There is so much focus on the technical aspects such as probability of mismatch etc.
For me the risk is much more that through some mechanism outside my control real CSAM material becomes present on my device. Whether its a dodgy web site, a spam email, a successful hack attempt or something else like that, I feel like there's a significant chance some day I'll end up with this stuff injected onto my phone without me knowing. So I'm not at all concerned about the technical capacity to accurately match to CP etc. In fact I'm even more worried if its really accurate because then I know when this unfortunate event happens I face a huge risk of being immediately flagged before I even know about the content and then spending years extricating myself from a ruined reputation and a legal system that treats evidence like this with far more trust than it should have.
The reason everyone is focusing on the technical aspects is because most people will evaluate it as it is planned to be, and not as what it could become. This is probably because, at any time, users can switch from Apple to Android in an upgrade cycle - so while perhaps 99% of users are fine with this CSAM scanner in its current state, if they expand its usage to something bad then those 99% that stayed can once again evaluate if they still value the hardware enough to keep it with the new status quo; therefore, evaluating it as it is in its current state will help people reading make the best personal decisions and the details will help with context if/when they do expand usage of this system.
right? Phones are not at all secure. Dozens (hundreds?) of click-less exploits exist today that can do anything they want with “your” phone at the push of a button.
My phone is not mine. nor is the data on it. nor is yours. That’s the real state of computer security today.
all of this is ill conceived.
The day someone chooses to mass release their worms on iPhone will be a wake up call.
For me the risk is much more that through some mechanism outside my control real CSAM material becomes present on my device. Whether its a dodgy web site, a spam email, a successful hack attempt or something else like that, I feel like there's a significant chance some day I'll end up with this stuff injected onto my phone without me knowing. So I'm not at all concerned about the technical capacity to accurately match to CP etc. In fact I'm even more worried if its really accurate because then I know when this unfortunate event happens I face a huge risk of being immediately flagged before I even know about the content and then spending years extricating myself from a ruined reputation and a legal system that treats evidence like this with far more trust than it should have.