your iOS devices and moving to (Android).
Let's face it, surveillance on a wide scale is already here and here to stay. There's no avoiding it. And the vast majority of the population couldn't care less!
As long as they can continue to use their TikTok, Facebook messenger, et-al, they will.
They will continue to cover their webcams, renew their NordVPN subs and think they are "safe". Yet the very devices they keep on their person every single day with their multiple mics of great sensitivity can listen surreptitiously around the clock like a silent thief in the night all telling and all knowing and everyone thinks that is OK. ;-)
 
That's not how this works at all.
Actually the second part of this program is imessage filtering/scanning. If you’re not familiar read up on it. Specifically it effects children’s accounts on a family account. There are restrictions for under 13 which notify the parent of nude content is sent, and warning for 13-17 year olds if nude content is sent.

So yes, in a nutshell this is part of this roll out. Which is fine by me. But it is how part of this program works.
 
It would be naive to think one could avoid this by simply ditching your iOS devices and moving to (Android).
Let's face it, surveillance on a wide scale is already here and here to stay. There's no avoiding it. And the vast majority of the population couldn't care less!
As long as they can continue to use their TikTok, Facebook messenger, et-al, they will.
They will continue to cover their webcams, renew their NordVPN subs and think they are "safe". Yet the very devices they keep on their person every single day with their multiple mics of great sensitivity can listen surreptitiously around the clock like a silent thief in the night all telling and all knowing and everyone thinks that is OK. ;-)
Honestly I am sure Android with its plethora of cheap phones and saturation in the phone market, has probably been doing something like this in the background for a while now. A move from Apple to Android would be a horizontal move at best..
 
I think my issue with this is that it’s now being done on a device you own without your control.

If you didn’t want to put your stuff in the cloud, because you didn’t trust it for whatever reason, you could do that and assume the device you own wasn’t doing things without your permission.

Maybe shifty apps did things by exploiting those permissions, but you could make the IMO not-unreasonable assumption that the device itself wasn’t doing something you didn’t know about.

Now that won’t be the case. Well, I mean, I guess you’ll know about it, but there’s nothing you can do to turn it off. To me that takes “ownership” of the device and puts it in a grey category.

alternatives if you want a smartphone? I think a Pixel running GrapheneOS might be one? And then running your own “cloud” on a server in your basement for backups or whatever. I can’t think of any other viable smartphone options for day to day use.

there’s other options if you want a cell phone but don’t want the extra capabilities. Lightphone or Linux phone projects like Pine Phone. Or go all the way back to feature phone devices that only do calls and sms, like the Nokia 3310 from a few years back.
 
For anyone not understand my eternal bitchfest against Steve Jobs the control freak, this is the exact future I could see coming.

Apple fans have no choice but to feel double-plus good about this ( as the only other option is excommunication from the Church of Steve.)

Fuck you Steve - it's your concept of multi-layered lock-in that led Tim "The Second Coming" down this path, all while chanting the eternal "Hey look over here at this new relatively pointless application trust enhancement, while we continue to track you on Safari (the only browser you will ever need, trust us), and now dystopian automated shit like this cause Apple knows best"

I foresee many ending up in court over false-positives,
 
Last edited:
Industry standard SHA-256, collisions are basically impossible. Who knows what they are using for this, but they might be using even higher, and they might be uses multiple different types of rounds as well.
These aren't cryptographic hashes of any sort: they're "perceptual hashes". The former would be useless. I don't know any details about the algorithm involved, only that false positive are pretty much guaranteed.
 
I think my issue with this is that it’s now being done on a device you own without your control.

If you didn’t want to put your stuff in the cloud, because you didn’t trust it for whatever reason, you could do that and assume the device you own wasn’t doing things without your permission.

Maybe shifty apps did things by exploiting those permissions, but you could make the IMO not-unreasonable assumption that the device itself wasn’t doing something you didn’t know about.

Now that won’t be the case. Well, I mean, I guess you’ll know about it, but there’s nothing you can do to turn it off. To me that takes “ownership” of the device and puts it in a grey category.

alternatives if you want a smartphone? I think a Pixel running GrapheneOS might be one? And then running your own “cloud” on a server in your basement for backups or whatever. I can’t think of any other viable smartphone options for day to day use.

there’s other options if you want a cell phone but don’t want the extra capabilities. Lightphone or Linux phone projects like Pine Phone. Or go all the way back to feature phone devices that only do calls and sms, like the Nokia 3310 from a few years back.

I'd definitely read John Gruber's summary of Apple's moves before making any choices. Seems like a rational discussion of what's actually happening while acknowledging the concerns.

The gist: so long as things work as Apple says, and they should, you won't need to worry. You're not going to have Apple combing through your iCloud Photos library because one photo at your kid's birthday party looked a little too similar to something in a red flag database. There is a concern this could weaken Apple's defense against government surveillance requests, but the company appears to be aware of that and holding its ground.

Also, as Gruber points out, the ones threatening to switch to Android (or those just indulging their Anything But Apple fantasies) are probably going to be very disappointed when, not if, Google implements something similar. The difference is that Apple will likely still be more respectful of privacy.
 
So if I understand this correctly, they basically take the hash of 200 known pedo images and compare them to every single one of your phone (iCloud) photos hashes? If a match pops up, they view your photo and report if it’s the same one they have to compare it to.

If you disable iCloud Photos, the hashing of all of your photos happens, it just doesn’t send that to Apple. If you turn on iCloud, it would send that to Apple.

So effectively they are just targeting people who search and download that type of stuff. They aren’t actually preventing “NEW” pedos and child trafficking?

I thought the FBI had a handle on that stuff already. You can’t touch those pedo sites without 50 law enforcement agencies knowing where you are and your entire life history.
 
So if I understand this correctly, they basically take the hash of 200 known pedo images and compare them to every single one of your phone (iCloud) photos hashes? If a match pops up, they view your photo and report if it’s the same one they have to compare it to.

If you disable iCloud Photos, the hashing of all of your photos happens, it just doesn’t send that to Apple. If you turn on iCloud, it would send that to Apple.

So effectively they are just targeting people who search and download that type of stuff. They aren’t actually preventing “NEW” pedos and child trafficking?

I thought the FBI had a handle on that stuff already. You can’t touch those pedo sites without 50 law enforcement agencies knowing where you are and your entire life history.
That's not quite it. There's only a look at the photos if you cross a certain threshold... that is, it's more than just a one-off match.

It won't stop brand new incidents, but would we really want Apple using computer vision to look for signs of new material? I'm pretty sure the answer is "no." This is mainly to prevent trading, and an attempt to strike a balance between privacy and crimefighting.
 
To all the people saying “it’s just the hashes, who cares”: I can’t remember if it was leak from Snowden, ShadowBrokers, or Hacking Team but a few years back there was a leaked script that showed they could generate files with known CP hashes on a target’s computer.

To the people saying Apple can’t be trusted and to use a Google product: Google Drive already does this.
 
Im not trying to be political here but left or right, as fellow Americans, can we not see this is just becoming too much, too far, unAmerican, dangerous, beyond acceptable? I hope everyone wakes up and sees where our nation is heading. It may be too late.
 
Why not snuff vids? Why not images showing torture, war crimes, blueprints for IEDs?

Because if you oppose this idea, you're a pedo.
Any memes on your phone suggesting Taiwan is a country =

SmartSelect_20210807-083552_Chrome.jpg
 
Last edited:
Aurelius That’s a fair assessment. I’ll definitely check it out. Thank you for the link!

But. I also would like to know what alternatives there are, up to and including just not having a smart phone.

I ditched Windows a while back for Linux because I felt like I didn’t have control over my own systems anymore. Clean install windows and then as soon as it connects to the internet I get… Candy Crush pushed to it? Not what I want.

I made a similar move to iOS because of the total mess of the android ecosystem 5ish years ago (it seems to be better now, but I trusted Google, which made their money selling ads to other companies, less than I trusted Apple, which made their money selling stuff to people).


It’s probably a bit naïve but I assumed that since Apple makes their money selling things to people and talks up things like privacy that it would be a continued benefit to their marketing to implement consumer-friendly security and privacy-conscious features, as they seemed to very positioning themselves as “the big friendly company that has your best interests in mind (even if it’s all designed to get you fully into our ecosystem and make more money off of you).”

now it seems like options for a phone device that you properly own - cloud services notwithstanding - are even less. You can’t even say there’s the reasonable assumption of your iPhone not doing things without your explicit permission once they enable this.

that’s a bummer. And I have a feeling most people aren’t going to really understand the implications of it, and just let it slide. That is also a bummer.
 
Last edited by a moderator:
  • Like
Reactions: Gavv
like this
Aurelius That’s a fair assessment. I’ll definitely check it out. Thank you for the link!

But. I also would like to know what alternatives there are, up to and including just not having a smart phone.

I ditched Windows a while back for Linux because I felt like I didn’t have control over my own systems anymore. Clean install windows and then as soon as it connects to the internet I get… Candy Crush pushed to it? Not what I want.

I made a similar move to iOS because of the total mess of the android ecosystem 5ish years ago (it seems to be better now, but I trusted Google, which made their money selling ads to other companies, less than I trusted Apple, which made their money selling stuff to people).


It’s probably a bit naïve but I assumed that since Apple makes their money selling things to people and talks up things like privacy that it would be a continued benefit to their marketing to implement consumer-friendly security and privacy-conscious features, as they seemed to very positioning themselves as “the big friendly company that has your best interests in mind (even if it’s all designed to get you fully into our ecosystem and make more money off of you).”

now it seems like options for a phone device that you properly own - cloud services notwithstanding - are even less. You can’t even say there’s the reasonable assumption of your iPhone not doing things without your explicit permission once they enable this.

that’s a bummer. And I have a feeling most people aren’t going to really understand the implications of it, and just let it slide. That is also a bummer.
There is the alternative of using other cloud services to back things up, although that's still not a guarantee of avoiding a system like this. Me? I don't like taking absolutist stances on things like this because it often leads to really warped choices that hurt more than they help. Take Richard Stallman, for example: he's so rigid about FOSS that a Chinese iPhone user probably has more practical freedom than he does.

I'd still say Apple is committed to privacy, but a step like this is... tricky. I wonder how much of this is political. Apple might be throwing a bone so that Congress doesn't do something stupid, like requiring encryption backdoors.
 
To the people saying Apple can’t be trusted and to use a Google product: Google Drive already does this.

I would assume all cloud services do. Once your data is on someone else’s computer, you’re just trusting them to leave it alone. You can’t stop them from scanning for “known bad files” though. How could you?

But now the device you “own” is going to be doing the scanning. Even if you disable iCloud photos, the capability still exists for your phone to look at your data without your permission.

Aurelius yeah, I echo your thinking on it. And while I could get by rolling my own solution, and dealing with the technical quirks of it, that isn’t an option for say, my wife, or my mom, or for all the people I know who aren’t very technical.

so the only realistic option right now is… wait and see, I guess.
 
I would assume all cloud services do. Once your data is on someone else’s computer, you’re just trusting them to leave it alone. You can’t stop them from scanning for “known bad files” though. How could you?

But now the device you “own” is going to be doing the scanning. Even if you disable iCloud photos, the capability still exists for your phone to look at your data without your permission.

Aurelius yeah, I echo your thinking on it. And while I could get by rolling my own solution, and dealing with the technical quirks of it, that isn’t an option for say, my wife, or my mom, or for all the people I know who aren’t very technical.

so the only realistic option right now is… wait and see, I guess.
The hashing takes place on the phone, and a ticket is generated. If you have iCloud photos enabled, that ticket gets uploaded along with the photo, and that's when Apple now has access to said ticket. If you cross a currently un-released number of ticket flags, Apple reports your account to a child porn org. What that org does with the info at that point is a little blury, but they likely do their own level of analysis, and report it to the child porn desk at FBI or some sort of federal cyber JTF would be my guess. I can say I have some idea of what happens at that point, and generally that flagged account info is going to be used to build a profile on said person. They would wait until they have a solid case with more correlation of data sets before they ever bring anything to a judge.
 
That's not quite it. There's only a look at the photos if you cross a certain threshold... that is, it's more than just a one-off match.

It won't stop brand new incidents, but would we really want Apple using computer vision to look for signs of new material? I'm pretty sure the answer is "no." This is mainly to prevent trading, and an attempt to strike a balance between privacy and crimefighting.
And just why is Apple doing "crimefighting"? The last time I checked it was a company which make phones and stuff, not a law enforcement agency. Would you please explain when and why Apple gained law enforcement credentials to go alongside the phone, tablet and computer manufacturing market.

