WingNews logo WingNews
top | item 43272133

(no title)

nkellenicki | 1 year ago

I'm all for the DSA as well, but this argument doesn't hold water. Any sufficiently large cloud provider alternative (ie. Google, Microsoft, etc) would likely be the target of similar government instructions. In fact, I bet they already are - they just can't talk about it.

And of course, it's already possible to disable iCloud backups and use a smaller provider or host your own alternatives. I already do, through Nextcloud, etc. It's not as fully integrated of course, but you bet that if it was, then the largest alternatives would be targeted all the same.

discuss

order

petedoyle|1 year ago

If Apple were to add new APIs, it might be possible to use personal cloud storage (NAS, Decentralized Web Nodes, etc.) with the same UX as iCloud with E2EE.

zimpenfish|1 year ago

> it might be possible to use personal cloud storage [...] with E2EE

Which would quickly become illegal if UKGOV is set on getting access to people's iOS backups / cloud storage / etc. Hell, it's already a legal requirement to hand over your keys if UKGOV demands them[0].

[0] "Regulation of Investigatory Powers Act 2000 part III (RIPA 3) gives the UK power to authorities to compel the disclosure of encryption keys or decryption of encrypted data by way of a Section 49 Notice." https://wiki.openrightsgroup.org/wiki/Regulation_of_Investig...

Aloisius|1 year ago

Bit more complicated than that. iCloud isn't passive storage. A fair bit of the logic exists on the server.

stuaxo|1 year ago

Ah, so in the UK or China this could go through a proxy that steals all the keys.

Half the computer crimes in the UK involve illegal access to the PNC (police national computer), how exactly do we think this would go.

For all the checks you put on people who can access this stuff the temptation is too big - just look at the intelligence analysts using systems to stalk Exs etc.

For any system like this to exist you must ask yourself if you would be happy with the worst person you know having a job where they have access to it.

alwayslikethis|1 year ago

You can always have an company without legal presence in the UK to do the operations, beyond the reach of the UK government. If you are allowed to run your own software on your devices, you can always encrypt before sending. Apple and to a lesser extent Google got themselves in this position of being able to spy by building their walled gardens.