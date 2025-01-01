Wednesday, January 1, 2025

Jeff Johnson (Mastodon, Hacker News, Reddit, 2, The Verge, Yahoo):

This morning while perusing the settings of a bunch of apps on my iPhone, I discovered a new setting for Photos that was enabled by default: Enhanced Visual Search. […] There appear to be only two relevant documents on Apple's website, the first of which is a legal notice about Photos & Privacy: Enhanced Visual Search in Photos allows you to search for photos using landmarks or points of interest. Your device privately matches places in your photos to a global index Apple maintains on our servers. We apply homomorphic encryption and differential privacy, and use an OHTTP relay that hides IP address. This prevents Apple from learning about the information in your photos. You can turn off Enhanced Visual Search at any time on your iOS or iPadOS device by going to Settings > Apps > Photos. On Mac, open Photos and go to Settings > General. The second online Apple document is a blog post by Machine Learning Research titled Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem and published on October 24, 2024. (Note that iOS 18 and macOS 15 were released to the public on September 16.)

As far as I can tell, this was added in macOS 15.1 and iOS 18.1, not in the initial releases, but it’s hard to know for sure since none of Apple’s release notes mention the name of the feature.

It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There’s no benefit to outweigh the risk. By enabling the “feature” without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple. Remember this advertisement? “What happens on your iPhone, stays on your iPhone.”

Apple is being thoughtful about doing this in a (theoretically) privacy-preserving way, but I don’t think the company is living up to its ideals here. Not only is it not opt-in, but you can’t effectively opt out if it starts uploading metadata about your photos before you even use the search feature. It does this even if you’ve already opted out of uploading your photos to iCloud. And “privately matches” is kind of a euphemism. There remains no plain English text saying that it uploads information about your photos and specifically what information that is. You might assume that it’s just sharing GPS coordinates, but apparently it’s actually the content of the photos that’s used for searching.

Ben Lovejoy:

One piece of data which isn’t shared is location. This is clear as several of my London skyline photos were incorrectly identified as a variety of other cities, including San Francisco, Montreal, and Shanghai.

Nick Heer:

What I am confused about is what this feature actually does. It sounds like it compares landmarks identified locally against a database too vast to store locally, thus enabling more accurate lookups. It also sounds like matching is done with entirely visual data, and it does not rely on photo metadata. But because Apple did not announce this feature and poorly documents it, we simply do not know. One document says trust us to analyze your photos remotely; another says here are all the technical reasons you can trust us. Nowhere does Apple plainly say what is going on. […] I see this feature implemented with responsibility and privacy in nearly every way, but, because it is poorly explained and enabled by default, it is difficult to trust. Photo libraries are inherently sensitive. It is completely fair for users to be suspicious of this feature.

In a way, this is even less private than the CSAM scanning that Apple abandoned, because it applies to non-iCloud photos and uploads information about all photos, not just ones with suspicious neural hashes. On the other hand, your data supposedly—if their are no design flaws or bugs—remains encrypted and is not linked to your account or IP address.

jchw:

What I want is very simple: I want software that doesn’t send anything to the Internet without some explicit intent first. All of that work to try to make this feature plausibly private is cool engineering work, and there’s absolutely nothing wrong with implementing a feature like this, but it should absolutely be opt-in. Trust in software will continue to erode until software stops treating end users and their data and resources (e.g. network connections) as the vendor’s own playground. Local on-device data shouldn’t be leaking out of radio interfaces unexpectedly, period. There should be a user intent tied to any feature where local data is sent out to the network.

Apple just crowed about how, if Meta’s interoperability requests were granted, apps the user installed on a device and granted permission to would be able to “scan all of their photos” and that “this is data that Apple itself has chosen not to access.” Yet here we find out that in an October OS update Apple auto-enabled a new feature that sends unspecified information about all your photos to Apple.

I’m seeing a lot of reactions like this:

I’m tired with so much privacy concerns from everyone without any reason… Yes it sends photo data anonymously to make a feature work or improve it. So what? Apple and iOS are the most private company/software out there.

But I’m tired of the double standard where Apple and its fans start from the premise of believing Apple’s marketing. So if you’re silently opted in, and a document somewhere uses buzzwords like “homomorphic encryption” and “differential privacy” without saying which data this is even applies to, that’s good enough. You’re supposed to assume that your privacy is being protected because Apple is a good company who means well and doesn’t ship bugs.

You see, another company might “scan” your photos, but Apple is only “privately matching” them. The truth is that, though they are relatively better, they also have a history of sketchy behavior and misleading users about privacy. They define “tracking” so that it doesn’t count when the company running the App Store does it, then send information to data brokers even though they claim not to.

Eric Schwarz:

With Apple making privacy a big part of its brand, it is a little surprising this was on by default and/or that Apple hasn’t made a custom prompt for the “not photo library, not contact list, not location, etc.” permissions access. Some small changes to the way software works and interacts with the user can go a long way of building and keeping trust.

