New Post: Internet of Snitches

Imagine an Internet of Snitches , each scanning whatever data they have access to for evidence of crime. Beyond the OS itself, individual phone apps could start looking for contraband. Personal computers would follow their lead. Home network file servers could pore through photos, videos and file backups for CSAM and maybe even evidence of copyright infringement. Home routers could scan any unencrypted network traffic. Your voice assistant could use machine learning to decide when yelling in a household crosses the line into abuse. Your printer could analyze the documents and photos you send it.

It’s not much of a surprise to most people that their devices, especially their phones, are snitching on them to the hardware vendor (or app developer). Some people are surprised to discover just how much. I already wrote a post Snitching on Phones That Snitch on You that focused on the amount of data an idle Android and iOS device are sending to Google and Apple respectively, described how we avoid those problems on the Librem 5, and even explained how to use OpenSnitch to track any attempts by a malicious app to snitch on you.

So we know most devices and proprietary apps track people to some degree (even for paying customers), and that the problem has extended to cars. While many people don’t like the idea of this, they also shrug it off, not just because they don’t feel empowered to do much about it, but also because their data is “only” being used for marketing purposes. Someone is profiting off of the data, sure, but their data isn’t being used against them.

Yet we are starting to see how your data can be used against you. Police routinely get location data from data brokers to track suspects without having to get a warrant. Even private groups have paid data brokers to dig up dirt on people, leading to a Catholic priest’s resignation after location data revealed he used the Grindr app and frequented gay bars.

Crossing the Rubicon

So companies capture and sell our data, and the police and private groups sometimes buy that data to look for crimes. But up to this point, the “snitching” that devices did on you was indirect–it would send data to vendors or app developers to sell to brokers, but the only time that vendors might search your data and alert the authorities is when searching files stored on their own servers that you have shared. Up to now, actually scanning for potential contraband on a person’s device was a line companies wouldn’t cross.

This past week, however, Apple crossed that line. Apple announced in their new child safety initiative that they will scan all customers’ iPhone photos for CSAM (Child Sexual Abuse Material) before they are backed up to iCloud. Plenty of other groups have already weighed in on the risks and privacy implications of this particular move for iPhones and the EFF in particular has explained the issues well, so I won’t cover any of that here. What I will discuss, instead, are the broader implications of crossing the Rubicon into client-side scanning of devices for potential evidence of crimes.

Read the rest of the post here:

5 Likes

" Now imagine … . It’s easy if you try."

Nice one, Kyle!
:grinning:

3 Likes

you are not really “buying apple”, you are just renting it… all devices are branded, like livestock, and if it goes outside the boundaries, it will be brought back to the owner

8 Likes

Discussion on Hacker News: https://news.ycombinator.com/item?id=28158939.

1 Like

Good name for a snitching app: “Sheepdog”.

Remember the movie “Good” ?

Halder’s friend is sent to prison camp and he wondered how his friend was found out. He discovered it was his wife that turned his friend in. When he confronted her he said: “One thing you can say for the Gestapo, they keep extremely thorough records.”

1 Like

Honestly, this is what caused me to get more and more pessimistic about new technologies over the past 10 years. It became less about “Hew look at this cool thing you can do”, and more about “How can we trick users into giving up more data?” and “How can we take more control away from the user?”.

Funny thing is I was an Apple fanatic in the 90s and early 2000s… Even with that I would have been horrified if apple had implemented this back then.

This is largely what has gotten me very interested in purism, as their goals align with mine. It has pleased me that lately many have woken up to this, and have come to care more about privacy. Though I have yet to see many complain about the control aspect, which in my mind is the root problem (purism is working on this angle though).

I do fear though that with things going the direction of “Only those who use linux and reject certain technologies have privacy and control”, that we may well be forced into it by law at some point… Simply by the fact that we can’t be tracked in case of whatever the boogy man of the day is…

At least purism has gotten me out of my hole to an extent to see what they are doing :slight_smile:

10 Likes

Here’s an interesting development… Apple’s NeuralHash Algorithm has been Reverse-engineered:

https://www.schneier.com/blog/archives/2021/08/apples-neuralhash-algorithm-has-been-reverse-engineered.html

2 Likes

But Apple says that’s not the same version: https://www.macrumors.com/2021/08/18/apple-explains-neuralhash-collisions-not-csam-system/

Therein is just one of the problems. Apple can say what they like but it cannot be verified.

Even if it isn’t the same version, that doesn’t mean that deliberate collisions can’t be created with the “new” version. Apple is relying on security through obscurity. Keep the algorithm secret, in order to make it more difficult for security researchers to find and demonstrate the weaknesses.

5 Likes

Apologies for a youtube link, but invidious is no more: https://www.youtube.com/watch?v=vJYaXy5mmA8, “A man lives in a society where citizens police each other with their mobile phones. | Utopia”

This was a very nice short movie.

This description screams “distopia” to me, but apparently, it is a paradise for some…

1 Like

It’s worth understanding the intentions in the word “utopia” and the etymology of the word, coming from the ancient Greek for “no place”.

I’m used to have more narrow meaning of the word:

Utopia \Uto"pia, n. [NL., fr. Gr. not + ? a place.] [1913 Webster] 1. An imaginary island, represented by Sir Thomas More, in a work called Utopia, as enjoying the greatest perfection in politics, laws, and the like. See {Utopia}, in the Dictionary of Noted Names in Fiction. [1913 Webster]

  1. Hence, any place or state of ideal perfection. [1913 Webster]

Utopia started as being a very positive thing. Naming with this word something that clearly is not positive, is misleading. It is the first step to trick people into liking dystopian regime.

3 Likes

Indeed just because the world can’t be perfect doesn’t mean it can’t be better.

1 Like

Good watch, though, that movie.

1 Like