{"id":38268,"date":"2023-01-25T16:31:34","date_gmt":"2023-01-25T21:31:34","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=38268"},"modified":"2023-01-27T14:53:01","modified_gmt":"2023-01-27T19:53:01","slug":"network-connections-from-mediaanalysisd","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/01\/25\/network-connections-from-mediaanalysisd\/","title":{"rendered":"Network Connections From mediaanalysisd"},"content":{"rendered":"

Jeffrey Paul<\/a> (Hacker News<\/a>):<\/p>\n

Imagine my surprise when browsing these images in the Finder, Little Snitch told me that macOS is now connecting to Apple APIs via a program named mediaanalysisd<\/code> (Media Analysis Daemon - a background process for analyzing media files).<\/p>

[…]<\/p>

Apple has repeatedly declared in their marketing materials that “privacy is a human right”, yet they offered no explanation whatsoever as to why those of us who do not traffic in child pornography might wish to have such privacy-violating software running on our devices.<\/p>

[…]<\/p>

Integrate this data and remember it: macOS now contains network-based spyware even with all Apple services disabled<\/em>. It cannot be disabled via controls within the OS: you must used third party network filtering software (or external devices) to prevent it.<\/p><\/blockquote>\n

Contrary to this post, I think Apple did clearly state<\/a> that it has abandoned local CSAM detection. And he doesn’t seem to have evidence that his data is being improperly sent to Apple. Still, it’s not clear exactly what mediaanalysisd<\/code> is doing with the network.<\/p>\n\n

Howard Oakley<\/a>:<\/p>\n

There is no evidence that local images on a Mac have identifiers computed and uploaded to Apple’s servers when viewed in Finder windows.<\/p>

[…]<\/p>

Images viewed in apps supporting VLU have neural hashes computed, and those are uploaded to Apple’s servers to perform look up and return its results to the user, as previously detailed<\/a>.<\/p>

VLU can be disabled by disabling Siri Suggestions<\/strong> in System Settings > Siri & Spotlight, as previously explained<\/a>.<\/p><\/blockquote>\n\n

Mysk<\/a>:<\/p>\n

No, macOS doesn’t send info about your local photos to Apple \nWe analyzed mediaanalysisd<\/code> after an extraordinary claim by Jeffrey Paul that it scans local photos and secretly sends the results to an Apple server.<\/p>\n

[…]<\/p>\n

We analyzed the network traffic sent and received by mediaanalysisd<\/code>.\nWell, the call is literally empty. We decrypted it. No headers, no IDs, nothing. Just a simple GET request to this endpoint that returns nothing. Honestly, it looks like it is a bug.<\/p><\/blockquote>\n\n

Mysk<\/a>:<\/p>\n

\n

The issue was indeed a bug and it has been fixed in macOS 13.2.\nThe process no longer makes calls to Apple servers.<\/p>\n<\/blockquote>\n\n

Was it also a bug<\/a> that this happened even though Paul had opted out<\/a> of everything? Or is there no setting for this? Or did he miss a setting<\/a>?<\/p>\n\n

Jamie Zawinski<\/a>:<\/p>\n

Ok, that may well be. But when my OS was phoning home on my photos yesterday and happens to not be phoning home on them today… that doesn’t really build trust. Intent matters, and we know what Apple’s intent is because they told us. Code matters, and we are not allowed to see Apple’s code.<\/p>

Maybe the fact that it phoned home with a null response is only because the test photos didn’t match some magic neural net -- congratulations, Apple didn’t report your test images to the FBI.<\/p>

We cannot know. But suspicion and mistrust are absolutely justified. Apple is examining your photos and then phoning home. The onus is on them to explain -- and prove -- what they are doing and why.<\/p><\/blockquote>\n\n

Previously:<\/p>\n