I know the privacy approach Apple has been pushing was just marketing, but I didn't care too much because I enjoyed my iPhone and M1 macbook.
Because of this decision (and the fact that my iPhone more-or-less facilitates poor habits throughout my life), I'm considering moving completely out of the Apple ecosystem.
Does anyone have any recommendations for replacements?
* On laptops: I have an X1 carbon extreme running linux, but it's entirely impratical to take outside of the house: it has terrible battery life and runs quite hot. I also cannot stand its trackpad. Is there any linux-capable device with an okay trackpad?
* On phones: are there any capable phones out there that aren't privacy nightmares? All I want is a phone with a long lasting battery that I can use with maps, a web browser, and texting.
* On cloud: I've considered executing on a NAS forever, but I'm unsure where to start.
If you go this route all devices will be running Linux. The one OS route is kindof nice, hence the pinephone over open android alternatives (like Graphene OS).
I sorted from least to most technical. I also tried to pick the least technical challenging in each category. The Dell stuff should just work. The Phone will require some tinkering for the moment.
I'm sympathetic to remove Apple and Google from my life, but this list looks so sad. You know the experience, integration and headache of all this is going to be horrible.
Laptop: Dell XPS 13 and very happy. Maxed out specs and clearly higher price range.
Or: Lenovo Yoga Convertible. My second device. I just don't do games. Or bigger data stuff on this machine. Some design work. Some photo and smaller video stuff. I love the flexibility of the convertible when working with PDF and doing annotations by hand.
I think it's about time to say:
"Thank you, Apple!"
Finally these awesome projects will get the funding and the support they deserve.
Also, has anyone tried the FXtec phones? https://www.fxtec.com
I am thinking about getting the FXtec pro1 version, which promises to get a decent UbuntuTouch support as well as lineageOS.
I feel that with the comeback of Vim, there might be a sufficient user base for devices that use the keyboard for most tasks. I miss the days, when I could send a text message without taking the phone out of my pocket.
Is there a Linux Laptop at 2560 x 1600 resolution like Macbooks ? System 76 still runs at 1920x1080. It really makes a difference wrt crisp font rendering and less eye strain.
I hadn't come across that Omnia router before - it looks great! Bit of a shame it doesn't support 802.11ax, and it is more expensive than I'd like, but still...
> On laptops: I have an X1 carbon extreme running linux, but it's entirely impratical to take outside of the house: it has terrible battery life and runs quite hot.
I have X1C (not extreme) and it has excellent battery life with Linux. Consider using TLP (https://linrunner.de/tlp/), if you want to significantly improve your laptop power consumption.
It's possible he's got an old X1C and the battery is just on it's last legs as well. If that's the case, he'd probably be better served using his M1 laptop sparingly until Linux support for it is better.
I understand the impulse to turn away from Apple. However, it’s not a practical solution. How long until this tech or worse is mandated in all products? I think the real answer is for the people to stop bickering about primary colors and work together toward passing legislation that limits the pervasive invasion of privacy by governments and corporations.
As someone else mentioned, for a NAS using TrueNAS (used to be FreeNAS) is easy enough and quite satisfying. You can find plenty of guides.
In general, you need to balance budget, capacity requirements, and form factor. Old servers are often great. Big disks seem like a good idea, but for rebuild times going over 4TB is horrible.
However, unfortunately HDD prices right now are horrible...
I have a Lemur Pro from System76 and it has insane battery life. I feel like I never charge it b/c it's always got juice. I run Pop_OS! on it b/c at my age I just want to get work done and not tinker with a distro.
I've seen this recommendation very often lately. As I am shopping for a new phone: Why is it that hardware directly from Google is recommended for putting another OS onto it (I've seen recommendations for LineageOS as well). What makes it better than any stock phone supported by LineageOS?
CalyxOS is fantastic. You can get a like-new Pixel on swappa.com for cheap, and have a virtually Google-free, Apple-free phone that supports most/all the apps you would want via MicroG. Can't recommend it enough. GrapheneOS is similar except without support for MicroG if you don't need it.
If I were to buy a laptop, it would be the Framework laptop that just started shipping. It doesn't have a Ryzen chip, though, so that's a deal breaker for me. Otherwise, that laptop ticks all of my boxes.
Phone-wise, there are many options to choose from. I like the idea behind the Teracube 2E[1], as they take some of the principles behind Framework and apply it to phones.
> On cloud: I've considered executing on a NAS forever, but I'm unsure where to start.
Depends on how much you want to tinker. You can't go wrong with a Raspberry Pi and some external harddrives, but there is also dedicated NAS equipment that requires less setup and maintenance, some of them are Linux based, as well.
On phones: I'm considering a Pixel device with https://calyxos.org/
The main limitations will be the featureset of MicroG (no ~maps~/wearOS/auto). Possible issues with important apps like those for banking.
On cloud: Synology Diskstation is amazing. Only use it through a local VPN though.
Are the only phone options iOS or Android? I’m also considering leaving my iPhone behind because of this privacy violation but I’m definitely not moving to Google. That seems like two steps back.
I don't experience any issues using mapping apps on Android with microG instead of Google Play Services. Closed source navigation apps including Google Maps, HERE WeGo, and Magic Earth work just fine. Open source navigation apps like Organic Maps and OsmAnd also work with no problems.
lol. nope. trust is binary. you either trust apple or not. after peddling their privacy marketing for so long and doing this, they literally lost my trust.
