LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Apple Installs Mandatory Software on Every Apple Device That Allows Engineers to See Your Photos, Approve Your Searches

Tags: , , , , , , , , Date/Time: August 14, 2021 @ 12:00 am, by raindog308

Apple SpyApple announced today that will begin scanning every photo, iMessage, and search you perform on your iPhone, iPad, and Mac in order to verify that Apple approves of the content you are viewing.  Under the Apple “Child Safety” program, this new mandatory software will

  • Scan every photo you take
  • Allow Apple engineers to review every photo you take
  • Scan all media on your device
  • Require you to store a database on your device that Apple will update in order to check your content
  • Allows Apple to review your searches in real time to decide if Apple wants to intervene to block the search

Installation of this software and granting access is mandatory and users are not permitted to opt out.

Will all of this is done nominally to eliminate child pornography, the EFF commented how inevitably this will be weaponized to subvert privacy:

“Child exploitation is a serious problem, and Apple isn’t the first tech company to bend its privacy-protective stance in an attempt to combat it. But that choice will come at a high price for overall user privacy. Apple can explain at length how its technical implementation will preserve privacy and security in its proposed backdoor, but at the end of the day, even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor is still a backdoor.”

Apple Privacy J/K

 

I'm Andrew, techno polymath and long-time LowEndTalk community Moderator. My technical interests include all things Unix, perl, python, shell scripting, and relational database systems. I enjoy writing technical articles here on LowEndBox to help people get more out of their VPSes.

8 Comments

  1. BradEK:

    I’m sorry but there is a considerable amount of incorrect information in this post.

    * The product does not necessarily scan every photo. Only photos uploaded to iCloud.
    * It does NOT allow Apple engineers to review every photo. If you are flagged (after hitting an unpublished threshold) low quality copies of you images are sent to Apple for review. Outside those flagged images nothing else is viewable by Apple engineers.
    * It does NOT scan all media. It specifically scans photo uploaded to iCloud. Not photos stored local, not movies downloaded, not music, etc.
    * It does not review your searches. I am assuming this is a reference to phones identified as used by people under the age of 13 by their parents. In this situation some information could be forwarded to a parent but if you are an adult, no searches are review in real-time…

    There are plenty of good articles on what this new tool can do and what it limitations are. Please go find one….

    August 14, 2021 @ 1:31 am | Reply
    • raindog308:

      What you’ve described is what Apple *says* they will do, Scout’s honor, really we promise, etc. What this article describes is what Apple will be *capable* of doing. The only difference is that you are willing to believe what Apple (unaudited, with zero external oversight, etc.) is saying they will do and trust they will go no further.

      The client-side technology will indeed allow Apple to scan all photos, media, etc. Also, the linked article states that “Siri and Search are also being updated to intervene”, and there is no limitation to people under age 13.

      August 14, 2021 @ 11:28 am | Reply
  2. BradEK:

    “Apple announced today that will begin scanning every photo, iMessage, and search you perform on your iPhone, iPad, and Mac“

    I don’t see a CAN or ARE CAPABLE in there at all. I do see “will begin scanning every”. That’s fear mongering.
    Could they. Maybe. But they are not. And Apple says the process will be auditable. You could have presented both side of equation with true concerns. You didn’t.

    August 14, 2021 @ 8:13 pm | Reply
  3. Jhay:

    @BradEK
    Reading your argument and thinking aloud I have to side with @raindog…

    let’s describe it this way…
    “EVERY VPS installed will have an authorized_key installed to enable the provider to access, scan for illegal images and software and conduct other maintenance deemed necessary. We promise not to abuse it if you are a good admin, but you may NOT opt out once you have paid £1000 for your device…”

    I think a little fear mongering is in order…

    But the I use lineage on a chinese made droid… who knows what spyware is in the chip… I am suspicious of someone selling me a fruit with a bite taken out of it… LoL

    August 15, 2021 @ 1:22 pm | Reply
  4. BradEK:

    @Jhay,
    I understand your point but Apple has said these processes will be auditable. In addition they did specifically state they would not be doing the very things stated in this article.
    Now, your points are valid that they COULD do them. An an article that stated this is what they are doing and this is what MIGHT POSSIBLY be enabled at some point with this technology would be valid.
    But all the hypotheticals above were stated as fact. My point is only that what is being done now and what could possibly be done in the future should be clearly defined.

    By only stating that they were being done now and no caveats presented really presents this article as complete fear mongering…

    August 15, 2021 @ 7:23 pm | Reply
    • Jhay:

      @BradEK

      Point taken…
      agree that upon research you are technically correct.
      However, like SoftieMicro, they are forcing a mandatory update onto the customer owned equipment… AND laying the groundwork for their surveilance.

      So, correct, they ARE not “doing it”… but they are jamming the backdoor wide open… and we know there is little point in closing the barndoor after the horses are out… (i.e. better 2 fear monger now ;-)

      don’t get me wrong, I am NOT in favour of or even tolerant to any abuse (including child pprn). But the fruity guys are way off track with trying to be a law enforcement company (<- note oxymoron!)…

      time to jailbreak those coveted devices!

      PEACE!

      August 16, 2021 @ 1:07 pm | Reply
  5. BradEK:

    Another thought, Apple is FAR from alone in this. Dropbox, Google, Microsoft and Facebook all scan items in their cloud products for CSAM.

    https://www.macworld.com/article/352875/apple-ios-15-csam-scanning-icloud-photos-messages-siri-search-faq.html

    “Yes, most cloud services, including Dropbox, Google, and Microsoft, as well as Facebook also have systems in place to detect CSAM images. These all operate by decrypting your images in the cloud to scan them.”

    August 15, 2021 @ 7:29 pm | Reply
  6. BradEK:

    @Jhay,

    Agree they are taking a different approach to this then other companies but I am not sure yet that it is necessarily so bad. Remember that Google, Facebook, Dropbox and Microsoft all perform scanning for this type of content on their cloud environments. Facebook reported over 22 MILLION infractions last year where Apple reported something like 250 (just 250).
    So clearly Apple was not really performing any proactive scanning for this content in the past. So, is it particularly better to have this performed brute force on the cloud side or locally on the device itself?

    August 16, 2021 @ 1:48 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *