undefined | Better HN

0 pointscwizou4y ago0 comments

I think everyone is offended on scanning being done on device and not on their servers (which I had assumed they might already did, quite frankly, Google Photos and others already do), and selling that as being privacy forward.

Considering they hold the keys and the scheme already allows them to decrypt as a last step the users photos, this is not exactly a progress. It just maintains the illusion that those backups are encrypted while they (ultimately) aren't.

I've personally (and some may disagree) always assumed that anything you put in any cloud (and that includes the very convenient iCloud backups that I use) is fair game for local authorities, whether that's true in practice or not.

Putting a "snitch" on device, even if it's only for content that's going to the cloud (and in the case of an iCloud backup, doesn't that mean all your iPhone content ?) is the part that goes a step too far and will lead to laws in other countries asking for even more.

Once you've opened the door to on device scanning, why limit it to data that goes to iCloud ? Why limit it to photos ? They proved they have the "tech" and governments around the world will ask for it to be bent to their needs.

I'm sure the intent was well meaning but I'd much rather they just do this on their premises and not try to pretend they do this for privacy.

0 comments

3 comments · 1 top-level

imranhou4y ago· 2 in thread

Imagine someone was hired to reduce the problem of child trafficking/exploitation, and are the head of this group at the justice dept. Lets say they have the option to work with private orgs that may have solutions that could walk a fine line between privacy and their dept goals.

I'm interested in knowing your perspective on how one should approach achieving these goals.

cwizouOP4y ago

Quite frankly I'm not sure this should be the role of one employee of a justice department, so I'm not sure how to answer this ?

At the end of the day I think that any such effort should be legislated, in any jurisdiction, and not just rely on the good will that a government (or one of its employee) can garner from private orgs.

As to what legislation should look like, this is a complex issue, many countries are making various form of interceptions legal (mostly around terrorism) already.

Should a law clearly mandating that any cloud provider scan their users content through some technology like Microsoft's PhotoDNA be passed by various local governments ? I'd much rather see that, personally.

Again, my opposition to this is centered around the fact that Apple is doing this on device and selling this as, as you put it, walking a fine line with their privacy stance.

While it may have been their original intent, I believe they have opened a door for legislators around the world to ask this technology be extended for other purposes, and given time, they absolutely will.

You didn't ask but what I wish Apple did was what everyone else did : scan on their servers, because they can, and not do it on device to keep the illusion that they can't access your photos.

Edit : Random link about PhotoDNA being used by Google and Facebook, there are probably better sources : https://petapixel.com/2014/08/08/photodna-lets-google-facebo...

cwizouOP4y ago

Can't edit any more but as provided in another thread by another user, they were already, as I had originally assumed, doing it server side : https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-...

j / k navigate · click thread line to collapse

0 comments

3 comments · 1 top-level

imranhou4y ago· 2 in thread

I'm interested in knowing your perspective on how one should approach achieving these goals.

cwizouOP4y ago

Quite frankly I'm not sure this should be the role of one employee of a justice department, so I'm not sure how to answer this ?

As to what legislation should look like, this is a complex issue, many countries are making various form of interceptions legal (mostly around terrorism) already.

Again, my opposition to this is centered around the fact that Apple is doing this on device and selling this as, as you put it, walking a fine line with their privacy stance.

You didn't ask but what I wish Apple did was what everyone else did : scan on their servers, because they can, and not do it on device to keep the illusion that they can't access your photos.

Edit : Random link about PhotoDNA being used by Google and Facebook, there are probably better sources : https://petapixel.com/2014/08/08/photodna-lets-google-facebo...

cwizouOP4y ago

j / k navigate · click thread line to collapse