I'd also like to know why you don't seem to notice the disconnect between a technology company becoming a law enforcement agency. Or why you don't understand how this will be abused and perverted down the line by people in the company as well as government actors and whoever else decides to join in legally or illegally. It's also not taking into account how it will be expanded to include other things later. You're also ignoring the fact that the "threshold" can and will be adjusted which will accidentally or intentionally create false positives. It's also an end-run around the Constitutional protections US citizens have. Something like this allows law enforcement to bypass search and seizure laws since the one doing the reporting isn't the government.

This is a stupid idea being pushed for reasons they haven't told you but some of them are not difficult to figure out. They're hiding the real reasons from you by saying it's for child porn. If you come out against what they're doing for whatever reason, they'll say you must be a pedo if you don't support any measures they decide to take to combat it.
 
And just why is Apple doing "crimefighting"? The last time I checked it was a company which make phones and stuff, not a law enforcement agency. Would you please explain when and why Apple gained law enforcement credentials to go alongside the phone, tablet and computer manufacturing market.

I'd also like to know why you don't seem to notice the disconnect between a technology company becoming a law enforcement agency. Or why you don't understand how this will be abused and perverted down the line by people in the company as well as government actors and whoever else decides to join in legally or illegally. It's also not taking into account how it will be expanded to include other things later. You're also ignoring the fact that the "threshold" can and will be adjusted which will accidentally or intentionally create false positives. It's also an end-run around the Constitutional protections US citizens have. Something like this allows law enforcement to bypass search and seizure laws since the one doing the reporting isn't the government.

This is a stupid idea being pushed for reasons they haven't told you but some of them are not difficult to figure out. They're hiding the real reasons from you by saying it's for child porn. If you come out against what they're doing for whatever reason, they'll say you must be a pedo if you don't support any measures they decide to take to combat it.
I'm sorry, but "slippery slopes" are called logical fallacies for a reason — because assuming the worst possible outcome is often irrational and seldom realistic.

There are thorny privacy issues here, and we should absolutely hold Apple's feet to the fire if it ventures further. I won't shout "won't someone please think of the children?" if it goes away. But assuming this will be expanded, intentionally used for false positives, and pushed for secret motives? Er, no. I want evidence-based reasoning, not wild speculation based on what you're worried might happen. It's possible to be concerned about Apple's move without devolving into Chicken Little panicking.
 
Not sure if it’s been mentioned yet - but this does not use cryptographic hashes. What that means is that many hash “collisions” are possible (and inevitable) - ie. several very different photos will each compute the same hash. Fuck Apple at this point and even more so fuck anyone braindead enough to even remotely defend this crap running on $1000+ HW without explicit approval/installation/opt-in by the owner of said HW.
 
Not sure if it’s been mentioned yet - but this does not use cryptographic hashes. What that means is that many hash “collisions” are possible (and inevitable) - ie. several very different photos will each compute the same hash. Fuck Apple at this point and even more so fuck anyone braindead enough to even remotely defend this crap running on $1000+ HW without explicit approval/installation/opt-in by the owner of said HW.

https://hardforum.com/threads/apple...hild-sex-abuse-images.2012731/post-1045099567

Agreed. I think the term "fingerprint" is preferable here.
 
I'm sorry, but "slippery slopes" are called logical fallacies for a reason — because assuming the worst possible outcome is often irrational and seldom realistic.

There are thorny privacy issues here, and we should absolutely hold Apple's feet to the fire if it ventures further. I won't shout "won't someone please think of the children?" if it goes away. But assuming this will be expanded, intentionally used for false positives, and pushed for secret motives? Er, no. I want evidence-based reasoning, not wild speculation based on what you're worried might happen. It's possible to be concerned about Apple's move without devolving into Chicken Little panicking.
Bullshit. Slippery slope is anything but a logical fallacy; it's 100% true. What's also true is the "logical fallacy" people refuse to see what happens. It's rather ironic that you say slippery slope can't exist and yet in your very next statement you bring up how Apple can go further and how it needs to be watched. Amazing, you just described slippery slope perfectly.

