Technology

85297 readers

4389 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

279

UK’s Starmer gives Apple, Google 3 months to stop children sending nude images (www.scmp.com)

submitted 1 day ago* (last edited 1 day ago) by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world

97 comments fedilink hide all child comments

Do they actually know how the technology works? They will have to scan everything inbound and outbound connections, basically managed devices.

Apple and Google have been given a three-month ultimatum to make it impossible for children to take, share or view nude images on their smartphones, British Prime Minister Keir Starmer said on Monday.

you are viewing a single comment's thread
view the rest of the comments

[–] godsammitdam@lemmy.zip 1 points 5 hours ago* (last edited 5 hours ago)

Fair point, and I'll concede, but only partially, as it is nit what is being discussed here. Starmer's proposal isn't asking for Apple to expand their system, it's mandating platforms to comply and make it impossible, and the platforms can choose how to do so. On-device detection that never leaves the device is a meaningfully different privacy profile than server-side scanning or breaking E2E encryption. Apple's Communication Safety feature works roughly as you described and that architecture is less invasive than the worst case scenario. If every implementation were genuinely on-device, opt-in, parent-controlled, and open source verifiable, it would be a different conversation.

But that's where my concession stops.

We can only take a corporation's word that it's truly on-device and nothing is retained. The history of that promise is not encouraging. There have been multiple instances across the industry of companies guaranteeing on-device processing only for that data to appear in breach disclosures afterward. Closed, proprietary systems cannot be independently verified. We're being asked to trust the architecture of companies whose entire business model is built on data extraction.

There's also a false positive problem. Google has already implemented similar detection and there are confirmed cases of users having their entire Google accounts permanently locked after photographing their own child in the bath. Emails, photos, Drive, business files, income streams, all gone, with no meaningful appeals process. The harm from a false positive in a system like this isn't a minor inconvenience, it's potentially catastrophic and irreversible.

And then there's the infrastructure problem. The Patriot Act is, once again, the prime example. You build the architecture for one stated purpose and then it gets legislated into something broader. Age verification is the live example happening right now. It started as self-attestation. That wasn't sufficient so it became on-device ID verification. That wasn't sufficient so it became third party trusted providers. Private vendors like Persona and kID. Both of which have had documented breaches after promising on-device verification themselves. This is literally the documented trajectory of every surveillance infrastructure built in the name of protection.

It's never a matter of if they legislate it further. It's when. And who profits from the expanded version.