undefined | Better HN

0 pointsdjrogers4y ago0 comments

> The backdoor might be inactive for now, but there would still be a backdoor on my phone

The key (from Apple's POV) is that this is done on your device, so the model can be audited, and users will know if it changes or is suddenly enabled where it wasn't before. Apple has documented the entire threat model and their design decisions realted to each threat vector.

It's worth reading the document, as it becomes pretty clear that this is a step towards enabling E2E for iCloud Photos.

The alternative to what Apple did is cloud-based scanning, which is less transparent, permanently disallows E2EE, and is more vulnerable to being changed by national decree. If CSAM scanning is going to (or is already) mandatory, I vastly prefer Apple's method here.

[1] https://www.apple.com/child-safety/pdf/Security_Threat_Model...

0 comments

1 comments · 1 top-level

nzealand4y ago

> If CSAM scanning is going to (or is already) mandatory, I vastly prefer Apple's method here.

This is such a good point. The US government has been heavily pushing for backdoors, and can gag discussion under threat of national security.

It also seems counter productive to punish the one corporation who is apparently being transparent about this. Nobody here likes marketing BS, but this reaction here on HN is why we get marketing BS instead of technical details.

Edit: Legally, these searches do not violate the 4th amendment because the government pretends hash scans are entirely voluntary. Most ISPs and email companies "voluntarily" choose to hash match. I can't remember the specifics, but ISPs that refuse to do this have been threatened with legal action.

https://www.bjcl.org/blog/hashing-it-out-how-an-automated-cr...

j / k navigate · click thread line to collapse