Apple auto-opts everyone into having their photos analyzed by AI for landmarks
- Reference: 1735893253
- News link: https://www.theregister.co.uk/2025/01/03/apple_enhanced_visual_search/
- Source link:
Apple customers have only just begun to notice.
The feature, known as Enhanced Visual Search, was called out last week by software developer Jeff Johnson, who expressed concern in [1]two [2]write-ups about Apple's failure to explain the technology, which is believed to have arrived with iOS 18.1 and macOS 15.1 on [3]October 28, 2024 .
[4]
In a [5]policy document dated November 18, 2024 (not indexed by the Internet Archive's Wayback Machine until [6]December 28, 2024 , the date of Johnson's initial article), Apple describes the feature thus:
Enhanced Visual Search in Photos allows you to search for photos using landmarks or points of interest. Your device privately matches places in your photos to a global index Apple maintains on our servers. We apply homomorphic encryption and differential privacy, and use an OHTTP relay that hides [your] IP address. This prevents Apple from learning about the information in your photos. You can turn off Enhanced Visual Search at any time on your iOS or iPadOS device by going to Settings > Apps > Photos. On Mac, open Photos and go to Settings > General.
Apple did explain the technology in [7]a technical paper published on October 24, 2024, around the time that Enhanced Visual Search is believed to have debuted. A local machine-learning model analyzes photos to look for a "region of interest" that may depict a landmark. If the AI model finds a likely match, it calculates a vector embedding – an array of numbers – representing that portion of the image.
The device then uses [8]homomorphic encryption to scramble the embedding in such a way that it can be run through carefully designed algorithms that produce an equally encrypted output. The goal here being that the encrypted data can be sent to a remote system to analyze without whoever is operating that system from knowing the contents of that data; they just have the ability to perform computations on it, the result of which remain encrypted. The input and output are end-to-end encrypted, and not decrypted during the mathematical operations, or so it's claimed.
[9]
[10]
The dimension and precision of the embedding is adjusted to reduce the high computational demands for this homomorphic encryption (presumably at the cost of labeling accuracy) "to meet the latency and cost requirements of large-scale production services." That is to say Apple wants to minimize its cloud compute cost and mobile device resource usage for this free feature.
With some server optimization metadata and the help of Apple's private nearest neighbor search (PNNS), the relevant Apple server shard receives a homomorphically-encrypted embedding from the device, and performs the aforementioned encrypted computations on that data to find a landmark match from a database and return the result to the client device without providing identifying information to Apple nor its OHTTP partner [11]Cloudflare .
[12]
Thus, Apple unilaterally began running people's Photos through a locally running machine-learning algorithm that analyzes image details (on a purely visual basis, without using location data) and creates a value associated with what could be a landmark in each picture. That value is then used on a remote server to check an index of such values stored on Apple servers in order to label within each snap the landmarks and places found in Apple's database.
Put more simply: You take a photo; your Mac or iThing locally outlines what it thinks is a landmark or place of interest in the snap; it homomorphically encrypts a representation of that portion of the image in a way that can be analyzed without being decrypted; it sends the encrypted data to a remote server to do that analysis, so that the landmark can be identified from a big database of places; and it receives the suggested location again in encrypted form that it alone can decipher.
If it all works as claimed, and there are no side-channels or other leaks, Apple can't see what's in your photos, neither the image data nor the looked-up label.
[13]Apple offers to settle 'snooping Siri' lawsuit for an utterly incredible $95M
[14]Fining Big Tech isn't working. Make them give away illegally trained LLMs as public domain
[15]Apple called on to ditch AI headline summaries after BBC debacle
[16]Apple and Meta trade barbs over interoperability requests
Apple claims that its use of this [17]homomorphic encryption plus what's called [18]differential privacy – a way to protect the privacy of people whose data appears in a data set – precludes potential privacy problems.
"Apple is being thoughtful about doing this in a (theoretically) privacy-preserving way, but I don’t think the company is living up to its ideals here," observed software developer Michael Tsai in an [19]analysis shared Wednesday. "Not only is it not opt-in, but you can’t effectively opt out if it starts uploading metadata about your photos [20]before you even use the search feature. It does this even if you’ve already opted out of uploading your photos to iCloud."
[21]
Tsai argues Apple's approach is even less private than its [22]abandoned CSAM scanning plan "because it applies to non-iCloud photos and uploads information about all photos, not just ones with suspicious neural hashes."
Nonetheless, Tsai acknowledges Apple's claim that data processed in this way is encrypted and disassociated with the user's account and IP address.
While there's no evidence at this point that contracts Apple's privacy assertions, the community concern has more to do with the way in which Apple deployed this technology.
"It’s very frustrating when you learn about a service two days before New Years and you find that it’s already been enabled on your phone," [23]said Matthew Green, associate professor of computer science at the Johns Hopkins Information Security Institute in the US.
The Register asked Apple to comment, and as usual we've received no reply. We note that lack of communication is the essence of the community discontent.
