I've heard it argued that this allows Apple to move iCloud toward end-to-end encryption (which would be a good thing for privacy, right?). It seems like the current US government position is "we'll let tech giants use end-to-end encryption for user data as long as they put measures in place to catch CSAM."
by "US government position" I'm including negotiations and proposed/threatened legislation, not just the current laws on the books.
If you really believe that, then I have a bridge to sell you. The exact same safety argument can and will be applied to ALL data whether on your device or Apple's servers.
Why limit to iMessage and photos? Why not Signal on your device?
Why not your backups on Apple servers? Oh wait, already happens.
I think Apple would rather put this CSAM-scanning system in place (which allows them to implement end-to-end encryption for iCloud in the future) than deal with the EARN-IT Act or similar becoming law, which could effectively make all e2e-encrypted services illegal (require a government backdoor).
>The bill also crafts two addition changes to Section 230(c)(2)'s liability, allows any state to bring a lawsuit to service providers if they fail to deal with child sexual abuse material on their service, or if they allow end-to-end encryption on their service and do not provide means to enforcement officials to decrypt the material.
If that were the case, wouldn't this CSAM scanning system be insufficient to meet those EARN-IT requirements?
You have other Apple services and third-party apps that host material on Apple's servers.
For example, if a user turns on iCloud backups, then every third-party app's Documents directory is backed up to iCloud. Would it be a violation to not CSAM scan that content? What if the contents are encrypted? Would they be required to be decrypted so that they are CSAM-scanned?
iCloud drive is another Apple service that backs up to Apple's servers. Wouldn't its absence from the list be a violation? What if a user hosts encrypted files on iCloud drive? Would the user be required to decrypt them so that Apple can scan them?
It seems that the real intention is to eliminate end-to-end encryption.
>wouldn't this CSAM scanning system be insufficient to meet those EARN-IT requirements?
Yes. My point is that there's an ongoing dance between the tech companies and the government, and through their negotiations and government connections Apple probably views this CSAM-scanning move as making an EARN-IT-like law less likely to be passed. It's overall the less-invasive option. The US federal government is putting pressure on tech companies not to host CSAM, and if tech giants didn't agree to do stuff like this the government could respond by passing stricter laws to effectively make unbackdoored e2e encryption illegal.
Apple has a lot of influence but at the end of the day they're a US-based company that has to follow US laws. Voluntarily implementing CSAM-scanning is in their own interest as a "pro-privacy" company if it prevents more draconian anti-encryption laws from being passed that could effectively outlaw e2e encryption.
I don't view this as Apple singlehandedly trying to eliminate end-to-end encryption; that seems like a pretty radical view of the situation to me but of course you're free to hold that opinion.
I don’t hold the view that Apple is trying to eliminate end to end encryption. I view this as a push by governments to do so and the increasing willingness of the tech industry to work with them.
This is more like Apple giving way gradually and the government happy since in the long run they get everything they want.
Examples: we don’t unlock phones for the government… but we give them all the data if you back up your phone… but you have so much privacy!
We don’t read your messages, oh wait now we do, but only for child abuse, oh wait, we don’t control what it looks for but let’s not talk about that because it hurts our marketing
Hard to believe that a law limiting that would stand up in the supreme court, and Apple has previously indicated they would be willing to pay whatever legal costs are necessary to defend themselves from that sort of attack.
It is weird that Apple would do this in the first place though, it certainly doesn't make me want to use their products.
> move iCloud toward end-to-end encryption (which would be a good thing for privacy, right?).
"End-to-end" encryption is nothing to strive for if you're destroying the ends. With this change, the "ends" become the users themselves. By embedding an agent acting on behalf of Apple/government, the device in front of end users is no longer a tool but rather an adversary. This is computational disenfranchisement.
Feels like nobody here has bothered to read the actual technical specifications.[1]
This already adds new level of encryption into iCloud stored images. They have essentially created E2EE system with a specific access (or backdoor), while preventing the use of backdoor for other purposes than CSAM (so nobody can ask randomly to decrypt something else). They can only decrypt images, when user's account reaches the treshold of CSAM hash count:
> Only when the threshold is exceeded does the cryptographic technology allow Apple to interpret the contents of the safety vouchers associated with the matching CSAM images.
While this is not perfect end-to-end encryption solution, it is better than only server side encryption. Now there are two levels of encryption. If someone breaches Apple's servers and they have also access for server side private keys, they still need matching NeuralHash value to decrypt the images.
