Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This letter doesn't really read correctly. If you're going to write an open letter, this might be better worded.

>Apple's proposed technology works by continuously monitoring photos saved or shared on the user's iPhone, iPad, or Mac.

It does a check if it's being uploaded to iCloud Photos. It is not (currently, at least) continuously monitoring photos saved or shared; shared is Messages specific for child accounts.

>Because both checks are performed on the user's device, they have the potential to bypass any end-to-end encryption that would otherwise safeguard the user's privacy.

There is currently no E2E encryption for iCloud, so short of HTTPS... what is this supposed to mean? There is literally no privacy at all if you upload to iCloud currently.

If anything, it feels like Apple's client side system enables something closer to E2EE while maintaining the ability to detect child porn on their platform.



>If you're going to write an open letter, this might be better worded.

>It does a check if it's being uploaded to iCloud Photos.

The letter has a perfect wording because it doesn't relay on things unknown or said by the interested side with agenda to push Spyware Engine using some BS cover story. Wording reflects the real danger of such step.

Your continuous attempts go into tiny little details of what Spyware Engine would do at the first stage and support this BS cover story about children is irrelevant to the problem. Besides, How do you know? Did you see the source code?

This cover story has nothing to do with the issue and invented to get emotional response from people and make them stop thinking about what is actually happening.

And what actually happening is an attempt to legalize Spyware Engine that will do completely other things that are claimed and who knows what it will do...

We are not that naive to believe for a second that this Spyware Engine is going to do what it is claimed to do. This attempt of it's legalization is done just to avoid future scandal once it detected.

Again, it doesn't matter what Spyware Engine would do at the moment of installation. What matter is it's existence on a personal device which should be prohibited completely. No one in healthy mind would believe that even if Apple would say that Spyware Engine would not be installed it would indeed not be installed. It should be checked very carefully. It very may be already installed. The fight now is more about legalization of it and values. Not about Apple. Not about what their specific version of Spyware Engine does.

>There is literally no privacy at all if you upload to iCloud currently.

This is exactly the reason why some people do not use iCloud and not going too. The whole idea of putting personal thoughts/ideas/photos into some cloud in open/de-codable format is completely idiotic. So I agree that this malicious practice is done for some time now by Apple . It is unacceptable. It was encouraging people to loose own privacy which is the opposite of what should be in a healthy free democratic society respecting human rights. It was bad long enough but now there is an attempt to make it even worse, because before at least people had a choice to avoid using iCloud and not participate in malicious Apple activity but now it is suggested to leave people without such choice because Spyware Engine is pushed to be installed in their personal devices.

The installation of Spyware Engine will have longing effect on free democratic society respecting human rights. I described such effect here: https://news.ycombinator.com/item?id=28084578


Yes, there seems to be a lot of conflation between the two separate systems (in the media, and in comments on here).

As you say, it’s important to be precise, otherwise people won’t take your arguments seriously. To summarise:

One system involves hash checking. This is performed when photos are being uploaded to iCloud. The hashes are calculated on-device. Private set intersection is used to determine whether the photos being uploaded match anything in the CSAM hash list. Photos that match will be reviewed manually - if I recall correctly, this only occurs after a certain threshold has been reached. This system will only match known CSAM (or whatever else is in the hash list).

The second, independent, system, is a machine learning model which runs on-device to detect sexually explicit photos being received on Messages.app. This system is designed to be run on children’s phones. The system will hide these explicit images by default, and can be configured to alert parents - that feature is designed for under-13s. This system doesn’t use the CSAM hash list.


Based on my reading, the first system is interesting in that the threshold is also cryptographically determined. Each possible hit forms part of a key, and until a complete key is made none of the images can be reviewed.

Should also be noted the second system sends no images to Apple or is reviewed by Apple employees in any way. It's just using the same on device ML that finds dog pics for example.

I think Apple PR screwed up here announcing all these features at once on one page, and not having the foresight they would be conflated. It also didn't help that a security researcher leaked it the night before without many of the details (iCloud only for example).

Context should also be included. CSAM has been happening for years on most (all?) photo hosts, and is probably one of the blockers to full E2E encryption for iCloud photos (I so hope that's coming now!).

Finally, nothing has really changed. Either iOS users trust Apple will use the system only as they have said or they won't. Apple controls the OS, and all the 'what if' scenarios existed before and after this new feature. As described, it is the most privacy preserving implementation of CSAM to date.


