Apple's on-your-iPhone #CSAM scanning — using your phone's resources to check whether you're a paedophile — is illiberal, misconceived, and dangerously architected. WORSE: they tie the hands even of those who they claim will vouch for Apple's honesty…
Apple's "Appeal to Code Inspection" as a solution for trusting their #CSAM photo scanning is… a fig leaf. It's a PR spin meant to obscure something dirty — if they were serious, why not Open-Source iPhoto with reproducible builds? — but worse it ACTUALLY detracts from the issue. Image
The ACTUAL issue is that "what happens on your iPhone no longer stays on your iPhone"; that promise is broken, and the privacy of your phone will be in constant tension with the iCloud team's ongoing attempts to coerce you to use, and pay for, locked-in cloud storage.
"But hey" — say the Apple PR team — "look, there are people called 'security researchers' who will keep us honest!"

Apple IP Lawyers, sotto-voce: "shutupshutupshutup…"

Apple Security Engineering: "Don't we try to prevent that, anyway?"

Lawyers: "shutup"

PR Team: "But, Why?"

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alec Muffett

Alec Muffett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @AlecMuffett

11 Sep
1/ It's tempting to be darkly snarky about this article, along the lines of

"Met Commissioner Cressida Dick calls for more terrorists to be 'known to the police' before committing atrocities"

…the allusion being that (continued)

telegraph.co.uk/news/2021/09/1…
2/ The allusion being that Security Services are already swamped in more "data" than they are "intelligence".

Evidence? INHOPE, the global Child Safety Hotline umbrella organisation, are swamped with old & stale reports, so develop "triage" tools:

inhope.org/EN/articles/wh…
3/ However it seems egregious of Ms Dick to raise this on the anniversary of a event which was clearly not enabled by E2E-Encryption - because there was hardly any of it in 2001.

Hell, the Paris attacks 14 years later, were arranged via plaintext SMS:

arstechnica.com/tech-policy/20…
Read 15 tweets
17 Aug
HOW IT STARTED…
WHERE IT WENT…
HOW IT'S GOING…
Read 5 tweets
16 Aug
1/ #Tech in general, and #InfoSec in particular, are obsessed with "work-life balance" and of building public perception that "you can have it all: a career AND a life" — seeing this as essential for filling undersized & inadequately diverse hiring pipelines.

And not JUST this…
2/ And not JUST this… clearly there's a mental health aspect to maintaining work-life balance, because if an employee is overworking, overstressing, or burning out then (frankly) the employer HAS a problem, and likely IS the problem.

So far, so obvious. But…
3/ Then we find those who opine 1/more of:

a) to succeed you MUST work & study in free time

b) working (etc) free time DOES NOTHING for career success

c) HAVING THIS DEBATE is exclusionary / puts people off

A & B are incorrect, and C lacks integrity:
alecmuffett.com/article/14881
Read 4 tweets
13 Aug
2/ So, @ncmec are basically goaled and compensated for their headline "number of reports" metric. The bigger the number, the more govbucks and funding, for instance in their *previous* counterblast to end-to-end encryption: missingkids.org/blog/2019/post… Image
3/ Hardly anyone ever asks about the cost-benefit of doing this, because children. Simply: it would be rude.

So you should totally go read this thread and then come back here:
Read 9 tweets
30 Jun
BREAKING: attached is an extraordinary & electrifying blogpost - one which I *think* should be making major headlines:

magrathea-telecom.co.uk/surcharging-on…

PDF: magrathea-telecom.co.uk/wp-content/upl…
I don't understand this very well, but it's a document describing new, surprise surcharges to phonecalls inbound to the UK - with the charges applied by source CallerID - which may impact/add costs to keeping in touch with relatives abroad.

This is NOT "EU Roaming":
Bullets:

- Surcharge pricing will be effective on all wholesale tariffs from 1st July 2021

- use the Network CLI to determine if a surcharge is applicable

- CallerID that are missing/malformed/invalid/unreadable will be surcharged at the maximum rate!
Read 6 tweets
30 Jun
"Instagram for Kids" makes a lot more sense than "Kids on Instagram" — so why are #onlinesafetybill #childsafety advocates against it?
It is intuitively & obviously easier, safer, & less error-prone to build a cut-down separate Instagram-like application for kids, so that developers don't have to add all sorts of complex checks & validation on "mixed" accesses by adults & kids.

And yet: digitalprivacy.news/?p=9946
Also:

- much reduced up-front data collection
- no advertising at all, not even implemented
- opportunity for stricter content monitoring
- liberate "instagram for adults" to become more private and more secure.

We should build playgrounds, not turn the Internet into one.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(