Comment by chikere232
4 days ago
> You are Apple. You want to make search work like magic in the Photos app, so the user can find all their “dog” pictures with ease.
What if you're a user and you don't care about searching for "dog" in your own photos, you might not even use the Photos app, but apple still scans all your photos and sends data off device without asking you?
Perhaps this complicated dance works, perhaps they have made no mistakes, perhaps no one hacks or coerces the relay host providers... they could still have just asked for consent the first time you open Photos (if you ever do) before starting the scan.
Exactly, I don't want my shit sent all across the internet without my explicit prior consent, period. No amount of explanation can erase Apple's fuck-up.
Apple does photo recognition on your device.
Google, on the other hand, uploads photos to their server and does the analysis there.
There is the infamous case of the parents who Google tried to have arrested after they used their Android device to seek medical assistance for their child during lockdown. Their doctor asked them to send images of the problem, and Google called the police and reported the parents for kiddie porn.
> “I knew that these companies were watching and that privacy is not what we would hope it to be,” Mark said. “But I haven’t done anything wrong.”
The police agreed. Google did not.
https://www.nytimes.com/2022/08/21/technology/google-surveil...
Google refused to return access to his account even after the police cleared him of wrongdoing.
Google's reputation with privacy advocates is absolutely horrible, but that shouldn't have anything to do with Apple's practices. Comparing Apple and Google will indeed tell you a lot of interesting things, but that's not what this is about.
Kind of feels like it should be a crime for a private party to attempt to write terms into a contract that introduce punishments justified in terms of law, where that justification is based on an interpretation of law that's already been legally proven to the author of the contract to be a misinterpretation of said law.
It's sort of the crime of "contempt of court", but after the fact: receiving a judge's prescription about how you must interpret a law during a case, but then going right back to using a different interpretation when you leave court.
> Google refused to return access to his account even after the police cleared him of wrongdoing.
This is why I constantly work to help people reduce their dependence on Google. Screw that. If anyone ever tells you that they rely on Google for anything, show them this article.
1 reply →
> Apple does photo recognition on your device.
> Google, on the other hand, uploads photos to their server and does the analysis there.
The comment you're replying to (and the whole sub-thread in fact) isn't about if how Apple is doing it is the best/worst way, but rather before they do it, they don't ask for permission. Regardless of how they technically do it, the fact that they don't ask beforehand is what is being argued about here.
1 reply →
Google doesn't send your pictures to their servers without your explicit consent. This is exactly what users expect. On Android, you can use your own self-hosted photos server and have it work exactly the same way Google Photos does. Google Photos does not have access to private Google-only APIs like Apple Photos has on iOS.
10 replies →
They are not sending your actual photo, as has been covered at length on numerous threads on this very site.
That's irrelevant if the information they do send is sufficient to deduce "Eiffel tower" or "dog" out of it: that's too much information to send.
5 replies →
Not wrong, but it’s interesting that Apple gets so much flak for this when Google and Microsoft don’t even try. If anything they try to invade privacy as much as possible.
Of course maybe that question has its own answer. Apple markets itself as the last personal computing company where you are the customer not the product so they are held to a higher standard.
What they should do Is do the processing locally while the phone is plugged in, and just tell people they need a better phone for that feature if it’s too slow. Or do it on their Mac if they own one while that is plugged in.
FWIW, I work on homomorphic encryption at Google, and Google has all kinds of other (non-FHE) privacy enhancing tech, such as differential privacy, federated learning, and https://github.com/google/private-join-and-compute which are deployed at scale.
Perhaps it's not as visible because Google hasn't defaulted to opt-in for most of these? Or because a lot of it is B2B and Google-internal (e.g., a differential-privacy layer on top of SQL for internal metrics)
[edit]: this link was a very vague press release that doesn't say exactly how Google uses it: https://security.googleblog.com/2019/06/helping-organization...
1 reply →
Well when you are building a feature that can only be appreciated by a subculture of people (privacy advocates), and they complain about the most basic faux pas that you could do in their culture (not asking them before you phone home with data derived from their data)... you have invited these people to criticise you.
Most people I know of wouldn't care about such a feature other than a breathless sort of "Wow, Apple tech!" So they are building something which is intended to win over privacy conscious people, kudos to them, everyone stands to benefit. But the most basic custom in that subculture is consent. So they built something really great and then clumsily failed on the easiest detail because it is so meaningless to everyone except that target audience. To that audience, they don't bother criticising google or microsoft (again) because it goes without saying that those companies are terrible, it doesn't need to be said again.
4 replies →
> just tell people they need a better phone for that feature if it’s too slow. Or do it on their Mac if they own one while that is plugged in.
The issue isn't slowness. Uploading photo library data/metadata is likely always slower than on-device processing. Apparently the issue in this case is that the world locations database is too large to be stored locally.
1 reply →
In other words: don't hate the player hate game, but the point still stands.
