Apple ordered to open encrypted user accounts globally to UK spying
-
This post did not contain any content.
-
T [email protected] shared this topic
-
Start by decrypting and making open to scrutiny the accounts of those asking, acceptable surely if they have nothing to hide.
-
Is there an article/source for this, or is it just a pic of a phone with a lock on it?
-
British humour gets me every time
-
Could you post that in the body for us?
We're getting reports of this not being news/an article
-
He's not the OP.
-
Lol whoops
-
Apple’s iCloud backups aren’t encrypted by default,
Why the fuck not?
-
Matrix.org is in trouble as they’re hosted in the UK.
-
This comes up every so often. By default they're not fully encrypted because people are bad at managing their accounts an they expect apple to be able to recover their account/backup/data when they forget their password. The support burden of "no really we can't recover your data bc we encrypted it" when someone is in the process of losing all of their photos/messages/etc isn't worth it. And tbh I kind of agree.
You can turn on the option to fully encrypt the cloud backup, and you click through a warning that says apple can't recover the data if you forget your pw. I think this is reasonable bc if you care you can just turn that on.
-
It's important to note here that even if you turn on this option, Apple does not support full end-to-end encryption, there are still multiple factors that they keep under standard data protection which means they still have the encryption keys. They keep this under the guise of deduplication so they can save on storage costs but some examples of this are:
- the apps+file formats you have installed
- your phone's make model and serial number
- most metadata that defines what an item represents such as date time modification time
- all file checksums (this is scary imo)
They explain how everything with their encryption works here
-
You could also click on the link. I mean, that's one of the options available to you, might as well give it a whirl.
-
Encrypt everything. Show these fascist politicians and their laws the middle finger.
-
People aren't as technically intelligent as most of us on here.
Most companies haven't put up proper MFA with apps and rely on SMS. Imagine they used security codes to recover their data from Apple ...
-
My experience of checksums are in things like serial where they can potentially recover a corrupt bit.
I presume in the case of encryption, a checksum is more of a hash of the raw data? Like a one-way deterministic compute. Easy to get a hash of data, extremely difficult to get data from a hash.
In which case, it's fine. Passwords are hashed (granted, multiple times), but a cryptographically secure hash is not to be underestimated. -
You are correct, my issue with it isn't retrieving the data however, its the possibility that if the person involved had the means to, they could have a table of check-sums of files of interest. This system could be used to confirm or deny a file of interest is present on the device.
For the everyday person this is a non-issue, but from a privacy POV you should not be able to get any information in regards to what a file is.
-
They should just cut off all service to the UK and show a message with the contact information for everyone that wants the back door.
-
This isn’t going to happen. I’m not sure what the UK is expecting here.
-
I wonder if this was UK s idea or they're just acting as underlings of the great orange potato head and his husband space social man.
