It's time for the US to end the sanctions on North Korea. The abuse workers face is a straight line result from the fact that virtually all aspects of their economy are under total embargo. North Korea is a nuclear state, and they will never go back to not being one. North Koreans have been working in China for decades and that won't change either because China is not going to let them become a failed state.
"In February–March 2021, South Korea continued to omit North Korea's "enemy" status from the South Korean military's White Paper after downgrading the status of Japan"
During his election campaign in 2021, Yoon Suk Yeol said that he would ask that the United States to redeploy tactical nuclear weapons in South Korea if there is a threat from North Korea.[162] U.S. Deputy Assistant Secretary of State for Japan and Korea Mark Lambert rejected Yoon's call, saying said the proposal was against U.S. policy.[163]
In November 2022, a US-South Korean air force exercise named Vigilant Storm was countered by North Korea by missile tests and an air force exercise.[164]
In November 2023, both the Koreas suspended the Comprehensive Agreement Pact - a pact aimed at lowering tensions between the two countries - which was signed at the September 2018 inter-Korean summit, after North Korea launched a satellite into space.[165]
On January 15, 2024, Kim Jong Un announced that peaceful reunification was no longer possible and proposed identifying South Korea as a hostile state in the North Korean constitution. It was also announced that North Korea would dissolve the Committee for the Peaceful Reunification of the Fatherland, the National Economic Cooperation Bureau and the Mount Kumgang International Tourism Administration.[166]
Definitely, yes.
I'd say that the US has a better relationship with China than North Korea has with South Korea. The US and China get along, while disagreeing and even being in a trade war. North and South Korea are in a stalemate - peace was never declared and they have guns pointed at each other at all times.
> It's time for the US to end the sanctions on North Korea. The abuse workers face is a straight line result from the fact that virtually all aspects of their economy are under total embargo.
Come on. Their workers are abused because North Korea is a totalitarian dictatorship, not because of sanctions.
If sanctions have any contribution, it's pushing the abuse outside of North Korea, which makes it more visible and possible to investigate.
The argument in favor of this is that the current tensions are largely economic, and when the North Korean citizens can benefit from something closer full participation in world trade, they will be better off. Iran is in a similar situation and we had started down this path, only to be completely undone and set back 20 years by trump.
> Iran is in a similar situation and we had started down this path
Liberals believe this very much, and I sincerely wish it were true. But it's really not. Iran was simply taking advantage of what they could get, there was zero chance of them changing.
Iran is currently in the center, or at least involved, in so many conflicts I can barely list them all. (Yemen, Israel, Russia, Syria, Iraq, just to start with.)
You really believe they are doing this just because of Trump?
The sanctions are abusive, but what is the alternative? To allow a kingdom that is so pro-depravity to subsist unmolested?
And, is it a matter of sanctions, or national policy that causes the most pain?
We don’t have a lot of data, but we have some: that I know of, there are three countries in the world with extensive sanctions. One of them, Russia, hasn’t been communist in three decades. I heard that there is political repression there, but despite the sanctions, not starvation or even economic hardship.
The other two countries, Cuba and North Korea, are still communist. North Korea is not doing well. And Cuba is hanging from a thread; citizens survive thanks to direct support from their expats to the families at home, but the country’s infrastructure is ruined. In terms of modern commodities, 19th century Europe had way less access to trade than sanctioned Cuba, and yet made better roads and enjoyed better postal services and a much vibrant financial sector.
The level and type of sanctions directed at Russia have been nowhere near what those others face. Until the recent war broke out the west was happily doing almost ever kind of business with Russia and even now many of these connections remain. There was even a big push to open economic relations throughout the 90s.
? Containment on imperial systems was removed. Russia invaded Chechnya, Georgia, Ukraine. China colonized Hong Kong, uighurs, north Korea. Iran colonized Iraq, Yemen, Syria. Your liberal experiments have successfully brought back the world of 1910. And yet you endorse them..