TBH I've been considering just dropping a smartphone all together, I don't really get much value out of it since i'm on my laptop most of the time when I want to internet anyway
I use an hp spectre x360, it's not the most powerful thing in the world and has occasional issues knowing when to charge but otherwise I love it with ubuntu/i3wm
Why do people still think they have _any_ power over user-hostile corporations and its proprietary code?
Apple can (and likely will) say they won't do it and then do it anyway. It's a proprietary platform. They already have it, now. All they are claiming is an excuse not to be caught in a certain way they wouldn't like at a later point.
I'm with you bud. Fatalism is how bad things survive.
"Oh, nothing will happen to this [corrupt politician|naughty rich guy|corporation doing a thing I don't like], because they're all [bad thing]. It's all over already." :facepalm:
(Also, I couldn't read the original article because my work thinks it's spreading malware or something so I'm really only referring to the fatalism thing here, not Apple.)
Company X claimed users voice commands never left their devices. Then someone leaked recordings of people having sex, commiting crimes, etc recorded from X devices. This was brought up by media. For every concerned user there were ten apologist trying to justify this behaviour and a week later everyone forgot this ever happened.
I recently listened to a Darknet Diaries episode on messaging app Kik. This app is apparently being used by many people to trade child pornography. In this episode, there was some criticism expressed on how Kik doesn't scan all the images on their platform for child pornography.
I would really like to hear from people who sign this open letter, how they think about this. Should the internet be a free for all place without moderation? Where are the boundaries for moderation (if it has to exist), one-on-one versus group chat, public versus private chat?
To quote this open letter: “Apple is opening the door to broader abuses”. Wouldn't not doing anything open a different door to broader abuse?
Edit: I would really love an actual answer, since responses until now have been "but muh privacy". You can't plead for unlimited privacy and ignore the impact of said privacy. If you want unlimited privacy, at least have the balls to admit that this will allow free trade of CSAM, but also revenge porn, snuff-films and other things like it.
My personal opinion is if we could spy on all citizens all the time we could stop all or most of the crimes, do we want this? If you say Yes then stop reading here. Else if you say 100% surveillance is too much then what do you have against people discussing where the line should be drawn?
Some person that would sign that letter might be fine with video cameras in say a bank or some company building entrance but he is probably not fine with his own phone/laptop recording him and sending data to soem company or government without his consent.
So let's discuss where should the line be drawn, also if competent people in this domain are present let's discuss better ideas on preventing or catching criminals, or even for this method let's discuss if it can be done better to fix all the concerns.
What I am sure is that clever criminals will not be affected by this, so I would like to know if any future victim would be saved (I admit I might be wrong, so I would like to see more data from different countries that would imply the impact of this surveilance)
This only finds known pictures of child abuse not new ones and especially it doesn't find the perpetrators or prevent the abuse.
But it creates a infrastructure for all other kind of "criminal" data. I bet sooner or later governments want to include other hashes to find the owners of specific files. Could be bomb creation manuals, could be flyers against a corrupt regime.
The sky is the limit and the road to hell is paved with good intentions.
Many people share photos of child pornography via the mail. There has been criticism that the USPS does not open all mail and scan them for child pornography.
I would really like to hear from people who do not sign this letter how they think about that.
Not sure I'm going to go all in on unqualified support, but it seems like comparing an image to a series of known hashes is qualitatively somewhat different than the postal inspector open all your mail. Though those convenient little scans they'll send you if your mail if you sign up suggests they do have some interest in who sends you mail already.
I think it would be horrible if they opened all mail... However, if they had a system that could detect CSAM in unopened mail with an extremely low false negative rate, then I'd be fine with it.
With many packages this already happens in the search for drugs and weapons and I have no problem with that either.
The big reason I don't want someone else scanning my phone (and a year later, my laptop) is that last I checked, software is not perfect, and I don't need the FBI getting called on me cause my browser cache smelled funny to some Apple PhD's machine-learning decision.
It's the same reason I don't want police having any opportunistic information about me - both of these have an agenda, and so innocent people get pulled into scenarios they shouldn't be when that information becomes the unlucky best-fit of the day.
That Apple has even suggested this is disturbing because I have to fully expect this is their vision for every device I am using.
And then I expect from there, it's a race to the bottom until we treat our laptops like they are all live microphones.
The chance of you getting enough false positives to reach the flagging threshold is one in a trillion. And then the manual review would catch the error easily. The FBI won’t be called on you.
I won't use a service that performs dragnet surveillance on my communication. The US Postal service does not open every single letter to check if it contains illegal material. If I rent a storage unit, the storage company does not open up my boxes to see if I have albums of child pornography. This move by Apple is equivalent.
I'm going to turn this around and say that those in favor of Apple's move: "Should the internet be a place where your every move is surveilled?" given that we have some expectation of privacy in real life.
I think there is a very deep and troublesome philosophical issue here. Ceci n'est pas une pipe. A picture of child abuse /is not/ child abuse.
Let me ask you a counter-question. If I am able to draw child pornography so realistically that you couldn't easily tell, am I committing a crime by drawing?
Or if you make a film about child abuse in which a child actor pretends to be abused, can you arrest the actor who abuses? If any depiction of the act is a crime, then you can.
This issue came before the US Supreme Court about a decade ago and they ruled that the depiction of a crime is not a crime so long as the depiction can in any way be called "art". In effect, any synthetic depiction of a crime is permitted.
However that ruling predated the rise of deep fakes. Would the SC reverse that decision now that fakes are essentially indistinguishable from the real thing? Frankly I think the current SC would flip since it's 67% conservative and has shown a willingness to reconsider limits on the first Amendment (esp. speech and religion).