1 reply →
Whataboutisms aren't all the great you know. Google and MS also get flak, and they also deserve it.
But now that we're talking about these differences, I'd say that Apple users are notoriously complacent and defend Apple and their practices. So, perhaps in some part it is in an attempt to compensate for that? I'm still surprised how we've now accepted that Apple receives information pretty much every time we run a process (or rather, if it ran more than 12 hours ago, or has been changed).
You can always find someone worse. Does not mean we should not critise people/organizations.
You think Trump is bad? Well, Putin is worse. You think Putin is bad? Kim Jong Un is worse.
2 replies →
Doesn't Photos.app on iOS sync with iCloud OOTB?
Optionally, yes
1 reply →
A quick shoutout to Ente Photos[0]. FOSS with an opt-in locally-run semantic search of your photos. The first encoding with a ton of photos may take a few minutes in the background, but after that it takes no time with subsequent photo uploads. I'm not sure why Apple is going through the trouble of uploading the photos and incorporating homomorphic encryption for something this simple, particularly with their push for local AI and their Neural Engine[2].
I also appreciate Ente's Guest View[1] that lets you select the photos you want to show someone in person on your phone to prevent the issue of them scrolling too far.
[0] https://github.com/ente-io/ente
[1] https://ente.io/blog/guest-view/
[2] https://en.wikipedia.org/wiki/Neural_Engine
It doesn't really matter if they ask you or not, ultimately you have to trust them, and if you don't trust Apple, why would you even use an iPhone?
Trust is never all or nothing. I trust Apple to an extent, but trust needs to be earned and maintained. I trust my mom, but if she suggested installing video cameras in my home for my "safety", or worse, she secretly installed video cameras in my home, then she would lose my trust.
Likewise, you need to trust your spouse or significant other, but if there are obvious signs of cheating, then you need to be suspicious.
An essential part of trust is not overstepping boundaries. In this case, I believe that Apple did overstep. If someone demands that you trust them blindly and unconditionally, that's actually a sign you shouldn't trust them.
> If someone demands that you trust them blindly and unconditionally, that's actually a sign you shouldn't trust them.
That's certainly a take, which you're clearly entitled to take. I don't disagree with the point that you make; this ought to have been opt in.
What you should do now is acknowledge this in your original post and then explain why they should have been more careful about how they released this feature. Homomorphic encryption of the data reframes what you wrote somewhat. Even though data is being sent back, Apple never knows what the data is.
3 replies →
How can you trust any mainstream "working" iPhone or Android device? You already mentioned open source android distros. You mean those where no banking or streaming device app works because you have to use a replacement for gapps and the root / open bootloader prevents any form of DRM? That is not really an option for most people. I would love to have a Linux phone even with terrible user experience as long as I do not lose touch with society. That however seems to be an impossible task.
You don't trust Apple's and Google's mobile phones. And some bank doesn't trust open source android distros on mobile phones. Those are both fine positions. You are free to move to another bank, just like the bank is free to not accept you as a customer.
I'm curious what functions other than maybe depositing a check requires a banking app?
11 replies →
As they didn't ask, I will trust them less
why use a device by someone you don't trust? honestly don't get it. I'd use an open source android distro
6 replies →
Android does this too. I don't really want all my photos indexed like that, I just want a linear timeline of photos, but I cant turn off their "memories" thing or all the analysis they do to them
Android doesn't do this. Everything is opt-in.
Granted they require you to opt-in in order for the photos app to be usable & if you go out of your way to avoid opting in they make your photo-browsing life miserable with prompts & notifications. But you do still have to opt-in.
Google loves doing this.
If you dare turn off Play Protect for example, you will be asked to turn it on every time you install or update anything. Never mind that you said no the last thousand times it asked.
1 reply →
It says it's "opt in" but as someone who hasn't opted in, I still get the notifications and I can see a split second preview of all the stuff they're not supposed to have computed before it asks me to opt in. So there's DEFINITELY shenanigans ocurring.
A number of good third-party photo-browsing apps make it non-miserable, even if you never open Google Photos or even uninstall it.
10 replies →
I don't think Android does that. It's only Google Photo and only if you upload them to the cloud, if you don't sync/upload them, you can't search them with specific terms.
Samsung at least does these "dog" cataloguing & searches entirely on-device, as trivially checked by disabling all network connectivity and taking a picture. It may ping home for several other reasons, though.
Apple also does the vast majority of photo categorization on device, and has for years over multiple major releases. Foods, drinks, many types of animals including specific breeds, OCRing all text on the image even when massively distorted, etc.
This feature is some new "landmark" detection and it feels like it's a trial balloon or something as it simply makes zero sense unless what they are categorizing as landmarks is enormous. The example is always the Eiffel tower, but the data to identify most of the world's major landmarks is small relative to what the device can already detect, not to mention that such lookups don't even need photo identification and could instead (and actually already do and long have) use simple location data and nearby POIs for such metadata tagging.
