hoakley October 7, 2022 Macs, Technology

Is Apple scanning the images on my Mac?

A few days ago, there was a wave of panic following a report that macOS had scanned a QR code in an image and accessed the link encoded within it. A few hours later, it turned out the whole thing was a false alarm, but by then it was clear that many Mac users believe that Apple scans images on your Mac. This article looks at the reality behind that fear.

Much of the current climate of suspicion over Apple and images stems from what in retrospect was a misguided attempt to consult openly about changes Apple had intended to introduce a year ago in Monterey, to scan for images containing CSAM (Child Sexual Abuse Material). Like so many contentious issues there was widespread misunderstanding and misinterpretation of what Apple was proposing, and a lot of people came away with the belief that macOS would soon (if not already) be scanning images stored on their Mac in a bid to detect those containing CSAM.

That was never the case: Apple was proposing to check images being uploaded to iCloud using iPhotos or Photos, and as a result of the outcry, it announced that it would revise its proposals and consult again at a later date. As that hasn’t happened, the best assumption is that Apple hasn’t, for the time being at least, implemented that scheme, and there’s no evidence to suggest anything different.

Image analysis in Photos

It’s a well-known feature of Photos that it performs image analysis to identify people and other features. Although Apple documents what this does in terms of user features, I’ve been unable to locate any technical account explaining how this works. It appears to depend largely on the background service photoanalysisd working through new and changed images in the user’s current Photos Library performing its recognition tasks. What’s unusual about this is that the service is suppressed when the Photos app is running, so one way to stop this analysis is to leave Photos open at all times.

Simple observation shows that photoanalysisd is only active on images in Photos libraries, concentrates mainly on people, and in Ventura duplicate images, and its results are only available through Photos. There doesn’t appear to be any evidence of this information being released beyond that Mac, let alone provided to Apple; the latter appears highly improbable given the vast number of images currently stored in Photos libraries anyway.

Visual Look Up

This feature was introduced in Monterey, and is expanding in Ventura. Class coverage in Monterey includes breeds of cats and dogs, landmarks, flowers and plants, and paintings, to which Ventura adds common birds, insects and some statues. This is only performed for images chosen by the user for Visual Look Up, and can be disabled by unticking the Siri Suggestions item in the Search Results tab of the Spotlight pane.

As it’s well documented by log entries, it’s not difficult to figure out how it works. Image analysis occurs locally and results in an object identifier, akin to the ‘neural hash’ proposed for CSAM scanning, being looked up in a remote database. Unlike other forms of image recognition such as Google Images, the image itself remains local and isn’t sent to a server for analysis or recognition.

Spotlight image search

Ventura extends Spotlight search to include information from image analysis. Apple describes this as using “information from images in Photos, Messages, Notes and the Finder to enable searching by locations, scenes, or even things in the images, like text, a dog or a car.”

For this to work with images in the Finder and elsewhere, a background service like photoanalysisd would need to crawl through the contents of images stored locally, generating object identifiers similar to those used in Visual Look Up, applying Live Text OCR to text discovered in images, and storing those in that volume’s metadata indexes. That process hasn’t been analysed yet, but is most unlikely to involve the transmission of images beyond the Mac.

If you don’t want Spotlight to index any of your documents, including images, then the Spotlight pane allows you exclude different types of search result, and to make specific folders private so they’re not indexed at all.

Conclusions

Far from being secretive about image analysis taking place in macOS, Apple has been strongly promoting features that rely on such analysis. It’s relatively easy to detect and intercept image and information upload using a software firewall, and most of these processes make copious log entries. Before fuelling suspicion, careful analysis should enable clear distinction to be made between features that can analyse local images, and those which give Apple access to any of your images. As far as I know, Apple operates only one scheme in which it gets copies of your own images, and that’s a voluntary scheme to improve image coverage in Maps, which I suspect you’re not even aware of.

28Comments

Add yours

1

John Gilbert on October 7, 2022 at 7:10 am

When I explored Spotlight in about beta 3 of Ventura, the image analysis of images (those not in Photos) worked very well finding dominant colours, scenery type, animals, etc. In other words much the same as for images within a Photos library.

There certainly wasn’t time (or network usage) for whole images to have been sent to Apple for analysis.

It is one of the few features of Ventura making me want to upgrade.

LikeLiked by 2 people
- 2
  
  hoakley on October 7, 2022 at 7:45 am
  
  Thank you. I will be looking at it in detail after release.
  Howard.
  
  LikeLike
3

artiste212 on October 7, 2022 at 5:37 pm

It’s nice seeing Apple adding features without compromising our privace. Howard, it’s nice seeing your having addressed Apple’s changes in a disinterested, factual manner — clearly a choice to give up the potential clicks that might have been generated by an inappropriately provocative headline or article. This is one of the many reasons I take the time to read what you post, even when I don’t know in advance if it’s something I’d otherwise have planned to read. The useful, illuminating content often piques my interest.

