Apple Has Begun Scanning Your Local Image Files Without Consent

4 months ago
Jeffrey Paul:

Imagine my surprise when browsing these images in the Finder, Little Snitch told me that macOS is now connecting to Apple APIs via a program named mediaanalysisd (Media Analysis Daemon - a background process for analyzing media files). [...]

To recap:

  • In 2021, Apple said they'd scan your local files using your own hardware, in service of the police.

  • People got upset, because this is a clear privacy violation and is wholly unjustifiable on any basis whatsoever. (Some people speculated that such a move by Apple was to appease the US federal police in advance of their shipping better encryption features which would otherwise hinder police.)

  • Apple said some additional things that did NOT include "we will not scan your local files", but did include a confirmation that they intend to ship such features that they consider "critically important".

  • The media misreported this amended statement, and people calmed down.

  • Today, Apple scanned my local files and those scanning programs attempted to talk to Apple APIs, even though I don't use iCloud, Apple Photos, or an Apple ID. This would have happened without my knowledge or consent if I were not running third-party network monitoring software.

By default, Little Snitch allows all connections to Apple and iCloud. To block this process (and others) you have to un-check the "icloud.com" and "apple.com" rules on the "System" tab. And then endure two days of whack-a-mole while re-allowing the ones you actually want to be able to connect to Apple, like softwareupdated and IMTransferAgent and a dozen others.

Update: Lots of people keep sending me this rebuttal, and telling me "it no longer phones home as of the OS update that was released 5 minutes from now, so problem solved." Ok, that may well be. But when my OS was phoning home on my photos yesterday and happens to not be phoning home on them today... that doesn't really build trust. Intent matters, and we know what Apple's intent is because they told us. Code matters, and we are not allowed to see Apple's code.

Maybe the fact that it phoned home with a null response is only because the test photos didn't match some magic neural net -- congratulations, Apple didn't report your test images to the FBI.

We cannot know. But suspicion and mistrust are absolutely justified. Apple is examining your photos and then phoning home. The onus is on them to explain -- and prove -- what they are doing and why. They are undeserving of you taking them at their word.

Previously, previously, previously, previously, previously, previously.

42 Comments
Tags: , , , , ,

DNA Lounge: Wherein we survived Stormageddon, and an arrest was made

4 months ago
We had surprisingly little flooding during this month's climate apocalypse. Harrison near Division was underwater for a while, but it turns out that even though that's only a couple blocks away, we're several feet higher in elevation, so the water didn't crest the sidewalk on our block. We did have some inexplicable roof leaks, but nothing too severe.

At one point at the height of the storm, we had dirty water jet up out of the sink drains and water fountains! It did not seem to be sewage, so our best guess is that it was roof water that had nowhere else to go because the sewers were already at capacity.

Despite our worry, we were not burgled a third time on New Year's Day, probably because:

A suspect was arrested on New Year's Eve after running a red light near 4th and Townsend.

[He] was booked into county jail for nine counts of burglary, possession of burglary tools, possession of methamphetamine and possession of narcotics.

SFPD posted this fun photo of his burglary tools, in case you're looking for some tips.

Man arrested, accused of breaking into 10 SF stores:

The burglaries followed a similar pattern of the suspect forcing entry through the front of a business, causing damage. Once inside, the suspect stole cash from registers, safes or ATMs, and various other items from the stores.

Not their first rodeo: Matt and Kayla were also arrested in 2021:

Officers arrived on scene and located two suspects in the process of stealing two vehicles. [...] they fled into another stolen vehicle and drove in the officer's direction at a high rate of speed, causing him to dive out of the way to prevent from being struck. The suspects then fled on foot into a nearby cemetery. [...]

Both suspects [admitted] to numerous thefts throughout the Bay Area. Lake and Gutierrez were transported and booked into San Mateo County Jail on numerous charges.

I can't imagine a scenario where we get any of our money back, however. You will be shocked, shocked to learn that insurance is a scam.

Turns out our insurance policy basically doesn't cover cash. It doesn't matter what kind of paperwork we have documenting the amount of cash that was stolen, the policy caps that at $5k, minus a $1k deductible.

And regardless of whether the insurance company found some reason to deny the claim entirely -- which they almost certainly would -- the mere act of filing the claim would cause our rate to (purely coincidentally) go up by more than $4k per year.

"Nice policy you have there, shame if something were to happen to it."

And I'm gonna guess that bringing a civil suit against a meth-head is also not going to turn out to be an effective strategy.

I'll bet Louis Vuitton doesn't have these problems.

Donations appreciated!

Comment at DNA Lounge
Tags:
Location: 37 46' 15.63" N, 122 24' 45.70" W

  • Previously