Matthew Green:

I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.

I would have loved the chance to read about the architecture, think hard about how much leakage there is in this scheme, but I only learned about it in time to see that it had already been activated on my device. Coincidentally on a vacation where I’ve just taken about 400 photos of recognizable locations. This is not how you launch a privacy-preserving product if your intentions are good, this is how you slip something under the radar while everyone is distracted.

Jeff Johnson:

The issues mentioned in Apple’s blog post are so complex that Apple had to make reference to two of their scientific papers, Scalable Private Search with Wally and Learning with Privacy at Scale, which are even more complex and opaque than the blog post. How many among my critics have read and understood those papers? I’d guess approximately zero. […] In effect, my critics are demanding silence from nearly everyone. According to their criticism, an iPhone user is not entitled to question an iPhone feature. Whatever Apple says must be trusted implicitly. These random internet commenters become self-appointed experts simply by parroting Apple’s words and nodding along as if everything were obvious, despite the fact that it’s not obvious to an actual expert, a famous cryptographer.

Franklin Delano Stallone:

If it were off by default that would be a good opportunity for the relatively new TipKit to shine.

Jeff Johnson:

The release notes seem to associate Enhanced Visual Search with Apple Intelligence, even though the OS Settings don’t associate it with Apple Intelligence (and I don’t use AI myself).

The relevant note is that in 15.1 the Apple Intelligence section says “Photos search lets you find photos and videos simply by describing what you’re looking for.” I’ve seen reports that the setting was not in 15.0, though its release notes did include: “Natural language photo and video search Search now supports natural language queries and expanded understanding, so you can search for just what you mean, like ‘Shani dancing in a red dress.’”

Eric deRuiter:

There are so many questions. Does disabling it on all devices remove the uploaded data? Is it only actually active if you have AI on? Does it work differently depending on if you have AI enabled?

My understanding is that there is nothing to remove because nothing is stored (unless in a log somewhere) and that there is no relation to Apple Intelligence.

Rui Carmo:

I fully get it that Photos isn’t really “calling home” with any personal info. It’s trying to match points of interest, which is actually something most people want to have in travel photos–and it’s doing it with proper masking and anonymization, apparently via pure image hashing. But it does feel a tad too intrusive, especially considering that matching image hashes is, well, the same thing they’d need to do for CSAM detection, which is a whole other can of worms. But the cynic in me cannot help pointing out that it’s almost as if someone had the feature implemented and then decided to use it for something else “that people would like”. Which has never happened before, right?

thisislife2:

I was going through all the privacy settings again today on my mom’s iPhone 13, and noticed that Apple / ios had re-enabled this feature silently (enhanced visual search in Photos app), even though I had explicitly disabled it after reading about it here on HN, the last time. This isn’t the first time something like this has happened - her phone is not signed into iMessage, and to ensure Apple doesn’t have access to her SMS / RCS, I’ve also disabled “Filter messages from unknown senders”. Two times, over a period of roughly a year, I find that this feature has silently been enabled again.

These settings that turn themselves back on or that say they will opt you out of analytics but don’t actually do so really burn trust.

Partly for reasons like this, and partly for how buggy they are, I no longer use Apple services. It's less convenient, certainly, but I simply don't trust them. I don't trust anyone. I'm at the point now where I self-host practically everything I use. I'm not enthusiastic about this at all. That's time I'd rather spend doing something else and outsource those services to someone trustworthy. But there is no one trustworthy. Oh how I miss using a computer in 2010. Back then I could just do stuff on my Mac, it could work the way I wanted it to, it was elegantly designed and worked great, and everything hadn't gotten completely bogged down and buggy by being service driven.

Another annoyance: This setting has to be turned off on each device individually (maybe this is different if Photos is hooked up to iCloud?).

If we put aside whether Apple is to be trusted or not (I’m in the “not” team) when it comes to privacy, is there anything in the EULA that allows them to do that?

