* Posts by tubedogg

13 publicly visible posts • joined 11 Mar 2021

Just two die for: Apple reveals M1 Ultra chip in Mac Studio


Re: Mac Studio

RAM is part of the SoC package. It's not user-upgradeable. It's unlikely (potentially outside of the forthcoming Mac Pro, though that also seems doubtful) that Apple will ever have user-upgradable RAM in any of their M-chip series of devices. It's built to have unified RAM to increase performance.

Apple stalls CSAM auto-scan on devices after 'feedback' from everyone on Earth


"Of course government can force them to do it once they have this capability"

This is the weirdest part of this to me. Everybody is acting as though no government in the world had the power or the will to force Apple to do scanning, on-device or otherwise, of anything they wanted prior to this. Yes, the fact Apple has a system for it makes a demand simpler. (Not that this kind of a system is that hard to build if you aren't terribly worried about making it extraordinarily accurate.) But such a demand was never prevented by the simplicity of compliance. To claim otherwise is to ignore how Apple behaves in China, which is to say following local law ("demand") and giving up control. As I mentioned in another comment, they don't even control their own iCloud servers there. After threatening to leave the market, they ceded to Russia's demand to preinstall certain apps, which is not something that happens anywhere else (except maybe, again, China) to my knowledge.

"They don't actually answer the question."

Just because you think that in the end, they wouldn't be successful in refusing, doesn't mean they didn't answer the question. The question was "Could governments do this?" and the response was "No." They answered the question, even if you don't believe the answer.


NCMEC is a quasi-governmental organization in the US. You are correct they are technically a private nonprofit organization, but they are, for example, the only group allowed to legally possess CSAM in the US—meaning they have a specific carveout in federal law. They are very closely linked with the US federal government.

That was the source of the initial claims that there were Fourth Amendment implications to the scanning. Which to be clear, my understanding is there is absolutely no validity to those claims because of the way this would be structured. And if there were, the entire system of scanning and reporting CSAM that already exists would be unconstitutional, and it has survived for ~25 years already.


Re: Hey Apple!

"The only thing that might save you is an about face, adding security mechanisms to your products that make it impossible for you to ever try adding anything like this again, and *proving* it to the public."

How exactly do you propose that Apple create an OS that prevents them, the OS developer, through a mechanism they cannot break through, from making changes to it? Or more specifically, not even making changes, but from implementing a very specific feature?

I missed this bit the first time around and I have no idea how, because even setting the current debate aside, what you propose is impossible short of a device literally never contacting its maker…which seems like quite a bit of a problem for getting security updates, not to mention new feature updates.

"i.e. people have said to me 'I'm not buying any more Apple kit because of this.'"

As much as this whole spectacle surrounding this is absolutely absurd, this is actually good, because it proves my point. If you don't like what they're doing, move on. There is zero reason to make all these ridiculous claims along the way.


Re: Hey Apple!

"Pretty much since the beginning, Apples catch cry has been 'more private and secure than Android. You can trust us with your data.'"

So let's compare apples to apples (no pun intended). Google Photos' cloud storage scans uploaded photos for CSAM. Is that invasive of privacy? Apple's plan is to scan photos that are headed for iCloud Photo Library, the iOS equivalent of Google Photos' cloud storage, but to do it in such a way that they don't have the results of hashes unless it matches known CSAM. Is that invasive of privacy? More or less so than Google Photos' scanning?

"Now they have shown that not only can you not trust Apple, they consider the phone that you own, really belongs to Apple."

No, the server that the photo is being uploaded to belongs to Apple.

Let's use an analogy. If you were using a third-party photo upload app on iPhone and it had CSAM scanning built-in, would you be upset and claiming you couldn't trust the photo upload app? Would you be claiming that the photo upload app maker is seizing control of the phone that you own?

Apple has a photo upload app called Photos. They intend to scan for CSAM. How is that different?

"I'd rather use a non-US provider, like Proton, so I can easily encrypt my cloud-stored files."

There are plenty of US-based cloud storage providers through which you can store encrypted files, and plenty of non-US-based cloud storage providers through which you can store unencrypted files. None of which is terribly relevant to the current topic, because you can't use iCloud Photo Library with a provider other than Apple, you never have been able to, and it wasn't something that is in any changed by scanning for CSAM, whether on-device or otherwise.


Re: It may not be as specific as you think

"Rob shows that it isn't just hash lookups."

Apple has said from literally the beginning it isn't just hash lookups, because yes, obviously, if you hash two different things with the same algorithm, you're going to get different hashes. It's essentially hashing using AI for fuzziness—fuzzy meaning that a photo that has been cropped, turned grayscale, or had its resolution changed generates a hash that matches very closely or spot-on with the hash from another copy of the same photo that hasn't been altered.

No idea why you think this is some revelation this "Rob" guy is proclaiming to the world.


Re: Hey Apple!

"Because then I can decide not to upload things and they don't run their scanner."

If you have iCloud Photo Library (iCPL) turned on, photos get uploaded. If Apple did server-side scanning, you wouldn't have any more choice than you would have with on-device scanning, because iCPL uploads all photos, and always has.

