I’m particularly tired of this point. Tech companies did a lot of unsound things in the pre-mass adoption days — for example, letting admins read stored content without any access controls. We don’t claim these things are standard or desirable just because they once happened. Moreover, these things rarely entered public awareness.
In the very early days of cloud computing (AKA the 2010s) when “upload to cloud” typically involved clicking a button and sending a photo to a server, a subset of cloud companies began scanning photos for CSAM content. Many of these companies exclusively scanned shared content rather than unshared repositories, because the purported goal was to stop distribution (allegedly Dropbox did this, recognizing that “upload” was an automated feature of their system and “share” represented a user choice.) A few companies were blurry on the distinction and just scanned everything, perhaps because it was technically easier.
What’s important is that this was never widely advertised to users, nor was there ever any sort of public debate about whether it should be SOP, particularly for “uploads” produced by default-on cloud backup software like iCloud. When people say “Apple started this” what they mean is that the first real instance of widespread public debate around this feature I know of was in 2019 when Apple very publicly announced their plans, and the feedback from customers was apparently so negative that they abandoned the idea. Moreover, Apple “started this” in a second sense of the term: they developed the first system capable of scanning end-to-end encrypted photos by conducting the scanning on-device, thus providing a technology demonstrator for the ideas in the new EU regulation.
In the very early days of cloud computing (AKA the 2010s) when “upload to cloud” typically involved clicking a button and sending a photo to a server, a subset of cloud companies began scanning photos for CSAM content. Many of these companies exclusively scanned shared content rather than unshared repositories, because the purported goal was to stop distribution (allegedly Dropbox did this, recognizing that “upload” was an automated feature of their system and “share” represented a user choice.) A few companies were blurry on the distinction and just scanned everything, perhaps because it was technically easier.
What’s important is that this was never widely advertised to users, nor was there ever any sort of public debate about whether it should be SOP, particularly for “uploads” produced by default-on cloud backup software like iCloud. When people say “Apple started this” what they mean is that the first real instance of widespread public debate around this feature I know of was in 2019 when Apple very publicly announced their plans, and the feedback from customers was apparently so negative that they abandoned the idea. Moreover, Apple “started this” in a second sense of the term: they developed the first system capable of scanning end-to-end encrypted photos by conducting the scanning on-device, thus providing a technology demonstrator for the ideas in the new EU regulation.