Well have you looked at the example? Browsers should be able to a access anY IP on the LAN. If that url is not password protected and let you just change settings via URL its really not the browsers fault for supposedly "giving access". Well thinking about it, it should probably not be possible in an iframe but they would just trick you clicking a link instead. People to not secure their routers and have default passes that is the big issue here. So of course them mitigating that makes sense.
Simple never giving access would mean people can not open their router interfaces, self hosted stuff on SBCs ... so you make no sense.
> That malware, which worked as a botnet for the Russian hacking group Fancy Bear, was removed in January 2024 under a secret court order as part of "Operation Dying Ember," according to the FBI's director. It affected routers running Ubiquiti's EdgeOS, but only those that had not changed their default administrative password
It's easy to be smart about it after the fact. Back then it was hard to tell WWW is gonna be the the standard protocol for most people to interact with the internet.
And it doesn't even block, it preflights the requests, and if the device exists and responds, it will only block if the device sets a special header? Which of course no existing devices will, so it's going to do very little good - nothing for existing IoT gear, and likely not much more for new devices, unless all those manufacturers rapidly embrace setting the new header. To me it seems like it'd be a far more obvious approach to just throw up a dialog that says "the current page wants to connect to things on your home network, does that seem reasonable to you, or should I continue to block that?"
> it will only block if the device sets a special header?
No. It will block by default. If the header is present, it will allow the request.
> just throw up a dialog that says "the current page wants to connect to things on your home network
In many (probably most) cases it is just a work site trying to connect to an internal service on your work VPN, and the warnings would get annoying very quickly.
Ah, that makes a little more sense, though it will break any legitimate uses we might have now - not sure if the Home Assistant web UI talks to local devices by IP (or maybe only via their .local?) That's probably still a good tradeoff, and I am sure if they left it all up to the user plenty of people would click 'ok' without understanding, but it'd be nice to have that as an option.
I would guess this policy is the result of ADL, other pro-Israel lobbying groups, and Israel itself, pressuring social media groups as part of their hasbara operation. And perhaps Elon Musk is a Zionist himself (he's certainly friends with many VCs who are).
Miguel de Icaza is a random person to censor. I'm sure it's just a crude, automated policy that goes off the content of the tweet and his account having a large follower count.
People change, right? Not so long ago he was pro Ukraine in the conflict with Russia and looked upon favorably by Ukrainians. Now he is clearly pro Russia and no longer looked upon favorably by Ukrainians.
The Epic v. Apple trial showed that no one got special deals. And Epic v. Google did show Google gave many companies special deals, like Spotify. Ironically that played a big part with the jury deciding against Google.
What are the differences between using AVPlayer and MPV?
AVPlayer is a system player component delivered by Apple. It provides best efficiency, performance and system integrations, but number of playable videos formats is limited. This means for Invidious/Piped videos the maximum resolution you can play with it is 1080p. There's no way to play higher resolution files as they are not provided in the right formats. Obviously, modern Apple devices are more than capable to hardware decode and play these formats. And in fact, Apple seems to be giving special entitlement to Google that allows them to enable VP9/AV1 formats decoding. Just remember that next time you hear how Apple treats all developers equally.
It’s from 2020 so it might’ve changed but it proves Apple gives certain apps special privileges. Who knows which other apps are given privileges and to what extent?
Tim Sweeney is mad about having to pay Apple's App Store commission. Developers for many years believed that by having their own "payment processing" they could pay nothing to Apple. However the district court ruled that Apple is entitled to collect a commission because it wasn't just for "payment processing," it was for its intellectual property. They are just doing it in a convoluted and less efficient way as a result of the one claim Epic won in Epic v. Apple.
I'm curious to know from experts if there's anything Apple can do to create a step-change in terms of security of iPhones? Like if the going rate for a zero day is $1 million, is there anything Apple can do that can drive that up to $2 or $3 million? Or is it just going to be a perpetual cat and mouse game with no real "progress"?
