>Right, but that hardly mattered as long as it applied only to iCloud-uploaded files
There were some practical differences. e.g. Some programs have a permissive default of always marking as 'save to iCloud', and avoiding this can be nonintuitive. Also certain difficulties with deleted images which I am not sure how Apple had wanted to resolve but could lead to unfortunate differences from the other scenario.
More importantly, the moment the client-side capability was there, legal pressure to use it in all cases was bound to come. Normalizing client-side scanning was also bound to legitimize and encourage doing the same on Android, and I can easily think of certain brands which are way less scrupulous than Apple.
All in all, I didn't see the benefit given that server-side scanning was accepted as legitimate and sufficiently effective by just about everyone, but without the risks of client-side scanning.
> All in all, I didn't see the benefit given that server-side scanning was accepted as legitimate and sufficiently effective by just about everyone, but without the risks of client-side scanning.
Oh, absolutely—unless you want to prevent super-easy use for storing CSAM while also having E2E encrypted storage. Which I'm still nearly-certain was their entire reason for wanting to do that in the first place—which isn't to say there can't also be legitimate concerns about such functionality, I just don't think it was some kind of nefarious plot on their part. At this point I expect they're sitting on the feature until or unless there's public outrage over their inability to provide evidence in some kind of CSAM case or investigation—if that doesn't happen, fine, if it does, they'll push it out as soon as that sentiment overwhelms the anti-scanning one.
>At this point I expect they're sitting on the feature until or unless there's public outrage
Possibly so. However, I believe they have two alternatives to client-side scanning:
A) I think their wording still allows uploading a perceptual hash, which would then allow typical server-side scanning without entirely breaking E2E.
B) They could handle this on a case-by-case basis. I'm sure their code-signing privileges can be (ab)used to get around E2E if Apple really wanted to, and they probably can push an 'update' to a single device to do just that.
There were some practical differences. e.g. Some programs have a permissive default of always marking as 'save to iCloud', and avoiding this can be nonintuitive. Also certain difficulties with deleted images which I am not sure how Apple had wanted to resolve but could lead to unfortunate differences from the other scenario.
More importantly, the moment the client-side capability was there, legal pressure to use it in all cases was bound to come. Normalizing client-side scanning was also bound to legitimize and encourage doing the same on Android, and I can easily think of certain brands which are way less scrupulous than Apple.
All in all, I didn't see the benefit given that server-side scanning was accepted as legitimate and sufficiently effective by just about everyone, but without the risks of client-side scanning.