Apple will remotely install software to scan all US phones for child sex abuse images

Gavv

[H]F Junkie
Joined
Dec 4, 2005
Messages
14,552
Original + Battery $259.99 for S9
https://www.batteriesplus.com/service/cell-phone-repair/samsung/galaxy-s9/galaxy-s9

I don't think it would even go to a court case since if the police arrive at your door, you can allow and even invite them to search your residence. That example can be applied to your phone when you agree to the terms of use of your iPhone. Now the case could be argue that you have that choice at a specific time and not a one time invitation which allows the police to randomly at anytime come and search your residence plus the key difference is you know when the police will look and a chance to say no the next time. So maybe your right too. A blanket endless permission which may change as time goes on seems over the line to a large extent.

With this it can change because you can allow but you can also make them get a warrant and they have to convince a judge to say yes.

With this you’re suggesting an over reach of mega proportions. What you saying is they came once and someone may have said yes which then gives them permission for all subsequent visits.

What I object to is someone coming in essentially reading a diary and then being prosecuted for it. Under the guise of finding the pedo’s where does it stop? What if I’m writing a novel (murder mystery) and they go so far as to read my notes? Where exactly is this magical line?

Which how do we know everyone checking these things are ethical? trained? And have any background at all in law?
 

noko

Supreme [H]ardness
Joined
Apr 14, 2010
Messages
6,530
With this it can change because you can allow but you can also make them get a warrant and they have to convince a judge to say yes.

With this you’re suggesting an over reach of mega proportions. What you saying is they came once and someone may have said yes which then gives them permission for all subsequent visits.

What I object to is someone coming in essentially reading a diary and then being prosecuted for it. Under the guise of finding the pedo’s where does it stop? What if I’m writing a novel (murder mystery) and they go so far as to read my notes? Where exactly is this magical line?

Which how do we know everyone checking these things are ethical? trained? And have any background at all in law?
I agree with much what you said. People tend to jump to conclusions, make rash judgements and then defend their opinions to the hill in court cases. Plus are not searches normally limited in scope, while an invite can be everything goes?
 

Gavv

[H]F Junkie
Joined
Dec 4, 2005
Messages
14,552
I agree with much what you said. People tend to jump to conclusions, make rash judgements and then defend their opinions to the hill in court cases. Plus are not searches normally limited in scope while an invite is rather can be everything goes?

Honestly I would like to believe so but thank goodness I have never had to experience it.

My thoughts just go to the abuse that will eventually happen with this kind of stuff.

Time will tell.
 

emphy

Limp Gawd
Joined
Aug 31, 2016
Messages
296
I alluded to it, they'll sell access to the data to the highest bidder. If you think Apple is really all about privacy, you're wrong. They just like to be in control of everything in their ecosystem to maximize profits for themselves.
Like google, they'll likely keep the data in-house and sell the advertising space dependent on the metrics.

Thanks to all those wonderful correlation detection algorithm accelerators they call ai processors, apple can more easily find excuses to pretend there's no privacy problems by performing the majority of processing on-device.
 

GoldenTiger

Fully [H]
Joined
Dec 2, 2004
Messages
22,045
How ... did you come to find that out? Regardless, for some reason (lack of sleep? mental degradation?) I can't stop geeking in my chair about how funny that is.

And I guess since the thread is based on privacy/security, it merits mention that the quoted practice.. is ironically probably a very good security measure.

I just noticed she loses a lot of posts constantly:p after her comments about bad post numbers in the past. It is kinda funny.
 

t1337duder

Limp Gawd
Joined
Sep 7, 2014
Messages
200
Imagine how fun someone would have, being a hacker with Pegasus and secretly uploading flagged images on user phone's iCloud using an SMS exploit? I'm sure feds and government will have lots of fun operations with this. No longer have to entrap people with underage prostitutes who say they're 18.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,437
Im not trying to be political here but left or right, as fellow Americans, can we not see this is just becoming too much, too far, unAmerican, dangerous, beyond acceptable? I hope everyone wakes up and sees where our nation is heading. It may be too late.


It's too late. Voting wont help. Reps & Dems are all the same party. All down the golf course on a Saturday. They both work for the exact same people...just not you.
 

sc5mu93

Gawd
Joined
Jul 11, 2018
Messages
655
If you're a generation z then most don't have the computer background to understand what's going on. Millennials are too busy working to pay attention and if you're older then you think it's made of magic. Probably demon magic. If it's brought to the light then people will shit bricks but it's not like TikTok or CNN are talking about these issues.
Except Gen Xers due to age and experience are now the Distinguished Technologists and Senior Architects designing and building this crap. Remember Gen Xers are 41-56. Prime working years, and most straddled the digital transition so they get it more often better and deeper than the newbies.
 