LikeLiked by 1 person
- 4
  
  hoakley on October 7, 2022 at 5:39 pm
  
  Thank you.
  Howard
  
  LikeLiked by 1 person
5

CV on October 7, 2022 at 6:42 pm

As usual, nice coverage here Howard – thank you. However, I sense that you are dismissive of a fear that is very well founded and nothing in the discussion really counters that fear. Regardless of the points you mention, Apple could very easily be scanning images for whatever content they desire.

Without delving too far into the poli-realm, let me just say that when it comes to the inspection of personal data of any sort, regardless of where that data is stored, all institutions should be held to the same standards as the government. This is especially true when those institutions act as a de-facto proxy or agent for the government which would have been the case with Apple’s well-intended but ill-conceived image scanning scenario. And Apple has done nothing to assuage the fears arising from that episode save the statement “Oh, we’re gonna hold off for a while.”

LikeLiked by 1 person
- 6
  
  hoakley on October 7, 2022 at 7:39 pm
  
  “Apple could very easily be scanning images”
  Could they? I suppose the average Mac user must have thousands, probably 10,000 images, or more. I know of many users who have more than 100,000. Let’s say they average no less than 1 MB in size, and there are only 50 million active Macs around the world. Just to upload such a huge volume of image files, and to keep pace with their daily accumulation, would be a colossal task. Then add those more numerous devices and their images too. And all that happens without our noticing the transmission of all that data?
  Few conspiracy theories ever pass reality tests. They’re almost always predicated on the impossible and the readily detectable. Have you ever used Little Snitch or Lulu to monitor your Mac’s outgoing connections? Lots do, yet amazingly no one has ever seen this torrent of images being uploaded to Apple’s servers.
  Howard.
  
  LikeLiked by 1 person
  - 7
    
    cicerovicious on October 7, 2022 at 7:51 pm
    
    “Could they?” — I’m not quite sure what you mean here. In your discussion herein, I believe you stated Apple isn’t just able, but rather they actually are already scanning:
    
    “Image analysis occurs locally and results in an object identifier, akin to the ‘neural hash’ proposed for CSAM scanning…”
    
    That aside, it was Apple (not me) who initially stated they are able to scan images so I am unaware as to what conspiracy you refer.
    
    As an aside, Apple never stated they would be uploading images for scan – what they did say was that scanning would occur locally on the device and the hashes would be checked in a CSAM DB; quite different things altogether.
    
    LikeLiked by 1 person
    - 8
      
      hoakley on October 7, 2022 at 8:05 pm
      
      Erm, no. Read the article again: these aren’t Apple scanning, but macOS. There’s a world of difference. macOS routinely scans the contents of every file in your Home folder, unless you specifically exclude it from Spotlight’s metadata indexing. It stores those metadata not on Apple’s servers, but in locked index files locally on your Mac, to which Apple has no access.
      The whole point of a ‘neural hash’, like any other hash, is that it characterises the file without enabling its reconstruction. So when your Mac performs VLU on the image of a painting, Apple can’t reconstruct the original image, but merely propose some images which appear similar to it, according to the ML techniques used. And as many people demonstrated a year ago, one of the weaknesses of Apple’s proposed technique was the high number of hash collisions, which made any attempt to use this for CSAM scanning doomed to failure.
      If you care to refer to Apple’s original description, their proposal was only to generate neural hashes for images that the user intended to upload to iCloud from Photos or iPhotos. Yes, those would have been generated on-device before uploading, but at no time did Apple ever suggest it was going to crawl even Photos libraries looking through local images. And if it did try that, every user would notice it, in the way that many report problems with photoanalysisd. It’s not the sort of thing you can do on the quiet.
      So yes, let’s get the facts straight, please.
      Howard.
      
      LikeLiked by 1 person
9

cicerovicious on October 7, 2022 at 8:22 pm

“So yes, let’s get the facts straight, please.” — Ummm, I do have the facts straight…but hey thanks for the not so subtle ad-hominem there…

Anyway, the distinction between “Apple” not scanning and it actually being “macOS” that is scanning is ridiculous so this doesn’t even deserve a further response.

