{"id":46276,"date":"2025-01-01T15:52:23","date_gmt":"2025-01-01T20:52:23","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=46276"},"modified":"2025-01-07T11:47:02","modified_gmt":"2025-01-07T16:47:02","slug":"privacy-of-photos-apps-enhanced-visual-search","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2025\/01\/01\/privacy-of-photos-apps-enhanced-visual-search\/","title":{"rendered":"Privacy of Photos.app’s Enhanced Visual Search"},"content":{"rendered":"

Jeff Johnson<\/a> (Mastodon<\/a>, Hacker News<\/a>, Reddit<\/a>, 2<\/a>, The Verge<\/a>, Yahoo<\/a>):<\/p>\n

\n

This morning while perusing the settings of a bunch of apps on my iPhone, I discovered a new setting for Photos that was enabled by default: Enhanced Visual Search.<\/p>\n

[…]<\/p>\n

There appear to be only two relevant documents on Apple's website, the first of which is a legal notice about Photos & Privacy<\/a>:<\/p>\n

Enhanced Visual Search in Photos allows you to search for photos using landmarks or points of interest. Your device privately matches places in your photos to a global index Apple maintains on our servers. We apply homomorphic encryption and differential privacy, and use an OHTTP relay that hides IP address. This prevents Apple from learning about the information in your photos. You can turn off Enhanced Visual Search at any time on your iOS or iPadOS device by going to Settings > Apps > Photos. On Mac, open Photos and go to Settings > General.<\/p><\/blockquote>\n

The second online Apple document is a blog post by Machine Learning Research titled Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem<\/a> and published on October 24, 2024. (Note that iOS 18 and macOS 15 were released to the public on September 16.)<\/p>\n<\/blockquote>\n

As far as I can tell, this was added in macOS 15.1<\/a> and iOS 18.1, not in the initial releases<\/a>, but it’s hard to know for sure since none of Apple’s release notes mention the name of the feature.<\/p>\n

It ought to be up to the individual user to decide their own tolerance for the risk of privacy violations. In this specific case, I have no tolerance for risk, because I simply have no interest in the Enhanced Visual Search feature, even if it happened to work flawlessly. There’s no benefit to outweigh the risk. By enabling the “feature” without asking, Apple disrespects users and their preferences. I never wanted my iPhone to phone home to Apple.<\/p>

Remember this advertisement? “What happens on your iPhone, stays on your iPhone.”<\/p><\/blockquote>\n\n

Apple is being thoughtful about doing this in a (theoretically) privacy-preserving way, but I don’t think the company is living up to its ideals here. Not only is it not opt-in, but you can’t effectively opt out if it starts uploading metadata about your photos before<\/a> you even use the search feature. It does this even if you’ve already opted out of uploading your photos to iCloud. And “privately matches” is kind of a euphemism. There remains no plain English text saying that it uploads information about your photos and specifically what information that is. You might assume that it’s just sharing GPS coordinates, but apparently it’s actually the content<\/em> of the photos that’s used for searching.<\/p>\n\n

Ben Lovejoy<\/a>:<\/p>\n

\n

One piece of data which isn’t<\/em> shared is location. This is clear as several of my London skyline photos were incorrectly identified as a variety of other cities, including San Francisco, Montreal, and Shanghai.<\/p>\n<\/blockquote>\n\n

Nick Heer<\/a>:<\/p>\n

\n

What I am confused about is what this feature actually does. It sounds like it compares landmarks identified locally against a database too vast to store locally, thus enabling more accurate lookups. It also sounds like<\/a> matching is done with entirely visual data, and it does not rely on photo metadata. But because Apple did not announce this feature and poorly documents it, we simply do not know. One document says trust us to analyze your photos remotely<\/em>; another says here are all the technical reasons you can trust us<\/em>. Nowhere does Apple plainly say what is going on.<\/p>\n

[…]<\/p>\n

I see this feature implemented with responsibility and privacy in nearly every way, but, because it is poorly explained and enabled by default, it is difficult to trust. Photo libraries are inherently sensitive. It is completely fair for users to be suspicious of this feature.<\/p>\n<\/blockquote>\n\n

