UK government demanding access to encrypted iCloud
-
[email protected]replied to [email protected] last edited by
Mullvad us Denver 205.
I’m also using their encrypted dns though that shouldn’t matter. Recording an email might be a regulatory requirement of the intelligence sharing treaties of the eu and broader eurozone.
Try an endpoint outside of the western world and see what happens!
-
[email protected]replied to [email protected] last edited by
Wow, thank you for this! But it looks like IMAP and POP, not server-to-server. And how would one of these severs compromise security if not one of the end points?
-
[email protected]replied to [email protected] last edited by
Yeah weirdly enough it ended up being a browser issue, Firefox wasn't able to use anything but email verification but Chrome was able to offer a captcha in place of it
-
[email protected]replied to [email protected] last edited by
Yeah but phones have had a problem where using the main chip for encryption would basically use all the battery. For a while Apple was the only one who didn’t have this issue because they included dedicated chips to handle the encryption. So they were even able to jump in to the “whole phone encryption” by default. While android phones had to leave it as a checkbox in settings that would eat your battery.
I just don’t remember if google ever got around to addressing the issue.
-
[email protected]replied to [email protected] last edited by
In 2026 good old steganographic messages, like in North Corea
-
[email protected]replied to [email protected] last edited by
I've always Android phones with encryption enabled, since about 2014, and I've never noticed any issue, nor had I heard about this before.
-
[email protected]replied to [email protected] last edited by
Op: read about pgp/gpg. Do it now. When you don’t understand something ask questions about it instead of giving up.
While that's usable for files, they cannot use it for the app backups and conta ts and such that the system creates on iCloud
-
[email protected]replied to [email protected] last edited by
SMTP is only encrypted if the second server responds correctly to the first servers starttls.
The striptls type of attack, which prevents the servers from getting a valid starttls exchange, was in use over a decade ago by some telcom against its own customers.
Even if you know the person you’re emailing has a correctly configured client you can’t control a man in the middle attack between servers which has been in widespread use for years.
-
[email protected]replied to [email protected] last edited by
Yeah people affected by this would have to turn on adp (iCloud recovery key) and be vigilant about how precisely Apple chooses to remove that feature assuming the uk government doesn’t back down.
Worst case scenario you’d need to be doing local backups and have iCloud turned off.
Metadata is a bigger worry at that point though.
-
[email protected]replied to [email protected] last edited by
This is not true. You may be thinking of the Secure Enclave, which Apple processors have had for a while and acts as a dedicated piece of silicon to protect encryption keys. But pixels have this too, idk about phones with Qualcomm or exynos SOCs but they likely have something similar. Either way it has no impact on battery life and all major smartphones have been capable of encryption for many years