"My objection to Apple's Enhanced Visual Search is not the technical details specifically, which are difficult for most users to evaluate, but rather the fact that Apple has taken the choice out of my hands and enabled the online service by default," said Johnson in his second post.
He told The Register that it's unclear whether the data/metadata from your Photos library is uploaded before you even have a chance to disable the opt-out setting.
"I don't think anybody knows, and Apple hasn't said," Johnson observed. ®
Get our [24]Tech Resources
[1] https://lapcatsoftware.com/articles/2024/12/3.html
[2] https://lapcatsoftware.com/articles/2024/12/4.html
[3] https://support.apple.com/en-us/100100
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z3fDVlPLBgOPLAjC-o7cmAAAAEs&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://www.apple.com/legal/privacy/data/en/photos/
[6] https://web.archive.org/web/20241228200141/https://www.apple.com/legal/privacy/data/en/photos/
[7] https://machinelearning.apple.com/research/homomorphic-encryption
[8] https://digitalprivacy.ieee.org/publications/topics/what-is-homomorphic-encryption
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z3fDVlPLBgOPLAjC-o7cmAAAAEs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z3fDVlPLBgOPLAjC-o7cmAAAAEs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://blog.cloudflare.com/stronger-than-a-promise-proving-oblivious-http-privacy-properties/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z3fDVlPLBgOPLAjC-o7cmAAAAEs&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/01/02/apple_siri_lawsuit/
[14] https://www.theregister.com/2024/12/22/ai_poisoned_tree/
[15] https://www.theregister.com/2024/12/20/apple_ai_headline_summaries/
[16] https://www.theregister.com/2024/12/19/apple_meta_interoperability/
[17] https://machinelearning.apple.com/research/homomorphic-encryption
[18] https://machinelearning.apple.com/research/wally-search
[19] https://mjtsai.com/blog/2025/01/01/privacy-of-photos-apps-enhanced-visual-search/
[20] https://mastodon.social/@lapcatsoftware/113745260274529296
[21] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_onprem/personaltech&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z3fDVlPLBgOPLAjC-o7cmAAAAEs&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[22] https://www.theregister.com/2021/12/16/apple_deletes_csam_scanning_plan/
[23] https://bsky.app/profile/matthewdgreen.bsky.social/post/3lefzhwitsk2y
[24] https://whitepapers.theregister.com/
Indeed.
It is high time top IT companies stop presuming that they have the right to decide for their customers.
They have the power, not the right.
It does it too with Music
I never asked to use Cloudy music, nor do I want to, but if I start Music now it apparently has to download things - which were already stored local.
I'm not sure who is responsible for this but they really ought to stop smoking whatever it is they use.
Meanwhile, Google has been recognizing landmarks in user pictures for a decade, and Android users apparently don't care. I understand that some people care a lot about privacy, but I have to say it's probably a vanishingly small minority.
Meanwhile a poster is proclaiming that Google do the same thing without providing any evidence and we're supposed to just believe it.
I understand that some people care a lot about facts, but I have to say it's probably a vanishingly small minority.
Google's Cloud Vision is a real thing, although the earliest I can find reference to it is 2016, so 9* years, not 10 :p
https://cloud.google.com/vision/docs/detecting-landmarks
https://www.tomsguide.com/how-to/how-to-identify-landmarks-on-android
I think nowadays we are beyond speculating or requiring evidence if Google have slurped or not. Of course they have, and then some more too!
*I came across this stackoverflow from 10 years ago, discussing using Google Vision to track peoples faces. https://stackoverflow.com/questions/38435653/detecting-face-landmarks-points-in-android , so it doesn't take a great leap of imagination that at some point, the pair were combined to track who you are, and where you were from the pic alone.
and Android users apparently don't care
Or maybe they don't have a meaningful choice? Considering that the mobile market is essentially a duopoly, and whatever Google and Apple do most users have to accept?
Yeah, you can do landmark recognition with perty much any run-of-the-mill corpulent model of visual appreciation these days (or even a well-upholstered multimodal model of " language ") ... heck, they can even be used to uncover hidden martian invasion-planning [1]geoglyphs (near Nazca) right here on earth! The issue here in TFA is that Apple's tool of encrypted near total ReCall enabled itself by default after a stealthy silent download ... RotM-style! (iiuc)
Apple's tech is impressively asthetically pleasing to be sure, in a swift homomorphically post-quantum encryption kind of way (HE PNNS PIR just purrrs the mind like a fluffy pussy, much unlike that hot-doggin' ReCall), but it remains a faux-pas, even for the elegant crypto-voyeur, to ogle, leer, touch, or upload, without asking for permission first!
[1] https://www.theguardian.com/world/2024/sep/26/nazca-lines-peru-new-geoglyphs
Yet again:
I probably don't care what you're doing with the data if It's handled correctly.
I do care that you think you have permission to do anything without me knowing.
Informed consent is important. If someone WANTS you to do this... great, sounds like you're handling it safely.
But nobody was ever asked and photos were just uploaded to the cloud without informed consent and knowing what was actually going to happen and how they were going to be dealt with.