This is the correct response. Either everyone has protection or no one has. Not that I’d trust apple anyway but by pulling the service your average person is likely to make some noise because they can feel the effect.
I think this is correct response not just in case of morality, but in case of technology. How can you guaranty privacy of a call if the recipient is from UK?
iMessage isn’t a big loss in the UK. FaceTime would be.
WhatsApp pulling out of the UK would have the biggest impact. Almost everyone uses it here.
Can confirm, it had swipe to reply for a while now, it’s coming to iMessage in next iOS… The only thing that annoys me about WhatsApp is the high picture compression resulting in low quality images.
If you need to send uncompressed images send it as a “document” rather than an image. You won’t get the preview but it’ll be the same file as on your phone.
Same is true for telegram
I’m not even an Apple user but somehow I still feel like Apple is one of the very last companies where privacy and the security of your data is more worth than a dime.
Nope, Apple sells your data just as much as Google does: https://www.insiderintelligence.com/content/apple-ad-revenues-skyrocket-amid-its-privacy-changes https://www.vox.com/recode/2022/12/22/23513061/apple-iphone-app-store-ads-privacy-antitrust#luMMel
While people noticed their new policies against 3rd party apps, that masked the fact that those policies carved out an exception for first party apps, meaning they collect (anonymous) data on you through Health, Journal, Music, etc. just like every other company. “Trusting them more” is simply a result of you and everyone else getting hit with their privacy ads recently.
Edit: “just like every other company” meant Google and Microsoft, i.e. the other big equivalent tech companies, my fault for not being specific.
While I’m all for calling out companies for abusing your privacy, your own links show that they don’t collect as much data as google. They could (and should) be better though.
Nope apple is literally worse than hitler, spez, and elon musk confirmed. Tim apple fucked my wife in front of me.
You lucky sonofabitch. You got to witness the ol Apple Pie with your own two eyes.
As much as Google? Likely not. Does their carefully curated pro-privacy image actually match their practices? Also likely not.
deleted by creator
Other than their asinine charging cable/accessory situations I consistently find myself agreeing with Apple pretty much any time any government body or group is mad they won’t do something.
They’re generally on the wrong side of the battle for right to repair and removable batteries too.
But yeah, privacy they almost always have the right of it.
Requiring usb c was something I agreed with. But indeed many times apple has rightly fought for their userbase.
how do you reckon?
only time they have been on the consumer’s side was with regards to privacy, refusing to comply with the FBI and now this.
everything else they are pretty anti-consumer, off the top of my head
- first to remove jack 3.5 (even though I don’t really care about this, others do.)
- sticking to shitty lightning cable so they can sell overpriced cables
- the charger thing with the EU
- worst of all entirely against right to repair
deleted by creator
To be fair, those first three points fall squarely under that “charging cable/accessory situations” exception. With Apple, it turns out that’s a pretty broad exception.
deleted by creator
Bluetooth provides another vector of attack for the convenience. There is already quite a list of known vulnerabilities. Yes, many of these get patched but as the open standard evolves, so do the hackers. You could turn it off entirely, plug in a cable & forget all that if all you wanted to do was use audio/video.
Absolutely
like I said, I personally don’t care, but it’s a nice port, pretty ubiquitous and it’s nice to have choice for customers.
Remember how everyone kicked up a giant stink about apple adding “on device CSAM scanning when uploading photos to iCloud”?
They did that precisely because it would allow them to search for CSAM without giving up any privacy. As I said back when all that rage was happening, if apple don’t get to implement it this way you can be damn sure that the government is going to force them to implement CSAM scanning in a much more privacy-destroying way, and well here we are.
CSAM without giving up any privacy.
Hmmmm funny because security researchers said the opposite, I kinda believe them more?
Who said it was givening up privacy. The worst I heard is slippery slope of they donthis they might ad more to it later. And how was it privacy compromising?
And how was it privacy compromising?
