By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: December 15, 2021

Wednesday, 15 December 2021

Apple Updates ‘Child Safety’ Webpage to Remove Mention of CSAM Fingerprint Matching, But Feature May Still Be Forthcoming ★

Jon Porter, reporting for The Verge:

Two of the three safety features, which released earlier this week with iOS 15.2, are still present on the page, which is titled “Expanded Protections for Children.” However references to the more controversial CSAM detection, whose launch was delayed following backlash from privacy advocates, have been removed.

When reached for comment, Apple spokesperson Shane Bauer said that the company’s position hasn’t changed since September, when it first announced it would be delaying the launch of the CSAM detection. “Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the company’s September statement read.

Crucially, Apple’s statement does not say the feature has been canceled entirely. Documents outlining how the functionality works are still live on Apple’s site.

I wouldn’t read too much into this. Now that some of the new child safety features are shipping with this week’s iOS 15.2 update (machine-learning-based nude/sexually-explicit image detection in Messages, and “Expanded guidance in Siri, Spotlight, and Safari Search”), Apple has updated the page to state which features are currently shipping.

I think the CSAM fingerprinting, in some form, is still forthcoming, because I suspect Apple wants to change iCloud Photos storage to use end-to-end encryption. Concede for the moment that CSAM identification needs to happen somewhere, for a large cloud service like iCloud. If that identification takes place server-side, then the service cannot use E2E encryption — it can’t identify what it can’t decrypt. If the sync service does use E2E encryption — which I’d love to see iCloud Photos do — then such matching has to take place on the device side. Doing that identification via fingerprinting against a database of known and vetted CSAM imagery is far more private than using machine learning.

I also continue not to agree, at all, with the “slippery slope” argument, which goes along the lines of “authoritarian regimes around the world will force Apple to add non-CSAM image fingerprints to the database”. Machine learning algorithms are far more ripe for that sort of abuse than fingerprint matching. Machine learning can be crazy smart; fingerprint matching, by design, is a bit simplistic. Apple’s Photos app already uses very clever machine learning to identify the content of photos in your library. Search in the Photos app for “dog” or “cocktail” or someone’s name and it’s going to find those photos. Trust in Apple is the only thing protecting iOS users from surreptitious abuse of machine learning in Photos now — which is no different from Android users’ trust in Google for the same sort of thing.

Put another way, if governments, authoritarian or otherwise, were able to force Apple (or Google, or Microsoft) to add secret snooping features — like say finding photos of Tank Man on Chinese users’ devices and reporting them to the CCP — to our operating systems, the game is over. They wouldn’t need this proposed device-side CSAM fingerprinting feature to abuse, they could just demand whatever they want. Access to your email, everything.

Apple Delays Employees’ Return to Office Again, New Date ‘Yet to Be Determined’ ★

Benjamin Mayo, reporting for 9to5Mac:

Apple has once again delayed its official return to standard attendance at its corporate campuses in Cupertino. It was previously set at February 1st 2022, but now has been pushed back to an unspecified time as the spread of the Omicron Covid-19 variant takes hold around the world.

This is now the fourth time that Apple has had to revise its schedule for bringing employees back to the office.

Alongside the announcement about the indefinite delay on return to work, Bloomberg reports Apple is giving employees $1000 bonuses to spend on home office gear, and Apple will give a month heads-up when a new date is determined.

Google Employees to Lose Pay if They Don’t Comply With Vaccination Policy ★

Jennifer Elias, reporting for CNBC:

A memo circulated by leadership said employees had until Dec. 3 to declare their vaccination status and upload documentation showing proof, or to apply for a medical or religious exemption. The company said after that date it would start contacting employees who hadn’t uploaded their status or were unvaccinated, as well as those whose exemption requests weren’t approved.

The document said employees who haven’t complied with the vaccination rules by the Jan. 18 deadline will be placed on “paid administrative leave” for 30 days. After that, the company will put them on “unpaid personal leave” for up to six months, followed by termination.

Another one for the “more like this, please” file.

Philadelphia to Require Proof of Vaccination to Eat at Restaurants Next Month ★

James Garrow, writing for the City of Philadelphia:

Starting Monday January 3, Philadelphia establishments that sell food or drink for consumption onsite will require that everyone who enters has completed their COVID vaccinations. Completing vaccinations means that they have received two doses of either the Pfizer or Moderna vaccine or a single dose of the Johnson & Johnson vaccine.

Employees and children aged 5 years and 3 months through 11 will be required to have one dose of COVID vaccine by January 3rd and to complete their vaccine series by February 3.

Philly is following the lead of cities like New York, San Francisco, and New Orleans, which have already instituted similar regulations. More like this, please.