But how would we re-draw the line between art and crime? Will all depictions of nudes have to be reassessed for whether the subject even might be perceived as underage? What about films like "Pan's Labyrinth" in which a child is tortured and murdered off-screen?
Do we really want to go there? This enters the realm of thought-crime, since the infraction was solely virtual and no one in the real world was harmed. If we choose this path, the freedom to share ideas will be changed forever.
Yes. People have been convicted for possession of hand-drawn and computer-generated images. Editing a child's image to make it pornographic is also illegal. So some "deepfake" videos using faces from young celebs are in all likelihood very illegal in many jurisdictions.
Images can be illegal if all people are of age, but are portrayed as underage. Many historical dramas take legal advice about this when they have adult actors portraying people who historically married while underage by modern standards. (Ie the rape scene in BBC's The White Princess series.) This is why American porn companies shy away from cheerleader outfits, or any other suggestion of highschools.
I think it's very easy to get people to hate things that gross them out. It's always interesting to me how casually people joke about Epsteins death while simultaneously never talking about cp without a gross look on their face.
I'm not sure I fully understand how society can be more relaxed with actual pedophiles than they are with cp material.
Personally it bothers me to see the focus around things that gross people out rather than the actual child abuse.
A picture of child abuse is child abuse in that the abuse of a child was necessary to take the picture in the first place.
If the picture had no grounds to spread, it would likely not have been made—no incentive. As such, the fact that the picture is able to spread indirectly incentivises further physical abuse to children.
It may even help prevent child abuse, because it may help pedophiles overcome their urges and not act upon it.
I'm not aware of any data regarding this issue exactly, but there are studies that show that general pornography use and sexual abuse are inversely correlated.
I see the argument, but the counterargument is that by you doing that, you could possibly be nurturing and perpetuating abuse.
In effect, possessing such material may incentivize further production (and abuse), "macroeconomically" speaking. And I hate that evidently, yes, there is an economy of such content.
except that the boundary between device and service is steadily eroding. A screen is a device and netflix is a service, but a smart tv that won't function without an internrt connection? A nokia was a device you owned, but any Apple device is more like a service than a device really, as you don't control what OS can run on it, which unsigned software you run etc. So if you are ok with moderation on services and your device turns into a service... Perhaps we need laws to fully separate hardware and software but actually the integration between hardware and software is becoming stronger and stronger every year
This is done client side because your data is encrypted in their cloud. It won't be done if you disable cloud sync. If you just keep your cp out of the cloud, you're fine.
The boundary should be that user generated personal data that is on a user device should stay personal on a user device unless explicit consent is otherwise given. That's it. The argument is always well "don't you want to save the children" to which I give this example.
In the USA guns are pretty freely available, relative to other countries. There is a huge amount of gun violence (including shooting at schools targeting children) yet every time major gun restriction legislation is introduced it fails, with one major reason being the 2nd amendment of the US constitution. This could again be amended, but sufficient support is not there for this to occur.
What does this say about the US?
They have determined, as a society, that the value of their rights is worth more than all the deaths, injuries and pains caused by gun violence. A similar argument can be made regarding surveillance and child porn, or really any other type of criminal activity.
>> The boundary should be what is on a user device should stay personal on a user device.
But how many apps only store the locally on the device versus sending data to the cloud, getting data from the cloud, or calling cloud APIs to get functionality that cannot be provided on device?
Having the power of a personal computing device is huge, but having a networked personal computing device is far greater.
Keeping everything on-device is a good ideal for privacy, but not very practical for networked computing.
The conversation today is not really about PhotoDNA (checking image hashes against known bad list). That ship has sailed and most large tech companies already do it. Apple will do it one way or another. It’s a good way to fight the sharing of child porn, which is why it is so widely adopted.
The question is whether it is worse to do it on-device, than on the server. That’s what Apple actually announced.
I suspect Apple thought doing it on-device would be better for privacy. But it feels like a loss of control. If it’s on the server, then I can choose to not upload and avoid the technology (and its potential for political abuse). If it’s on my locked and managed mobile device, I have basically no control over when or which images are getting checked, for what.
You have the exact same level of privacy as before. Before, the images were scanned in the cloud. Now they are being scanned as they exit your phone. In that way, the avoidance protocol is the same, namely
> I can choose to not upload and avoid the technology
They are not scanning your entire photo library at rest.
Could they? Sure. But they’ve had the hardware to do this for years, so they could have done so silently at any time.
This entire saga has been one of poor messaging and rampant speculation.
> If you want unlimited privacy, at least have the balls to admit that this will allow free trade of CSAM, but also revenge porn, snuff-films and other things like it.
Sure, in exactly the same way that the postal system, parcel delivery services, etc. allow it. But that's not to say that such things are unrestricted -- there are many ways that investigation and enforcement can be done no matter what. It's just a matter of how convenient that is.
It would also restrict CSAM a lot if authorities could engage in unrestricted secret proactive searches of everybody's home, too. I don't see this as being any different.
By that logic, can we send in someone into your house every day to look through every corner for child porn in digital or print form?
In fact there are a lot of heinous crimes out there some much worse than child porn IMHO. Singling out child porn as the reason seems like it's meant only to elicit an emotional response.
Not that I wholly agree with Apple's move due to other implications, but it has to be said that only photos that you have chosen to upload to iCloud will be scanned.
So, in a sense, you do consent to having those photos scanned by using iCloud. Maybe it's time for Apple to drop the marketing charade on privacy with iCloud, since iCloud backups aren't even encrypted anyway.
Are you unable to answer any of the questions I asked? I'm seriously interested in hearing, from people who think Apple is in the wrong, where the border of acceptability is.
