The "damn spec" clearly stated that they would be introducing functionality on your device that is capable of scanning content on your device and matching that against a database of opaque hashes downloaded from a 3rd party. That's functionality I don't want on my device.
FWIW, I don't use iCloud and never have used it; I don't care if they scan content once uploaded (it's their servers and I'm confident they'll continue scanning content there no matter how "E2EE" it is - see China and key sharing). As long as they keep their scanning on their devices and off of my device it's all good.
> The CSAM scanning was only enabled if you had iCloud uploads enable.
This is nonsensical. iCloud Photos is not e2ee and Apple already scans everything serverside. There is no need for redundant clientside scanning of iCloud Photos.
The clientside scanning is only needed in the cases where:
They wanted to enable #2 with the local CSAM scan. That way the authorities wouldn't have a reason to ask for cloud data to be decrypted. And Apple could lock it so that they couldn't de-encrypt it even if they wanted to.
Apple actively doesn't want to know your shit or analyse it on their servers. That's why they constantly do things on-device even if it's of worse quality than Google's approach of doing everything in the cloud.
Apple is a business and does indeed "want to know your shit" for many legitimate revenue-generating activities, such as growing their services business, a top priority for the company.
It seems to me a little bit suspect that they wanted to do clientside scanning as a prerequisite for e2ee, as if they simply would not be allowed to publish society-wide e2ee privacy software (without government/regulatory retaliation) without such a law enforcement backdoor. This screams of prior restraint and we should be loudly asking our legislators why the fuck the FBI is pressuring Apple about what software they do or do not publish.
Every day the US government takes more steps to erode our civil rights, even against the largest companies in the world. Someone needs to rein them in.
People don't care about them scanning the files, they care about them doing it on their own device. People read the damn spec, and that's why they disagreed with it.
They would've only scanned the files that would end up in the cloud anyway.
But people went "omg my files", stuck their fingers in their ears and refused to read the damn spec.