Therefore, your choice is to use iCPL or not. Claiming that if Apple did server-side scanning you could choose to not upload things is simply not how iCPL has ever worked. (And conversely, if there are photos in something like WhatsApp that aren't stored in the system photo library, they wouldn't be subject to scanning [by Apple; they are absolutely scanned by Facebook/WhatsApp, and for far more nefarious purposes] in any event, so again the iCPL scanning being on-device has zero effect on the control you have over uploading something or not.)

"Or not buy any new equipment. If it's Apple doing it without any law, we have no control over it at all and moreover, no knowledge of how they're using it."

So if the government mandates it, you could choose to not buy any more equipment, but if Apple does this, you still are required to buy an iPhone? Your control is not buying the product. You said it yourself, but then go on to claim that somehow because it's Apple you can't do anything about it.

And do you honestly think if it was a government-mandated thing it wouldn't be completely classified as to how it works and what it does, even in countries with constitutional privacy systems? It would be far more of a mystery than it is right now, absolutely guaranteed.


Re: Hey Apple!

So just to be clear…Apple thus far has not enabled CSAM scanning on the server side, which how they've gotten away with that is unclear because it's a requirement under US federal law and probably elsewhere.

So you'd rather they go along with what every other cloud company already does and scan it on the server side without explicitly making users aware that's what's happening?

I get the implications of having an on-device scanner. It is absolutely not the privacy nightmare people are claiming, because there's no breach of privacy in scanning material you were uploading anyway. I do understand the possibility of a government requiring it to be adjusted to scan other things. But…

I also understand that if people are uploading all their photos to iCloud anyway (which is what's going on here), there's nothing stopping a government from requiring server-side scanning from any company, Apple included, for all these various nefarious purposes that people keep mentioning. Apple's not even allowed to run their own servers in China; neither is any other foreign company, to my knowledge. Beyond trying to promote local competition, why do you think that is?

Further, I understand that there was never anything stopping any government from handing Apple on-device scanning code and forcing them to adopt it for sales to continue in that area—or even just passing a law requiring that device makers do it themselves. The idea that literally the only thing preventing this has been Apple not developing on-device scanning is absolutely absurd. It's not like they invented the idea of it, nor are they even going about it in a particularly novel way as far as the matching goes.

There are problems with lots of things Apple does. The fact that people have seized upon this one (on-device scanning, not discussing iMessage AI recognition as that's a separate thing) as the end of them is mind-boggling to me.


#1 would almost certainly breach their reporting obligations under federal law for CSAM. Telling the phone to just not upload it means they have knowledge of its existence. (Not directly, but by building a system that knows what to look for and then flagging it to just not upload, they're intentionally preventing receiving material that would have to be reported, which is probably not kosher.)

#2 would, too, because if there's a match to the point where something is preventing the download, there is awareness of a URL ostensibly containing it.

Scam-baiting YouTube channel Tech Support Scams taken offline by tech support scam


Re: YouTube tech support?!

There is not tech support, per se (at least for their free products), but there certainly is a good size group of people at YouTube to keep large creators at least continuing to create, if not actually happy.

And while I think the creator was perhaps more gullible here than he might believe (youtube at creator-partners dot com email? contacting him via chat instead of email?), I don't think it's impossible to believe that a creator of his size would have someone from YouTube reach out to him. And if they're going to terminate his account for some reason, even more reason to believe they would initiate contact.

Microsoft is not calling you to fix a problem with your hard drive, but Google absolutely sends emails letting you know your account has been terminated, or there's a problem with your Play Store app that has to be fixed to avoid it being removed, and so forth.

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model


Re: Just goes to show

You are so right! That's why nobody should buy Intel or AMD processors, either, because of Spectre and Meltdown, obviously. I'm glad we're on the same page.

So what processors would you suggest, exactly?

Help wanted, work from anywhere ... except if you're located in Colorado


Re: Ah, the good old days...

Right and I'm sure there's nothing to do with the fact that the restaurants have a captive audience, too, and so can mostly charge whatever they want for their products. It's not just because of rent.

Huge if true: If you show people articles saying that Firefox is faster than Chrome, they'll believe it


Re: Interesting but....

They wouldn't be aiming at people who understand what network congestion is, though. Speed is both an objective measurement and a subjective feeling. And the same type of person who will kill a tab or navigate away from a website that doesn't load within the correct fraction of a second on mobile--there are studies showing that literally fractions of a second make a massive difference in user retention on mobile--is absolutely the same type of person who would decide to use a browser primarily or only based on speed, perceived or otherwise.

Speaking as someone who does understand what network congestion is, as well as the security and privacy trade-offs associated with using Chrome as my primary browser, it came as a surprise to me that this article says that most industry reviews of Firefox rate it about the same as Chrome, both because I have seen articles from sources I trust say otherwise, and every time I have put substantial time into giving Firefox another shot, I have come away feeling that it is dog slow. It's the same reason I can't use Safari as my daily browser on desktop, despite the fact I am a die-hard Mac guy. (There are other reasons for Safari, too, not the least of which is its mediocre extension support.)