Would you prefer iOS submitted the photo's to their cloud unencrypted and Apple scanned them there? Because that's what the others are doing.
If I were Kik, I would also write a blog post about using something like this. Many, many things point at Kik only doing the bare minimum though. (If you're the type who supports moderation, apparently they're already doing too much according to much of HN.)
I don't want to be arrested by the FBI and my life ruined because my daughter, who is 6 and doesn't know any better, takes a selfie with my phone while she happens to be undressed/changing clothes and the photo automatically syncs to the cloud.
I think the best way to stop child porn is to install government provided monitoring software + require an always online chip to be present on any video capture system and any media player must submit screen hashes + geolocation and owner ID to a government service. If the device fails to submit hashes for more than 24 it should block further operation. Failing this we will never be safe from child porn in the digital world.
Not doing anything opens the door to further abuse.
If a company explicitly states in a service's terms and conditions that content stored or shared through that service will be scanned, I think that's acceptable because the user then can decide to use such a service on a case-by-case basis.
However, making this a legal requirement or deliberately manipulating a device to scan the entire content stored on that device without the user's consent or knowledge even, is extremely problematic, not just from a privacy point of view.
Such power can and will be abused and misused, sometimes purposefully, sometimes accidentally or erroneously. The devastating outcome to innocent people who have been wrongfully accused remains the same in either case (see https://areoform.wordpress.com/2021/08/06/on-apples-expanded... for a realistic scenario, for example).
The very least I'd expect if such a blanket surveillance system were implemented is that there were hefty, potentially crippling fines and penalties attached to abusing that system in order to avoid frivolous prosecution.
Otherwise, innocent people's lives could be ruined with little to no repercussions for those responsible.
Do strict privacy requirements allow crimes to be committed? Yes, they do. So do other civil liberties. However, we don't just casually do away with those.
If the police suspect a crime to have been committed they have to procure a warrant. That's the way it should work in these cases, too.
There are reasonable measures to take against child abuse, and there are unreasonable ones. If we can’t agree on that, there’s no discussion to be had.
> Should the internet be a free for all place without moderation?
The better question would be: do you want an arbitrary person (like me) to decide whether you have a right to send an arbitrary pack of bytes?
Neither "society" nor "voters" nor "corporations" make these decisions. It is always an arbitrary person who does. Should one person surrender his agency into the hands of another?
>Neither "society" nor "voters" nor "corporations" make these decisions. It is always an arbitrary person who does.
Except in this case, a corporation (Apple) is making the decision relative to the sexual mores of modern Western society and the child pornography laws of the United States. It's unlikely this decision was made and implemented randomly by a single "arbitrary" individual. Contrary to your claim, it's never an arbitrary person.
And yes, I believe Apple has the right to decide how you use their product, including what bytes can and cannot be sent on it.
>Should one person surrender his agency into the hands of another?
We do that all the time, that's a fundamental aspect of living in a society.
But in this specific case, no one is forcing you to use an Apple phone, so you're not surrendering your agency, you're trading it in exchange for whatever convenience or features lead you to prefer an Apple product over competitors. That's still your choice to make.
I think different opinions are great. Just wanted to point out saying the internet should be moderated on the hacker news forums is surprising and funny.
“Apple is opening the door to broader abuses”. Wouldn't not doing anything open a different door to broader abuse?
Actually I believe that in regards to "not doing anything open a different door to broader abuse" - no. Starting scans will lead to broader, and no tin foil hat needed.
If we compare 1-apple starts scanning for known hashes, not "looking at all your naked pics and seeing if you've got something questionable"... this is just looking for known / already created by others / historical things... by doing a scan for one thing - they open the pandoras box to start scanning for other things - and then they will be compelled by agents to scan for other things - and I believe that is broader, much.
Next month it will be scan for any images with a hash that matches a meme with fauci - the current admin has already stated that in their desire to stop 'disinformation' they want to censor sms text messages and facebook posts (assuming also fbk DMs and more).
There is a new consortium of tech co's sharing a list of bad people who share certain pdfs and 'manifestos' or something like that now right? Might as well scan for those docs too, add all them to the list.
What power this could lead to - soon the different agencies want scans for pics of drugs, hookers.. how about a scan for those images people on whatsapp are sharing with the black guy killing a cop with a hood on?
What happens when a new admin takes the house and white house and demands scans for all the trumped a traitor pics and make a list?
See this is where the encryption backdoors go.. and where is that line drawn? Is it federal level agencies that get to scan? can a local arizona county sheriff demand a scan of all phones that have traveled through their land/air space?
Frankly, public chats, public forums.. if you post kids or drugs or whatever is not legal there - then it's gonna get the men with guns to take note. What you do in private chats / DMs, etc - I think should stay there and not go anywhere else.
I don't like the idea that Msoft employees look at naked pics of my gf that are added to a pics folder because someone setup a win system without disabling one drive. So I don't use one drive and tell others to not use it - and not put pics of me there or on fbk or tictoc.
For all those people that have nothing to hide - I feel sorry for you - but wonder if your kids/grandkids should have thousands of agents looking into their private pics just to make sure there is nothing not legal there.
so would these scans get nudes sent through whatsapp? That would kill the encryption thing there kind of.
Would this scan get a cach if someone was using a chat room and some asshat posted something they shouldn't - and every person in the chat got a pic delivered to their screen. so many questions.
I also question what the apple scans would scan as far as folders and what not.. would it scan for things in a browser cache? like not purposefully downloaded.. if someone hit a page that had a setup image on it - would that person now be flagged for inspection / seizing?
