Comment by sneak

4 days ago

> This should be fine: vectorization is a lossy operation. But then you would know that Amy takes lots of pictures of golden retrievers, and that is a political disaster.

This downplays the issue. Knowing that Alice takes lots of screenshots of Winnie the Pooh memes means that Alice’s family gets put into Xinjiang concentration camps, not just a political disaster.

(This is a contrived example: iCloud Photos is already NOT e2ee and this is already possible now; but the point stands, as this would apply to people who have iCloud turned off, too.)

4 comments

sneak

troad 4 days ago

Agreed. And for a less contrived example, people may have photos of political protests that they attended (and the faces of others present), screenshots that include sensitive messages, subversive acts, etc.

It's worth noting though that it's now possible to opt in to iCloud Photo e2ee with "Advanced Data Protection". [0]

[0] https://support.apple.com/en-us/102651

sneak 4 days ago
iCloud Photo e2ee still shares hashes of the plaintext with Apple, which means they can see the full list of everyone who has certain files, even if they all have e2ee enabled. They can see who had it first, and who got it later, and which sets of iCloud users have which unique files. It effectively leaks a social graph.
It’s also not available in China.
- troad 3 days ago
  
  Interesting, good to know.

saagarjha 4 days ago

That's the joke/implication.