In a way, this is even less private than the CSAM scanning that Apple abandoned, because it applies to non-iCloud photos and uploads information about all<\/em> photos, not just ones with suspicious neural hashes. On the other hand, your data supposedly—if their are no design flaws or bugs—remains encrypted and is not linked to your account or IP address.<\/p>\n\n

jchw<\/a>:<\/p>

What I want is very simple: I want software that doesn’t send anything to the Internet without some explicit intent first. All of that work to try to make this feature plausibly private is cool engineering work, and there’s absolutely nothing wrong with implementing a feature like this, but it should absolutely be opt-in.<\/p>

Trust in software will continue to erode until software stops treating end users and their data and resources (e.g. network connections) as the vendor’s own playground. Local on-device data shouldn’t be leaking out of radio interfaces unexpectedly, period. There should be a user intent tied to any feature where local data is sent out to the network.<\/p><\/blockquote>\n\n

Apple just crowed<\/a> about how, if Meta’s interoperability requests were granted, apps the user installed on a device and granted permission to<\/em> would be able to “scan all of their photos” and that “this is data that Apple itself has chosen not to access.” Yet here we find out that in an October OS update Apple auto-enabled a new feature that sends unspecified information about all your photos to Apple.<\/p>\n\n

I’m seeing a lot of reactions like this<\/a>:<\/p>\n

I’m tired with so much privacy concerns from everyone without any reason… Yes it sends photo data anonymously to make a feature work or improve it. So what? Apple and iOS are the most private company\/software out there.<\/p><\/blockquote>\n

But I’m tired of the double standard where Apple and its fans start from the premise of believing Apple’s marketing. So if you’re silently opted in, and a document somewhere uses buzzwords like “homomorphic encryption” and “differential privacy” without saying which data this even applies to, that’s good enough. You’re supposed to assume that your privacy is being protected because Apple is a good company who means well and doesn’t ship<\/a> bugs<\/a>.<\/p>\n\n

You see, another company might<\/em> “scan” your photos, but Apple is only “privately matching” them. The truth is that, though they are relatively better, they also have a history<\/a> of sketchy<\/a> behavior<\/a> and<\/a> misleading<\/a> users<\/a> about privacy. They define “tracking” so that it doesn’t count when the company running the App Store does it, then send information to data brokers<\/a> even though they claim not to.<\/p>\n\n

Eric Schwarz<\/a>:<\/p>\n

\n

With Apple making privacy a big part of its brand, it is a little surprising this was on by default and\/or that Apple hasn’t made a custom prompt for the “not photo library, not contact list, not location, etc.” permissions access. Some small changes to the way<\/em> software works and interacts with the user can go a long way of building and keeping trust.<\/p>\n<\/blockquote>\n\n

Matthew<\/a> Green<\/a>:<\/p>\n

I love that Apple is trying to do privacy-related services, but this just appeared at the bottom of my Settings screen over the holiday break when I wasn’t paying attention. It sends data about my private photos to Apple.<\/p><\/blockquote>\n\n

I would have loved the chance to read about the architecture, think hard about how much leakage there is in this scheme, but I only learned about it in time to see that it had already been activated on my device. Coincidentally on a vacation where I’ve just taken about 400 photos of recognizable locations.<\/p>\n

This is not how you launch a privacy-preserving product if your intentions are good, this is how you slip something under the radar while everyone is distracted.<\/p><\/blockquote>\n\n

Jeff Johnson<\/a>:<\/p>\n

The issues mentioned in Apple’s blog post are so complex that Apple had to make reference to two of their scientific papers, Scalable Private Search with Wally\n<\/a> and Learning with Privacy at Scale<\/a>, which are even more complex and opaque than the blog post. How many among my critics have read and understood those papers? I’d guess approximately zero.<\/p>

[…]<\/p>

In effect, my critics are demanding silence from nearly everyone. According to their criticism, an iPhone user is not entitled to question an iPhone feature. Whatever Apple says must be trusted implicitly. These random internet commenters become self-appointed experts simply by parroting Apple’s words and nodding along as if everything were obvious, despite the fact that it’s not obvious to an actual expert, a famous cryptographer.<\/p><\/blockquote>\n\n

Previously:<\/p>\n