I find Jeff's writing to be a bit sensationalist, and Apple has an alert fatigue problem here. People are simultaneously complaining that macOS keeps introducing more "Worblz would like to reticulate splines. Allow or Deny?" dialogs, but also complaining that users don't have enough opportunity to give consent. Yes, this feature should be opt-in, but making it opt-in means a) people are annoyed about yet another dialog on startup, or b) people don't realize the feature exists at all. (Add to that the entirely self-inflicted complexity this year that nobody can even tell which feature launched with which release; was it 15.0? 15.1? Is it coming with 15.3? Punted this release cycle altogether? Who knows! I'm also unclear why, in macOS 15.3 Beta (24D5034f), the Photos version is Version 10.0 (740.0.160). Does that mean Photos is unchanged since 15.0? Does it mean 15.3 introduces a major upgrade to Photos? Very strange.) But, as Michael points out, the other issue — and that's on Apple, too — is poor documentation. All over the place. There's no consistent (and typically, no comprehensive) way to find what has changed in recent versions. There's no comprehensive explanation of what actually happens with this Visual Search thing. What data gets transmitted? To whom? How is it encrypted? How does it or doesn't it identify me? This annoys me especially with Apple Pay, where, _as I understand it_, the architecture is quite privacy-preserving in that each actor (you, the bank, the merchant, and Apple) has _relatively_ little information from each other — but I wish Apple made little sequence diagrams to make that clearer. Who transmits what to each other? How long is it stored? But more simply, I'm unsure what the feature even _does_, and again, that's on Apple. Photos already have location data. Why does there need to be some ML model to match them to visual landmarks? It's obvious from the location whether they're of a landmark or not. Is the feature purely for features that _lack_ location data? >The issues mentioned in Apple’s blog post are so complex that Apple had to make reference to two of their scientific papers, Scalable Private Search with Wally and Learning with Privacy at Scale, which are even more complex and opaque than the blog post. How many among my critics have read and understood those papers? I’d guess approximately zero. I'm not even sure what point he's making here. Is the implication that Apple's papers are a mirage? Snake oil? Because best as I can tell, Apple is approaching it that way because it's about as good as it gets, for now. Yes, you can say "just don't do the feature at all" is sometimes the better approach (and that's what they wound up doing with CSAM), but I don't think "this is very complex" is a meaningful complaint. Technology is complex; therefore, we shouldn't do it? >In effect, my critics are demanding silence from nearly everyone. According to their criticism, an iPhone user is not entitled to question an iPhone feature. That's quite the strawman. No, my issue with Jeff's assertion is that they're reductive, starting with the headline ("Photos phones home" IMHO conjures up all kinds of images like "every time you make a photo, Apple knows of its location") and continuing throughout the text (""What happens on your iPhone, stays on your iPhone." That was demonstrably a lie." — sure, that's extremely simplistic on Apple's part, but Jeff isn't actually making the case that personally created data or personally identifying information ends up on Apple's servers, just that this feature _might_ have a bug that _might_ lead to Apple's servers getting such data). So, my main issue here isn't the feature per se, or worries about catastrophic bugs (seems to me they've put in multiple safeguards to make those unlikely) so much as that Apple once again documented this poorly, starting with the OOBE (whatever version of Photos introduced this should have some form of UI to let users make an informed choice) and going all the way through with explaining the technical details. >is there anything in the EULA that allows them to do that? I don't think the EULA factors in. Nor do I think the GDPR factors in: if the feature is as explained by Apple, there is no personally identifying information; therefore, they don't need the user's consent. But IANAL. Perhaps someone who has experience with how differential privacy relates to GDPR can chime in.

> I'm not even sure what point he's making here. Is the implication that Apple's papers are a mirage? Snake oil? I was merely responding to the many extremely condescending internet comments on my article: "My critics appear to argue that either I've neglected to do basic research or that I'm not qualified to raise questions about Enhanced Visual Search if I don't fully understand the technical details." > That's quite the strawman. Funny, because you just turned me into a strawman, as I quoted above.

Sören, the professional cryptographer I quoted was as bothered as I was that Apple enabled the feature by default. He didn't say that Apple's scientific papers prove that it's private. To the contrary, he said that this needs external validation. You know, peer review. I don't know why you aren't worried about vulnerabilities, because Apple software ships vulnerabilities all the time.

@remmah I use iCloud Photo Library and turning it off on one device did not sync that preference to other devices so I had to disable it manually on all of them.

@Rui Carmo The similarity to the CSAM scanning situation is my concern. We didn't want Apple to build that scanning of our photo libraries because if they build it to detect CSAM a government can then force Apple to also search for terrorism, people seeking abortions, political views they don't like, etc. This landmarks search works differently in that presumably you get the results and your account isn't "reported" because you have a photo of a landmark, but they have built a photo library scanning technology which is what we all rebelled against a few years ago and puts us back on that slippery slope that we had hoped Apple had abandoned. The existence of that scanning technology can invite governments to force Apple to spy for them because they already built it, they just have to change what they are looking for and how it is reported. It's existence makes it more difficult for Apple to not comply with such a request. Turning off this preference doesn't protect us from that as they can implement a scan that doesn't have a preference and that they don't tell us about. We know Apple has compromised on iCloud security for China, VPNs in Russia, etc. We have to trust our own Governments not to force Apple to spy on us, and silently adding this feature doesn't help us trust Apple.

I noticed the same. And promptly turned it off. However, the damage is done, namely something gets sent without my consent. This is also quite likely another 'off' 'button' that will without a shred of doubt turn itself back on at some juncture. I am very happy devs like Jeff Johnson are out there, pointing these things out. He does it in plain english, and while the tide is against those that care, I want him to persist. The naysayers, even here, are part of the bigger problem and always cause me to scratch my head thinking - why criticise someone for pointing this out? Long live Jeff.