As to hash collisions being an issue with regard to CSAM, apparently Apple is unaware of something you are – the TL;DR here is “Apple says the finding does not threaten the integrity of the system”: https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography

And last, at no point did I ever say “crawl even Photos libraries looking through local images” so I have no idea where you got that. Regardless, I don’t see this to be an insurmountable task. Seriously man – on device scanning – already stated they could do it. Not sure what more you need nor why you are clearly taking this way too personal…

LikeLiked by 1 person
- 10
  
  hoakley on October 7, 2022 at 8:31 pm
  
  In that case, as macOS scans every document in your Home folder except those you explicitly exclude from indexing, according to you, Apple has always been scanning everything on our Macs anyway, neural hashes or not.
  No, this is all about agency. macOS isn’t Apple, it’s an operating system running on this Mac. Apple’s apps also aren’t Apple, merely applications which I use to do what I choose with them, and to create whatever content I wish. If you fail to make that distinction, then ever since the first computer every bit of data has been owned by those who develop operating systems.
  What I need is evidence. How do you think Apple does scan images on my Mac, then? Give me the details so that I can check whether what you claim is true. Otherwise it’s no better than any other conspiracy theory, and I’m frankly sick to death of the lot of them. Evidence, please.
  Howard.
  
  LikeLike
  - 11
    
    cicerovicious on October 7, 2022 at 8:38 pm
    
    Howard – I never said “Apple is scanning your images”. What I did say is (a) Apple has shown an intent to scan at least some images on a user’s device and when certain content is found, that they will notify the authorities; (b) this is justification to be fearful of intrusion; (c) that your article appears dismissive of said fears; (d) that your article did nothing to assuage those fears.
    
    That’s all I said. If you see conspiracy theory in there, then I’m sorry but there isn’t any…
    
    LikeLiked by 1 person
    - 12
      
      hoakley on October 7, 2022 at 8:41 pm
      
      In that case, I apologise for my abject failure. I’m sorry to have wasted your time.
      Howard.
      
      LikeLike
    - 13
      
      cicerovicious on October 7, 2022 at 8:43 pm
      
      “I’m sorry to have wasted your time.” No worries – still worthwhile discussion\debate if for no other reason that to help some parties clarify, think, refresh, etc…
      
      LikeLiked by 1 person
14

Michael Newbery on October 8, 2022 at 12:24 am

You said: “It appears to depend largely on the background service photoanalysisd working through new and changed images in the user’s current Photos Library performing its recognition tasks. What’s unusual about this is that the service is suppressed when the Photos app is running, so one way to stop this analysis is to leave Photos open at all times.”

Is that exactly the case? The message I get says that Photos does this when it is in the background, and certainly I have left Photos open (but not the frontmost application) and had it flag new faces. Also, it appears (at least recently, at least as of Monterey and iOS 16, if not earlier), that faces are shared across iCloud. So, if you do have multiple machines sharing the same iCloud account, it seems likely that the face recognition is happening in parallel. Which of course then leads to interesting speculation as to what happens if one device says a face is “Adam” and another identifies it as “Eve”. Since Photos has basically just done this to me (merging a male face with a female) I’m interested in how it happened (while I struggle to undo the mess).

LikeLiked by 1 person
- 15
  
  hoakley on October 8, 2022 at 8:47 am
  
  Thank you.
  Well, even in Ventura betas Photos tells you that’s how it works, and that’s how I’ve observed it to work too.
  If you share your Photos library in iCloud, then I’d expect face recognition to embrace that sharing, wouldn’t you? And yes, it isn’t always perfect, but that’s surely why the user can correct it.
  Howard.
  
  LikeLike
  - 16
    
    Michael Newbery on October 8, 2022 at 10:09 am
    
    In Monterey and earlier, I have observed that if I import a bunch of photos, it tells me “People will finish updating when Photos is in the background”; and if I just put it into the background (window not foremost), after a while it has noted the new faces. It also works if I quit Photos.
    
    My observations of iCloud being across several machines has been less consistent, with some faces being recognised on one machine but not on another. I don’t know if this has changed recently, but I have a feeling that it is improved as of Monterey.
    
    When it went mad and merged Adam (650 photos) and Eve (1,400 photos), the manual corrections involved have, shall we say, taxed my patience.
    
    LikeLiked by 1 person
    - 17
      
      hoakley on October 8, 2022 at 3:13 pm
      
      Thank you. I think it’s important to distinguish the image processing and analysis from incorporation into the Photos Library. AFAIK the former is largely centred on photoanalysisd, which runs independently of Photos. When looking for other things in the log, I’ve seen it most active at night, when much of the ML services are at their busiest. Longstanding observations of CPU % in Activity Monitor corroborate this, and the suppression of that service when Photos is open. As Apple doesn’t document this, it’s all conjecture, and I don’t think is particularly relevant here.
      I’m sorry about Adam and Eve: that’s one of many problems of ML.
      Howard.
      
      LikeLiked by 1 person
18

David Byrum on October 8, 2022 at 12:39 am

Alas in this day and age the need for proof of some claim is no longer needed or expected. Just saying something is true is enough. And if the claim is repeated over and over it will become embedded into the group consciousness, which of course makes it even more true. Very sad.

LikeLiked by 2 people
- 19
  
  hoakley on October 8, 2022 at 8:48 am
  
  Fear, an emotion that doesn’t require the rational at all.
  Howard.
  
