Where’s the “Apple is the only tech giant that respects your privacy” crowd? Just because your data isn’t being publicly auctioned doesn’t mean they aren’t harvesting it and infringing on your privacy.
No one thinks Apple, or any other ecosystem for that matter, is completely private. It’s just far more private than Android. Primarily because Apple is not an advertising company.
I switched to iPhone from Android because I was tired of Google making changes to their security and APIs that were killing my macros I’d write for my phone. I was also tired of Google sending everything good to the graveyard. Finally, I hated that Google would promise features or support for x number of years and then pull the rug out from under me (although, lack of support was usually caused by the manufacturer)
Before spending $1000 on my iPhone, I told my wife that it was a good investment because of Apple’s proven history of supporting devices with 5 years of updates; so we agreed that I’d keep this iPhone as my daily driver for 5 years because of the exuberant cost.
Well, my wish came true and here we are. I’ve got a phone that doesn’t respect my privacy, doesn’t respect my settings, has a frustrating UI/UX, and has low compatibility with most of my existing infrastructure. I gotta admit, though, my experience is far more consistent now, but not in a good way.
I cannot imagine spending $1000 on a phone in general. And even more so, I cannot imagine spending $1000 on a phone I cannot even sideload something like Newpipe on.
Since you are seemingly wealthy enough for this - maybe Pixel with GrapheneOS would be a right fit for you? Pixels also have longer support now (although I still think it’s very short, so I’d likely have to switch to Lineage afterwards).
Very few people spend $1000 outright on a phone, you know that right? Every major mobile provider has some sort of installment plan for purchasing a new device. Apple offers one directly as well.
I mean, I agree with you? I wasn’t saying it’s a moral plan just explaining to the parent poster that people don’t need to be exorbitantly wealthy to “buy” a new device
I have used both iOS and Android for more than a decade. After every update on both systems I have to go through and delete/disable junk I don’t need/privacy issues.
The stock android pixel UI has gotten so full shit I have to use a launcher.
iOS’s UI is terrible to use with everything taking twice as long as it should. So many illogical hidden commands.
Everything has gotten randomly harder to get basic things done.
My win 10 business computer with classic shell will stop being supported the end of the year… Oh joy…
While I’m still struggling to find an appropriate replacement for my photo editing apps, I’m happy to report that support and usability for most popular Linux distros have improved to the point that I now find Linux not only more stable, but easier to navigate than Win 10 was even at its best.
The amount of noise associated with Windows, generally due to people answering questions about the wrong version of windows or the wrong application, searching for any help topics is like trying to run through mud. It’s literally quicker now to learn a totally new skill on Linux than to try to update your knowledge base on Windows.
Gimp has been alright for me and (I hate to admit it) Illustrator is unparalleled when it comes to intuitive vector design.
I love Photopea and was an early-adopter/small-donor, although I’ve mostly moved to Canva for my design needs.
No, I’m looking for a solution to Lightroom and Camera Raw. I’ve tried Darktable and Rawtherapee, but, especially in Rawtherapee, I find that I quickly destroy my raw images and end up with something somehow simultaneously washed out and with crushed blacks. I’m sure it’s primarily user-error, but on my deadlines, I haven’t had a chance to learn these new platforms.
I don’t believe that Win10 will die, due to the huge amount of users and companies. I think that it will be the same a with Win7, which survived several years it’s announced end.
There are still users which can’t even update to Win11 with a relative new computer (without tricks), not because the lack of sources, but because it’s specs don’t appear in the list made by M$ of supported specs, as in my case with a 3 years old Laptop, because my AMD Radeon 9425 don’t appears in this idiotic list, offering to buy a new PC to use Win11 🤬💩
The stock android pixel UI has gotten so full shit I have to use a launcher.
What? I use a stock Pixel Pro and there’s no fluff. It’s very vanilla, but does everything I need it to do without fuss. I was using Nova Launcher Pro, but they sold it to an advertising company a while ago, so I went back to the stock launcher.
Try disabling and removing the Google search bar. Can’t be done. Since Google search has gone down hill I never use it.
How about removing the the news feeds? You have to disable the Google app to get rid of it. If I want to read the news, I do a quick search. It’s not hard to do. I don’t need a news feed on my phone.