-
Anything could be added to the hashes with the user having no way to know what’s being searched for beyond “trust us”. This could be partially alleviated if, for example, the hash had to be signed by organizations in a combination of states that’d make it difficult to push through hashes for anything other actual CSAM (so not just Five Eyes)
-
Adversarial examples to intentionally set off the filter were demonstrated to be possible. Apple made it clear that there are types of content they’d be legally obligated to report once they became aware of, and it’d be well within a government agency’s capabilities to honeypot, say initially, terrorist recruitment material
-
Coincidental false positives are also entirely possible (ImageNet had some naturally occuring clashes) and can result in their employees seeing your sensitive photographs
-
The user’s device acting against the user cements other user-hostile and privacy-hostile behavior. “People could circumvent the CSAM scan” would be given as another reason against right to repair and ability to see/modify the software your own device is running
-
Tech companies erode privacy by flip-flopping between “sure we’re giving ourselves abusable power, but we’ll stand up to governments pressuring us to expand this” and then “well what were we supposed to do, leave the market?” when they inevitably concede
What’s anything? They are not looking for any CSAM pictures they are looking for specific ones that are in a database. Its not like they can create a hash for a guy letting his dog on a horse and find all those pictures.
they are looking for specific ones that are in a database
They could be looking for any images without your knowing - there’s no guarantee that those images came from a CSAM database.
Its not like they can create a hash for a guy letting his dog on a horse
They could trivially create a hash for a picture of a guy letting his dog on a horse (which would also include other very similar images).
I didn’t necessarily mean to claim that they can scan for a concept lacking a fixed image, if that’s what you’re saying. That would theoretically be possible with enough hashes, but impractical.
-
How did they say it’s giving up privacy?
CSAM, as defined by apple, SPOILER that could be anything, including, and I could rattle off names, anything that threatens the government or those who got their tendrils into it, if we, For example have authoritarians change us to be facist, or re-introduce slavery or segrogation. A mere picture of your bedroom or face could have a somthing in it that allows you to be put into a cohort for later use (legal or not)
No, that’s not at all what it was defined as or what it could be. CSAM is Child Sex Abuse Material. It wasn’t going to be memes of winny the pooh like people argued.
That’s also not how CSAM matching works. It simply compares hashes of images. If you take a photo of you in your bedroom with a sign saying “fuck the government” it will not match any CSAM database hashes no matter how authoritarian or fascist the government is, because they don’t have that same photo in their CSAM databases.
You’re doing what the outraged did back then and thinking CSAM scanning is some sort of AI powered image recognition that scans images for specific things. It’s not that at all. It is a database of known CSAM images that have been hashed and that have been confirmed by multiple different governments (multiple different ones so one government can’t just put an image of their president that they don’t like in theirs and then find out who has uploaded that photo. If it only appears in one government CSAM database it will not be checked). It takes your photo, hashes it, and then checks to see if that hash is in the CSAM database. It won’t be, ever.
You know what will be in there and matched? If you download child porn that is already out there on the web.
You’re naive if you think that is all it will ever be, and that there will never be scope creep, especially malicious scope creep that turns into overreach
Anything scanning messages or media on my device is an absolute NO if I don’t control it.
You did control it though. It only scanned what you were uploading to iCloud, and only during the upload process.
If you turned off iCloud upload it never scanned anything.
so basically apple doesn’t want government spyware on their phones
Exactly! Apple wants to make sure the personal data they hand out is directly from them.
There’s legitimate criticism to be made for Apple, but this is something I really appreciate about them.
Walled garden aside, I think they do care about privacy and security.
It’s their brand. And I’m glad it is. It’s something Samsung can’t copy (I presume because of the Google backbone) or attack.
(Written on a Samsung phone btw.)
Edit. I should probably add why it’s good even when I’m not in their ecosystem. It raises the bar for competition and shows that privacy adds value.
Yup. They have had issues (think CSAM scandal), but they’re slowly earning back my trust. I’m still a bit wary, but for big tech they have a pretty good track record.
They have had issues (think CSAM scandal)
People like you that think that was a “scandal” are half the problem though.
