WingNews logo WingNews
top | item 38579547

(no title)

aryaneja | 2 years ago

You seem to have written a very misleading comment. Apple is offering privacy minded folks two options:

1. Don't turn on iCloud Backups and receive E2EE on your messages 2. Turn on iCloud Backups AND advanced data protection and recieve E2EE on your messages

This is not some kind of nefarious plan on their end. Any user service will have a vulnerability on the user end of back-ups. For instance, Whatsapp backups will also have their keys available to Apple/Google. They need to offer this as for most users, the risk of losing their whole digital lives because they forgot their passwords outweights E2EE. For users who find that important, they have the two options listed above. Sounds like an appropriate trade-off to me.

discuss

order

clnq|2 years ago

I was not mislead by that comment. It was clear that most people have their messages accessible to Apple, which is what the article also talks about - how privacy of "blue bubble" messages is at the center of this.

There are ways to opt out. But that's for the margin of people who worry about these things. So what that comment said is very relevant and accurate.

modeless|2 years ago

iPhones with iCloud backup enabled without ADP are almost certainly the majority. I believe this is essentially the default configuration. Even if you disable backups or enable ADP Apple almost certainly still has most of your messages from the other end of the conversation. It is false advertising to claim your service is E2EE without any disclaimer when in reality you collect the keys to the majority of messages and decrypt them at the request of law enforcement.

aryaneja|2 years ago

I have addressed your concern in my comment

> They need to offer this as for most users, the risk of losing their whole digital lives because they forgot their passwords outweights E2EE.

There is no clear trade-off that is an option.

the_gipsy|2 years ago

Just because WhatsApp does it too, doesn't make it right.

These apps are not e2ee if almost every user has in effect encryption disabled.

aryaneja|2 years ago

Which app would qualify in your case? Signal suffers from the same client-side problem.

fsflover|2 years ago

> Apple is offering privacy minded folks two options

Here is the explanation why it's completely impractical and therefore doesn't provide actual privacy, along with other anti-privacy configurations: https://news.ycombinator.com/item?id=37875370

tick_tock_tick|2 years ago

Sounds like you're just confirming Apple tries very hard to make sure it's not E2EE.

katbyte|2 years ago

Turning on advanced data protection is not hard.