What about the stupid at a glance at the top of the home screen? It just takes up space for no benefit over the notification bar. It can’t be fully removed.
I also never us any voice assistant etc because it’s faster to type it in than repeat myself.
I currently have 19 apps on this phone disabled that I can’t uninstall… No fluff huh…
All of my apps are organized into folders and I am never more than one swipe and two taps away from opening the app I want. I don’t scroll, I don’t search, I know where everything is and have it opening in under a second.
It’s a pixel, you’re in c/Privacy for whatever reason, have you considered just putting GrapheneOS on it? All those annoyances go bye bye, you can have a full fat google alternate user and an approximately private main user…
Fair cop. Keep a weather eye out for better alternatives for the blockers, but as noted the full fat gOS play store and google services are pretty good, and the bootloader gets re-locked, might be worth trying it for a weekend to see how close you get, many people have good experiences, but it’s all down to cases.
That’s true about the search bar. I do actually use that to find and open apps though, so I hadn’t considered it fluff. I don’t use Google to search the web though. I forgot about the news feed because I don’t have it. I uninstalled the news app and a bunch of other crap I don’t need. Idk what At A Glance feature you’re talking about. I don’t think I have that. Overall you are right. There’s some initial fluff that I forgot about because I removed it years ago.
I tried the new iPhone 16 Pro. They should be ashamed of what they’ve created. If that’s their flagship phone, then I can’t even imagine how glitchy their base models are. It felt like a Fisher Price OS compared to Android. I returned it after two weeks. My several year old Pixel Pro can do more stuff more reliably than Apple’s brand new flagship device.
I have the 14 pro and my sister recently got the 16 base model. I don’t know why, but the pictures from her newer phone looked like a major leap backwards in quality. Also, the latest OS does feel like its features were written in crayon and that its waiting to kick off its training wheels. I can’t fully describe it: it’s not clunky or clumsy, it just feels like something is missing from the experience. I’ve never really felt this way from a phone version upgrade before.
There’s that, but it was really glitchy too. Siri only worked half the time. The subtitles would start and then stop after a couple sentences and need to be restarted constantly. There were a never ending stream of glitches. Text selection is still awful. It’s just not a good phone compared to the competition. I will say that it looked and felt nice though. The build quality of the actual hardware seemed good.
I heard that they were the first test-audience Apple used to test their new product, the IRope. Apple designed it to go around their user’s necks. The other end of the IRope is designed to attach to a proprietary cryptographic dongle to work called the Lynch-Key. Apple says it’s like a lynch-pin because it’s critical to the function the IRope.
Apple never did hear back from the test-audience. -I think this product will be a real winner!
It’s not data harvesting if it works as claimed. The data is sent encrypted and not decrypted by the remote system performing the analysis.
From the link:
Put simply: You take a photo; your Mac or iThing locally outlines what it thinks is a landmark or place of interest in the snap; it homomorphically encrypts a representation of that portion of the image in a way that can be analyzed without being decrypted; it sends the encrypted data to a remote server to do that analysis, so that the landmark can be identified from a big database of places; and it receives the suggested location again in encrypted form that it alone can decipher.
If it all works as claimed, and there are no side-channels or other leaks, Apple can’t see what’s in your photos, neither the image data nor the looked-up label.
It’s not data harvesting if it works as claimed. The data is sent encrypted and not decrypted by the remote system performing the analysis.
What if I don’t want Apple looking at my photos in any way, shape or form?’
I don’t want Apple exflitrating my photos.
I don’t want Apple planting their robotic minion on my device to process my photos.
I don’t want my OS doing stuff I didn’t tell it to do. Apple has no business analyzing any of my data.
Well they don’t. I don’t want to justify the opt-in by default but, again (cf my reply history) here they are precisely trying NOT to send anything usable to their own server. They are sending data that can’t be used by anything else but your phone. That’s the entire point of homomorphic encryption, even the server they are sent to do NOT see it as the original data. They can only do some kind of computations to it and they can’t “revert” back to the original.
If they don’t look at my data, they don’t even have to encrypt it.
If they don’t try to look at my data, they don’t need to wonder whether they should ask my permission.
I don’t want Apple or anybody else looking at my data, for any reason, is my point.
