← Back to context

Comment by hn_throwaway_99

1 year ago

But that's literally the entire point of this article. That is, in this day and age, when people talk about "secure messaging apps" they are usually implying end-to-end encryption, which Telegram most certainly is not for the vast majority of usages.

Also, iMessage is very secure...but then all your stuff is backed up on iCloud servers unless you specifically disable it. That includes all your iCloud encryption keys and plaintext messages.

Worse, iPhones immediately start backing up to iCloud when set up for a new user - the only way to keep your network passwords and all manner of other stuff from hitting iCloud servers is to set the phone up with no network connection or even a SIM card installed.

Did I mention there's no longer a SIM slot, so you can't even control that?

And that iPhones by default if they detect a 'weak' wifi network will switch to cellular, so you can't connect the phone to a sandboxed wifi network?

You shouldn't have to put your phone in a faraday cage to keep it from uploading plaintext versions of your private communications and network passwords.

  • Well summed-up. Its crazy how efficient theese things are at working together to strip users of any agency or control, across many different domains.

  • That is the correct default. Every day users are far more likely to accidentally lose their data than to run into government snooping.

    • If that is the correct default then why Telegram is blamed for having non-E2E chats by default? Maybe they also care about users who can accidentally lose their conversations. When Apple does it, it is good, but when Telegram or TikTok do the same, it is bad and not secure.

      2 replies →

    • It might be the correct default, but it doesn't make it secure (makes it insecure actually).

  • > That includes all your iCloud encryption keys and plaintext messages.

    Are these stored encrypted or in the clear? If the latter, please cite your source.

    • They are stored encrypted but whether Apple has the key depends on whether you've turned on "Advanced Data Protection" (aka "I don't expect Apple to bail me out when I lose access to all my devices"). The table in this support article details the treatment of various data categories under the two options:

      https://support.apple.com/en-us/102651

      The default for many categories is that your keys are in iCloud so Apple can recover them for you. With Advanced turned on, the keys are only on your personal devices. A few categories, like the keychain, are always only on your devices.

      Specifically, see Note 3: "If you use both iCloud Backup and Messages in iCloud, your backup includes a copy of the Messages in iCloud encryption key to help you recover your data." Under normal protection, Apple has the key to your backups, but with Advanced they don't.

      1 reply →

  • Apple devices are also always gossiping about which devices are where

    • Which is one of the best features. I wouldn’t mind having an option to disable it, but then you also don’t get the advantage of others’ phones finding your device.

  • laf every image you take on an iphone is sent to apple server regardless of it being in icloud or not.

  • iMessage only encrypted messages in RSA 1280, why do you think it is very secure?..

  • iCLoud can be disabled by MDM profile installed by Apple Configurator at setup.

    • Can I enroll my personal iPhone in MDM myself? And if I can have MDM with just my personal phone, do I need to buy some kind of subscription for it from Apple? Or pay some third-party?

      I thought MDM was only for enterprise businesses and schools and universities, but I may very well be mistaken about that.

      4 replies →

Many companies in the industry mislead users about encryption and just try to use it as a buzzword to attract customers. Take Apple, as example. Apple cloud backups are not E2E encrypted by default (like Telegram chats), and even if you opt into E2E encryption, contact list and calendar won't be E2E encrypted anyway [1].

Yet, Apple tries to create an image that iPhone is a "secure" device, but if you use iCloud, they can give your contact list to government any time they want.

Apple by default doesn't use E2E for cloud backups, and Telegram doesn't use E2E for chats by default. So Telegram has comparable level of security to that of the leaders of the industry.

[1] https://support.apple.com/en-us/102651