Reporting is country specific and US only yes, but the profiles are delivered baked into the OS. I suspect this is so that pedophiles can't buy a phone mail order from Canada and bypass the system.
I think the profiles will need to be country specific too. What counts as CSAM in some places doesnt in others (here in the UK we have a ban on cartoons but bath pics are allowed for instance).
This is something Apple have been pressed on a lot. So far (I'd be happy to be corrected) they've only said "whatever local law permits". That sounds ok, till you realise Saudi will want gays reported and China wont like any Winnie the Pooh pics...
China already operates their own iCud storage so this is irrelevant to them.
Apple doesn't have any iCloud data centres in Saudi, so Saudi can't pass laws about what is or isn't stored in them.
Look, the way this works and how it's implemented matters. It's stunning to me how many people are thoroughly confused and jump to unwarranted conclusions about how this actually works and what that means.
I dont think your saudi or china points grasp the nature of this tech. This is about checking what users have on their devices BEFORE it is uploaded to icloud.
So both China and the Saudis (any plenty of other governments) will be very interested as right now, it takes a lot more effort for them to access phone contents (there certainly aren't mass surveillance programs like this for handsets).
I weirdly agree with your last paragraph, but i think we disagree about the details. I can't find any evidence for your assessment that this can only be used against 1 (US) set of image hashes. Or that shitty regimes won't be allowed to abuse it.
If Apple came out and proved that, i might not be happy but my worst fears would be gone. Their silence is sort of deafening at this point...
