ever.ag sits at the intersection of agriculture, finance, and technology. Our software combines farm data, governmental data, and financial data to give the agricultural industry the forecasting power that they need to make more informed decisions.
Headquartered in Chicago, with multiple branch offices in an additional 9 states, ever.ag specializes in brokerage and insurance services specifically tailored to the dairy, livestock, and grain value chains. For more information, please visit us at www.ever.ag.
We're currently hiring a Frontend Software Engineer to work on our Ember.js applications.
Yes, it does. The messages are 'end to end' encrypted in the iMessage service, but then iMessage backs up its encryption key in the iCloud backup service, defeating the point.
"If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices."
That is true of any end-to-end solution. If you back up your private keys, anyone who has access to your backup would be able to access the encrypted messages. Remember, you can turn off iCloud backup if you're worried about Apple accessing your keys.
Ultimately, it's false to equate iMessage's encryption scheme, which is end-to-end, to an encryption scheme that requires a server to relay decrypted data.
Utterly false. Real end-to-end encryption would encrypt the backup with a key that is not available to the backup service (e.g. derived from a passphrase not sent to the server).
Of course this system has better usability, which is why Apple does it. But it's still a farce to call a system where Apple has the ability to decrypt the majority of messages "end-to-end" encrypted. The fact that it's through the backup servers instead of the iMessage servers makes no difference.
What's more, it's possible to do better without sacrificing usability. For several years Android has been end-to-end encrypting backups using the user's lock screen passcode, with protection against brute force attacks provided by hardware secure elements. https://security.googleblog.com/2018/10/google-and-android-h...
> The fact that it's through the backup servers instead of the iMessage servers makes no difference.
It makes a big difference. If I print out the texts I receive, it doesn't change whether the texting program is end-to-end encrypted. The same goes for backups. An unencrypted system-level backup doesn't mean that the program being backed up is failing at security.
It's bad that Apple doesn't let you encrypt your backups properly, but it's a separate issue.
What if the texting program has a built in feature to print the texts you receive and mail a copy to the company that wrote the program, and it nags you to enable this feature all the time, and most of your friends have it enabled? Because that's a lot closer to the scenario here.
> An unencrypted system-level backup doesn't mean that the program being backed up is failing at security.
iOS programs can choose how their data is backed up. iMessage isn't just getting its data stolen by iCloud accidentally. These backups are a feature of iMessage as much as iCloud. And besides, iCloud is made by the same company, it's not a separate entity.
> Would you say that no desktop app that saves its key can ever qualify as end-to-end encrypted?
I would say that no app can qualify as end-to-end encrypted if a large fraction of users send their data to the maker of the app in a form that can be decrypted by the maker of the app, regardless of the reason.
Turning off iCloud backup is not a genuine choice, because it means you lose everything if you lose or break your phone (there is no other way to back up your phone except iCloud backup, Apple does not allow third-party phone backup services).
There’s a good HN thread from earlier this year about that, but basically, you can disable iCloud Backup and enable Messages in the Cloud, so that all of the messages are still backed up and synced between your devices but the keys are not, so that Apple can not read them. Then you can back up to your Mac/PC instead.
But most end-to-end encrypted apps aren't configured by most of their users to send their messages and encryption keys directly to the author of the app. iMessage is.
Feel free to trust who you want but I don't think Apple should be able to get away with calling iMessage end-to-end encrypted when they have most iMessages stored on their servers and the keys to decrypt them.
> At some point you have to trust somebody, right?
It's possible to use an actual end to end encrypted app that doesn't have the keys to read your messages stored on their servers.
I think this article is a bit over my head, but if Apple never has possession of users' private keys, how are they able to recover iMessage conversations when a phone is lost/stolen (which I know they can do)?
Why does anyone buy 10-year bond? It's because they value stability in returns over absolute returns. While it is true that over the long run the stock market will outperform current bonds, it isn't always true that it will in the short-term.
If your a pension fund, a retiree, or anyone else who will need to spend money in the short-term, it often makes sense to forgo some long-term returns for short-term stability.
You're correct that past returns are no guarantee of future performance; however, there is 100 years of history (not to mention economic theory) that supports the assumption that equities will outperform current interest rates over the long run.
I guess I didn't think of 10 years as the short term. Let's say the 30 year bond then. The 30 year bond rate is something like 2.5%... Who would buy that if it was vanishingly unlikely that equities would return less than that after 30 years?
I guess what I'm trying to get at is, is there a way I can estimate the probability that equities will return less than 2.5% over the next 30 years, given the information that the 30-year bond rate is 2.5% and the expected return on stocks is, say, 10%, and the market is efficient and some people buy bonds anyway?
One thing to keep in mind is that people who are buying 30 year bonds often aren't planning on holding them to maturity; rather, they are looking for an asset that is relatively stable in value while also generating a small return.
Can you estimate the probability of your scenario? Sure, you could use the historical volatility of equity returns to calculate the chance of that happening. However, unless you add in other factors that you think could realistically hurt future equity returns, I think you'll find that probability to be very small.
If you're interested in finance, we're (OptionsCity) hiring a Core Java developer in Chicago. This job wouldn't be web related; rather, it would involve working on our Metro suite of trading and risk software.
