So we know the UK, France, Sweden and Australia all have “pondered out loud” about getting platforms like Signal to allow backdoors into encrypted calls and messages.
This creates a sense of safety about these platforms being secure, because governments want to come after them.
Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance don’t want to share with the obvious authoritarian, but the authoritarian one used to share the fruits of their established backdoors with them, and now they don’t.
Note that the US isn’t asking signal for a backdoor. Why? Back in 2015-2016 (last years of Obama), Apple had a loud and visible feud with the FBI. Since the authoritarian came to power, this all disappeared from the media. Interestingly, 10 years have gone by since that moment, every single aspect of our lives has become more surveilled, and somehow the US govt has stopped trying to get into phones? *While the CEO is making hand deliveries of 24 karat gold bars to the Oval Office?
TLDR; I think a safe assumption that they are in our devices by now. Fundamentally people misunderstand encryption. Encryption is only as strong as the weakest link. If your signal chats are unencrypted for consumption on your device, then that’s when the unencrypted content can be captured.
For the longest time, Apple stored your iCloud backups encrypted. Looked good in marketing materials, until they casually admitted the decryption key is stored in the same cloud.
Combine this with ICE capturing citizens without due process. If you have a vanilla smart device, you’re doing the surveillance for them. /tinfoilhat
OS has AI, Siri, service that reads everything. Don’t need to break encryption
Android is open source. Install a third-party OS. There’s no way they can read your unencrypted backups without raising giant red flags.
Nothing from Apple is open source so yeah, that’s a strong possibility.
It is a tinfoil hat moment, but I often think the same thing (I use Signal extensively)
Again this is all conjecture but If they have been breached, I would imagine it was when Moxie suddenly left the company.
Another point of failure is how signal is centralised, have you ever tried Session? they moved countries when they were approached .
Ultimately, there has to be some trust involved though, which is where the healthy paranoia stems from.
I haven’t but I use matrix as the most idealistic level of communication protocol.
Ultimately though, my point is that the in-app security is only as good as the OS it runs on.
Session is basically what people think Signal is.
Here’s a tinfoil hat take: Five Eyes is significantly reducing inter cooperation. The non-fascist parts of the alliance (…)
Who are those non-fascist parts exactly…? New Zealand?
Touché
non-fascistless-fascist
Not that it’d surprise me, but where did Apple admit that they store the keys in the same cloud?
Also, not that I believe them, but what they communicate when you encrypt is that they don’t have that key and if you lose it it’s gone.
Not broadcast, but inferred.
https://support.apple.com/en-au/102651
Standard data protection
Standard data protection is the default setting for your account. Your iCloud data is encrypted in transit and stored in an encrypted format at rest. The encryption keys from your trusted devices are secured in Apple data centres so Apple can decrypt your data on your behalf whenever you need it, such as when you sign in on a new device, restore from a backup or recover your data after you’ve forgotten your password. As long as you can successfully sign in to your Apple Account, you can access your backups, photos, documents, notes and more.
Got it but they also say
If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it — you’ll need to use your device passcode or password, a recovery contact, or a personal recovery key. Because the majority of your iCloud data will be protected by end-to-end encryption, you’ll be guided to set up at least one recovery contact or recovery key before you turn on Advanced Data Protection. You must also update all of your Apple devices to a software version that supports this feature. You can turn off Advanced Data Protection at any time. Your device will securely upload the required encryption keys to Apple servers and your account will once again use standard data protection.
Since they are closed source there is no way for me to verify that’s true, but that’s also not exactly in line with what you’re saying.
Your quote is about Advanced Data Protection, mine about standard. It’s a hidden 30 min setup that most people don’t bother with.
Yeah I know that but for me that’s where it gets interesting. It doesn’t really matter to me what others do And in a privacy community you can expect that at least we bother with those things. And whether or not my advanced data protection really is proper E2EE that’s where it gets interesting imo.
Not trying to antagonize you because I consider us in the same team, just saying that with this is kinda the same as with crypto wallets: not your key, not your wallet (or in this case, not encrypted). If I just rely on Apples default settings then yeah I consider that compromised.
Sounds like windows recall
deleted by creator
deleted by creator
