- 26 August, 2021 09:31
You can tell that Apple didn't quite get its announcement of CSAM scanning right because it's weeks later and we're still talking about it.
Writing for The New York Times' editorial board, Greg Bensinger says Apple's Illusion of Privacy Is Getting Harder to Sell (Tip o' the antlers to 5cat.)
The Macalope's going to give that headline a 6 out of 10 because while there's a point behind it, Apple's pitch is still pretty easy to sell because smartphone choices are not made in a vacuum, they're relative.
Also, you can't dance to that headline. Seriously, the Macalope tried for like 15 minutes.
(It's also possible the Macalope just can't dance, in which case he apologises.)
Despite Amnesty International and Forbidden Stories saying not to use the results of their research into Pegasus to make comparisons of the relative security of iOS devices and Android devices, the Macalope sees people are still doing just that.
Google's Android mobile software also has a voracious appetite for data but may be less vulnerable than the iPhone to broad attacks, such as the recently uncovered one affecting tens of thousands of phones reportedly targeted by NSO Group's Pegasus software. That's because Android runs on many different phone types, each with slightly different versions of the software…
The researchers said not to do this buuut these axes aren't going to grind themselves. If you don't recall, the researchers said the reason there are more iPhones in their report is that iOS provides better logging of Pegasus attacks than Android. Period.
There's also some weird construction in this editorial.
Apple also has access to text messages that it says are otherwise encrypted when they are backed up in iCloud, a workaround that's apparently necessary to aid law enforcement.
Messages are end-to-end encrypted during transmission. iCloud backups are not. If someone has a copy of your backup, which can be subpoenaed, they can read your messages. This isn't some super-secret back door. It's not even a workaround. It's the way it's always been. If you want to encrypt your backups, you can back up to a Mac or PC. John Gruber wonders if Apple's CSAM detection is a step toward encrypting iCloud backups and the Macalope hopes it is.
Much of Bensinger's chastising of Apple is valid, however. It's true that Apple does know a lot about you and it's disappointing that it takes a data for me but not for thee approach, particularly given its privacy sales pitch. But it's also true that it's better to have one company have that information than to have a lot of companies have it.
One writer at the Forbes contributor network and formulaic title generation machine that the Macalope won't bother to link to (tip o' the antlers to Nick) suggests that Apple CSAM scanning will cause people to flee iOS.
Uh, to where, exactly?
As Bensinger says:
One way to keep prying eyes off your data is to resist putting files into Apple's iCloud service, but that means potentially choosing another service, with its own privacy concerns.
That's the crux of the problem right there and a point that gets lost in the rush to shove Apple's ad copy in its face, however fun and probably fair that is to do. Unless you're going to ditch your smartphone and go back to a landline and fax all your pictures, switching from iOS to Android is not exactly going to solve your privacy problem. In fact, it's likely to make it worse. If you toss your iPhone on the ocean to make a statement by switching to Android, you might not be making the statement you think you are.
I'll show Burger King that heart disease is not for me!
[rolls up to McDonald's drive-through window]
I'll have ten Big Macs, please!
If you don't like Apple's CSAM scanning, it may not matter. As Ben Thompson noted (subscription):
…Apple's policy isn't the only one that matters: both the UK and the EU are moving forward on bills that mandate online service companies proactively look for and report CSAM.
Thompson also suggests Apple's move might be an attempt to protect end-to-end encryption, an end-to-end end run, if you will. And if you won't, the Macalope will understand.
Ultimately, the Macalope agrees with Bensinger's conclusions. Apple should implement Global Privacy Control in Safari (the Macalope already uses DuckDuckGo's privacy plugin). And if we're looking to for-profit companies to take care of our civil rights, we're looking in the wrong place.