This is a pure privacy violation with a company acting as an extension of government. Why don't you have a problem with this? You've already admitted to it being a slippery slope so I have to wonder how far down the slippery slope you're okay with.

Again, what are you reasons for allowing privacy to be eroded further. You must have reasons to want this since you're perfectly willing to allow it to happen. What are you getting out this erosion of people's privacy. It's the only reason you wouldn't fight against this and instead support it.

And this is anything but a chicken little scenario. Social media and companies such as Google, Facebook and Apple use all your private information, even information you haven't given them to create profiles. Those profiles are used and sold. I remember not too long ago that people were accused of being chicken littles when they said that would happen. I remember when people were talking about government literally spying on all communications without warrants and they were accused of being chicken littles. Guess what happened there?

If you want to see a real logical fallacy, look at your own argument. It's nothing but a bunch of logical fallacies bunched up together. You claim to want logic based evidence and yet you can't see everything these companies and government have done over the years.
 
Bullshit. Slippery slope is anything but a logical fallacy; it's 100% true. What's also true is the "logical fallacy" people refuse to see what happens. It's rather ironic that you say slippery slope can't exist and yet in your very next statement you bring up how Apple can go further and how it needs to be watched. Amazing, you just described slippery slope perfectly.

This is a pure privacy violation with a company acting as an extension of government. Why don't you have a problem with this? You've already admitted to it being a slippery slope so I have to wonder how far down the slippery slope you're okay with.

Again, what are you reasons for allowing privacy to be eroded further. You must have reasons to want this since you're perfectly willing to allow it to happen. What are you getting out this erosion of people's privacy. It's the only reason you wouldn't fight against this and instead support it.

And this is anything but a chicken little scenario. Social media and companies such as Google, Facebook and Apple use all your private information, even information you haven't given them to create profiles. Those profiles are used and sold. I remember not too long ago that people were accused of being chicken littles when they said that would happen. I remember when people were talking about government literally spying on all communications without warrants and they were accused of being chicken littles. Guess what happened there?

If you want to see a real logical fallacy, look at your own argument. It's nothing but a bunch of logical fallacies bunched up together. You claim to want logic based evidence and yet you can't see everything these companies and government have done over the years.
I'll be blunt: your response is an incoherent shamble that, among other things, falsely accuses me of not just explicitly endorsing this, but of having malicious ulterior motives just because I refuse to adopt your view without question. You make basic factual errors, too, like your claims the government is "literally spying on all communications" (there's serious overreach, but it's not everything... that's a subject for another thread or forum).

I'm not going to have a debate with someone who only deals in hyperbole, and can't even present a cogent argument in the process.
 
I'll be blunt: your response is an incoherent shamble that, among other things, falsely accuses me of not just explicitly endorsing this, but of having malicious ulterior motives just because I refuse to adopt your view without question. You make basic factual errors, too, like your claims the government is "literally spying on all communications" (there's serious overreach, but it's not everything... that's a subject for another thread or forum).

I'm not going to have a debate with someone who only deals in hyperbole, and can't even present a cogent argument in the process.
No, you're running away because you cannot defend your argument as it's indefensible. Additionally every single point you have brought up has been refuted with examples.
 
Here, have an article about perceptual hashes--and the problem with them: https://rentafounder.com/the-problem-with-perceptual-hashes/
No need to convince me of their problematic use in this application! ;)

We don't yet have details about the algorithm used by Apple though as it's not public, but false positives are an inherent problem of these image hashing methods. That's the message I intended to convey (*not* that they were a "safe" alternative to cryptographic hashes, in case it read that way).

Interesting link, BTW. Thanks.

This (if you can stomach Twitter -- I can make ~ 3 mins before vomiting)
https://twitter.com/matthew_d_green/status/1423071186616000513

was posted here the other day (comments):
https://news.ycombinator.com/item?id=28068741
 
No, you're running away because you cannot defend your argument as it's indefensible. Additionally every single point you have brought up has been refuted with examples.
Like I said, I'm not going to debate with someone who's incoherent, deals in hyperbole, and whose "examples" are curiously devoid of tangible information.

You will not respond to me again in this thread unless it's to apologize and discuss things in a nuanced, intelligent manner. If you respond for any other reason, I will consider it harassment and report you.
 
Back
Top