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
Because snuff films are not a massive issue. Pedophilia and pederasts take and share photos like this constantly. It's a massive issue. Considering the way this is being done via a hash database on iCloud, I honestly don't see the problem.
no if you read it right, it's downloaded to your phone and scans your phone, and it's not just the hashes they also have something that sends any questionable images back to HQ for human verification. i just hope you don't have any pics of your daughter/neice in a bikini. or one some nudes of your hot 18yo wife that someone may think is underage... or just think of all the dumb highschool girls that like to take pictures of themselves or their friends... because once your flagged that's it, their gonna take not only your phone but ALL your electronics and then your dealing with the legal system and what do you tell your boss/neighbors/family? what if you run a small business?
 
  • Like
Reactions: noko
like this

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
I’ve slowly been won over by Apple over the years, and was just about to go all in on their ecosystem. I liked the ease of use. I liked the long support tail of iOS. I liked the constant harping on privacy they were doing. “Oh, we can’t even read your imessages because they’re end to end encrypted” and such and so on.

but this just flies right in the face of it. Why spend all that time billing themselves as a privacy friendly company and then undo all that marketing with an announcement like this?
You have to be trusted by the people that you lie to
So that when they turn their backs on you
You'll get the chance to put the knife in
-Roger Waters (Pink Floyd - Dogs)
 
Joined
Apr 9, 2021
Messages
720
no if you read it right, it's downloaded to your phone and scans your phone, and it's not just the hashes they also have something that sends any questionable images back to HQ for human verification.

Sounds like a great way to recruit politicians.
 

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
That's the issue, they technically aren't. Apple is passing this to a private organization that fights online child porn. What that organization chooses to do with it at that point is on them. I agree the laws need to change, but this isn't illegal by any measure.
so any file that is flagged on an Iphone is sent to a "private orginazation"? wow, and you're ok with that. guess you won't mind once they pass the law for electronic locks on your house so the government can send someone over daily to check for any objectionable material in your home, huh?
 

Halon

Gawd
Joined
Aug 13, 2004
Messages
658
So what do we do? When we have one cell phone family that cheerfully, remorselessly sells every scrap of data it can collect about its users to advertisers, and the other insists it values your privacy while imposing a walled garden, makes self-serving choices about its hardware, takes its developers largely for granted, and is now pushing actions like this behind the scenes, where do we go? Do I need to go back to using a dumbphone?
 

scojer

Supreme [H]ardness
Joined
Jun 13, 2009
Messages
7,656
So what do we do? When we have one cell phone family that cheerfully, remorselessly sells every scrap of data it can collect about its users to advertisers, and the other insists it values your privacy while imposing a walled garden, makes self-serving choices about its hardware, takes its developers largely for granted, and is now pushing actions like this behind the scenes, where do we go? Do I need to go back to using a dumbphone?

Maybe just a landline is the way to go.

Most of the newer flip phones these days are still Android based, and all the major carriers eventually drop support for older devices.

https://www.androidheadlines.com/2020/08/us-carriers-end-3g-verizon-at-t-mobile.html
https://www.tomsguide.com/news/t-mo...for-some-phones-how-you-can-get-a-replacement
https://www.howtogeek.com/719574/why-old-phones-dont-work-on-modern-cellular-networks/
 

1_rick

[H]ard|Gawd
Joined
Feb 7, 2017
Messages
1,972
maybe watch the rossman video on it or read the article that i'm about to link, the program will be expanded in the future to search for images or text relating to terrorism, or anti government protest.
For those who don't think this will happen, consider how much the Patriot Act is used for terrorism and how much it's used for more ordinary crime.
 

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
travm totally agreed about the internet and cloud services But internet connected devices that you are supposed to own, now scanning data you thought was private?

I’ve already disabled auto iOS updates on our two iPhones and my iPad, and disabled iCloud photo. But it seems like unless Apple changes course my next phone will have to be something else. Who knows what will even be a viable option by then.
you can by a de-googled phone from brax.me or check this list out for non-google non-apple security phones, that run off linux. there's more but i can't find the one i'm looking for... https://www.techradar.com/best/secure-smartphones
 

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
Dumphone aren't any better, texing is hell on and their poor sec makes then sitting ducks for eavesdroppers.
actually i can drive down the road and text with one hand on my dumbphone using T9. good luck driving and texting with a smartphone.. no wonder they made it illegal
 

Mchart

Supreme [H]ardness
Joined
Aug 7, 2004
Messages
4,660
so any file that is flagged on an Iphone is sent to a "private orginazation"? wow, and you're ok with that. guess you won't mind once they pass the law for electronic locks on your house so the government can send someone over daily to check for any objectionable material in your home, huh?
My opinion is irrelevant. I'm stating the legal facts. Walking around like the village idiot screaming this is unconstitutional helps no one. This is perfectly legal for Apple to do (As others have done already, like Adobe, Google, etc). In order for this to be made illegal, someone needs to bring it to court, and/or our legislative branch needs to do their fucking job and make law. And again, you seem to have a hard time understanding that private companies offering you a service can get away with A LOT. Apple isn't handing this over to agents of the government, unlike the idiotic example you gave about locks. They are handing it over to another private organization.
 
Last edited:

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
yeah I"m going to need proof of that if I'm to believe that.
you never used T9? my phone looks like this:
samsungphone.jpg
 

aloola797

n00b
Joined
Aug 9, 2021
Messages
2
This is insane.

If you ask me, I don’t care what device you have. If they want your info/pics, they get it. I think they are just slowly breaking it to the public that they own you.
Pine Phone and Freedom phone but I still have yet to choose a carrier. Any suggestions?
 

Mchart

Supreme [H]ardness
Joined
Aug 7, 2004
Messages
4,660
Pine Phone and Freedom phone but I still have yet to choose a carrier. Any suggestions?
There isn't a single wireless carrier that doesn't datamine everything going through it. You build security end-to-end. That's it.
 

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
Freedom phone
that's the one i was thinking of but couldn't remember!!! prob t-mobile if you have service where you live.

There isn't a single wireless carrier that doesn't datamine everything going through it. You build security end-to-end. That's it.
that's why you cut google/apple out the equation, and i'm sure the "secure phones" keep most things encrypted or you could use a vpn for data and use secure messaging (telegram?) if you wanted to. but really these days your better off talking to someone than sending any kind of sensitive info on text because we already know that your sms are all saved on a server somewhere and don't disappear when they are deleted off the phone. and that with verizon, whoever holds the master account can go in and look at all the other users on their plan's texts. and it was verizon i remember was the first one that came out saying that they give the NSA unrestricted access to user data.
 
Last edited:

d3athf1sh

Gawd
Joined
Dec 16, 2015
Messages
914
I with you on the keyboards. If I could find a good dumb phone with a keyboards that is not old as dirt Id be useing it right now.
last couple phones i got were off ebay for like $10-30 and were like brand new almost. and i only pay $15/month for Tmobile prepaid unlimited talk/text
 

SamuelL421

Limp Gawd
Joined
Jun 3, 2016
Messages
411
Interesting read:
This is the technical spec for the image hashing and CSAM detection.

For the longest time I've run iOS on the family mobile devices. iOS primarily because I dislike apple's support cycle (a miserly 3-4 years of updates) less than the abysmal long-term OS support on the average android phone. The privacy bits were always a nice value added proposition - I like the device encryption, treatment of advertising identifiers, MAC randomization. This unsolicited hashing of images on personal devices though, terrible precedent to set. Apple's system as explained above is relatively well-conceived for being the big brother BS that it is. The problem as I see it, is that governments will start expecting or enforcing this sort of localized hashing of images on devices. As others noted, it's not so much Apple but rather the authoritarian governments and other companies that I'm worried about.

For all of the effort put into Apple's complex (convoluted) system to ensure the semblance of privacy through this, it still leaves room for issues. The actual image hashing is some (proprietary) flavor of locality-sensitive hashing (LSH) to give similar images a similar or identical hash. Supposedly, any cropped or resolution scaled image is still going to represent a separate (but similar?) hash. So now we have these millions of hashes and their millions of corresponding slight variation hashes. Now consider hundreds (or thousands) of pictures from each of the estimated 1 billion+ iOS users worldwide. You are absolutely going to run into the birthday problem / hash collision at some point.
 
Last edited:

LukeTbk

[H]ard|Gawd
Joined
Sep 10, 2020
Messages
1,446
You are absolutely going to run into the birthday problem / hash collision at some point.
The Apple claim is one in a trillion error rate:
The trained network’s output is an N-dimensional, floating-point descriptor

That sound like for something of relatively small size (1 billion * 1,000 pictures) could have a good chance to all have single unique hash, the simple microsoft GUID :
the number of random version-4 UUIDs which need to be generated in order to have a 50% probability of at least one collision is 2.71 quintillion
number is equivalent to generating 1 billion UUIDs per second for about 85 years

the probability to find a duplicate within 103 trillion version-4 UUIDs is one in a billion.


PhotoDNA has tend to be between 128 and 4096 bits.

Google have been using this since 2008, facebook since 2011, Microsoft has being running something similar on onedrive for a while, how often false positive occur must be somewhat known, OneDrive being using a photodna database hash for one drive since 2015.

I would imagine the issues being more in the is it close enough hash than actual collision and it is good to have human verification process at the end of the chain.

Discloser: I know almost nothing about the subject.
 

DukenukemX

Supreme [H]ardness
Joined
Jan 30, 2005
Messages
5,810
So what do we do? When we have one cell phone family that cheerfully, remorselessly sells every scrap of data it can collect about its users to advertisers, and the other insists it values your privacy while imposing a walled garden, makes self-serving choices about its hardware, takes its developers largely for granted, and is now pushing actions like this behind the scenes, where do we go? Do I need to go back to using a dumbphone?
My opinion is that everyone should stop using Apple products, but we all know that nobody would do that, so the alternative is to force Apple to open source their iOS software. Not only that but be forced to allow users to install their choice of OS on their phones. This way people can dig around and look at the code and remove and change what they want while being able to install it. That way you can have your CrApple and own it too. Do you seriously even own these products when Apple can do what they want?
 

cybereality

[H]F Junkie
Joined
Mar 22, 2008
Messages
8,280
If you can't trust the company, then you can't trust that the shipped binaries are actually built from the open-source code. Unless you personally verify the source (which most people aren't qualified to do), and then compile it yourself to load on your phone, you can't be sure there is not a hidden backdoor.

And, even then, there could be compromised firmware or hardware backdoors on the device that would be difficult to find, outside of advanced security researchers. In any case, Apple is never going to open-source their OS.
 

LukeTbk

[H]ard|Gawd
Joined
Sep 10, 2020
Messages
1,446
If you can't trust the company, then you can't trust that the shipped binaries are actually built from the open-source code. Unless you personally verify the source (which most people aren't qualified to do), and then compile it yourself to load on your phone, you can't be sure there is not a hidden backdoor.

And, even then, there could be compromised firmware or hardware backdoors on the device that would be difficult to find, outside of advanced security researchers. In any case, Apple is never going to open-source their OS.
And you still need to trust te actual compiler used (and the compiler used to compile the compiler) even if you are sure of the source used. That could be true for a certain level of needed security for certain device and the backdoor can be provided by a different hardware on the device, etc.... That would be true if you are an Iranian facility enriching uranium.

But for personnal phone, you can trust that the hundreds of people qualified enough to validate that the shipped binary match the source are doing it and because of the money-attention possible to be gained to make a scandal about it, that they would.

There is so many people dissembling and scanning iOS source code all the time for vulnerability, the actual code leaking from time to time plus the thousand of dev with access to it, I imagine it would be a bit of a deception and what would be learned if they one day put it on github.
 

SamuelL421

Limp Gawd
Joined
Jun 3, 2016
Messages
411
Pine Phone and Freedom phone but I still have yet to choose a carrier. Any suggestions?
that's the one i was thinking of but couldn't remember!!! prob t-mobile if you have service where you live.
...

Just a PSA, do not buy the "freedom phone" - that is a rebadged low/mid-grade chinese phone from Umidigi. Some scammer is just reselling that junk to gullible folks. If you do like that phone for some reason, just buy it direct from Aliexpress and don't line the scammer's pocket. There is another company called "freedom phones" that is just reselling marked up pixel phones with graphene OS preloaded. Still a better option than the cheap chinese one though. I would also avoid those expensive Sirin smartphones - it was hot stuff a couple years ago but the cryptocurrency token part of it stopped being supported AFAIK and I wouldn't count on continued support for the hardware either.

Pinephone is a much better choice, or the Librem5. Anything with the ubuntu mobile OS or Graphene is probably a decent choice for privacy as well.

The Apple claim is one in a trillion error rate:
The trained network’s output is an N-dimensional, floating-point descriptor

That sound like for something of relatively small size (1 billion * 1,000 pictures) could have a good chance to all have single unique hash, the simple microsoft GUID :
the number of random version-4 UUIDs which need to be generated in order to have a 50% probability of at least one collision is 2.71 quintillion
number is equivalent to generating 1 billion UUIDs per second for about 85 years

the probability to find a duplicate within 103 trillion version-4 UUIDs is one in a billion.


PhotoDNA has tend to be between 128 and 4096 bits.

Google have been using this since 2008, facebook since 2011, Microsoft has being running something similar on onedrive for a while, how often false positive occur must be somewhat known, OneDrive being using a photodna database hash for one drive since 2015.

I would imagine the issues being more in the is it close enough hash than actual collision and it is good to have human verification process at the end of the chain.

Discloser: I know almost nothing about the subject.
I don't think you're wrong on that in general. IMO the potential issue lies in the fuzzing done at the point of image hashing. Apple's proprietary bit there is key. They are grouping together images to the same hash (specifics not disclosed) where they identify a match despite minor edits. I'm willing to bet major edits, crops, resolution scale result in different hashes but only Apple knows. The fact that Apple implements a system with multiple strikes to trigger the key that allows review is telling though. I think they expect a larger amount of false positive than they let on. Their figure of "one in a trillion" probably means 1:1,000,000,000,000 that a given user won't get enough false positive flags to trigger some sort of review/issue.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
And you still need to trust te actual compiler used (and the compiler used to compile the compiler) even if you are sure of the source used. That could be true for a certain level of needed security for certain device and the backdoor can be provided by a different hardware on the device, etc.... That would be true if you are an Iranian facility enriching uranium.

But for personnal phone, you can trust that the hundreds of people qualified enough to validate that the shipped binary match the source are doing it and because of the money-attention possible to be gained to make a scandal about it, that they would.

There is so many people dissembling and scanning iOS source code all the time for vulnerability, the actual code leaking from time to time plus the thousand of dev with access to it, I imagine it would be a bit of a deception and what would be learned if they one day put it on github.


This is flawed, open source does not have people going over code all night and day, why do you think the recent wave of linux based exploits that keep popping up are 5-10 years old...and they are just being found now "Cause open source has people reading over the code all day long finding exploits and stuff" most people reading said open source do not have the skills or knowledge to know what they are looking for when it comes to security holes or possible exploits...so now that is left for a select few who are in paid positions or jobs to maybe find it...or they get word of it out in the wild and then look into it. OpenSSL exploit anyone....10 years was out there...
 

LukeTbk

[H]ard|Gawd
Joined
Sep 10, 2020
Messages
1,446
This is flawed, open source does not have people going over code all night and day, why do you think the recent wave of linux based exploits that keep popping up are 5-10 years old...and they are just being found now "Cause open source has people reading over the code all day long finding exploits and stuff" most people reading said open source do not have the skills or knowledge to know what they are looking for when it comes to security holes or possible exploits...so now that is left for a select few who are in paid positions or jobs to maybe find it...or they get word of it out in the wild and then look into it. OpenSSL exploit anyone....10 years was out there...
I am not sure what part of what you quote is flawed relative to that answer.

I am saying that it would be a deception of finding scandalous flaw (or otherwise) for something like iOS if it would go on github tomorrow in part of that reason, people that look at iOS everyday for known flaw to jailbreak it for the giant piracy China market of alternative illegal store and already finding those and the unknown flaw (that all code have) that are that, are well unknown and people scanning it would not find them, like the OpenSSL one.
 

StoleMyOwnCar

2[H]4U
Joined
Sep 30, 2013
Messages
2,238
I liked my iPhone 8 Plus for what it was, but I guess it is time to ditch it. I am an anime fan. If you know anything about anime, you'll know that some character designs might be misconstrued as underage (or they might even be underage, they're just drawing so no one should care), and possibly in revealing clothing. They're just drawings and fiction, but any agency looking at this might be too retarded, or might not even care. Even if I don't get taken off to jail, I'll probably be marked/flagged by this. I don't use iCloud at all, and I don't just text anime around often, but just seeing this on the horizon is enough of a warning flag. Either this garbage will be stillborn, or it will spiral out of control into something far more insidious than this. I need to bail. Where to, though? I don't know. There's a reason I left the Android landscape. I guess it's time to start looking for a new phone.
 
Top