  LikeLiked by 1 person
20

jimgbuffalo on October 8, 2022 at 3:05 am

here’s hoping for eternal vigilance against those pesky abject failures

LikeLiked by 1 person
21

jimgbuffalo on October 8, 2022 at 3:07 am

we must maintain eternal vigilance against those pesky abject failures

LikeLiked by 1 person
22

Ryan on November 28, 2022 at 8:34 pm

Hello Howard. Thanks for your detailed articles, I like them a lot! I don’t understand every detail because I’m not familiar with all the Apple features terminology and I’m not too tech savvy either. I’m pretty new to the Apple ecosystem. One thing I’m not sure about – does it mean that every file that lands on the Mac Ventura hard drive is checked for a CSAM hash when the Spotlight indexing option for images is enabled? Because Spotlight search can be used to search for text in images. Or is Spotlight OCR indexing done completely offline in the background?

What about Quick Look (space bar)? Is that the same as VLU? Does Quick Look trigger a hash check?

Click to access Expanded_Protections_for_Children_Technology_Summary.pdf

This paper states that the NCMEC database is stored on the user’s device. So why wouldn’t macOS immediately scan for malicious hashes as soon as the file is saved to disk? Why make it easy for the bad user by only triggering the scan on a user action?

My family and I recently switched to iOS and macOS because we like how much Apple values privacy. Or at least how they portray it in their marketing 😉 As a father, I also appreciate the steps with the CSAM scan. In my spare time, I like to read about cool tech features and how they are implemented. But I wonder if a malicious actor could exploit this to get someone in trouble by sending a ZIP file with CSAM, and then that person/company gets tagged as soon they extract it.

All the best
Ryan

LikeLiked by 1 person
- 23
  
  hoakley on November 28, 2022 at 9:31 pm
  
  Thank you.
  The document you link to is now of largely historic interest. Apple has never implemented most of the proposals in there, because of the outcry that resulted.
  The only two protections that Apple has introduced are explained here. The first concerns images embedded in Messages, and applies only to those using iCloud accounts set up as families, and even then is opt-in and not a default. The second concerns searches using terms identified as relating to CSAM material, and warns the user. It doesn’t do anything more, and can’t check any images or otherwise interfere.
  Proposals to check images were only ever intended for those being uploaded to iCloud for potential sharing. Apple never suggested any other form of image checking. Because of the outcry, Apple backed off, intending to come up with proposals that would be more acceptable. It hasn’t done so yet.
  So CSAM hashes aren’t calculated on any images, nor are any hashes checked against databases. QuickLook previews documents, including images, but doesn’t try to do anything more than that. Recognition of text within images is completely different, and doesn’t require any form of lookup, but works like OCR. VLU does use image neural hashes for lookup, but those are different from those intended for CSAM detection, and they’re used quite differently anyway. VLU only sends those hashes if you perform VLU – and that would be useless for CSAM detection, as folk with that type of image are hardly likely to use VLU on them.
  If someone were to send you concealed CSAM, no one would be any the wiser. They could still of course do that by tipping off law enforcement, who might then obtain a warrant to search your Mac, but that’s the law, and nothing to do with Apple.
  I hope that puts your mind at rest. In short, nothing has happened on CSAM detection, and nothing should until Apple consults again with a set of improved proposals.
  Howard.
  
  LikeLike
  - 24
    
    Ryan on November 28, 2022 at 10:20 pm
    
    Thank you for this simple description. Now I got it! But also sad that the implementation is not further advanced. (I thought so)
    Most of the time I think Apple is pretty good at marketing and explaining things. But on this issue, I think they did a poor job because a lot of non-tech people (myself included) were afraid that all their pictures would be visually scanned by machines and people.
    
    Keep them cool tech (and painting) articles coming 🙂
    All the best
    Ryan
    
    LikeLiked by 1 person
    - 25
      
      hoakley on November 28, 2022 at 11:46 pm
      
      Thank you.
      Howard.
      
      LikeLike
26

James H on January 19, 2023 at 6:14 pm

I’m trying to ascertain what MacOS really does. Is this article incorrect? He claims to have a network traffic monitor/blocker that is sending image analysis results to to Apple even though he has no Apple ID, is not logged into Apple, and does not use iCloud. [link removed]

LikeLiked by 1 person
- 27
  
  hoakley on January 19, 2023 at 6:29 pm
  
  In that case, I suggest that you read the above article, which is factually correct, unlike the one that you linked to, which contains a multiplicity of errors, some of which I have explained above.
  Howard.
  
  LikeLike
- 28
  
  hoakley on January 19, 2023 at 6:31 pm
  
  I should also point out that, as my tests were performed in a VM, they too were without an Apple ID, not logged into Apple (whatever that might mean), and without an iCloud connection (which you can’t have anyway if you don’t have an Apple ID).
  Howard.
  
  LikeLike