I am by no means a security expert whatsoever. Period. But reading the article carefully, there is a step in the chain of exploits (CVE-2023-32435) which depends on exploiting Safari. Apple implemented a "Lockdown mode" (https://support.apple.com/en-us/105120) which might have handled this (?).
Answering more broadly to your question, the "step-change" that you're asking for is precisely the "Lockdown mode" in iOS devices. It disables most of the features in order to reduce the attack surface of the device.
If you read a better article with technical details [1], you'll see that Apple SOCs contain a "feature" (that resembles a debugging tool) that allows to bypass memory protection by writing into undocumented and unused GPU registers. Apple locks down kernel memory to stop exploits, but these registers allow to bypass the lock.
This vulnerability is they key vulnerability without which all the exploit chain would be useless.
The original article doesn't have as many technical details as the article I linked to. That is why I added a link to another article which is better in my opinion and it is difficult to understand the vulnerability from original article. Original article also doesn't say anything about how Apple tried to fix it.
The Safari vulnerability wasn't necessary (the device was completely owned before that), and was really just a "nice to have" - it allowed verification of the targeted user and, presumably, customizable malware delivery. From the article, if you look at the bullet points under the Kaspersky diagram of the exploit chain:
> After exploiting all the vulnerabilities, the JavaScript exploit can do whatever it wants to the device and run spyware, but attackers chose to: a) launch the imagent process and inject a payload that cleans the exploitation artifacts from the device; b) run the Safari process in invisible mode and forward it to the web page with the next stage.
Yeah, lockdown mode might have handled it. If I'm reading the article right, the first step of the exploit was a PDF file sent with iMessage.
When I tried out lockdown mode out of curiousity, I found that it was aggressive about blocking PDF viewing. I quickly bailed on it because I often read research papers on the web, and it switched them from view to download.
It could author its format parsers in https://github.com/google/wuffs, and make them BSD-like open source to maximize adoption.
An even bigger change: It could allow users to choose their iMessage client freely. Why not open up the protocol? I’m sure a security focused client would be popular and in the grand scheme of things easy to author.
Perhaps they could open up more of the OS and apps. Perhaps their claims about the security of users and the App Store is kind of BS.
Either a third party app would still use the same vulnerable frameworks as iMessage, or they would re-implement them potentially with more vulnerabilities, or just not implement the features, which is what Lockdown Mode gives you.
But others probably would. Maybe the user-experience on the security focused clients will be degraded (missing features or disabled features for the sake of privacy and security, lower performance due to some other security features), but you'd still have this kind of niche clients.
Browsers are not the only thing concerned here, there are many sectors impacted by this philosophy. Qubes-OS for Linux Distributions, replacing containers (and especially Docker) with daemon-less or even MicroVM (Firecracker, Podman, ...). I'm sure there are also heavily sandboxed clients for Matrix, SMS or Emails.
Sure. Rewrite sensitive parts of their stack in memory safe languages. They have Swift after all. A lot of the iOS security improvements over time have really been more like mitigations that try to contain the damage when the giant of pile of decades old C gets exploited.
That is exactly their plan. Swift could always link into C applications, and they have recently come out with C++ interoperability [1] so things like WebKit etc. can start having parts re-written or new parts written from the start in Swift so they can gradually replace C and C++ codebases instead of trying to rewrite everything (which sucks because even for things much, much less complex than WebKit, you can have a team working for three years working on a replacement and it’ll have less features than the original had when you started).
They’re even working on an embedded subset for embedded devices so things like microcontrollers like battery management, the Secure Enclave etc. can run it.
I think memory safety + integer overflow checking by default would have blocked many of these. Not the hardware mitigation disable but getting to the point where that matters required some safety problems that can be excluded by better languages.
It's already 2-3 million +. Apple has amazing security, especially for the Iphone and continously monitors it and dishes out silent patches. For a REALLY high level example, it restricts system calls per process and requires all calls to be signed with an apple key, AND it restricts who you can do the system call to, these are continuously monitored and updated. Not only this, but persistence on Iphone is effectively dead, meaning you have to reinfect the device after every reboot. One of the big things you notice in the article is the use of ROP, apple requires every executable page to be signed by them, hence why you have to have these assfisting of rop chains.