What they were doing with the on-device CSAM scanning as part of the upload to iCloud only was actually good for your privacy. It enabled them to comply with any current and future CSAM laws while protecting your privacy by doing the scanning on your device. It meant that they could then add E2E encryption to iCloud (and then iMessage as well) while still complying with CSAM laws. The alternative - and what everyone else does including google, microsoft, imgur, dropbox, etc - is doing the CSAM scanning in the cloud after you’ve uploaded it completely insecurely, requiring the data to be stored unencrypted and visible to those companies (and the government).
Doing it on device should have been applauded, but it was attacked by people that didn’t understand how it’s actually better for them. There was so much misinformation thrown around - that it would scan all of your photos and files as soon as they were created and then instantly report to the police if you took a photo of your infant in the bath, for example, or that it would be used by governments to identify people who have memes saved that they don’t like, which is absurd because that’s not how the CSAM databases work.
Apples proposed CSAM scanning was literally the best for privacy in the entire industry, and people created such an outrage over it that they basically went “oh well, we’ll just do what everyone else is doing which is far more insecure and worse for privacy” and everyone congratulated themselves lol
You make a good point. I guess the outrage was more about scanning at all, though I suppose that’s not on Apple.
The incumbent government is circling the drain and are, it seems, determined to leave a trail of destruction and burned bridges for their successors to repair.
That is how conservative parties work, yes.
No offence but isn’t a very similar policy about banning end-to-end encryption also in talk in the EU
Absolutely don’t agree with it, will be the beginning of the end for privacy but this is more of a European wide (and even world wide) push for a close to e2e encryption
GDPR is basically encrypt your shit and you’ll be fine. If they are seriously considering banning encryption the IT sector might as well shut up shop and run for the hills.
It’s so bad the UK politicians actually use non MDM unmanaged devices so they can install whichever app they see fit. Tiktok you name it.
We won a physical war via encryption and we’ll lose a digital one without it.
I do seem to recall that some countries petitioned a weakening of e2ee. Some other countries through were firmly against it, so it seems it has lead to nowhere. For sure something to be aware of.
Then they can point how useless the government is and get back in power
There are a lot of things to hate about Apple, but this I can get behind. Get people using 3rd party messaging apps too! Preferably ones with e2e encryption.
Plenty of people in the UK/Europe use third party apps already, iMessage is certainly less of a big deal than it is in the US.
Don’t forget canada. So many people here use imessage or whatsapp
For sure. I live in Asia, and the Green vs Blue bubble thing that probably only exists in the US is just so mind boggling to me.
I live in germany and I don’t know a single person that uses SMS or iMessage. Almost everyone here uses WhatsApp.
WhatsApp isn’t much better. It’s owned by Meta afterall!
i can recommend signal
Element is on the App Store
God damn bullshit always “for children and terrorists”
I hate how people turn a blind eye to these things nowadays. They’re willing to give away their personal lives at the expense of the shittiest excuses out there. Privacy should be a necessity, ffs.
Why don’t they just actually give their actual reason: to spy on UK citizens.
To use children and criminals as a scapegoat for this attrocity is disgusting.
“protect the public from criminals, child sex abusers and terrorists”
Aren’t two of those just subsets of the first one?
What a curious pair of emotionally manipulative examples to choose, when it adds absolutely no extra meaning to the Home Office’s statement.
i would assume they mean ‘criminals, especially…’, but classic tHiNk oF tHe ChiLdReN argument
Signal and WhatsApp have also said they’d likely leave the UK market if this bill is passed as it currently is.
Signal should still work there if people want to use it, and they don’t block it with a Great British Firewall.
Hadrian’s firewall
It’s not so much a matter of whether the service would work or not but whether the corporate directors would be exposed to criminal liability for continuing to provide such services without OFCOM being able to “understand” the encrypted messages: see 99(4) of the Bill
Don’t you know anything, Brits? Apple only strips security features for the Chinese government, you fools!