Yet I’ll still try to clarify the technical aspect because I find that genuinely interesting and actually positive. The point of homomorphic encryption is that they are NOT looking at your data. They are not encrypting data to decrypt them. An analogy would be that :
we are a dozen of friends around a table,
we each have 5 cards hidden from others,
we photocopy 1 card in secret
we shred the copied card, remove half of it, put it in a cup and write a random long number on that cup
we place that cup in a covered bowl
one of us randomly picked gets to pick a cup, count how many red shards are in it, write it back in the cup and writes adds the number to the total written on the bowl, we repeat that process until all cups are written on only once
once that’s done we each pick back our up without showing it to the others
Thanks to that process we know both something about our card (the number of red shards) and all other cards (total number of red shards on the bowl) without having actually revealed what our card is. We have done so without sharing our data (the uncut original card) and it’s not possible to know its content, even if somebody were to take all cups.
So… that’s roughly how homomorphic encryption works. It’s honestly fascinating and important IMHO, the same way that cryptography and its foundation, e.g. one way functions or computational complexity more broadly, are basically the basis for privacy online today.
You don’t have to agree with how Apple implemented but I’d argue understanding how it works and when it can be used is important.
Let me know if it makes sense, it’s the first time I tried to make an analogy for it.
PS: if someone working on HE has a better analogy or spot incorrect parts, please do share.
It makes sense, but you totally miss my point.
To go with your analogy, my point is:
I’m not interested in playing cards
That’s it.
I don’t care how fascinating the technology is and how clever Apple are: they are not welcome to implement it on my device. I didn’t invite them to setup a card game and I expect them not to break into my house to setup a table.
I wish, sadly that’s not how using non open source or open hardware devices work. You are running their software on their hardware with their limitations. It’s not a PC or SBC.
Edit: if we were to stick to the card game analogy, it’d be more like playing the card game in a hotel, in a room that you rented, rather than at home.
TLDR edit: I’m supporting the above comment - ie. i do not support apple’s actions in this case.
It’s definitely good for people to learn a bit about homomorphic computing, and let’s give some credit to apple for investing in this area of technology.
That said:
Encryption in the majority of cases doesn’t actually buy absolute privacy or security, it buys time - see NIST’s criteria of ≥30 years for AES. It will almost certainly be crackable <oneday> either by weakening or other advances… How many people are truly able to give genuine informed consent in that context?
Encrypting something doesn’t always work out as planned, see example:
“DON’T WORRY BRO, ITS TOTALLY SAFE, IT’S ENCRYPTED!!”
Yes Apple is surely capable enough to avoid simple, documented, mistakes such as above, but it’s also quite likely some mistake will be made. And we note, apple are also extremely likely capable of engineering leaks and concealing it or making it appear accidental (or even if truly accidental, leveraging it later on).
Whether they’d take the risk, whether their (un)official internal policy would support or reject that is ofc for the realm of speculation.
That they’d have the technical capability to do so isn’t at all unlikely. Same goes for a capable entity with access to apple infrastructure.
The fact they’ve chosen to act questionably regarding user’s ability to meaningfully consent, or even consent at all(!), suggests there may be some issues with assuming good faith on their part.
How hard is it to grasp that I don’t want Apple doing anything in my cellphone I didn’t explicitely consent to?
I don’t care what technology they develop, or whether they’re capable of applying it correctly: the point is, I don’t want it on my phone in the first place, anymore than I want them to setup camp in my living room to take notes on what I’m doing in my house.
My phone, my property, and Apple - or anybody else - is not welcome on my property.
Sorry for my poor phrasing, perhaps re-read my post? i’m entirely supporting your argument. Perhaps your main point aligns most with my #3? It could be argued they’ve already begun from a position of probable bad faith by taking this data from users in the first place.
What if I don’t want Apple looking at my photos in any way, shape or form?’
Then you don’t buy an iPhone. Didn’t they say a year or two ago that they’re going to scan every single picture using on-board processing to look for images and videos that could be child porn and anything suspicious would be flagged and sent to human review?
It’s not that simple. If I don’t want any of my photos scanned, I would have to avoid every iphone, ipad, and mac with this feature turned on, effectively meaning I can’t send a photo to anyone using an apple device.
Well, the other cloud services just did server side csam scan long before apple and they do it respecting your privacy less than apple.
Apple wanted to improve the process like EU wants it, so that no illegal data can be uploaded to apple’s servers making them responsible. That is why they wanted to scan on devices.
But any person who ever used spotlight in the last 4 years should have recognised how they find pictures with words. This is nothing new, apple photos is analysing photos with AI since a very long time.
So you take a pic, it’s analysed, the analysis is encrypted, encrypted data is sent to a server that can deconstruct encrypted data to match known elements in a database, and return a result, encrypted, back to you?
Doesn’t this sort of bypass the whole point of encryption in the first place?
Edit: Wow! Thanks everyone for the responses. I’ve found a new rabbit hole to explore!
Doesn’t this sort of bypass the whole point of encryption in the first place?
No, homomorphic encryption allows a 3rd party to perform operations on encrypted data without decrypting it. The resulting answer is in encrypted form and can only be decrypted by whoever has the key.
Extremely oversimplified example:
Say you have a service that converts dollar amounts to euros using the latest exchange rate. You send the amount in dollars, it multiplies by the exchange rate and then returns the euro amount.
Now, let’s assume the clients of this service do not want to disclose the amounts they are converting. What they could do is pick a large random number and multiply the amount by this number. The conversion service multiplies this by the exchange rate and returns the ridiculously large number back. Then you divide thet number by the random number you picked and you have converted dollars to euros without the service ever knowing the actual amount.
Of course the reality is much more complicated than that but the idea is the same: you can perform operations on data in its encrypted form and now know what the data is nor the decrypted result of the operation.
So homomorphic encryption means the server can compute on the data without actually knowing what’s in it. It’s counter-intuitive but better not think about it as encryption/decryption/encryption precisely because the data is NOT decrypted on the server. It’s sent there, computed on, then a result is sent back.
Wait, it’s called homomorphic encryption? All we’d have to do is tell MAGAs that Tim Apple just started using homomorphic encryption with all the iphones and the homophobic backlash would cause Apple to walk this back within a week.
It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.
I don’t think so, at least assuming the scheme isn’t actually broken… but then arguably that would also have far reaching consequence for encryption more broadly, depending on what scheme the implementation would be relying on.
The whole point is precisely that one can compute without “leaks”.
Why do I say “funnily enough” is because, just like with e.g. IMEC for chips, some of the foundation of modern technology, comes from the tiny and usually disregarded country of Belgium.
I’m not pretending to understand how homomorphic encryption works or how it fits into this system, but here’s something from the article.
With some server optimization metadata and the help of Apple’s private nearest neighbor search (PNNS), the relevant Apple server shard receives a homomorphically-encrypted embedding from the device, and performs the aforementioned encrypted computations on that data to find a landmark match from a database and return the result to the client device without providing identifying information to Apple nor its OHTTP partner Cloudflare.
There’s a more technical write up here. It appears the final match is happening on device, not on the server.
The client decrypts the reply to its PNNS query, which may contain multiple candidate landmarks. A specialized, lightweight on-device reranking model then predicts the best candidate by using high-level multimodal feature descriptors, including visual similarity scores; locally stored geo-signals; popularity; and index coverage of landmarks (to debias candidate overweighting). When the model has identified the match, the photo’s local metadata is updated with the landmark label, and the user can easily find the photo when searching their device for the landmark’s name.
That’s really cool (not the auto opt-in thing). If I understand correctly, that system looks like it offers pretty strong theoretical privacy guarantees (assuming their closed-source client software works as they say, with sending fake queries and all that for differential privacy). If the backend doesn’t work like they say, they could infer what landmark is in an image when finding the approximate minimum distance to embeddings in their DB, but with the fake queries they can’t be sure which one is real. They can’t see the actual image either way as long as the “128-bit post-quantum” encryption algorithm doesn’t have any vulnerabilies (and the closed source software works as described).
by using high-level multimodal feature descriptors, including visual similarity scores; locally stored geo-signals; popularity; and index coverage of landmarks (to debias candidate overweighting)
…and other sciencey-sounding technobabble that would make Geordi LaForge blush. Better reverse the polarity before the dilithium crystals fall out of alignment!
That’s the point. It’s a list of words that may or may not mean something and I can’t make an assessment on whether or not it’s bullshit. It’s coming from Apple, though, and it’s about privacy, which is not good for credibility.
Where’s the “Apple is the only tech giant that respects your privacy” crowd? Just because your data isn’t being publicly auctioned doesn’t mean they aren’t harvesting it and infringing on your privacy.
No one thinks Apple, or any other ecosystem for that matter, is completely private. It’s just far more private than Android. Primarily because Apple is not an advertising company.
I switched to iPhone from Android because I was tired of Google making changes to their security and APIs that were killing my macros I’d write for my phone. I was also tired of Google sending everything good to the graveyard. Finally, I hated that Google would promise features or support for x number of years and then pull the rug out from under me (although, lack of support was usually caused by the manufacturer)
Before spending $1000 on my iPhone, I told my wife that it was a good investment because of Apple’s proven history of supporting devices with 5 years of updates; so we agreed that I’d keep this iPhone as my daily driver for 5 years because of the exuberant cost.
Well, my wish came true and here we are. I’ve got a phone that doesn’t respect my privacy, doesn’t respect my settings, has a frustrating UI/UX, and has low compatibility with most of my existing infrastructure. I gotta admit, though, my experience is far more consistent now, but not in a good way.
I cannot imagine spending $1000 on a phone in general. And even more so, I cannot imagine spending $1000 on a phone I cannot even sideload something like Newpipe on.
Since you are seemingly wealthy enough for this - maybe Pixel with GrapheneOS would be a right fit for you? Pixels also have longer support now (although I still think it’s very short, so I’d likely have to switch to Lineage afterwards).
Wealthy? Look at flagship phone sales numbers every year. Broke ass people have expensive gadgets all the time. Get a life.
Very few people spend $1000 outright on a phone, you know that right? Every major mobile provider has some sort of installment plan for purchasing a new device. Apple offers one directly as well.
That’s still spending $1000 on a phone, even more if you pay interest.
Using fomo and marketinp to force people into debt for a phone. Definitely the moral and sensible choice.
I mean, I agree with you? I wasn’t saying it’s a moral plan just explaining to the parent poster that people don’t need to be exorbitantly wealthy to “buy” a new device
It’s just baked into your bill at that point.
I have used both iOS and Android for more than a decade. After every update on both systems I have to go through and delete/disable junk I don’t need/privacy issues.
The stock android pixel UI has gotten so full shit I have to use a launcher.
iOS’s UI is terrible to use with everything taking twice as long as it should. So many illogical hidden commands.
Everything has gotten randomly harder to get basic things done.
My win 10 business computer with classic shell will stop being supported the end of the year… Oh joy…
While I’m still struggling to find an appropriate replacement for my photo editing apps, I’m happy to report that support and usability for most popular Linux distros have improved to the point that I now find Linux not only more stable, but easier to navigate than Win 10 was even at its best.
The amount of noise associated with Windows, generally due to people answering questions about the wrong version of windows or the wrong application, searching for any help topics is like trying to run through mud. It’s literally quicker now to learn a totally new skill on Linux than to try to update your knowledge base on Windows.
Gimp and inkscape where great replacement for me (amateur)
But maybe this is something for you:
https://www.photopea.com//
Gimp has been alright for me and (I hate to admit it) Illustrator is unparalleled when it comes to intuitive vector design.
I love Photopea and was an early-adopter/small-donor, although I’ve mostly moved to Canva for my design needs.
No, I’m looking for a solution to Lightroom and Camera Raw. I’ve tried Darktable and Rawtherapee, but, especially in Rawtherapee, I find that I quickly destroy my raw images and end up with something somehow simultaneously washed out and with crushed blacks. I’m sure it’s primarily user-error, but on my deadlines, I haven’t had a chance to learn these new platforms.
Rip ufraw.
I don’t believe that Win10 will die, due to the huge amount of users and companies. I think that it will be the same a with Win7, which survived several years it’s announced end. There are still users which can’t even update to Win11 with a relative new computer (without tricks), not because the lack of sources, but because it’s specs don’t appear in the list made by M$ of supported specs, as in my case with a 3 years old Laptop, because my AMD Radeon 9425 don’t appears in this idiotic list, offering to buy a new PC to use Win11 🤬💩
What? I use a stock Pixel Pro and there’s no fluff. It’s very vanilla, but does everything I need it to do without fuss. I was using Nova Launcher Pro, but they sold it to an advertising company a while ago, so I went back to the stock launcher.
I am typing this on a pixel 8
Try disabling and removing the Google search bar. Can’t be done. Since Google search has gone down hill I never use it.
How about removing the the news feeds? You have to disable the Google app to get rid of it. If I want to read the news, I do a quick search. It’s not hard to do. I don’t need a news feed on my phone.
What about the stupid at a glance at the top of the home screen? It just takes up space for no benefit over the notification bar. It can’t be fully removed.
I also never us any voice assistant etc because it’s faster to type it in than repeat myself.
I currently have 19 apps on this phone disabled that I can’t uninstall… No fluff huh…
All of my apps are organized into folders and I am never more than one swipe and two taps away from opening the app I want. I don’t scroll, I don’t search, I know where everything is and have it opening in under a second.
It’s a pixel, you’re in c/Privacy for whatever reason, have you considered just putting GrapheneOS on it? All those annoyances go bye bye, you can have a full fat google alternate user and an approximately private main user…
I honestly would love to. Unfortunately my banking and accounting apps for my business won’t run on it.
Also the reason I have an iPad for two apps that are not on Android that I have to have for business.
M business laptop is W10 instead of Linux mint like my personal one for the same reason…
Fair cop. Keep a weather eye out for better alternatives for the blockers, but as noted the full fat gOS play store and google services are pretty good, and the bootloader gets re-locked, might be worth trying it for a weekend to see how close you get, many people have good experiences, but it’s all down to cases.
That’s true about the search bar. I do actually use that to find and open apps though, so I hadn’t considered it fluff. I don’t use Google to search the web though. I forgot about the news feed because I don’t have it. I uninstalled the news app and a bunch of other crap I don’t need. Idk what At A Glance feature you’re talking about. I don’t think I have that. Overall you are right. There’s some initial fluff that I forgot about because I removed it years ago.
I tried the new iPhone 16 Pro. They should be ashamed of what they’ve created. If that’s their flagship phone, then I can’t even imagine how glitchy their base models are. It felt like a Fisher Price OS compared to Android. I returned it after two weeks. My several year old Pixel Pro can do more stuff more reliably than Apple’s brand new flagship device.
I have the 14 pro and my sister recently got the 16 base model. I don’t know why, but the pictures from her newer phone looked like a major leap backwards in quality. Also, the latest OS does feel like its features were written in crayon and that its waiting to kick off its training wheels. I can’t fully describe it: it’s not clunky or clumsy, it just feels like something is missing from the experience. I’ve never really felt this way from a phone version upgrade before.
There’s that, but it was really glitchy too. Siri only worked half the time. The subtitles would start and then stop after a couple sentences and need to be restarted constantly. There were a never ending stream of glitches. Text selection is still awful. It’s just not a good phone compared to the competition. I will say that it looked and felt nice though. The build quality of the actual hardware seemed good.
That’s so funny, I found it so light that I was somewhat scared to touch it. Then again, I’ve been known to yell at clouds concerning my age.
Between this and Tim Cook’s generous personal donation to the Trump inauguration, those folks seem strangely silent.
Apple is always silent, because they know they have no justification for their bullshit.
Lemmy isn’t promoted by Apple
https://www.techpolicy.press/a-critical-look-at-apples-privacy-record/
I hate apple so goddamn much
I heard that they were the first test-audience Apple used to test their new product, the IRope. Apple designed it to go around their user’s necks. The other end of the IRope is designed to attach to a proprietary cryptographic dongle to work called the Lynch-Key. Apple says it’s like a lynch-pin because it’s critical to the function the IRope.
Apple never did hear back from the test-audience. -I think this product will be a real winner!
It’s not data harvesting if it works as claimed. The data is sent encrypted and not decrypted by the remote system performing the analysis.
From the link:
What if I don’t want Apple looking at my photos in any way, shape or form?’
I don’t want Apple exflitrating my photos.
I don’t want Apple planting their robotic minion on my device to process my photos.
I don’t want my OS doing stuff I didn’t tell it to do. Apple has no business analyzing any of my data.
Well they don’t. I don’t want to justify the opt-in by default but, again (cf my reply history) here they are precisely trying NOT to send anything usable to their own server. They are sending data that can’t be used by anything else but your phone. That’s the entire point of homomorphic encryption, even the server they are sent to do NOT see it as the original data. They can only do some kind of computations to it and they can’t “revert” back to the original.
If they don’t look at my data, they don’t even have to encrypt it.
If they don’t try to look at my data, they don’t need to wonder whether they should ask my permission.
I don’t want Apple or anybody else looking at my data, for any reason, is my point.
I agree on permission.
Yet I’ll still try to clarify the technical aspect because I find that genuinely interesting and actually positive. The point of homomorphic encryption is that they are NOT looking at your data. They are not encrypting data to decrypt them. An analogy would be that :
Thanks to that process we know both something about our card (the number of red shards) and all other cards (total number of red shards on the bowl) without having actually revealed what our card is. We have done so without sharing our data (the uncut original card) and it’s not possible to know its content, even if somebody were to take all cups.
So… that’s roughly how homomorphic encryption works. It’s honestly fascinating and important IMHO, the same way that cryptography and its foundation, e.g. one way functions or computational complexity more broadly, are basically the basis for privacy online today.
You don’t have to agree with how Apple implemented but I’d argue understanding how it works and when it can be used is important.
Let me know if it makes sense, it’s the first time I tried to make an analogy for it.
PS: if someone working on HE has a better analogy or spot incorrect parts, please do share.
It makes sense, but you totally miss my point. To go with your analogy, my point is:
That’s it.
I don’t care how fascinating the technology is and how clever Apple are: they are not welcome to implement it on my device. I didn’t invite them to setup a card game and I expect them not to break into my house to setup a table.
I wish, sadly that’s not how using non open source or open hardware devices work. You are running their software on their hardware with their limitations. It’s not a PC or SBC.
Edit: if we were to stick to the card game analogy, it’d be more like playing the card game in a hotel, in a room that you rented, rather than at home.
It’s funny how it feels like my money when I pay for the device at the cash register.
sdklf;gjkl;dsgjkl;dsgjkl;dsgsjkl;g
TLDR edit: I’m supporting the above comment - ie. i do not support apple’s actions in this case.
It’s definitely good for people to learn a bit about homomorphic computing, and let’s give some credit to apple for investing in this area of technology.
That said:
Encryption in the majority of cases doesn’t actually buy absolute privacy or security, it buys time - see NIST’s criteria of ≥30 years for AES. It will almost certainly be crackable <oneday> either by weakening or other advances… How many people are truly able to give genuine informed consent in that context?
Encrypting something doesn’t always work out as planned, see example:
“DON’T WORRY BRO, ITS TOTALLY SAFE, IT’S ENCRYPTED!!”
Source
Yes Apple is surely capable enough to avoid simple, documented, mistakes such as above, but it’s also quite likely some mistake will be made. And we note, apple are also extremely likely capable of engineering leaks and concealing it or making it appear accidental (or even if truly accidental, leveraging it later on).
Whether they’d take the risk, whether their (un)official internal policy would support or reject that is ofc for the realm of speculation.
That they’d have the technical capability to do so isn’t at all unlikely. Same goes for a capable entity with access to apple infrastructure.
How hard is it to grasp that I don’t want Apple doing anything in my cellphone I didn’t explicitely consent to?
I don’t care what technology they develop, or whether they’re capable of applying it correctly: the point is, I don’t want it on my phone in the first place, anymore than I want them to setup camp in my living room to take notes on what I’m doing in my house.
My phone, my property, and Apple - or anybody else - is not welcome on my property.
Sorry for my poor phrasing, perhaps re-read my post? i’m entirely supporting your argument. Perhaps your main point aligns most with my #3? It could be argued they’ve already begun from a position of probable bad faith by taking this data from users in the first place.
Oh yeah I kinda missed your last point. Sorry 🙂
Then you don’t buy an iPhone. Didn’t they say a year or two ago that they’re going to scan every single picture using on-board processing to look for images and videos that could be child porn and anything suspicious would be flagged and sent to human review?
It’s not that simple. If I don’t want any of my photos scanned, I would have to avoid every iphone, ipad, and mac with this feature turned on, effectively meaning I can’t send a photo to anyone using an apple device.
Correct.
Well, the other cloud services just did server side csam scan long before apple and they do it respecting your privacy less than apple.
Apple wanted to improve the process like EU wants it, so that no illegal data can be uploaded to apple’s servers making them responsible. That is why they wanted to scan on devices.
