Apple could have solved the issue by making iCloud photo sharing its own separate App.
The App could have done the scanning before sending and I would be free to not install it on my phone if I don't use iCloud photo sharing.
Instead, we now have an ever-present spyware engine embedded into the OS itself that can be abused by policy, as the author points out.
But I guess having a separate App would potentially cut into Apple's bottom line as it would have lessen the opportunities of pushing for iCloud subscriptions.
I don’t know where have you got your information, but it works literally as you said. If you don’t use iCloud Photos sync, then in-device scanning is not applied. Is it app or not, does not really matter because you have to trust its existency or option selection anyway.
There is a huge difference between an OS-level feature and an App-level feature.
Once it's embedded in the OS there is basically nothing stopping the extension of "features" to also eventually scan everything else at some point.
As an App-only feature, you basically disable that whole functionality if you don't have the App.
If you're an iCloud user, it's not much different. But if you're not, you're basically safe from that particular feature creep of extending the scan to other parts of the system (like whole photo-roll, documents, data from other apps, etc)
This is what you see, but the whole system is a black box. All this speculation exist already. All you have is the trust.
Same "if" argument is as strong as before and after this feature. People don't seem to understand, that the way they see how the system works does not mean that it works that way.
For example if Apple releases iCloud Photo app, how do you know that it is actually removed when it is removed? Same party is responsible about the OS and the app. Again, you have to trust their word. If they are saying, that they only scan photos which are going into cloud, then it is the same thing. You have to trust what they say and final functionality does not get any different.
> If you're an iCloud user, it's not much different. But if you're not, you're basically safe from that particular feature creep of extending the scan to other parts of the system (like whole photo-roll, documents, data from other apps, etc)
If you read their protocol, you would see that they can't send data alone. They have 30 pages long whitepaper which explains how scan analysis is cryptografically embedded into voucher with original data, and is not possible to send alone. Again, all you can do is to trust their word.
If you look at the past, Apple has invested a lot of things, that it can lock itself out. There are no history of misuse in the past, yet this is speculated all the day.
"Scanning other parts of the system" is like only 10 lines of code without this new feature, and many don't realize that. Antivirus engines has existed since 1980s and if Apple wants to allow some government to scan your files by changing their model, it has happened already. Once they allow that, then we should be mad. We should not be mad about speculation everything.
For example giving private keys to China government to access their iCloud data is not an example if someone tries to mention that. They haven't change the underlying model in their operating system. They gave out the data, which was result of their operating system unchanged.
The App could have done the scanning before sending and I would be free to not install it on my phone if I don't use iCloud photo sharing.
Instead, we now have an ever-present spyware engine embedded into the OS itself that can be abused by policy, as the author points out.
But I guess having a separate App would potentially cut into Apple's bottom line as it would have lessen the opportunities of pushing for iCloud subscriptions.