2-3 million dollars is not “amazing”. That is less than the cost to open a McDonalds. You can get a small business loan in the US for more than that. There are literally tens of millions of people in the world who can afford that. That is 1/5 the cost of a tank.
2-3 million dollars is pocket lint to people conducting serious business, let alone governments. It is at best okay if you are conducting minor personal business. This ignores the fact that attacks at the 2-3 million dollar range are trivially wormable. If you had actual cause to hack every phone you are only incurring marginal cents per attack. Even relatively minor attacks like targeting 10,000 people are less than one phone of cost per attack.
I don't know. $2-3m for reading code in Ghidra and throwing stuff at a wall until something sticks? Maybe some fuzzing, etc.
I get that you theoretically could find an exploit that for example, you send to 100 known wealthy people, and with it you steal saved cookies + device IDs from financial apps and then try to transfer their funds/assets to an account you control but...
Could you really pull that off 100 times before Apple catches on?
I guess you could... easily... now that I think about it.
this has the (un)fortunate consequence of being illegal. Writing exploits and selling them to a friendly government, on the other hand, is totally legal. Plus, then you can sell support contracts for that sweet recurring revenue!
Need to restart your non responsive iPhone, hope you have some dexterity...
----
Force restart iPhone
If iPhone isn’t responding, and you can’t turn it off then on, try forcing it to restart.
Press and quickly release the volume up button.
Press and quickly release the volume down button.
Press and hold the side button.
When the Apple logo appears, release the side button.
We'd need to scrape decades of work in hardware and software for that.
Modern software sits on a foundation that was thought for a different era. They didn't have in mind the current challenges in terms of security and scale.
I don't understand what you mean. They've always been making progress, driving the price up. They can just keep doing what they're doing, and there will be progress from today.
Perhaps Apple should provide research devices directly to the US's and China's intelligence agencies and pit them against each other to help close more vulnerabilities. The agencies can decide on their own where to strike the balance between offense and defense, but I suspect it would lead to more closed vulnerabilities over time.
I think that would be the case if they were given to the US and other Western intelligence agencies. My scenario requires competition between geopolitical opponents to create an incentive to worry about defense as well.
I mean, this is already an extremely complex chaining of exploits that requires extremely sophisticated research. I can assure you that this is not being used on the average person.
There was no partnership as far as I know. Masimo met with Apple's M&A team, they didn't do a deal, then Apple hired Masimo employees to do it themselves.
This complaint of Apple meeting with some company and then stealing their technology is the narrative put forward by every company or VC that meets with Apple and doesn't result in an acquisition. As if it's impossible to know who to hire from LinkedIn, patents, knowledge of the field, etc.
> As if it's impossible to know who to hire from LinkedIn, patents, knowledge of the field, etc.
That's misunderstanding the argument: it's not "They poached our employees and that isn't fair!", it's "Clearly our technology was legitimate and innovative, they had to poach our employees to duplicate it!"
It's an argument toward the standing of the patent(s?), not a complaint of unfair trade practices.
> That's misunderstanding the argument: it's not "They poached our employees and that isn't fair!", it's "Clearly our technology was legitimate and innovative, they had to poach our employees to duplicate it!"
This seems a pretty thin argument. Hiring some people who already successfully did it has a higher chance of success than hiring randos, even if they have to do a clean-room re-implementation. So of course you're going to hire them if you can.
> This seems a pretty thin argument. Hiring some people who already successfully did it has a higher chance of success than hiring randos
You're basically agreeing to the GP's "thin" argument by saying you need people who already successfully did it to have a higher chance of succeeding.
> even if they have to do a clean-room re-implementation
You can't do a clean-room re-implementation if you're hiring people who already worked of the original implementation. Plus clean-room design only circumvents copyright claims. They don't defend against patents.
> This seems a pretty thin argument. Hiring some people who already successfully did it has a higher chance of success than hiring randos, even if they have to do a clean-room re-implementation.