But any person who ever used spotlight in the last 4 years should have recognised how they find pictures with words. This is nothing new, apple photos is analysing photos with AI since a very long time.
“opt out” to looking at my data ✅
Narrator: It doesn’t.
Wait, what?
So you take a pic, it’s analysed, the analysis is encrypted, encrypted data is sent to a server that can deconstruct encrypted data to match known elements in a database, and return a result, encrypted, back to you?
Doesn’t this sort of bypass the whole point of encryption in the first place?
Edit: Wow! Thanks everyone for the responses. I’ve found a new rabbit hole to explore!
No, homomorphic encryption allows a 3rd party to perform operations on encrypted data without decrypting it. The resulting answer is in encrypted form and can only be decrypted by whoever has the key.
Extremely oversimplified example:
Say you have a service that converts dollar amounts to euros using the latest exchange rate. You send the amount in dollars, it multiplies by the exchange rate and then returns the euro amount.
Now, let’s assume the clients of this service do not want to disclose the amounts they are converting. What they could do is pick a large random number and multiply the amount by this number. The conversion service multiplies this by the exchange rate and returns the ridiculously large number back. Then you divide thet number by the random number you picked and you have converted dollars to euros without the service ever knowing the actual amount.
Of course the reality is much more complicated than that but the idea is the same: you can perform operations on data in its encrypted form and now know what the data is nor the decrypted result of the operation.
So homomorphic encryption means the server can compute on the data without actually knowing what’s in it. It’s counter-intuitive but better not think about it as encryption/decryption/encryption precisely because the data is NOT decrypted on the server. It’s sent there, computed on, then a result is sent back.
Wait, it’s called homomorphic encryption? All we’d have to do is tell MAGAs that Tim Apple just started using homomorphic encryption with all the iphones and the homophobic backlash would cause Apple to walk this back within a week.
I’m only half joking.
It might still be possible to compare ciphertexts and extract information from there, right? Welp I am not sure if the whole scheme is secure against related attacks.
I don’t think so, at least assuming the scheme isn’t actually broken… but then arguably that would also have far reaching consequence for encryption more broadly, depending on what scheme the implementation would be relying on.
The whole point is precisely that one can compute without “leaks”.
Edit: they are relying on Brakerski-Fan-Vercauteren (BFV) HE scheme, cf https://machinelearning.apple.com/research/homomorphic-encryption
IIRC, for this kind of guarantee, you need a CCA(Chosen-ciphertext attack)-security. I dunno if this scheme satisfies such a security.
Dunno either, funnily enough skimming through https://eprint.iacr.org/2012/144 I noticed authors are from KUL https://www.esat.kuleuven.be/
Why do I say “funnily enough” is because, just like with e.g. IMEC for chips, some of the foundation of modern technology, comes from the tiny and usually disregarded country of Belgium.
I’m not pretending to understand how homomorphic encryption works or how it fits into this system, but here’s something from the article.
There’s a more technical write up here. It appears the final match is happening on device, not on the server.
That’s really cool (not the auto opt-in thing). If I understand correctly, that system looks like it offers pretty strong theoretical privacy guarantees (assuming their closed-source client software works as they say, with sending fake queries and all that for differential privacy). If the backend doesn’t work like they say, they could infer what landmark is in an image when finding the approximate minimum distance to embeddings in their DB, but with the fake queries they can’t be sure which one is real. They can’t see the actual image either way as long as the “128-bit post-quantum” encryption algorithm doesn’t have any vulnerabilies (and the closed source software works as described).
…and other sciencey-sounding technobabble that would make Geordi LaForge blush. Better reverse the polarity before the dilithium crystals fall out of alignment!
Heh though that’s all legit right?
That’s the point. It’s a list of words that may or may not mean something and I can’t make an assessment on whether or not it’s bullshit. It’s coming from Apple, though, and it’s about privacy, which is not good for credibility.
I don’t know what a geo-signal is, but everything else listed there makes perfect sense given the context.
Maybe they “encrypt” it in jpg? XD
Oh they’re here, just seething about this and their precious green texts or whatever the fuck else false sense of security they’ve been clinging to
we are logical chad and they are emotional wojak amirite
If you’re an apple fanboy, you’ve got a lot of secret closet cries these days
Doubling down on emotional Wojak framing I see.
Right I’m the one here turning life into a shitty boring meme