If they are working with nice guys in Cali that just want to tap people on the shoulder and have a talk with people - will they send flagged notices to agents in other places who may go in with guns drawn and end up killing people?
I'm sure many people are fine with either outcome - I think there is a difference between someone surfing the web and someone who coerces real world harm, and not all those who surf the web deserve bullets to the chest, and there is no way to control that.. well maybe in the uk where cops aren't allowed to have guns maybe.
Maybe I'm an overly-sensitive person but I really can't get comfortable with a neural network looking over my shoulder, spying on me 24/7.
My parents gave me privacy and treated me with respect when I was a child. Now I'm an adult, and in a way it's like I have less privacy than when I was a kid. And the entities violating my privacy have way more power than my parents.
I want to continue working with technology, but how can I make mass consumer goods (i.e. apps) without being a user myself? These moves are going to slowly force me out of technology, which is sad, because creating with programming is my favorite activity. But life without some semblance privacy is hardly life.
Here's to a slow farewell, Apple! It was a good run.
I could have written this comment myself, albeit less eloquently.
That is a very accurate representation of how I feel about this, too. I enjoy building apps, but I don't know that I can keep using these devices.
I was looking forward to upgrading to the new hardware in the fall, but now I'm not sure I can stomach the implications of buying a new device that may at any point start policing what I do far beyond what I'd accepted at the time of purchase.
Why is CP punished more harshly than CA [1]? Is it because it is easier to do so, or is it because it gives an illusion of protecting children?
This, of course, ignores how a lot of child abusers are underage themselves and know the victim,[2] and that the prosecutors are committing the same crime as the prosecuted in the case of CP, and that, in too many cases, the content in question is impossible to call malicious if it is seen in context.[3]
If Apple doesn't change on this my next phone will not be an iPhone. I will dump my iPad, and Apple watch as well. This is complete bullshit. I'm angry. I never thought I'd see "privacy" Apple come out and say we're going to scan your photos on your device, scan you imessages, etc. This is insane.
I just got an iPhone 12 a couple months ago because “Hey it’s definitely more private than google”, better control of app permissions, and nice hardware.
Seems unclear what the alternative is now. The Linux phones I’ve looked at have a lot of catching up to do.
> To help address this, new technology in iOS and iPadOS* will allow Apple to detect known CSAM images stored in iCloud Photos.
After reading OP, my understanding had been that this update will cause _all_ photos on Apple devices to be scanned. However, the above quote from Apple's statement seems to indicate that only photos uploaded to iCloud Photos are scanned (even though they are technically scanned offline).
This doesn't invalidate any of the points people are making, but it does seem the update does not directly affect those of us who never stored our photos “in the cloud”.
And this has always been Apple’s stance because of the government. We lock down the phone and don’t let the government in but if you use cloud service that doesn’t have the same rights because it’s not stored on your property.
This sounds like them trying to find a way to encrypt your data and remove the fbi from having a “what about the children excuse”. They scan the image on upload and then store it on iCloud and encrypt it.
It’s of course a slippery slope but the FBI has been trying to have back doors everywhere since forever.
In a somewhat judo move, it could end up protecting user security going forward if the FBI has no leverage with pedophile content in iCloud, there’s no argument for a backdoor. I won’t play total corporate shill here but it seems people are jumping to this being the end of times vs a) a way to catch severe abusers of child pornography and b) removing a trump card for future security org strawman arguments
Exactly this. And this further opens the opportunity for E2EE iCloud Photos where Apple can’t look at your photos on their servers at all. This gives them cover that they’re not hosting illegal content.
They were probably strong-armed into this. Perhaps the CCP and the FBI talked, and Apple was told they'd be cut off from their suppliers if they didn't introduce this.
It doesn't matter. This is the wrong choice, and everyone should rebuke and abandon Apple for this.
Readit News
Because of this decision (and the fact that my iPhone more-or-less facilitates poor habits throughout my life), I'm considering moving completely out of the Apple ecosystem.
Does anyone have any recommendations for replacements?
* On laptops: I have an X1 carbon extreme running linux, but it's entirely impratical to take outside of the house: it has terrible battery life and runs quite hot. I also cannot stand its trackpad. Is there any linux-capable device with an okay trackpad?
* On phones: are there any capable phones out there that aren't privacy nightmares? All I want is a phone with a long lasting battery that I can use with maps, a web browser, and texting.
* On cloud: I've considered executing on a NAS forever, but I'm unsure where to start.
Router: https://www.turris.com/en/omnia/overview/
Media Center: https://osmc.tv/vero/
Cloud (Use TrueNAS Scale): https://www.truenas.com/systems-overview/
Phone: https://www.pine64.org/pinephone/
Watch: https://pine64.com/product/pinetime-smartwatch-sealed/
Smart Thermostat: https://hestiapi.com/product/hestiapi-touch-one-free-shippin...
If you go this route all devices will be running Linux. The one OS route is kindof nice, hence the pinephone over open android alternatives (like Graphene OS).
I sorted from least to most technical. I also tried to pick the least technical challenging in each category. The Dell stuff should just work. The Phone will require some tinkering for the moment.
https://frame.work/
Or: Lenovo Yoga Convertible. My second device. I just don't do games. Or bigger data stuff on this machine. Some design work. Some photo and smaller video stuff. I love the flexibility of the convertible when working with PDF and doing annotations by hand.
Laptop: https://puri.sm/products/librem-14
Also, has anyone tried the FXtec phones? https://www.fxtec.com I am thinking about getting the FXtec pro1 version, which promises to get a decent UbuntuTouch support as well as lineageOS.