That's... literally the argument. If the patent was obvious to a practitioner in the field, you wouldn't need to hire experts. And not just any experts, experts from the company that holds the patent in question!
Honestly this part of the argument seems pretty sound to me. Whether patents should have this kind of power on the whole is I think an excellent question. But given the system we have, as I see it Apple is screwed here. They're going to end up cutting a very big check to get out of this.
Isn't the question what the "field" is? Does it have to be obvious to a random college grad in Electrical Engineering? Biomed Engineering? Someone who's worked in Medical devices before? Someone who's worked on any other Pulse/Ox before?
I can very easily see a case where it's obvious to anyone who's worked on this sort of device before, but only 1-2 companies make that sort of device, so if you want to hire someone to make that sort of device without starting from literally 0 experience, it would have to be from one of the few companies that have patents in that field.
Once you're talking about specific methods of accomplishing a specific task in a field, there aren't that many experts or practitioners.
> I can very easily see a case where it's obvious to anyone who's worked on this sort of device before, but only 1-2 companies make that sort of device
You don't win legal cases by resorting to semantic trickery. Clearly the spirit of the law is that "obviousness" should be interpreted generally. If you have some layer of minutiae only understood at an implementation level by a few dozen human beings, it's clearly going to look "novel" to everyone else.
Otherwise everyone in a patent case would throw some obscure genius on the stand to testify "Well, you see, this is totally obvious to me!" and win.
It's not trickery, it's a question of what the law is. If you grab a random person off the street, even simple machines like gears and pulleys may not be obvious. On the other end, you risk running into the "it's an auction but on a computer" patents just because you happen to be the first person to bother paying to patent that you could do that with a computer.
There's a difference between novel and niche in my mind. If you're working for a company that's acquired a monopoly on having enough money to do any work at all on some product, simply because there's not enough demand for it to have active competition, that doesn't seem like it should mean that everything is "novel" just because you're the only group thinking about it. Yes, in this case Apple is the much bigger company deciding to get into the business, but these patents surely would likewise hinder other companies from competing, or even doing their own research into product innovations in this area, for fear of being too close to the existing patents.
Either way, my point was about hiring people, not the patents. Going "they poached all these people so they could steal their patented knowledge" may be true, but if that company is the only company doing any amount of real innovation in that field, you'd also want to hire from them just because you want to hire the best engineers who have experience with those sensors. Even if you were trying to avoid any issue with patent and totally build a unique product, you'd still want to start with people who know the problem space vs. re-training people.
> Even if you were trying to avoid any issue with patent and totally build a unique product, you'd still want to start with people who know the problem space vs. re-training people.
Sorry, that's ridiculous. If you were genuinely trying to avoid IP pollution, hiring employees from existing market leaders is the worst possible strategy.
Again, people are twisting themselves around here. Apple got caught red handed here. Argue, if you must, that the patent is invalid from first principles and that any staff could have done it. But the fact that they went and hired all these folks to do it in the real world absolutely constitutes strong evidence to the contrary.
See, I feel like that's almost the exact opposite unless you assume Apple and its internal legal department is made up of the biggest idiots on the planet. If they were intending on just infringing this valid patent and trying to get away with it, then they've literally handed the world a paper trail that makes them look as bad as possible without a literal email being published in the newspaper from Tim Cook saying "Yea, just violate the patent".
With the history they have with Masimo, surely the more reasonable explanation is that they saw the tech, thought they could make something independently that was as good or better without infringing the patent, and hired off some of the Masimo folks to help with explicit instructions to try to avoid any overlap with their old patents?
Does Apple have some history of flagrantly violating patents I don't know about? If anything, other folks have pointed out that Apple specifically has done this to other people before, so they're keenly aware of the risks here. I just don't buy what seems to be the conventional wisdom of "haha big company is dumb as bricks". Risking getting a flagship product banned from sale seems deeply unlike Apple's business strategy in general, which makes everyone's assertions that this infringement was intentional, flagrant, and obvious to a layman seem like it must have some fault in it.
> See, I feel like that's almost the exact opposite unless you assume Apple and its internal legal department is made up of the biggest idiots on the planet. If they were intending on just infringing this valid patent and trying to get away with it, then they've literally handed the world a paper trail that makes them look as bad as possible without a literal email being published in the newspaper from Tim Cook saying "Yea, just violate the patent".
They don't really need to be idiots. They just need to trust that there is a reasonable chance that Masimo won't do anything about it and if they do, there is reasonable chance that Apple wins in court and if they don't there might be appeals and if not they might have come up with better non-infringing tech and if not then they can come to license agreement with Masimo. With that train of thought I think its pretty reasonable that Apple acted the way they acted.
It's just become a meme among tech enthusiasts (on Reddit, HN, etc) and tech journalists that "blue bubbles" are a real social problem. The origin of the meme was this amusing post by Paul Ford 8 years ago [1]. They took it and ran with it for their own purposes. For some it was to explain away the iPhone's success versus Android and for some interested actors like Epic it was part of their antitrust campaigning to illustrate the "lock in" effects. It however was never a social problem in the real world (more than, say, young people feeling depressed about seeing their peers' manicured lives on Instagram) or the reason why iPhones sell well (you only had to look to China, or now India, to see the success of the iPhone in places where iMessage wasn't the dominant messenger).
Even if this was a meme at some point in the past, it’s a very real issue now.
I know multiple people who have switched to iPhone just for iMessage. And the kids these days won’t accept anything but the blue bubble. This is no longer a meme. Or if it is, it’s also real.
It's a self fulfilling prophecy. Once everyone has an iPhone to not be perceived as poor, the only people still using Android will actually not be able to afford an iPhone.
At least it sounds like that's what happens across the ocean.
The only way for this system to work would be if the database of CSAM were managed by consensus by geopolitical rivals. That is, it would have to include Russia and China. This is the only way to ensure that Western governments don't abuse their access in the future to surveil dissident groups.
Trusting that NCMEC can't be compromised is a nonstarter. I would trust a system where Chinese, Russian, American, British, etc police agreed that the database only includes CSAM.
The hyperbole around the issue of CSAM is starting to outweigh the threat itself. The crimes committed against a minority of the population isn't worth this much drama. We don't even pay this much attention to murdered children.
This isn't going to unite international rivals against it any more than an asteroid hurtling toward the planet. Only the western world gives a shit about it, which means it's easily weaponized by anybody outside of it.
Rather than backdooring every device on the planet, a more practical solution would be to just take away kids' phones and chain them to the radiator. To protect the children from CSAM, lock them up.
We don't like to admit it but face the facts: children are property as far as the State is concerned. Same as any other asset, livestock and firearms, they can be "taken" away from you and "given" to others for dividends (which, when you think about it, describes the act of trafficking itself).
You don't protect your home by unlocking everyone else's. That sort of "solution" makes you an actual menace to society.
Absolutely. Just the first part, seriously. No need for chains and
radiators. Let's ban kids under 16 from access to phones and the open
Internet. It would MASSIVELY improve just about everything about
childhood and mental health of the young.
There are plenty of technologies emerging with the density of memory
and GPT type compression (that's what neural networks really
do... compression) to facilitate "curated education in a box", and
small network (family and friends) communication.
Sure. I was exaggerating to make my point-- in no context has "safety through disarmament" ever been a thing.
The Louvre doesn't respond to people stealing paintings by disabling all the security cameras. Prisons don't protect the public by being free-range. Nuclear disarmament is too complex to go into here, but hypocrisy abounds. Barring that one incident, the Mint doesn't protect the money supply by storing it in the middle of a Walmart parking lot (predictably, it got stolen).
Every time we seek to secure anything, we make the coveted object more inaccessible to pursuers. That's how Protection works.
Anyone telling you lowering your guard and becoming vulnerable will somehow increase anyone's safety is one distraction away from slipping a roofie into your drink. It's the sort of gaslighting one expects from a pervert or voyeur.
In some hands, empowering, in other hands, a weapon. It's less about smartphones specifically and more an abstraction for the internet itself. Take the internet away and it removes the metaphysical vector for exploitative outreach to children.
It would make it very difficult to produce new CSAM if you eliminate the channels over which children are discreetly coerced into running away or producing it themselves.
I lived through the 70s. Worked at the BBC for a while. Nonces (kiddy
fiddlers) are a social psychiatric problem. Policing networks or
endpoints is treating the symptoms.
Nonetheless I agree the utility that children get from access to the
mainstream "Five Giant Enshitified Websites" doesn't really surmount
the damage done. The main harm, in my opinion, is simply to general
mental health and wellbeing. So that just adds to the case for an age
restriction for smartphones. If that reduces potential contact with
nonces then all-good, but the reality is that child abuse happens by
people IRL, usually trusted family or neighbours.
Maybe the tide is turning and we're "getting there", and that's why I
defended and supported many parts of the UK Online Safety Bill - even
though other parts of it are trash. However this focus on CSAM to push
unworkable restrictions is the usual dishonest politics and posturing.
We have more general problems with minors and the Internet, and most
of them are "live rail" issues the media and politicians won't touch.
This is the only compromise I would accept, otherwise I'm in favor of E2E with no backdoors. People who care about preventing CSAM and prosecuting pedophiles should consider this an improvement over the status quo.
The UN security council is VERY effective at what it's actual purpose is, which is preventing all out nuclear war between the major super powers. That is why the confirmed nuclear powers are the only ones with veto powers (minus Pakistan/India/NK, interestingly).
Everything else is quite explicitly window dressing.
Mutually assured destruction does that. The security council has nothing to do with it. Also, at the time of its founding, the US was the only country with nukes, so that's not the logic behind who the permanent members are.
The UN security council is hardly a non-entity. They aren't great at addressing certain kinds of geopolitically contentious problems, but UN peacekeepers have 12 active deployments. (https://peacekeeping.un.org/en/where-we-operate)
If national legislation by Western governments provided that only signatures from this org could be included, then I'd support it. But I don't know anything about this INTERPOL list, does it actually require consensus by all of these countries? Or can one country influence what's included in practice? There has to be an effective veto by all the countries involved for anything to be included.
“To be included in the Baseline list, child abuse images and videos must be recognized as such by our specialist network of investigators, and meet specific criteria in terms of the severity of the image content, for example those believed to feature children aged 13 and under.
The strict criteria ensure that the Baseline list refers only to images and videos which would be considered as illegal in any country.”
INTERPOL has a very large membership, including Russia and China. The baseline list is reviewed so only media that is illegal in every country INTERPOL operates in is included.
I’m not sure how a veto system as you’re suggesting would work practically, but this might be the closest thing.
The veto system would have to require that the equivalent of Russia and China's NCMEC agrees that the image/video's signature that's going to be included in the database is actually CSAM at a low level operational level. Without that consensus, it should be technically impossible for anyone to include a signature.
I think in a perfect world that would be great. Unfortunately, it’s difficult to see how a system like that could ever be implemented within our lifetimes.
I personally think Baseline is a good pragmatic approach. It includes only known media, where they retain the originals for sense checking, and only includes things judged to be CSAM by trained experts. It’s probably the lightest touch possible solution that is still somewhat effective.
I don't see why it's impossible. It requires coordination and millions of dollars in funding by all the respective governments, but if the world thinks CSAM is a serious problem, then it's a drop in the bucket.
CSAM doesn't need to be added to the database in real-time. It can be done quarterly, giving each national agency time to deliberate on the content.
If there's going to be removable batteries for any product it will be for new product categories like the Vision Pro. Apple is definitely not going to take established products like the iPhone and change it up just to be different (which isn't a sustainable competitive advantage because anyone can do it). Even with the Vision Pro it's a compromise that Apple is likely tolerating, rather than what the 'final form' of the product will be in 10 or 15 years.