Haha yeah too right. UK government isn’t authoritarian enough for apple to listen to
No, the UK just doesn’t have enough population to bargain with.
it has more to do with where their factories are located. Hard to negotiate with the people who control the very land and people you utilize to build your hardware
Not saying that justifies it, just think we should be accurate with our outrage
They could have factories in China and not sell phones there. There are also other places to build factories. They just might have to trim back their 42% profit margin. It’s still a willingness to abandon principles for a price, isn’t it?
Yeah I agree that the CCP have more leverage due to the factories, aa well as the larger user base.
Just like to point out apple aren’t some altruistic organisation, they are a corporation out to make money, and that the CCP suck.
Also, I profoundly disagree with the legislation this thread was originally about.
I think it’s more that they know they don’t have any negotiating power in China. China doesn’t care if they have iMessage, but the UK and the british people do.
Chinese have wechat
I mean, they didn’t cave to Russia either. Apple just has principles until there’s enough cash on the table. Then they claim to “always abide by local laws” wherever they operate.
Yeah you are right there, just being too smart mouthed I guess
Nah you were appropriately smart mouthed. The problem was my clumsy post intro.
Oh, they are authoritarian enough. They just aren’t powerful enough.
Want to know what it looks like to go power crazy with no power, then go look at the Tories.
I respectfully disagree with this statement
Take it from me, the British state is just too paralysed by corporate capture and broke to offer any pushback against corporations. They can’t even afford to run a properly equipped and staffed police state, let alone enforce any legal proclamations they make against Apple.
It’s this publicly known, or just assumed because China blocks everything they can’t read?
I assume that Apple gives the Chinese government access somehow, but I’ve never read details.
Apple proactively aids in censorship and stores all customer data, including encryption keys, on servers controlled by the Chinese government. They’ve also excluded security features from China and crippled existing features to aid government repression.
Thanks for the links. Unfortunately, that NYT article does not make a single mention of iMessage or end-to-end encryption.
Last I checked, iMessage still works in China. I find it implausible that China would allow this without access. If there’s a mechanism for that, I’d like to know what it is and how far it extends. The fact that Apple doesn’t admit that there’s a difference in iMessage’s security in China makes me wonder whether it is compromised globally.
I don’t think there’s any evidence of a global compromise but I think you’re right that China wouldn’t allow access if it didn’t ultimately control it.
I couldn’t find anything specific about iMessage but the keys are backed up to iCloud – and we know that’s compromised. I can’t imagine them leaving users the option to just not back up to iCloud to avoid surveillance, but I haven’t seen any specifics. Best to assume that under no circumstances do you ever have privacy from the gov’t in China or even when messaging someone in China.
I once had a conversation under NDA (which has expired since) with an engineer at Apple who was working on iCloud infrastructure, and he was telling me that his team was a bit shocked to read that Dropbox was releasing apps for photos at the time “because they’ve noticed that most of the files users are uploading to Dropbox are photos”. He was like: how do they know that exactly? His team had no idea and couldn’t possibly find out if the encrypted files they were storing were photos, sounds, videos, texts, whatever. That’s what encryption is for, only the client side (the devices) is supposed to know what’s up.
Not having that information meant a direct loss of business insights and value for Apple, since Dropbox had it and leveraged it. But it turns out Apple doesn’t joke around about security/privacy.
What?
https://support.apple.com/en-us/HT202303
Under Standard Data Protection photos, general drive storage and device back up are not end-to-end encrypted. Meaning that Apple has full access to reading and analyzing them.
Under Advanced Data Protection which is an opt-in feature available since iOS 16.2, you can have those files end-to-end encrypted.
End-to-end encryption makes the user responsible for keeping an encryption key safe, irreversibly losing their data if they lose the key. It’s not practical for the general population. I would guess its use is in low single digit percent of apple customers.
And this feature came out in December 2022. A bit over half a year ago. Unless your friend’s NDA was super short, I presume the conversation took place before it was released. Either your friend was bullshitting you under an NDA or he’s an idiot.
Could be the engineer didn’t have permission to see file details. They could still be readable by higher-ups, but not to the general engineer. This is how it should work, if e2ee is not used. If Dropbox allowed everyone who worked on their server to read files… that’s a huge invasion of privacy.
