> Develop CSS

No, do not. There is no reasonable privacy preserving manner in which you can do so. Spyware is fundamentally incompatible with privacy. I don't care how many god damn whitepapers they write about their novel perceptual hash cohort-based homomorphic 0-trust TPM scanner. It's still a rat.

As another poster said, it's not a choice of whether or not your content is scanned; it's a choice of where. If you upload pictures to the cloud—which is the only scenario in which Apple's scanning was stated to happen¹—then it's a choice between scanning on your device, which allows for the possibility of E2E encryption, or definitely no encryption and scanning on the server.

At present, Apple doesn't scan photos on the server, but all their competitors do, and I don't doubt for a second that they will eventually start scanning photos as well. The choice is not if, but how, and their client-side solution seems to me to be much more privacy-preserving than server-side scanning.

¹If you don't believe them, that's fine, but given that they have root control over the software running on your phone, your only choice is to either believe them or don't use their phones. Same goes for all other phones.

There are other options.

For example, a full e2e encryption system where only the user owns the keys and nothing is scanned.

This is already possible today with any general purpose computer.

Indeed, and you’re welcome to disable iCloud and use any of those systems, right?

See my peer reply to mdekkers.

> it's a choice between scanning on your device, which allows for the possibility of E2E encryption

No, it isn’t a choice at all. Your statement is factually incorrect, and presents a false situation. Apple has no obligation, legal or otherwise, to perform CSS. Nothing is stopping Apple from allowing E2EE right now.

While this is true in general, I think it's actually not true for Apple with respect to iPhotos (possibility of true end to end encryption), since they also make the photo processing software and the camera itself. The sensor data needs to be rendered to a file before it is even possible to encrypt it, so Apple could capture and scan that if they wanted to. You can't encrypt light waves before they hit the physical sensors.

Of course, the same is true of messaging. Apple owns the keyboard software and nothing stops them from putting a keylogger in to capture text before it ever hits the messaging app that encrypts it (and it pretty much needs to have one for predictive text to be possible).

They obviously can and arguably should choose to ignore the data streams before they hit the network clients and can be encrypted, but the capability will always be there.

I think part of the issue here is Apple owning all of the hardware, the OS, and the network client. People don't want to trust network clients, but you have no choice but to trust the OS and hardware vendors. If you don't trust them, your only option for guaranteed private communication is to not use computers. You either need to resort to the organized crime/terrorist model of using hand carry via couriers who credibly believe you'll kill them if they rat you out, or the military model of building your own communications devices.

I’m presuming that Apple wants to scan for CSAM, which I think they do. Personally, I’m also in favor of tightly-regulated scanning for CSAM.

The fact that they don’t support E2EE, despite their strong pro-privacy stance, supports my presumption. So it comes back to the same argument: presuming Apple is going to scan cloud images for CSAM (which, again, all other major provides already do, to my knowledge), then it’s just a question of how.

For someone like me, who believes scanning for CSAM is worthwhile, Apple’s solution is far superior and privacy-preserving compared to, say, Microsoft’s.

I think this argument really comes down to “no scanning at all” vs. “carefully applied scanning,” but that’s not how it’s framed by the people objecting. I think it’s because that’s an argument they’re not likely to win. And so, if they “win,” I think we’ll just end up with cheap and dumb server-side scanning, which would take a whole lot less effort and political trouble for Apple… and ironically, be much easier to subvert in the ways people against CSS worry about.

Looking forward to the day that people publicly argue for client-side scanning on NeuralinkOS for thought-crime.

You can already refer, at this stage, to pattern recognition for criminal tendency from physiognomy, "Active Phrenology 2.0".