Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To clear up the FUD here, this is only true if you turn on iCloud backups (many users do, but still) and don't turn on Advanced Data Protection. ADP is off by default because it means you'll lose all your backups if you forget your iCloud password.

> it’s a platform designed to aid illegal government surveillance.

Come on.



These are the defaults. You don’t need to turn on iCloud Backup, it’s already on. You don’t need to turn off Advanced Data Protection, it’s already off.

Literally all you need to do is turn on a new iPhone and try to install any app. It will prompt for your Apple ID login (impossible to install apps without it) and will automatically enable iCloud, iCloud Backup, and iMessage (and will not enable ADP).

https://www.forbes.com/sites/kateoflahertyuk/2020/01/21/appl...

They explicitly killed the e2ee support for backups some time ago at the behest of the FBI to preserve the backdoor. It’s still practically backdoored for nearly all iMessage users because it is off by default (and the UX sucks even if you turn it on). Approximately nobody is using it; the status quo is preserved. iMessage is backdoored and is not e2ee due to key escrow. If you message someone on iMessage, Apple will be able to read the message, even if you have ADP enabled (because the other endpoint does not). That’s fact, today.

Additionally, even if you turn on ADP, the hashes of unencrypted file content in iCloud are stored non-e2ee, so Apple can still see who has which unique files and when, and who else receives them and when. This allows them to monitor social graphs, too.


iMessage is excluded by default on iCloud backups, that's what the other guy is saying


Messages in iCloud (different thing, used for syncing iMessage conversations to all your devices) is off by default, to my knowledge backups of the iMessage database is on by default in the iCloud backup setting, but admittedly I haven't setup a new device without restoring an iCloud backup in many many years.


Messages is iCloud is mostly used to free up local storage, and to sync old messages to new devices. You don’t need it to sync messages most of the time.


> and will not enable ADP

Not only will it not enable ADP, it won't even ask you about it.


>> it’s a platform designed to aid illegal government surveillance.

> Come on.

Whilst I agree with the general skepticism, Apple didn’t add E2E encryption to (certain parts of) iCloud backups at the explicit request of the FBI.

https://arstechnica.com/tech-policy/2020/01/apple-reportedly...


That's still not the same as claiming that iMessage is designed specifically for the purpose of aiding government surveillance.


Not adding E2E was a conscious design decision by Apple specifically to aid surveillance.

Virtually every other big messaging service offered (optional) E2E at that point.

I’m not sure how much clearer you want it.

“Surveillance” doesn’t have to mean that Apple allowed the FBI to jack directly into the iCloud servers.


Wasn't it an attempt to take the fangs out of the FBI's push for encryption backdoors? As one of the largest messaging platforms in the US, what Apple does with E2E absolutely factors into public policymaking.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: