> - It's run _before upload to iCloud Photos_ - where it would've already been scanned anyway, as they've done for years (and as all other major companies do).
Then why build this functionality at all? Why not wait until it's uploaded and check it on their servers and not run any client side code? This is how literally every other non-encrypted cloud service operates.
I assume (and this is my opinion, to be ultra-clear) that it's a blocker for E2E encryption. As we've seen before, they wanted to do it by backed off after government pressure. It wouldn't surprise me if this removes a blocker.
Apple has shown that they prefer pushing things to be done on-device, and in general I think they've shown it to be a better approach.
From what I remember iCloud is only encrypted at rest but not E2E. Apple can decrypt it anytime.
The password manager (Keychain) is the only fully encrypted part of iCloud; If you lose your devices or forget the main password, the manager will empty itself. This does not happen with any other part of iCloud.
That really makes little to no sense - it's not E2EE if you're going to be monitoring files that enter the encrypted storage. That's snakeoil encryption at that point.
I sincerely doubt Apple is planning to do E2EE with iCloud storage considering that really breaks a lot of account recovery situations & is generally a bad UX for non-technical users.
They're also already scanning for information on the cloud anyway.
Eh, I disagree - your definition feels like moving the goalposts.
Apple is under no obligation to host offending content. Check it before it goes in (akin to a security checkpoint in real life, I guess) and then let me move on with my life, knowing it couldn't be arbitrarily vended out to x party.