Makes no sense though. As if the engineer is the one deciding which apps are built. He’s just saying things he thinks he sees.
Oh that’s interesting!
Yeah, that conversation is much, much older, pretty close to the very start of iCloud file storage. I’m guessing either things changed since and they used to be end-to-end encrypted, or more likely, what the friend was complaining about is his iCloud infrastructure team didn’t have access to the keys stored by another team, and reverse. So basically, Apple could technically decrypt those files, but they don’t by policy, enforced by org-chart-driven security.
Now excuse me while I go change a setting in my iCloud account… 😳
Really proves that Apple users believe Apple is perfect and they are protected, even when there’s official documentation stating otherwise. It’s baffling how many Apple users think they are fully anonymous and protected and not tracked. Apple is brainwashing you well.
I’m an apple user. I don’t think these things. I have a plethora of apple devices. I also have a few chromebooks, a high-end desktop I built for gaming and developing.
We as people really need to stop generalizing and insulting {X group of people who are not me}. I mean, you don’t like apple. That’s totally fine! Use whatever pleases you. That doesn’t bother me at all. But stop calling me brainwashed for enjoying an ecosystem that makes my life and day-to-day easier and more enjoyable.
People like to think of themselves as superior to the other group. But we are all individuals with our own preferences and life experiences. I had a google g1. I’ve had multiple android phones. Admittedly, they were all during android’s Wild West days where I barely got any major os updates and half of them failed within a year.
What I’m saying (and I know this is a reply to you, but this has been frustrating me with a LOT of things, not just “Apple users”) is that we should try to put things in perspective before insulting an entire group of people that we don’t even know. That’s my two cents.
I don’t know anything about this, but the files may be encrypted blobs, but if they are mapped to the original filenames (as is the case with Dropbox) with suffix like jpg, etc, they could assume the type without decoding the file. Not saying there’s no difference between Dropbox and Apple, but I’m not sure people expected filenames to be encrypted back in the day (if even now).
Yeah, to be clear, what the friend was saying that day is that they don’t even have access to file names. For them it’s 100% mangled data.
I would definitely consider file names to be personal information, that I would expect to be encrypted. If I store a file named “Letter to IRS for 2020 violation.doc”, then suddenly you know something about me that I probably don’t want you to know.
This is the way.
This is the way.
Please no redditisms or else I will literally die of cringe o( ❛ᴗ❛ )o
This is more like internet culture tho?
I know I just find it to be such a manufactured corporate tagline that exists to be used in this way and it rubs me the wrong way
I can see what you mean, though I still find it just harmless humor
No fair enough it just rubs me the wrong way haha
Maybe you’re just bad at finding things. It’s a catch phrase from a superhero. Genius.
Lol I’m very aware
Then perish
So, something from pop culture is a redditism?
19.7 million UK iPhone users will care about this.
19.7 million iphone users will be forced to use a cross-platform messaging service.
GOOD
Until cross platform messaging is a good as iMessage and FaceTime from an iPhones user’s perspective it’s going to be bad.
I have only ever used an iPhone (ignore non-smart phones) and have been weaned entirely on Apples stock apps. Conversely almost everyone I communicate regularly with is also an iPhone users. I do use other platform for communicating with non-apple friends but the experience is significantly poorer.
I couldn’t say how many people existed within this almost exclusively Apple ecosystem but I would hazard a guess that there are a few.
Apple uses iMessage as a moat against people switching to Android. They intentionally degrade your experience for their benefit.
So you’re saying WhatsApp isn’t fucking horrible to use on Android?
Not in the UK.
Feel free to insert the equally stupidly large number of iPhone users for your particular geographic location.
Wut?
Jesus. Never mind.
Gatekeeping, another redditism. Perhaps you belong there after all?
Damnit I agree with both comments but I think the first part of your comment is the most lemmish
So, do I have to behave the way you like to be here? That’s nonsense.
Yes didn’t you get my handout?
No. Please upload to lemonparty[dot]com.
