That was never mentioned by Apple. If that was their intention then I suspect they would have mentioned it alongside this announcement to provide a justification and quell the (justified) outrage.

I also question the value of e2e there’s an arbitrary scanner that can send back the unencrypted files if it finds a match. If apple’s servers controls the db with “hashes” to match then is it all that different from apple’s servers holding the decryption keys?

Sure e2e still prevents routine large scale surveillance but at the end of the day if apple (or someone that forced apple) wants your data, they’ll get it.

They don’t send unencrypted full-res files, they send low res “visual representation” and can only decode if they get > x “hits”. Assuming it works as described I do think it’s better than just having full keys as they do now. And why else would they go to all this trouble? They can scan images now on their servers if that’s what they want.

Low-res I suppose is better but...If it's enough for a human to tell whether it's CSAM or not, it's probably high-res enough to be a significant invasion of privacy in case of a mistake.

Also the > x "hits" part is a good feature assuming that the database only looks for CSAM. Otherwise it's useless (not to mention totally unauditable).

My guess is that they're doing it on device because they've had several years of marketing and proclaiming that "everything is done on-device" so to implement CSAM scanning server side would go against that. Maybe they thought this would somehow look better to the average consumer who thinks "on-device" is automatically better?

Do you actually think they didn't have CSAM scanning implemented server-side before this?

> If that was their intention then I suspect they would have mentioned it alongside this announcement to provide a justification and quell the (justified) outrage.

It’s August. New iPhones and iOS / macOS are released in September. If they want to introduce E2E encryption for photos and need this in place to do it, then it makes sense to announce this ahead of time and get the backlash out of the way so that they can announce the headline feature during the main event without it being overshadowed.

Software features are announced at WWDC, which happens early summer and already happened this year. It's only the hardware that gets announced (and the software released) in September.

Some software features are announced at WWDC, mostly ones that affect developers. Consumer-facing services have also been announced during the September event; it’s not just hardware. Apple One, Apple TV+, and Apple Arcade were all announced during the last couple of September events.

> They want to move to e2e for photos so they don't have to keep those keys.

That's my suspicion too, but has it actually been confirmed?

Well why else would they bother? This is WAY more complicated than just scanning on their servers.

We have no information to make a decision there. It could be (as you say) because they want to implement E2E cloud, but it could just as well be because they want to start scanning offline content for folks that opted out of iCloud storage (and even if that is not their immediate intent, you can't argue implementing this system doesn't take them 95% of the way to making that possible)