Jay Little - Software Obsessionist
Now Thats One Bad Apple

08/14/2021 14:20:55

As some of you know, I had tentative plans to switch from my DeGoogled LineageOS / Android phone (some variation of which I have been using since 2016) over to an iPhone just as soon as they managed to rid their devices of that garish notch. Thankfully, the universe reminded me this past week why I stopped giving proprietary Operating Systems the benefit of the doubt, forcing me to reevaluate that plan.

So before we get into the specifics of why I have changed course yet again, let me first address why I had even gotten to this point. Back in 2018 I penned a post called "Android Fraking Sucks" and concluded that the Purism Librem 5 was the solution to those problems. Well anybody who keeps up with this blog knows that I subsequently rejected the Librem 5 as a viable alternative just over a year later with my three part series "The Sad Saga of Purism and the Librem 5". At some point in the last year, I had begrudgingly decided that I would give iOS a serious shot but that I would hold out until their garish hardware became somewhat less ugly. Sorry Apple lovers, but when you've got a OnePlus 7 Pro any current iPhone just seems ugly in comparison.

The reality is that I am tired of jumping through the hoops required for a DeGoogled Android Phone experience. Finding compatible devices, unlocking bootloaders, installing a decent custom ROM, installing different app stores and replacing some of the functionality we tend to take for granted on Googled Android devices takes a lot of work. However at this point in time, it constitutes the most functional and most private smartphone experience one is able to obtain. Neither the Librem 5 nor the Pine Phone can compare.

But what about iPhones and iOS? Well as anybody who pays any attention to tech knows, Apple has been pushing the privacy angle hard with their devices and their OSes over the last few years. And frankly, it was starting to turn the tide for me to some extent. I'm tired of jumping through hoops and I really wanted to just buy a phone, maybe change a few cloud related settings and just use it without having to worry so much about the specifics after that.

But as you all know, I have systematically moved away from closed operating systems over the years. None of the general purpose computing hardware I own runs anything other than Linux. I have one piece of hardware that boots Windows 10 natively, but it belongs to my employer so I don't count it. Other than a couple of Windows 10 VMs (also for work purposes), I have largely abandoned proprietary OSes where I am able.

So in that respect, moving to iOS would've been step back. But why? Because with OSes like Linux you have choice. There are a million different Linux distributions, because there are a billion different ways to configure a system out of the box. There are only a handful of distributions of Windows 10, and a single distribution of iOS and MacOS.

So what does that mean? It means that when the people putting together those distributions do something that you strongly disagree with, you either have to accept it or make a very drastic change. Most users won't make any kind of drastic change when it comes to tech unless the circumstances forcing them to do so are overwhelmingly negative. Change takes work and people typically hate both of those things.

In any event, when the people deciding what happens in Windows, iOS or MacOS do something, you pretty much either have to accept it or make a major change. Now if this happens to you as a Windows user, you might be able to replace Windows with something else, like Linux, assuming your hardware is x86 compatible. However when it comes to iOS or MacOS you don't even have that option now. iOS devices are locked and cannot be used to install different operating systems. MacOS devices which were x86 compatible, had some flexibility, but Apple has been doing enough off the wall custom shit for awhile that even that hardware can't effectively run an alternative OS. Never mind the new M1 hardware which appears to make it a total non-starter.

Well I'm sorry to say that I forgot this, or decided that I could live without it on my phone for a little while. Thankfully the arrogant fools who run Apple decided to remind the world last week just why giving so much trust over to a single entity is an inherently bad idea.

Before an image is uploaded to iCloud Photos, those hashes are matched on the device against a database of known hashes of child abuse imagery, provided by child protection organizations like the National Center for Missing & Exploited Children (NCMEC) and others. NeuralHash uses a cryptographic technique called private set intersection to detect a hash match without revealing what the image is or alerting the user.

The results are uploaded to Apple but cannot be read on their own. Apple uses another cryptographic principle called threshold secret sharing that allows it only to decrypt the contents if a user crosses a threshold of known child abuse imagery in their iCloud Photos. Apple would not say what that threshold was, but said — for example — that if a secret is split into a thousand pieces and the threshold is ten images of child abuse content, the secret can be reconstructed from any of those ten images.

It’s at that point Apple can decrypt the matching images, manually verify the contents, disable a user’s account and report the imagery to NCMEC, which is then passed to law enforcement. Apple says this process is more privacy mindful than scanning files in the cloud as NeuralHash only searches for known and not new child abuse imagery. Apple said that there is a one in one trillion chance of a false positive, but there is an appeals process in place in the event an account is mistakenly flagged.

Basically Apple has created a scanner that will scan photos on your iOS device, that are about to be uploaded to iCloud, against a list of hashes of supposedly known child pornography images (note: there is no transparency in the NCMEC list which is largely populated by various law enforcement agencies, which we absolutely know are not accountable in any significant way). If your image matches, some fuzzed version of it is passed up to the server and flagged in some manner that requires multiple flags in order to decrypt them.

Apple believes that this is somehow better than their cloud service just scanning and flagging images, like every other cloud service does. But this is where their entire approach went drastically wrong. As it turns out, most sane people are okay with things you upload to the cloud being scanned because at that point it's somebody elses computer and they have every right to play the role of gatekeeper, like it or not. Now in this particular event, nobody wants to see CSAM (Child Sexual Abuse Material) proliferate, but the process used to construct the aforementioned list, flag the results and inform the authorities here is amazingly opaque. There is virtually zero accountability in any of it. The appeal process is meaningless as it only becomes available after Apple reports you to the authorities.

As an iOS user the only three things you can do to avoid this functionality is to either turn off iCloud photo functionality entirely, not upgrade to iOS 15 or switch to a different smart phone platform. You have no other options. Whereas if this happened in an open source Linux distribution, users would have plenty of options on how to grapple with it.

In any event, I will not be switching to an iPhone ever. This incident has also opened my eyes to the fact that despite an ever growing wave of lust regarding Apple's M1 processors, purchasing a general purpose computing device with an M1 processor would be a mistake as it will always be tied to Apple's software stack and whatever poor design decisions they happen to have made along the way. Thankfully this incident doesn't really effect my use of AppleTV devices as they are exclusively used to consume the content provided by other parties. There is no personal data of mine to be scanned, exploited and used against me in either a legitimate or illegitimate context there.

To those of you out there still using an iOS device, I strongly encourage you all to consider other options. Apple has definitively shown us that they do not deserve the level of trust that they have been claiming they were worthy of for years on end now. While they may ultimately be less skeevy than Google (which isn't saying much), I for one would rather keep slumming it in the world of DeGoogled Android than subject myself to this kind of unappealable insanity.

[Top] [Rss] [Email]