I feel that with the comeback of Vim, there might be a sufficient user base for devices that use the keyboard for most tasks. I miss the days, when I could send a text message without taking the phone out of my pocket.
Edit: Just found a relevant HN discussion: https://news.ycombinator.com/item?id=26659150
Guess, I'll dig out the old digital camera again, since that is a weak point for the pinephone. :-D
I have a maxed out xps and it is a downgrade in all respects but privacy. :/
I have X1C (not extreme) and it has excellent battery life with Linux. Consider using TLP (https://linrunner.de/tlp/), if you want to significantly improve your laptop power consumption.
In general, you need to balance budget, capacity requirements, and form factor. Old servers are often great. Big disks seem like a good idea, but for rebuild times going over 4TB is horrible.
However, unfortunately HDD prices right now are horrible...
Phone: Pixel with GrapheneOS or CalyxOS. In the future a Linux phone when the software improves.
I've seen this recommendation very often lately. As I am shopping for a new phone: Why is it that hardware directly from Google is recommended for putting another OS onto it (I've seen recommendations for LineageOS as well). What makes it better than any stock phone supported by LineageOS?
Phone-wise, there are many options to choose from. I like the idea behind the Teracube 2E[1], as they take some of the principles behind Framework and apply it to phones.
> On cloud: I've considered executing on a NAS forever, but I'm unsure where to start.
Depends on how much you want to tinker. You can't go wrong with a Raspberry Pi and some external harddrives, but there is also dedicated NAS equipment that requires less setup and maintenance, some of them are Linux based, as well.
[1] https://myteracube.com/pages/teracube-2e
My XPS 15 does about 6 hours (it's a maxed out i7) on Linux and 3 on Windows.
On cloud: Synology Diskstation is amazing. Only use it through a local VPN though.
edit: maps work (see reply)
I don't experience any issues using mapping apps on Android with microG instead of Google Play Services. Closed source navigation apps including Google Maps, HERE WeGo, and Magic Earth work just fine. Open source navigation apps like Organic Maps and OsmAnd also work with no problems.
Dead Comment
For nas, synology is always a good brand.
Apple can (and likely will) say they won't do it and then do it anyway. It's a proprietary platform. They already have it, now. All they are claiming is an excuse not to be caught in a certain way they wouldn't like at a later point.
"Oh, nothing will happen to this [corrupt politician|naughty rich guy|corporation doing a thing I don't like], because they're all [bad thing]. It's all over already." :facepalm:
(Also, I couldn't read the original article because my work thinks it's spreading malware or something so I'm really only referring to the fatalism thing here, not Apple.)
Deleted Comment
Here is a true story for you:
Company X claimed users voice commands never left their devices. Then someone leaked recordings of people having sex, commiting crimes, etc recorded from X devices. This was brought up by media. For every concerned user there were ten apologist trying to justify this behaviour and a week later everyone forgot this ever happened.
Dead Comment
I would really like to hear from people who sign this open letter, how they think about this. Should the internet be a free for all place without moderation? Where are the boundaries for moderation (if it has to exist), one-on-one versus group chat, public versus private chat?
To quote this open letter: “Apple is opening the door to broader abuses”. Wouldn't not doing anything open a different door to broader abuse?
Edit: I would really love an actual answer, since responses until now have been "but muh privacy". You can't plead for unlimited privacy and ignore the impact of said privacy. If you want unlimited privacy, at least have the balls to admit that this will allow free trade of CSAM, but also revenge porn, snuff-films and other things like it.
Some person that would sign that letter might be fine with video cameras in say a bank or some company building entrance but he is probably not fine with his own phone/laptop recording him and sending data to soem company or government without his consent.
So let's discuss where should the line be drawn, also if competent people in this domain are present let's discuss better ideas on preventing or catching criminals, or even for this method let's discuss if it can be done better to fix all the concerns.
What I am sure is that clever criminals will not be affected by this, so I would like to know if any future victim would be saved (I admit I might be wrong, so I would like to see more data from different countries that would imply the impact of this surveilance)
But it creates a infrastructure for all other kind of "criminal" data. I bet sooner or later governments want to include other hashes to find the owners of specific files. Could be bomb creation manuals, could be flyers against a corrupt regime. The sky is the limit and the road to hell is paved with good intentions.
Deleted Comment
I would really like to hear from people who do not sign this letter how they think about that.
With many packages this already happens in the search for drugs and weapons and I have no problem with that either.
It's the same reason I don't want police having any opportunistic information about me - both of these have an agenda, and so innocent people get pulled into scenarios they shouldn't be when that information becomes the unlucky best-fit of the day.
That Apple has even suggested this is disturbing because I have to fully expect this is their vision for every device I am using.
And then I expect from there, it's a race to the bottom until we treat our laptops like they are all live microphones.
I'm going to turn this around and say that those in favor of Apple's move: "Should the internet be a place where your every move is surveilled?" given that we have some expectation of privacy in real life.
You'd be surprised about the amount of packages that gets x-rayed in order to find drugs. But yes, you're 100% right that it's not all of them.
Let me ask you a counter-question. If I am able to draw child pornography so realistically that you couldn't easily tell, am I committing a crime by drawing?
That really depends on the law in the country where you're doing that. According to the law in my country, yes, you are.
None of this actually answers my question though, it's just a separate discussion. I would appreciate an actual answer.
Who’s talking about surrealistic drawings? We’re talking about actual material in real life, being shared by users and abusers.
To be clear, I’m not supporting surveillance, just stating facts.
This issue came before the US Supreme Court about a decade ago and they ruled that the depiction of a crime is not a crime so long as the depiction can in any way be called "art". In effect, any synthetic depiction of a crime is permitted.
