Comment by JoshTriplett

Comment by JoshTriplett 2 days ago

10 replies

View on Hacker News

Good riddance to a system that would have provided precedent for client-side scanning for arbitrary other things, as well as likely false positives.

> I wanted there to be a reasonable debate on it

I'm reminded of a recent hit-piece about Chat Control, in which one of the proponent politicians was quoted as complaining about not having a debate. They didn't actually want a debate, they wanted to not get backlash. They would never have changed their minds, so there's no grounds for a debate.

We need to just keep making it clear the answer is "no", and hopefully strengthen that to "no, and perhaps the massive smoking crater that used to be your political career will serve as a warning to the next person who tries".

btown 2 days ago

This. No matter how cool the engineering might have been, from the perspective of what surveillance policies it would have (and very possibly did) inspire/set precedent for… Apple was very much creating the Torment Nexus from “Don’t Create the Torment Nexus.”

Reply View 5 replies
  • JimDabell 2 days ago

    > from the perspective of what surveillance policies it would have (and very possibly did) inspire/set precedent for…

    I can’t think of a single thing that’s come along since that is even remotely similar. What are you thinking of?

    I think it’s actually a horrible system to implement if you want to spy on people. That’s the point of it! If you wanted to spy on people, there are already loads of systems that exist which don’t intentionally make it difficult to do so. Why would you not use one of those models instead? Why would you take inspiration from this one in particular?

    Reply View 4 replies
    • btown 2 days ago

      The problem isn’t the system as implemented; the problem is the very assertion “it is possible to preserve the privacy your constituents want, while running code at scale that can detect Bad Things in every message.”

      Once that idea appears, it allows every lobbyist and insider to say “mandate this, we’ll do something like what Apple did but for other types of Bad People” and all of a sudden you have regulations that force messaging systems to make this possible in the name of Freedom.

      Remember: if a model can detect CSAM at scale, it can also detect anyone who possesses any politically sensitive image. There are many in politics for whom that level of control is the actual goal.

      Reply View 1 reply
      • JimDabell 2 days ago

        > The problem isn’t the system as implemented

        Great!

        > the problem is the very assertion “it is possible to preserve the privacy your constituents want, while running code at scale that can detect Bad Things in every message.”

        Apple never made that assertion, and the system they designed is incapable of doing that.

        > if a model can detect CSAM at scale, it can also detect anyone who possesses any politically sensitive image.

        Apple’s system cannot do that. If you change parts of it, sure. But the system they proposed cannot.

        To reiterate what I said earlier:

        > The vast majority of the debate was dominated by how people imagined it worked, which was very different to how it actually worked.

        So far, you are saying that you don’t have a problem with the system Apple designed, and you do have a problem with some other design that Apple didn’t propose, that is significantly different in multiple ways.

        Also, what do you mean by “model”? When I used the word “model” it was in the context of using another system as a model. You seem to be using it in the AI sense. You know that’s not how it worked, right?

        Reply View 0 replies
    • JoshTriplett 2 days ago

      > I can’t think of a single thing that’s come along since that is even remotely similar. What are you thinking of?

      Chat Control, and other proposals that advocate backdooring individual client systems.

      Clients should serve the user.

      Reply View 1 reply
      • JimDabell 2 days ago

        > Chat Control, and other proposals that advocate backdooring individual client systems.

        Chat Control is older than Apple’s CSAM scanning and is very different from it.

        > Clients should serve the user.

        Apple’s system only scanned things that were uploaded to iCloud.

        You missed the most important part of my comment:

        > I think it’s actually a horrible system to implement if you want to spy on people. That’s the point of it! If you wanted to spy on people, there are already loads of systems that exist which don’t intentionally make it difficult to do so. Why would you not use one of those models instead? Why would you take inspiration from this one in particular?

        Reply View 0 replies
JimDabell 2 days ago

I don’t think you can accurately describe it as client-side scanning and false positives were not likely. Depending upon how you view it, false positives were either extremely unlikely, or 100% guaranteed for practically everybody. And if you think the latter part is a problem, please read up on it!

> I'm reminded of a recent hit-piece about Chat Control, in which one of the proponent politicians was quoted as complaining about not having a debate. They didn't actually want a debate, they wanted to not get backlash. They would never have changed their minds, so there's no grounds for a debate.

Right, well I wanted a debate. And Apple changed their minds. So how is it reminding you of that? Neither of those things apply here.

Reply View 3 replies
  • mixmastamyk 2 days ago

    Forgot about the concept of bugs have we? How about making Apple vulnerable to demands from every government where they do business?

    No thanks. I'll take a hammer to any device in my vicinity that implements police scanning.

    Reply View 2 replies
    • JimDabell 2 days ago

      > Forgot about the concept of bugs have we?

      No, but I have a hard time imagining a bug that would meaningfully compromise this kind of system. Can you give an example?

      > How about making Apple vulnerable to demands from every government where they do business?

      They already are. So are Google, Meta, Microsoft, and all the other giants we all use. And all those other companies are already scanning your stuff. Meta made two million reports in 2024Q4 alone.

      Reply View 1 reply
      • mixmastamyk 2 days ago

        Imagine harder. Apple has had several high profile security bugs in the last few years, and their OS is decried here as a buggy mess every release. QA teams went out of fashion.

        The onus is on you to prove perfection before ruining lives on hardware they paid for.

        100x worse on the vulnerability front, as the tech could be bent to any whim. Importantly, none of what you described is client-side scanning. Even I consider abiding rules on others’ property fair.

        Reply View 0 replies