The landmarks thing is the beginning, but I feel like they want it to be much more detailed. Like every piece of art, model of car, etc, including as they change with new releases, etc.
Does or doesn't. You can't really tell if and when it does any cataloguing; best I've managed to observe is that you can increase chances of it happening if you keep your phone plugged in to a charger for extended periods of time.
That's the problem with all those implementations: no feedback of any kind. No list of recognized tags. No information of what is or is to be processed. No nothing. Just magic that doesn't work.
2 replies →
The "memories" part can be trivially done locally and probably is, it's really just reading the picture's "date taken", so it's conceptually as easy as a "sort by date". My old Android with whatever Photos app came with it (not Google's) shows this despite being disconnected for so long.
There's nothing stopping either Apple or Google from giving users an option to just disable these connected features, globally or per-app. Just allow a "no cloud services" toggle switch in the Photos app, get the warning that $FEATURES will stop working, and be done.
I know why Google isn't doing this, they're definitely monetizing every bit of that analyzed content. Not really sure about Apple though, might be that they consider their setup with HE as being on par with no cloud connectivity privacy wise.
"memories" constantly given me notifications about "similar shots" at random, so I'm assuming it is trying to analyse the content of the photos. I managed to disable the notifications, but not the actual analysis
> The "memories" part can be trivially done locally and probably is, it's really just reading the picture's "date taken", so it's conceptually as easy as a "sort by date".
It’s more. It also can create memories “trip to New York in 2020”, “Cityscapes in New York over the years”, or “Peter over the years” (with Peter being a person added to Photos)
No Android phone I've ever owned automatically uploaded your photos without asking. What exactly do you mean that it does too?
Uninstall Google photos and install a dumb photos app. I think most android phones don't even come with Google photos pre installed.
Dumb Photo App by Nefarious DataExfiltration Co & Son
2 replies →
uninstall(disable) stock Google Photos app and install `gallery2.apk`. You can download one from sketchy github repos, or I think you can alternatively extract from Emulator image.
Why, install a non-sketchy open-source gallery app from F-Droid.
What if you're a user and you're fed up with all the "magic"? What if you want a device that works reliably, consistently, and in ways you can understand from empirical observation if you pay attention?
Apple, Google, Microsoft and Samsung, they all seem to be tripping over each other in an effort to make this whole thing just as much ass-backwards as possible. Here is how it, IMHO, should work:
1) It scans stuff, detects faces and features. Locally or in the cloud or not at all, as governed by an explicit opt-in setting.
2) Fuck search. Search is not discoverable. I want to browse stuff. I want a list of objects/tags/concepts it recognized. I want a list of faces it recognized and the ability to manually retag them, and manually mark any that they missed. And not just a list of 10 categories the vendor thinks are most interesting. All of them. Alphabetically.
3) If you insist on search, make it work. I type in a word, I want all photos tagged with it. I click on a face, I want all photos that have matching face on it. Simple as that. Not "eventual consistency", not "keep refreshing, every 5th refresh I may show you a result", or other such breakage that's a staple experience of OneDrive Photos in particular.
Don't know about Apple, but Google, Microsoft and Samsung all refuse #2, and spectacularly fail at #3, and the way it works, I'm convinced it's intentional, as I can't even conceptualize a design that would exhibit such failures naturally.
EDIT:
4) (A cherry on a cake of making a sane product that works) Recognition data is stored in photo metadata, whether directly or in a sidecar file, in any of a bunch of formats sane people use, and is both exported along with the photos, and adhered to when importing new photos.
> What if you're a user and you're fed up with all the "magic"?
This is a completely hypothetical scenario. If users with such requirements actually existed, PinePhones and similar devices would be significantly more popular.
It's not hypothetical. Plenty of open source software tries to address it. For example, DigiKam does everything I listed 100% right. Problem is, it's desktop-only and geared for local photos. An equivalent solution could exist for phones and handle cloud albums, but the mobile and cloud vendors don't want to do it, and make it hard on purpose for any third party to try.
It’s absolutely not hypothetical.
You can vote with your wallet and get a Pine Phone or something similar, I guess.
[dead]
Well, not vouching for automated scanning or whatever, but the advantage of homomorphic encryption is that besides the power usage for the computation and the bandwidth to transmit the data, Apple doesn't learn anything about what's in your photos, only you can. So even if you don't use the feature, the impact is minimal for you
So don’t use the photos app. Just get an alternative camera app and you bypass all of this.
It's opt-in by default so you can't "bypass" it unless you are aware that you can turn it off. If you don't turn it off, it will continue to scan your photos, and upload the data to Apple, whether you use the Photos app or not. (And, by the way, if the option to "learn from this app" is enabled (which is again, by default opt-in) iPadOS / ios also will be intrusively data collecting how you use that alternative camera app too ...