I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.
Comments
Log in with your Bluesky account to leave a comment
AIUI they're using a combination of perceptual hashing, homomorphic encryption and OHTTP to make this privacy-preserving. However, Apple appears to be making the same missteps that Mozilla has when rolling things like this out: they assume that everyone trusts them.
For the average Apple customer this is the right choice. It gives them a new capability while preserving privacy using privacy preserving protocols. They let the paranoids disable it, but that is not their core customer.
When every technical expert in the world is learning about this because someone noticed surprising network traffic, that’s really bad! Even if the service turns out to be very privacy-preserving.
And what exactly are the privacy preserving protocols that prevent pictures of people’s private moments like childbirth and sex from being indexed along with pictures of landmarks and local restaurants? Genuine question because I couldn’t find the answer online
On the server, they have already created the index, and are making an encrypted query against it. If implemented correctly, Apple should have no information about what the original photo contained.
If the user doesn’t trust a hardware and software vendor, there are some bad news for all of these parties. But simply on the competition basis, why wouldn’t the user go for another vendor?
Yep, that’s really annoying! As an alternative photo and video management service, do check out @ente.io .. It’s FOSS, E2EE, has a good photo editor, and really good ML supported search tool for finding photos.
Goddammit. Literally the only reason I use an iPhone is it’s SUPPOSED TO BE more private and secure than the alternative. Then they pull some shit like this.
Enable the option sends information to Apple, yes, but not before it has been made hashed into a form that doesn’t allow anyone to identify what it’s about, and it sent through a proxy to prevent even Apple from learning your IP address…
Do you have a sense of how the database is networked when being used? That is to say, the setting says “privately”, but how do we know what that means, exactly?
It's actually pretty secure and they can't access your data, but they absolutely should not have rolled this out without notification nor made it opt-out
It’s one thing to offer a feature that allows you to gain functionality, and secure the data gathered at such a level that not even the host can decrypt, and completely another when the data collected is analyzed and sold to profit only the host.
tho find it interesting how apple manages to maintain a "privacy first" reputation when plenty of non-apple services use similar methods to protect users - but, unlike apple, won't get the benefit of the doubt or dedicated "i demand privacy" following
I feel it’s marketing and what they prioritize to train the user to believe. Like they make sure people know the US government has sued them a bunch to get into phones.
I used to work for them and been to campus my friends are engineers. Every level I have seen or heard prioritizes user privacy
Have you confirm Apple does all the things it says it does to protect privacy? And that bad actors within or without Apple can't circumvent the protection? Right now, we have ample evidence that tech can't be trusted with our privacy so I am not going to start now.
Im not saying trust it blindly, not everything is alarm worthy or malicious. Privacy is an ever evolving issue/solution. Education is our responsibility and staying up to date will increase our privacy and decrease fear. Our data is everywhere and they match data points to us we don’t expect.
I guess sometimes it's good having older equipment. I have an older iPhone running iOS 16. Maybe I just can't find it, but I don't think this is in my settings. Does that make sense??
This is reminding me of that lawsuit against Apple after they abandoned plans to scan private photos for CSAM due to widespread objections about Privacy and questions about its effectiveness.
Thanks for posting this. I was able to go turn things off. 😒 irritated that a company we pay $500 to $1200 for our devices, is hustling the data like pickpockets. As someone said, “There ought to be a law”.
Thanks for info about this being on by default without (afaik) notice. I'm underwhelmed by the idea it is a breach of anything other than pristine disclosure standards (unless Apple is misrepresenting the process). Also I don't get the value. Apple already mapped photos that have EXIF location data.
Whenever there’s an update always watch a video on YouTube about which new features to turn off. There’s always a bunch of people making those kind of videos fairly instantly
Seems like in-phone there is a process that compares your photos to a database maintained by Apple. Not so much a privacy issue as a utility one? How often will you search for a photo based on a landmark? I think it will be more useful to improve searching for photos by date?
I feel Photos has highlighted points of interest for years… I wonder if there’s anything new happening here, or if the only new thing is that you can finally now opt out of it 🤔
This was mentioned by Apple as one of the updates to photos in IOS18, and of course it’s enabled by default since they talked about it on WWDC as a feature for the new update.
Thanks for posting this. I had to read your article to even understand how we were automatically opted in to this service, IE it wasn’t clear to me which service you were talking about that was a breach of privacy. I turned this setting off, unfortunate Apple is opting in by default on this
I’d be worried about the noisy vectors they’re uploading. No idea if it’s a problem, mostly just surprised to find out it’s even something to think about.
Ah I see! I guess I meant you could’ve stated enhanced visual search is a breach of privacy
To be clear not your fault. This almost is a dark pattern with the UI because reading it didn’t immediately indicate to me that photos are sent or processed somewhere. But it must be. Not a good look Apple!
It’s my interpretation that Apple is taking your photos off your device to process location of your photos. It’s billed as “usability enhancement” but it’s pretty shady to this opt in by default. Your photos are being sent somewhere to be processed, and we have no clue how that is done
Comments
i have a feeling apple takes plenty of silent actions, and i bet it works, and they rarely get much press
If anyone on the Apple security team wants to contest my assumption they're free to do so via an update to the security whitepaper.
Enable the option sends information to Apple, yes, but not before it has been made hashed into a form that doesn’t allow anyone to identify what it’s about, and it sent through a proxy to prevent even Apple from learning your IP address…
Besides, the option is there to opt-out.
The mistake Apple made was to have it enabled by default, and make the option to disable it very obscure.
It’s one thing to offer a feature that allows you to gain functionality, and secure the data gathered at such a level that not even the host can decrypt, and completely another when the data collected is analyzed and sold to profit only the host.
One is Apple, one Google.
We need a GPDR-like law to make it clear that these things need to *clearly* announced and be opt-in. But... that'll have to wait at least 4 years. 🙄
tho find it interesting how apple manages to maintain a "privacy first" reputation when plenty of non-apple services use similar methods to protect users - but, unlike apple, won't get the benefit of the doubt or dedicated "i demand privacy" following
I used to work for them and been to campus my friends are engineers. Every level I have seen or heard prioritizes user privacy
Did you honestly expect anything else..?
I’d be worried about the noisy vectors they’re uploading. No idea if it’s a problem, mostly just surprised to find out it’s even something to think about.
To be clear not your fault. This almost is a dark pattern with the UI because reading it didn’t immediately indicate to me that photos are sent or processed somewhere. But it must be. Not a good look Apple!