Imagine a government agency ordered Apple to include hashes of all documents they wanted to track into that kiddie porn database. Suddenly the government knows who's got that antivax meme JPG. Or tax protest DOC. Or an environmental report PDF.
And it's just hashes! Apple won't know what they're tracking, so they can't say "no".
Now tell me you honestly believe no government *ever* will take advantage of this invisible monitoring power.
@ericphelps To be fair, a dedicated government with the right kind of access to certain companies already would have that kind of capability trough malware monitoring / antivirus software that is on mostly every system today. As far as I know, Windows Defender will upload hashes of new files it finds when "Cloud-delivered protection" is on. As will Google Play Protect with the default settings.
The difference is maybe that Apple is specifically not talking about malware here.
@ericphelps You won't have to imagine for much longer.
[in Adam Curtis voice]
"And they thought they were rational people, liberated by the technology which the geniuses of the information revolution had created...but in reality the software they used was keeping them under control. It was a prison with automated policing, all made by Sillicon Valley."
My hosting company has the option to opt in a check on such a hash database, pretty nice, though some weeks back I got an email reporting on an accident:
The database is filled in by police etc. and they uploaded 'standard wordpress images' and so a lot off peeps got WARNINGS! (i'm not sure if the police is informed if something doesn't come back good, as it's a tool recommended for websites that allow user uploads).
So you scenario is very real.
@ericphelps This is one of the most succint explanations of why this is a worrying move that I've seen so far
@ericphelps I went on a rant about this and then deleted it. Too much power over many by the few.
The few want to know the world's thoughts, while keeping solely their own private.
They're not just doing hashing; they're mixing it with image recognition and neither is a reliable method under current technology, especially on a phone's computing power.
@ericphelps That is perhaps the most fundamental flaw in the whole system. Apple says it is only scanning for child porn, but what they are actually scanning for is a list of file hashes. Apple has no idea what they are actually scanning for. All it takes is a government being able to slip some false hashes into the list and this becomes a system for tracking dissidents, leakers, etc.
@wolf480pl Let's be real. If the kiddie pic traders know Apple is watching images, they'll switch to sharing epubs. Or zips. Or docs with embedded pictures (maybe embeds that you double click to open?). Or... Any number of ways.
So phase two will be to extend the search beyond pictures to include all sorts of things. There's no limit to the level of surveillance they can do in the name of child porn.
The Chinese Communist Party will love this.
@ericphelps That's why, limux phones (hardware as well as software) are necessary. There should be no hardware backdoors as well.
@ericphelps everyone wants to hate on Apple, but doesn’t Google, FB, Amazon, etc already do the same thing? FB has been using this for years. 🤷🏻♀️
@ericphelps Absolutely. This is a very powerful capability that is primed for abuse. They don't need to have access to your actual device or cloud account if Apple has a comprehensive list of the hashes for every file in your cloud account.
@ericphelps Are you honestly of the belief that android doesn’t have similar code and practices at its core? When people claim that apple doesn’t value privacy and wave the flag of android in the same breath it’s hilarious.
@ericphelps this makes me think of the de-duping issue based on document hashes with mega. Basically if you had a copy (or the govt with an original of some whistleblowers document), you could of course compute its hash the same way mega does, and could find out who else had it on mega thru the storage api, without decrypting anything. Oops.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!