However that ruling predated the rise of deep fakes. Would the SC reverse that decision now that fakes are essentially indistinguishable from the real thing? Frankly I think the current SC would flip since it's 67% conservative and has shown a willingness to reconsider limits on the first Amendment (esp. speech and religion).
But how would we re-draw the line between art and crime? Will all depictions of nudes have to be reassessed for whether the subject even might be perceived as underage? What about films like "Pan's Labyrinth" in which a child is tortured and murdered off-screen?
Do we really want to go there? This enters the realm of thought-crime, since the infraction was solely virtual and no one in the real world was harmed. If we choose this path, the freedom to share ideas will be changed forever.
Images can be illegal if all people are of age, but are portrayed as underage. Many historical dramas take legal advice about this when they have adult actors portraying people who historically married while underage by modern standards. (Ie the rape scene in BBC's The White Princess series.) This is why American porn companies shy away from cheerleader outfits, or any other suggestion of highschools.
I'm not sure I fully understand how society can be more relaxed with actual pedophiles than they are with cp material.
Personally it bothers me to see the focus around things that gross people out rather than the actual child abuse.
If the picture had no grounds to spread, it would likely not have been made—no incentive. As such, the fact that the picture is able to spread indirectly incentivises further physical abuse to children.
Yes, exactly.
It may even help prevent child abuse, because it may help pedophiles overcome their urges and not act upon it.
I'm not aware of any data regarding this issue exactly, but there are studies that show that general pornography use and sexual abuse are inversely correlated.
In effect, possessing such material may incentivize further production (and abuse), "macroeconomically" speaking. And I hate that evidently, yes, there is an economy of such content.
Maybe the same thing that makes this hard to understand about iOS will be what finally kills these absolutely wretched mobile OSes.
This is done client side because your data is encrypted in their cloud. It won't be done if you disable cloud sync. If you just keep your cp out of the cloud, you're fine.
In the USA guns are pretty freely available, relative to other countries. There is a huge amount of gun violence (including shooting at schools targeting children) yet every time major gun restriction legislation is introduced it fails, with one major reason being the 2nd amendment of the US constitution. This could again be amended, but sufficient support is not there for this to occur. What does this say about the US?
They have determined, as a society, that the value of their rights is worth more than all the deaths, injuries and pains caused by gun violence. A similar argument can be made regarding surveillance and child porn, or really any other type of criminal activity.
But how many apps only store the locally on the device versus sending data to the cloud, getting data from the cloud, or calling cloud APIs to get functionality that cannot be provided on device?
Having the power of a personal computing device is huge, but having a networked personal computing device is far greater.
Keeping everything on-device is a good ideal for privacy, but not very practical for networked computing.
The question is whether it is worse to do it on-device, than on the server. That’s what Apple actually announced.
I suspect Apple thought doing it on-device would be better for privacy. But it feels like a loss of control. If it’s on the server, then I can choose to not upload and avoid the technology (and its potential for political abuse). If it’s on my locked and managed mobile device, I have basically no control over when or which images are getting checked, for what.
> I can choose to not upload and avoid the technology
They are not scanning your entire photo library at rest.
Could they? Sure. But they’ve had the hardware to do this for years, so they could have done so silently at any time.
This entire saga has been one of poor messaging and rampant speculation.
Sure, in exactly the same way that the postal system, parcel delivery services, etc. allow it. But that's not to say that such things are unrestricted -- there are many ways that investigation and enforcement can be done no matter what. It's just a matter of how convenient that is.
It would also restrict CSAM a lot if authorities could engage in unrestricted secret proactive searches of everybody's home, too. I don't see this as being any different.
In fact there are a lot of heinous crimes out there some much worse than child porn IMHO. Singling out child porn as the reason seems like it's meant only to elicit an emotional response.
So, in a sense, you do consent to having those photos scanned by using iCloud. Maybe it's time for Apple to drop the marketing charade on privacy with iCloud, since iCloud backups aren't even encrypted anyway.
Would you prefer iOS submitted the photo's to their cloud unencrypted and Apple scanned them there? Because that's what the others are doing.
[1] https://www.kik.com/blog/using-microsofts-photodna-to-protec...
https://darknetdiaries.com/transcript/93/
If I were Kik, I would also write a blog post about using something like this. Many, many things point at Kik only doing the bare minimum though. (If you're the type who supports moderation, apparently they're already doing too much according to much of HN.)
https://www.theguardian.com/society/2019/dec/30/thousands-of...
Not doing anything opens the door to further abuse.
However, making this a legal requirement or deliberately manipulating a device to scan the entire content stored on that device without the user's consent or knowledge even, is extremely problematic, not just from a privacy point of view.
Such power can and will be abused and misused, sometimes purposefully, sometimes accidentally or erroneously. The devastating outcome to innocent people who have been wrongfully accused remains the same in either case (see https://areoform.wordpress.com/2021/08/06/on-apples-expanded... for a realistic scenario, for example).
The very least I'd expect if such a blanket surveillance system were implemented is that there were hefty, potentially crippling fines and penalties attached to abusing that system in order to avoid frivolous prosecution.
Otherwise, innocent people's lives could be ruined with little to no repercussions for those responsible.
Do strict privacy requirements allow crimes to be committed? Yes, they do. So do other civil liberties. However, we don't just casually do away with those.
If the police suspect a crime to have been committed they have to procure a warrant. That's the way it should work in these cases, too.
The better question would be: do you want an arbitrary person (like me) to decide whether you have a right to send an arbitrary pack of bytes?