> Should also be noted the second system sends no images to Apple or is reviewed by Apple employees in any way.

You are directly contradicting Apple's public statement:

> Apple manually reviews all reports

( https://www.apple.com/child-safety/pdf/CSAM_Detection_Techni... )

Moreover, it was found that in US v. Ackerman that the NCMEC's inspection of a user's private email was an unlawful violation of their fourth amendment rights specifically because AOL passed along the email based on a hit against the NCMEC database without inspecting it. Had AOL inspected it than the repetition of the inspection by NCMEC would simply be a repetition of the search performed by AOL which was permitted under their contract with the customer.

Not only does Apple state that they will "review" the images, they must do so in order to deprive the user of their forth amendment protection against unlawful search by the government.

> and is probably one of the blockers to full E2E encryption for iCloud photos

Apple is free to provide encryption and they are choosing to not do so.


I was referring the second system mentioned by the parent. NOT the CSAM system. Conflating these systems has been huge issue with the random articles coming out. They are distinct.

From the GP > The second, independent, system, is a machine learning model which runs on-device to detect sexually explicit photos being received on Messages.app. This system is designed to be run on children’s phones. The system will hide these explicit images by default, and can be configured to alert parents - that feature is designed for under-13s. This system doesn’t use the CSAM hash list.

> Apple is free to provide encryption and they are choosing to not do so.

Sort of. They cited the FBI a few years ago when they put the brakes on adding E2EE to everything. It would also create a huge target for legislation, 'Apple is helping CP people - think of the children!' The new method of CSAM will let Apple add E2EE, and fight off calls for legislation.


I fully agree that some people are conflating the imessage nudity detection to the detriment of the public dialog. Though I think there are also problems with imessage, including the fact that minors are not completely devoid of civil rights relative their parents, that the same mechanisms could be easily retargeted against adults (with some dictatorships taking on the role of the parent accounts), and that doing so normalizes our children to a pervasive electronic surveillance... I think it is a substantially different matter and one of less concern.

I don't think I agree on the "sort of"--

It is unambitious the effective law in the US, established in court, that if the tech company scanning is a product of government coercion than the scanning cannot be performed without a warrant.

In Ackerman Google went out of their way to testify that they were not being coerced by the government, but were scanning out of their own commercial interest (to avoid a public loss of reputation for hosting child porn on their systems).

If Apple wants to defend their failure to act in their user's best interest, they need to do so directly by calling out the governments coercion. Or otherwise, they ought to admit (as google did) that no meaningful government coercion exists and that their actions at the users expense are driven by their commercial interests.

There are two central possibilities: That the searching is coerced, in which case it is an unlawful violation of the user's fourth amendment rights, or that it is not coerced, in which case it is an activity that Apple is freely engaging with for the benefit of their commercial interests.

In either case-- facilitating an unlawful invasion of user's constitutional rights on behalf of the government, or voluntarily invading the privacy of their users for commercial benefit Apple is ethically in the wrong.

I don't doubt that this dichotomy, if widely recognized, would put apple in a difficult position-- but that's a cost of doing business.


>I think Apple PR screwed up here announcing all these features at once on one page, and not having the foresight they would be conflated. It also didn't help that a security researcher leaked it the night before without many of the details (iCloud only for example).

This sums up my entire feelings on the matter at this point.

It's become a bit of hysteria due to this.


> Photos that match will be reviewed manually

This isn't a protection of your privacy. It's because US v. Ackerman (2016) the appeals court ruled that when AOL forwarded an email with an attachment whos hash matched the NCMEC database to law enforcement without anyone looking at it, and law enforcement looked at the email without obtaining a warrant was an unlawful search and had AOL looked at it first (which they can do by virtue of your agreement with them) and gone "yep, thats child porn" and reported it, it wouldn't have been an unlawful search.

Instead, if Apple were to report the existence of a match to law enforcement without divulging the image, which (if the matching is precise enough) should be enough to create probable cause to allow law enforcement to obtain a warrant. The only once a warrant was issued would anyone look at the image. That would be more protective.

What they're actually doing just inserts an unaccoutable additional step that reduced your privacy for the specific purpose of undermining your due process by avoiding the need of law enforcement to evade your privacy.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: