UK government demanding access to encrypted iCloud
-
[email protected]replied to [email protected] last edited by
Wow, thank you for this! But it looks like IMAP and POP, not server-to-server. And how would one of these severs compromise security if not one of the end points?
-
[email protected]replied to [email protected] last edited by
Yeah weirdly enough it ended up being a browser issue, Firefox wasn't able to use anything but email verification but Chrome was able to offer a captcha in place of it
-
[email protected]replied to [email protected] last edited by
Yeah but phones have had a problem where using the main chip for encryption would basically use all the battery. For a while Apple was the only one who didn’t have this issue because they included dedicated chips to handle the encryption. So they were even able to jump in to the “whole phone encryption” by default. While android phones had to leave it as a checkbox in settings that would eat your battery.
I just don’t remember if google ever got around to addressing the issue.
-
[email protected]replied to [email protected] last edited by
In 2026 good old steganographic messages, like in North Corea
-
[email protected]replied to [email protected] last edited by
I've always Android phones with encryption enabled, since about 2014, and I've never noticed any issue, nor had I heard about this before.
-
[email protected]replied to [email protected] last edited by
Op: read about pgp/gpg. Do it now. When you don’t understand something ask questions about it instead of giving up.
While that's usable for files, they cannot use it for the app backups and conta ts and such that the system creates on iCloud
-
[email protected]replied to [email protected] last edited by
SMTP is only encrypted if the second server responds correctly to the first servers starttls.
The striptls type of attack, which prevents the servers from getting a valid starttls exchange, was in use over a decade ago by some telcom against its own customers.
Even if you know the person you’re emailing has a correctly configured client you can’t control a man in the middle attack between servers which has been in widespread use for years.
-
[email protected]replied to [email protected] last edited by
Yeah people affected by this would have to turn on adp (iCloud recovery key) and be vigilant about how precisely Apple chooses to remove that feature assuming the uk government doesn’t back down.
Worst case scenario you’d need to be doing local backups and have iCloud turned off.
Metadata is a bigger worry at that point though.
-
[email protected]replied to [email protected] last edited by
This is not true. You may be thinking of the Secure Enclave, which Apple processors have had for a while and acts as a dedicated piece of silicon to protect encryption keys. But pixels have this too, idk about phones with Qualcomm or exynos SOCs but they likely have something similar. Either way it has no impact on battery life and all major smartphones have been capable of encryption for many years
-
[email protected]replied to [email protected] last edited by
The other post covered how it was the Secure Enclave not just having a cryptographic piece of silicon, but what was for a while unique to Apple shit was the use of Secure Enclave for biometric data like fingerprints and whatnot.
-
[email protected]replied to [email protected] last edited by
But I dislike that it requires even going that info
I never understood this stance... do people really think a corporation is going to risk their entire company over your anonymity when their country's government does not allow this? Nobody is going to jail for you.
Plus, if everyone could easily sign up anonymously, then like they said, it would be overrun with bots and the reputation of their IPs would quickly deteriorate to where most other email providers would just block them, making the service almost worthless.
-
[email protected]replied to [email protected] last edited by
And SMTP/IMAP do not support end-to-end encryption, so a malicious server can still spy on you even if it uses TLS.
-
[email protected]replied to [email protected] last edited by
It's a privacy activist stance, privacy and security are always at a constant battle. There was a post about it a few weeks back, every attempt at security compromises privacy, because private info is the easiest way to lock security down, so it's always the route that companies take.
Personally I don't think a corporation should have to risk their company over it, but I don't think a company that isn't privacy oriented should pretend to be. It's misleading.
I give them credit that they might be good for privacy but, the entire operation gets undermined when in order to sign up, it tries to force you into giving information that could identify you. The less information needed the better, and the less you can tell overreachers. If you don't have the information you don't have the information. That's signals motto, it's also Mullvads motto, and its the direction that proton runs in if you can find your way through it's hoops. -
[email protected]replied to [email protected] last edited by
Disable iCloud backups, and do backup manually with iTunes plus the backup password set.