I think the argument here is that (1) the model is going to have false positives (e.g. revealing pictures of you and your spouse, your beach photos, etc.) that will permit access for non-CSAM (or at the very least, mark your account as suspicious in the eyes of authorities), and (2) the model itself can be updated/replaced for any reason and potentially at any government's demand, so the limits on scope are effectively moot
For argument (1), they are only looking matches from existing database of hashes what NCMEC is providing. They are not developing general AI to identify new pictures, they only try to stop redistribution of known files. Because of that, their claim for 1/1 trillion false postives might be actually close to be correct since it is easily validated on development phase. Also, there is human verification before law-enforces are included.
For argument (2), this might be valid, but yet again, all we can do is to trust Apple, as we do all the time by using their closed source system. Model can be changed, but it is still better option than store everything unencrypted? In case you mean forging hashes to decrypt content.
For the sake of surveillance, it is not strong argument because again, system is closed and we know only what they say. Creating such model is trivial, and is not stopping government for demanding if Apple would want to allow that. System would be identical for antivirus engines which have existed since 1980s.
This is such a PR failure for Apple, because all their incoming features are improving privacy on CSAM area, everything negative comes from speculation which was equally already possible.
Not to mention, this neural hashing can't be a cheap operation. Better to use the processors paid for by your customers than ones you have to pay for in the cloud!
I honestly wonder if the privacy/intrusion backlash wasn't even considered because they were focused on this from the perspective of "isn't this great that these phones now have enough power to do this computation on-device", the same way they were proud to be able to announce that Siri processing would begin to happen on-device.
I thought about that as well. They rushed to publish some unpolished PR pieces and FAQs right after the announcement and at very unusual times (3am in Cupertino) trying to damage control so my guess would be as well that they didn't even consider the backlash. Maybe they were really proud about the technology they implemented. It's a little bit sad if you think about it.
If you think about this, this is a really great innovation, which is left behind bad PR. There was a leak about their system before release (which got a lot of publicity, and was heavily missleading), so that might be a reason for their hurry.
I have been browsing their technical papers for couple of days now, and they have managed to innovate a system which has "kind of" end-to-end encryption, but enables access for specific (and only this kind of) content. They have managed to make encrypted system where they can lock themselves out, and can't answer for example the demands of FBI to show all images of specific user.
On the context of CSAM, this is an improvement for privacy, but being able to understand that, it requires great understanding of different technologies.
I would like to see tests wrt this before I assume it--Apple puts a pretty hefty premium on battery life for customer devices, and while that would probably not win out when placed against this kind of liability minimization, they've got a lot of sharp folks there who crunch this stuff in their sleep.
I have been noticing increased background activity on my phone after it reached 100% during charging, for years now.
Pretty sure they can infer your normal sleep schedule and, after your phone has fully charged (1h to 3h after you fall asleep) they can freely use it as a P2P computing device.
Nothing new really. And they can still keep their promise of a good battery life -- which is quite justified by the way, I am using iPhones for 4 years now and they've consistently won over any of the 13 Android devices that I've used in the years before (and sometimes during).
There are ways to achieve both -- good observable battery life plus ability to use your phone for P2P computation -- and it's IMO obvious that Apple has succeeded in that for several years now.
> which is quite justified by the way, I am using iPhones for 4 years now and they've consistently won over any of the 13 Android devices that I've used in the years before (and sometimes during).
I find this a bit shocking. Were all of these Android low battery devices?
I don't have a good point of comparison, as I've only used Android on phones, but there are a lot of Android devices with really large batteries and very long battery life. It'd be pretty amazing if iOS were beating them in the real world.
There's no magic in iPhone's batteries, they are basically identical to all others.
The secret sauce ingredient is the idle battery life. The Android devices I used -- all 13 of them, without exception -- routinely lost anywhere from 15% to 40% battery when I was out and about without me picking them up even once. We're talking anywhere from 2 to 5 hours with them being in my pocket or a backpack, in the middle of a big city, with excellent 4G coverage, so it should not be a constant radio antenna activity (although if their antennas were of lower quality that might just be it).
I installed all sorts of root apps to try and pinpoint the culprit and inevitably hit a brick wall when all the apps can do is point at a system service without any way to drill down further.
In contrast, the iPhones that I've used -- 6S Plus, 8 Plus and 12 Pro Max -- are all extremely frugal on using battery when the device is idle. I've grown used to picking the phone from my bed at 100% battery in the morning on days where I had to do a lot of stuff outside, be out and about for 4-5 hours and only pick up the phone once or twice, and then get back home and find the phone at 98% battery.
As someone with an iPhone 12 Pro and a Galaxy S21 Ultra, swapping my SIM between each every ~two months; this situation has absolutely changed sometime in the past couple years.
Android's idle power draw, at least on the S21 Ultra, is fantastic. I'll sometimes leave this phone on, with no SIM in it but connected to WiFi, sitting on my desk, using it every once in a while for Tik Tok or whatever, and it'll last a week or more. The iPhone is pretty similar.
But display-on time, apples to apples; the iPhone has fallen behind. With the 12 Pro, most days I'll end at 5-10%. At least once every couple weeks, the day will end with the iPhone having already shut down. In comparison, on the S21 Ultra: I give it ~20-40 minutes of charge every day while I'm working, just unplug my USB-C laptop and plug it into the phone, and that's it. I don't charge it at night. Its battery life is ungodly; by the time I go to bed, its at 50-60%. Wake up, plug it in while I'm showering and making coffee, good to go.
I think you are aware that 4G radio can draw a lot of energy so that might be an unfair comparison with the iPhone.
A more objective test would be for both to have SIM, or both to not have a SIM. Then again, iPhones have objectively weaker batteries compared to a lot of Androids (as in, less mAh).
I am not claiming that there are no better Android devices nowadays btw; not at all. I'd be happy if the OEMs finally caught up with this nasty problem! I am only saying that back in 2017 -- when I finally lost patience with Android -- things were looking pretty bad for it and for me that was the tipping point that made go for iPhones.
Both the iPhone 12 Pro and S21 Ultra have 5G radios (though their usage here is probably 80% on wifi, 20% on non-UWB 5G most days).
My point is comparing their battery lives when they have the SIM in them. So, not which one lasted the longest yesterday, one with the SIM and one without, but rather comparing across time, how did the S21 (my current phone) fair today, versus how did the iPhone generally fair a few weeks ago when the SIM was in it. Not exactly scientific; just what I've observed and felt.
And the unscientific conclusion I've drawn is that the idle time is pretty similar between the iPhone 12 Pro and S21 Ultra, but the "active" radios-on SIM-in screen-being-used-all-day time definitely favors the S21 Ultra.
> I am only saying that back in 2017 -- when I finally lost patience with Android -- things were looking pretty bad for it and for me that was the tipping point that made go for iPhones.
You're 100% right; Android's track record has been pretty darn bad when it comes to standby time. But, I think its actually gotten a lot better. There are some reports that Samsung's Android flavors, specifically, are very aggressive when it comes to background app killing; that may be it (and, frankly, I don't notice any negative side-effects from it. if its happening, its transparent). Or maybe it was something more general in a later version of Android. Or maybe just huge batteries. But; something has changed.
> I am only saying that back in 2017 -- when I finally lost patience with Android -- things were looking pretty bad for it and for me that was the tipping point that made go for iPhones.
I'll respond to your earlier post too, but this is actually the answer that I was looking for. The Android world was a very different place back in 2017. The best battery life that I got out of an Android back then was an LG G2. I think that it was competitive with the iPhone, but many other Android devices of the era were not.
> I've grown used to picking the phone from my bed at 100% battery in the morning on days where I had to do a lot of stuff outside, be out and about for 4-5 hours and only pick up the phone once or twice, and then get back home and find the phone at 98% battery.
Is this true when the device is a year or two old? I've always found iPhone battery life impressive... but only until its about a year old or so. My iPhone 11 plus now requires nightly charging, or I will inevitably hit a Low Battery situation
I held on to my 8 Plus for little over two years and it remained excellent most of the time -- although I had to replace the battery before reselling it because it was at 83% capacity.
I also always charge my phone overnight even if it's at 70% (which it routinely is) because I've been bitten by going out and about with 60% charge and having to spend 12h outside and my phone died. So I just started conservatively charging it each night no matter what I expected for the next day.
But yes, for most people an iPhone can easily last two full days and still be at 15-20% when you finally plug it in on the second day's end.
iPhone batteries are only rated for 500 cycles of 100% -> 0%. Or, to look at it differently: You can charge 1 percent of your battery 50,000 times on your iphone before Apple no longer guarantees under warrantee that your battery will hold 80% of its original capacity.
Caveat: every percent is not equivalent. Charging above 90% is harder on your battery than charging from 40-50%. Charging and even just using your battery while it is very hot (90 degrees or above) or very cold (below freezing) is also very hard on it. Apple defines operating temperatures as:
> Use iOS devices where the ambient temperature is between 0º and 35º C (32º to 95º F)
and claims that using the phone outside those temperature ranges can permanently shorten battery life. Bit silly when you live someplace like I do where 60% or more of days are outside of that operating range, but I guess Apple is really just designing for Cupertino temperatures.
Basically after just 365 days of phone ownership, you're probably already over 50% of your way through your battery and capacity might be reduced by over 10%, up to 19% is still OK under warrantee. I've had a 2016 iPhone SE for over 5 years now, and I've replaced the battery twice in that time. Seems to be essentially required once every two years.
Yes, I agree with that. The two iPhones I had before the 12 Pro Max -- 6s Plus and 8 Plus -- seem to have needed a battery replacement at about the 20th month mark because the capacity was at ~85% at that point. And you being to notice. So yes, doing a battery replacement anywhere inbetween the 1.5 and 2.0 years mark for iPhones is quite expected IMO.
I've used my (original) SE for over 5 years, running it down to the 20% region (often way lower) and back up overnight at least 2000 times. Battery still seems reasonable - health on 79%.
May I ask where in the world you live? I wonder if part of the cause of your incredible battery longevity is a climate that stays safely within Apple's design specs of low humidity, moderate temperature. I've lived in areas that get very hot, very cold, and very humid regularly in the time I've owned my SE, which could contribute to battery degradation.
And above it all, batteries are very much a lottery. Sometimes you get a really great one, sometimes your battery falls apart within a year. I guess you got lucky.
Before I had an 11 I had an SE, and by year 2 or 3 the battery was so weak that I had to carry around an external charging pack for it. This got really awkward (and a little scary) for traveling and was part of the reason I upgraded to a newer model.
Right before I sold that SE to my friend I checked the battery health, and it was in the high 80s. Yet I could not get a full day's use on a single charge. This led me to conclude that that Battery Health measurement was bullshit.
Apparently if I enable analytics I will get a report saying how many cycles my batter has lasted. Unless I use my phone for several hours of playing spotify and youtube I don't notice the battery dying during the day.
> The secret sauce ingredient is the idle battery life. The Android devices I used -- all 13 of them, without exception -- routinely lost anywhere from 15% to 40% battery when I was out and about without me picking them up even once.
I think Android and newer chips have mostly fixed this. The Pixel 5 on my desk right now has gone from 100% to 81% in the last 7.5 hours with 1.25 hours of screen on time during that period. Last week, I had a session of 18 hours with screen on of 4.5 hours that went from 100% to 34%. IMO, idle draw is likely still a little higher, but then again I run a lot of little background apps (eg, tasker, the pebble app, wear os connectivity and others).
Most of my previous Android devices wouldn't have fared nearly so well, even back when I cared enough to spend time trying to find wakelock culprits. Thankfully, I haven't needed to do that in years either. :)
It's really good to hear that wakelock hunting is no longer an expected practice. ^_^
I'm super interested in getting a Xiaomi (and modifying it enough so I can be reasonably sure that it doesn't stream all noise around it 24/7) at some point so hearing about how Android got better in this regard is exciting.
Yeah this. I’ll leave my iPad on my bed for 10+ hours and when I come back it’s lost maybe a percent or two of battery life. With my Android tablet I had it had to be on the charger constantly. My phones battery lasts about a day with all my apps on it, where my old android I had to charge mid day.
The ha-ha-only-serious joke when I was at a place developing for iOS and Android, so had tons of test tablets for both, was that the Android tablets would be completely dead after a long weekend (or sometimes just a normal weekend...) in a drawer, and the iPads would still have enough charge to do something useful, and still wake up effectively instantly, if you forgot about them for a month.
As for the phones, I find I get 2-day charge out of a new iOS device. After 2-3 years it's about as bad as a new Android. 10% low-battery warning, and put in low-power mode right at bed time? It'll still have enough juice for the morning alarm and some morning HN reading. I mean, I try not to rely on that, but it does work. Difference has got to mostly be the software & firmware.
> The Android devices I used -- all 13 of them, without exception -- routinely lost anywhere from 15% to 40% battery when I was out and about without me picking them up even once.
That hasn't been my experience.
My current (very crappy) Mi A1 still lasts 3-4 days with moderate use.
I'm sorry, this is ridiculous. I don't even lose 15% of my battery life in 2 hours on my galaxy S3 without using it, and it is nearly a decade old at this point.
There are likely other factors that I can't account for because I was only using those phones in a single city -- with rare exceptions going to a rural area for 1-2 days.
Still, your anecdotal evidence does not nullify mine.
You might be biased? I have no axe to grind with any company. I am looking for what serves me best.
We don't have a perfect option, sadly. I evaluated Android quite fairly, for about 5 years, and found it lacking. I find the iPhone lacking as well, but in departments that I care less about.
Do with my posts what you will, I'll only say once that I have no bias either way. IMO both sides of the duopoly suck... but I do need a smartphone. I picked what served me better at the time.
I don't think its fair to say your are speaking in bad faith either. I had similar experiences with some older devices (Nexus One, Galaxy S2, etc). There was a long period of time when Android devices were really bad on battery, even with relatively large (for the time) batteries on board.
Does the expression "anecdotal evidence" ring a bell to you?
I am glad that you got lucky. I had both a Galaxy S4 and Note 4 and both were completely awful on idle battery life; both barely lasted a day in the office with 30 minute commutes in both directions, and no more than 2h of active screen time, if even that. And I had like Facebook, Twitter and Tumblr installed at the time. And Gmail. That was literally all I had installed on top of the stock ROM.
I don't get why are you coming here insisting that your experience somehow nullifies mine. That is what I'd call not arguing in good faith. I didn't do anything more except share my bad experience with Android (which is now severely outdated because it ended in 2017) and never claimed anything more than that.
> Does the expression "anecdotal evidence" ring a bell to you?
Read the guidelines.
> Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community.
I've got an older Moto X4 and it consumes 2% per hour when in my backpack. I guess the only remarkable thing about the configuration is no social media apps.
Pretty sure they can infer your normal sleep schedule and, after your phone has fully charged (1h to 3h after you fall asleep) they can freely use it as a P2P computing device.
They already do, the feature is called “Optimized Batter Charging”. It charges the battery to 80% and only does the full charge a bit before you usually start using the phone. You’ll find the setting in the battery health section.
> they can freely use it as a P2P computing device
Do you have any evidence of this, or are you just making up something that sounds good to you?
More likely it's doing the background on-device work that Apple has actively advertised for a long time, like analyzing photos to attach metadata to them. (There's a lot more to this than is obvious at first glance - I can text "penguin" or "sunset" in my Photos.app library and get a set of matching pictures back, for example.)
You reckon I would know of a way to gather an exact evidence unless I work for Apple? (In which case I'll likely be convicted and thrown in jail as well.)
Obviously I can't know for a fact. I also thought they likely analyze photos and that's my chief suspect even now. But critical thinking demands to keep an open mind -- and that's how I suspect they might use fully-charged iDevices (that are expected to sit on the charger for several more hours) for unsolicited and non-advertised P2P computations.
Yeah, sure, I can brute force encrypted traffic by eyeballing it in my router's dashboard UI. Come on, dude.
You seem to have an axe to grind here and I refuse to participate. I even objectively admitted that I can't know and that I only suspect yet you (a) offer a non-solution and (b) likely downvote a comment because you don't like it.
I have owned nearly every premium phone on the market and none of them come close to the Sony Xperia for battery life. I try new iPhones every other model or so...battery life has never been outstanding.
Do you disable Background App Refresh? First thing that I do on every iDevice. That feature being on is hugely overrated, you absolutely don't need it because you enter an app and manually refresh it; what's the big deal with that, are people that lazy?... Gods!
(The only useful application of that feature is email apps, I suppose; you do want to have your messages downloaded when you unlock your phone because Apple Mail takes ages to sync with Gmail... and it only gets worse with time.)
With that option set to "on" the idle battery life might quickly take a nose dive if you have stuff like Facebook / TikTok / Snapchat et. al. installed.
My guess is that they're going to put it into the macOS Photos app. Those images are already scanned for people, animals and objects so it should be easy for them to implement the child protection database there.
Won't implementing this on macOS make it too easy to reverse engineer? Think the hashes are supposed to be secret.
ETA: Apple quote: "unreadable set of hashes that is securely stored on users’ devices". Unreadable, unleakable, no doubt uninterpretable... unless someone reverses them to get a blurry 'visual proxy' collection.
Apple's just really weird when it comes to the control they exert over devices.
they do it with 'privacy' in mind and what they come up with is usually better than the worst case but it can still be pretty iffy
eg. a few months back when their notarization/entitlement verification system was being discussed
it's all just their vision of computing (which has some merits), hyper-controlled, locked down and "safe" it's not going to change if you're not comfortable with it you really shouldn't be using their products
This is a weird mindset. Either you care about privacy or you don’t: what a person does on their device shouldn’t matter. If you only care about privacy when doing illegal things you don’t actually care about privacy you’re just a criminal not wanting to be caught.
They did this because they want YOUR phone to be a liability not THEIR servers.