My recent blog post Apple Photos phones home on iOS 18 and macOS 15 has received widespread attention, and perhaps inevitably, it has also received widespread criticism by random internet commenters. A common criticism is that I somehow discredited myself by stating, honestly, "I don't understand most of the technical details of Apple's blog post", referring to Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem. Ironically, I managed to bring more attention to Apple's blog post than Apple itself did.
I'm not a professional cryptographer. Of course, neither are my critics. Below is a statement by one, who is not among my critics.
I’m a cryptographer and I just learned about this feature today while I’m on a holiday vacation with my family. I would have loved the chance to read about the architecture, think hard about how much leakage there is in this scheme, but I only learned about it in time to see that it had already been activated on my device. Coincidentally on a vacation where I’ve just taken about 400 photos of recognizable locations.
I would say that internet commenters who had never heard of the author, Matthew Green, have no justification for criticizing me as some kind of fool.
The issues mentioned in Apple's blog post are so complex that Apple had to make reference to two of their scientific papers, Scalable Private Search with Wally and Learning with Privacy at Scale, which are even more complex and opaque than the blog post. How many among my critics have read and understood those papers? I'd guess approximately zero.
I'm just a software developer. A software developer with 18 years of experience on Apple platforms, as well as multiple Apple-credited CVEs to my name. Demonstrably, I'm pretty darn smart and knowledgeable. I'm also wise enough to know my limitations. My eyes glaze over when I read things such as "We have implemented the Brakerski-Fan-Vercauteren (BFV) HE scheme, which supports homomorphic operations that are well suited for computation (such as dot products or cosine similarity) on embedding vectors that are common to ML workflows" and "For running PNNS for Enhanced Visual Search, our system ensures strong privacy parameters for each user's photo library i.e. (ε, δ)-DP, with ε = 0.8 , δ = 10-6." Tell me honestly that you understand that! How many people in the world understand it?
My critics appear to argue that either I've neglected to do basic research or that I'm not qualified to raise questions about Enhanced Visual Search if I don't fully understand the technical details. Both arguments are absurd. In effect, my critics are demanding silence from nearly everyone. According to their criticism, an iPhone user is not entitled to question an iPhone feature. Whatever Apple says must be trusted implicitly. These random internet commenters become self-appointed experts simply by parroting Apple's words and nodding along as if everything were obvious, despite the fact that it's not obvious to an actual expert, a famous cryptographer.
Most of my critics have misunderstood my own argument. I wasn't suggesting that an Apple user should never trust Apple unless the user can verify everything themselves technically. As a developer of closed-source software, I don't expect this approach from my customers. They need to trust me, at least to an extent. (Personally, I try to earn that trust by being as open and honest as possible; and for better or worse, my software never collects analytics.) For the end user of technology, it's always a matter of weighing the risks vs. the benefits. My argument was that Enhanced Visual Search offered me no benefits at all. I've literally never wanted to search for landmarks in my Photos library. Thus, in this specific case, no amount of privacy risk, no matter how small, is worth it to me.
There are some Apple online services that I use, despite the privacy risks, because the benefits to me are significant. And there are Apple online services that I avoid because of the privacy risks, when they aren't outweighed by the benefits. It doesn't take an expert to make these decisions. They're very personal decisions, to be made by each user independently, according to their desires and their tolerance for risk. My objection to Apple's Enhanced Visual Search is not the technical details specifically, which are difficult for most users to evaluate, but rather the fact that Apple has taken the choice out of my hands and enabled the online service by default. Moreover, Apple didn't publicize the new feature in iOS 18—as far as I can tell, it's not even in the list of all new features—and the off switch is buried at the bottom of Photos Settings, which is why we're having this conversation in late December rather than in mid-September when iOS 18 and macOS 15 were released.
Unfortunately, it's been proven that Apple can't always be trusted with privacy. In my previous blog post, I mentioned the numerous acknowledged vulnerabilities in Apple's products, listed in Apple's security release notes. I'd also like to mention how Apple broke its promise to provide a setting for users to opt out of its online OCSP service that checks Mac app code signing certificates for revocation. A failure of this service caused a massive, worldwide outage in 2020, and I was among the first to reveal the cause of and a solution for the outage, as well as the uncomfortable truth that the service was operating unencrypted over the internet, a blatant privacy violation.
By the way, it's not clear to me that disabling Enhanced Visual Search in Settings is truly a solution to the privacy issue. Apple's machine learning blog post doesn't entirely explain how it works, but the implication seems to be that for all photos in your library on your device that have "regions of interest" identified by machine learning, metadata from those photos are uploaded to Apple servers before any search is performed. This makes intuitive sense to me, otherwise searches of very large libraries with thousands of photos could be very slow. Thus, disabling the feature in Settings might be too late to protect your current photo library, if the data/metadata has already been uploaded. It would have been uploaded, I assume, shortly after you installed iOS 18 and macOS 15. I could be wrong, though, and I would welcome public clarification from Apple.