Neither "society" nor "voters" nor "corporations" make these decisions. It is always an arbitrary person who does. Should one person surrender his agency into the hands of another?
Except in this case, a corporation (Apple) is making the decision relative to the sexual mores of modern Western society and the child pornography laws of the United States. It's unlikely this decision was made and implemented randomly by a single "arbitrary" individual. Contrary to your claim, it's never an arbitrary person.
And yes, I believe Apple has the right to decide how you use their product, including what bytes can and cannot be sent on it.
>Should one person surrender his agency into the hands of another?
We do that all the time, that's a fundamental aspect of living in a society.
But in this specific case, no one is forcing you to use an Apple phone, so you're not surrendering your agency, you're trading it in exchange for whatever convenience or features lead you to prefer an Apple product over competitors. That's still your choice to make.
Yes!!!
Actually I believe that in regards to "not doing anything open a different door to broader abuse" - no. Starting scans will lead to broader, and no tin foil hat needed.
If we compare 1-apple starts scanning for known hashes, not "looking at all your naked pics and seeing if you've got something questionable"... this is just looking for known / already created by others / historical things... by doing a scan for one thing - they open the pandoras box to start scanning for other things - and then they will be compelled by agents to scan for other things - and I believe that is broader, much.
Next month it will be scan for any images with a hash that matches a meme with fauci - the current admin has already stated that in their desire to stop 'disinformation' they want to censor sms text messages and facebook posts (assuming also fbk DMs and more).
There is a new consortium of tech co's sharing a list of bad people who share certain pdfs and 'manifestos' or something like that now right? Might as well scan for those docs too, add all them to the list.
What power this could lead to - soon the different agencies want scans for pics of drugs, hookers.. how about a scan for those images people on whatsapp are sharing with the black guy killing a cop with a hood on?
What happens when a new admin takes the house and white house and demands scans for all the trumped a traitor pics and make a list?
See this is where the encryption backdoors go.. and where is that line drawn? Is it federal level agencies that get to scan? can a local arizona county sheriff demand a scan of all phones that have traveled through their land/air space?
Frankly, public chats, public forums.. if you post kids or drugs or whatever is not legal there - then it's gonna get the men with guns to take note. What you do in private chats / DMs, etc - I think should stay there and not go anywhere else.
I don't like the idea that Msoft employees look at naked pics of my gf that are added to a pics folder because someone setup a win system without disabling one drive. So I don't use one drive and tell others to not use it - and not put pics of me there or on fbk or tictoc.
For all those people that have nothing to hide - I feel sorry for you - but wonder if your kids/grandkids should have thousands of agents looking into their private pics just to make sure there is nothing not legal there.
so would these scans get nudes sent through whatsapp? That would kill the encryption thing there kind of.
Would this scan get a cach if someone was using a chat room and some asshat posted something they shouldn't - and every person in the chat got a pic delivered to their screen. so many questions.
I also question what the apple scans would scan as far as folders and what not.. would it scan for things in a browser cache? like not purposefully downloaded.. if someone hit a page that had a setup image on it - would that person now be flagged for inspection / seizing?
If they are working with nice guys in Cali that just want to tap people on the shoulder and have a talk with people - will they send flagged notices to agents in other places who may go in with guns drawn and end up killing people?
I'm sure many people are fine with either outcome - I think there is a difference between someone surfing the web and someone who coerces real world harm, and not all those who surf the web deserve bullets to the chest, and there is no way to control that.. well maybe in the uk where cops aren't allowed to have guns maybe.
My parents gave me privacy and treated me with respect when I was a child. Now I'm an adult, and in a way it's like I have less privacy than when I was a kid. And the entities violating my privacy have way more power than my parents.
I want to continue working with technology, but how can I make mass consumer goods (i.e. apps) without being a user myself? These moves are going to slowly force me out of technology, which is sad, because creating with programming is my favorite activity. But life without some semblance privacy is hardly life.
Here's to a slow farewell, Apple! It was a good run.
That is a very accurate representation of how I feel about this, too. I enjoy building apps, but I don't know that I can keep using these devices.
I was looking forward to upgrading to the new hardware in the fall, but now I'm not sure I can stomach the implications of buying a new device that may at any point start policing what I do far beyond what I'd accepted at the time of purchase.
This, of course, ignores how a lot of child abusers are underage themselves and know the victim,[2] and that the prosecutors are committing the same crime as the prosecuted in the case of CP, and that, in too many cases, the content in question is impossible to call malicious if it is seen in context.[3]
[1] https://columbiachronicle.com/discrepancy-in-sex-offender-se...
[2] https://web.archive.org/web/20130327054759/http://columbiach...
[3] https://news.ycombinator.com/item?id=5825087
Seems unclear what the alternative is now. The Linux phones I’ve looked at have a lot of catching up to do.
After reading OP, my understanding had been that this update will cause _all_ photos on Apple devices to be scanned. However, the above quote from Apple's statement seems to indicate that only photos uploaded to iCloud Photos are scanned (even though they are technically scanned offline).
This doesn't invalidate any of the points people are making, but it does seem the update does not directly affect those of us who never stored our photos “in the cloud”.
https://morningstaronline.co.uk/article/w/apple-drops-plans-...
This sounds like them trying to find a way to encrypt your data and remove the fbi from having a “what about the children excuse”. They scan the image on upload and then store it on iCloud and encrypt it.
It’s of course a slippery slope but the FBI has been trying to have back doors everywhere since forever.
A stark change since Apple/FBI.
It doesn't matter. This is the wrong choice, and everyone should rebuke and abandon Apple for this.