top | item 29334812

(no title)

notkurt | 4 years ago

Has anyone put forward some theories as to how they are pulling this off? Are they tapping into iMessage Metadata, scanning crash logs, or something along those lines? While I totally understand the need for them to keep how they are doing this private, I do find it slightly concerning. Unless they are just flagging suspicious iCloud login attempts. If it’s relating to crash logs, it would be nice to know as I’m sure a bunch of privacy focused users have that disabled.

discuss

marcan_42|4 years ago

I assume they have iMessage metadata on what accounts the NSO accounts talked to. The contents are E2E encrypted, but unless they have explicitly promised not to keep logs, they probably have the metadata logged.

gjsman-1000|4 years ago

Apple claims in their lawsuit that they have over 100 false iCloud accounts that were created, and is confident in their identities to the degree they are going to use them for standing to prove that NSO signed a legal agreement in the lawsuit.

In which case, NSO f!@#ed up and left iCloud Messages Backup enabled, which stores unencrypted copies of the End-to-End messages and makes it trivial for Apple to alert any person that these accounts messaged to. That's one possibility.

randyrand|4 years ago

It’s likely much more manual that.

They admit themselves that these attacks are not easy to detect.

diebeforei485|4 years ago

> If it’s relating to crash logs, it would be nice to know as I’m sure a bunch of privacy focused users have that disabled.

It is not possible to disable all telemetry entirely.