My tenets are:
- no one will post on lemmy.world without getting prior approval from me
- At a minimum every second comment should end in some sort of praise of me
- No posting on Thursdays
- You accidentally posted something I didn’t like? Tough shit your wife and family are now hostage
Please take care of my wife and kids. And don’t feed them after midnight
It’s from Star wars…
deleted by creator
The one good thing I can say about apple is that they at least push back against this kind of bullshit, even if they only do so for marketing.
The other side is that they’ll also push back against good stuff for the consumer since everything they do is completely out of self interest.
as is the way with all companies
Your gonna have to back up that sort of statement. I’m not an apple fanboy, but I take security and privacy seriously, and they seem to really be on the consumers side in that regard. Please inform me how they push back against “good stuff” for the consumer
Oh I don’t know, starting or popularising the trend of gluing the phone together, removing the 3.5mm jack, not adopting the standardised method for post-sms communication (rcs vs imessage) to name a few.
They are going to answer with some stupid reasoning like removing the 3.5mm jack.
But truly Apple stance on right-to-repair really is their only non-defendable stance. And this is coming from an Apple fanboy.
Removed by mod
Not objectively
Removed by mod
Don’t think you understand what objectively means.
Those proposals will never be made law and acted upon.
It’s infeasible nonsense to pander to the Daily Mail reading curtain-twitchers. They’ve had 13 years to try and do this. If they wanted to (and indeed if it was in any way possible), they’d have done it already.
It’ll be just “Vote for us and we’ll make your children safe from nonces and muzzies!” until the end of time.
Eh, I never thought the GOP would actually overturn abortion rights because it’s such an effective red herring to get their base to keep voting against their best interests, but here we are.
To be fair, I don’t think the GOP ever planned on it happening either. Their strategies aren’t forward thinking whatsoever and are actively fucking over future members of the GOP.
Removed by mod
We did, but it was pretty clear that they didn’t want to. It was a “shut the swivel eyed loons up” move and backfired in spectacular fashion.
The Prime Minister quit the next day, and the only person that looked pleased was Nigel Farage as he knew he’d never have to deal with it or be held accountable in any way.
The Tories will be annihilated at the next general election. Polling like 20-30% lower than Labour.
The Tories will be annihilated at the next general election.
And that’s when anti privacy bills will come through. Labour is hyper anti privacy for a long time.
While I agree that Brexit was a stupidity, I also firmly believe that EU in its current form is equally as stupid.
Brexit happened. How long was that simmering? Anything is possible. The country has proven that.
Ribbit
I’ll be damned if we’ll have to thank the UK for getting RCS normalized.
This has nothing to do with RCS from what I read on the article. It looks like the UK wants to be able to tell companies to disable security features such as End to End Encryption so that they can view the messages.
Isn’t WhatsApp super popular in the EU as a whole? Like to the point where EVERYONE uses it? What does the UK have to say about that? It’s apparently E2EE, right?
Curious why WhatsApp isn’t in trouble.
deleted by creator
deleted by creator
That would be better than iMessage or Whatsapp, but even better if we all moved to Simplex, or other secure and private messaging app.
Why don’t politicians just fuck off?
Nothing they ever do about anything leads to an improvement.
I agreed that they should definitely fuck off, but this will be pushed y the security services. A change of government won’t change the drive for this sort of bollocks.
“Oh but what about the criminals, terrorists and pedos?”
What about all the people that aren’t that who loose their privacy?
“Oh but what about the criminals, terrorists and pedos?”
What about the Windsors?
Sovereign immunity
I think I said them didn’t I, after terrorists?
The criminals, terrorists and pedos won’t by affected. They will just switch to non weakened encryption.
It’s always been about mass surveillance.
I mean, I hate politicians too but they did give us organizations like OSHA that protect us at work. Not all politicians are pieces of shit…but certainly MOST are.
“politicians never do anything good” is a myopic viewpoint that is completely understandable in the modern political climate, i think. which is unfortunate, because a political party that learned to harness that energy to actually become known for doing good could probably grow very quickly
That sounds like typical bOtH sIdEs bullshit.
Why can’t the UK govt simply rent their spyware from Israel, like everyone else?
