Comment by Msurrow
1 month ago
I think it does address the main problem. What he is saying is that multiple layers of security is used to ensure (mathematically and theoretically proved) that there is no risk in sending the data, because it is encrypted and sent is such a way that apple or any third party will never be able to read/access it (again, based on theoretically provable math) . If there is no risk there is no harm, and then there is a different need for ‘by default’, opt in/out, notifications etc.
The problem with this feature is that we cannot verify that Apple’s implementation of the math is correct and without security flaws. Everyone knows there is security flaws in all software, and this implementation is not open (I.e. we cannot review the code, and even if we could review code we cannot verify that the provided code was the code used in the iOS build). So, we have to trust Apple did not make any mistakes in their implementation.
Your second paragraph is exactly the point made in the article as the reason why it should be an informed choice and not something on by default.
If you don’t trust Apple to do what they say they do, you should throw your phone in the bin because it has total control here and could still be sending your data even if you opt out.
Bugs have nothing to do with trust. You can believe completely that someone’s intentions are pure and still get screwed by their mistake.
Oh yeah, the well known "blind trust" model of security. Never verify any claims of any vendor! If you don't trust them, why did you buy from them?!
As someone with a background in mathematics I appreciate your point about cryptography. That said, there is no guarantee that any particular implementation of a secure theoretical algorithm is actually secure.
There is also no guarantee that Apple isn't lying about everything.
They could just have the OS batch uploads until a later point e.g. when the phone checks for updates.
The point is that this is all about risk mitigation not elimination.
> There is also no guarantee that Apple isn't lying about everything.
And at that point all the opt-in dialogs in the world don't matter and you should not be running iOS but building some custom Android ROM from scratch.
> There is also no guarantee that Apple isn't lying about everything.
Other than their entire reputation
15 replies →
I’m stealing your information.
Hey! That’s wrong.
But I promise I won’t do anything wrong with it.
Well ok then.
1 reply →
You're welcome to check their implementation yourself:
https://github.com/apple/swift-homomorphic-encryption
Hypothetical scenario: Theo de Raadt and Bruce Schneier are hired to bring Apple products up to their security standards. They are given a public blog, and they are not required to sign an NDA. They fix every last vulnerability in the architecture. Vladimir Putin can buy MacBooks for himself and his generals in Moscow, enable Advanced Data Protection, and collaborate on war plans in total confidence.
Where are the boundaries in this scenario?
Theo de Raadt is less competent than Apple's security team (and its external researchers). The main thing OpenBSD is known for among security people is adding random mitigations that don't do anything because they thought them up without talking to anyone in the industry.
I mean half the reason the mitigations don't do anything is that nobody actually cares to target OpenBSD
Freedom of speech can not exist without private communications. It is an inalieanable right, therefore privacy is as well.
I am pretty sure that if we had those people in charge of stuff like this there would be no bar above which "opt in by default" would happen, so I am unsure of your point?
Except for the fact (?) that quantum computers will break this encryption so if you wanted to you could horde the data and just wait a few years and then decrypt?
Quantum computers don't break Differential Privacy. Read the toy example at https://security.googleblog.com/2014/10/learning-statistics-...
>Let’s say you wanted to count how many of your online friends were dogs, while respecting the maxim that, on the Internet, nobody should know you’re a dog. To do this, you could ask each friend to answer the question “Are you a dog?” in the following way. Each friend should flip a coin in secret, and answer the question truthfully if the coin came up heads; but, if the coin came up tails, that friend should always say “Yes” regardless. Then you could get a good estimate of the true count from the greater-than-half fraction of your friends that answered “Yes”. However, you still wouldn’t know which of your friends was a dog: each answer “Yes” would most likely be due to that friend’s coin flip coming up tails.
> Except for the fact (?) that quantum computers will break this encryption […]
Quantum computers will make breaking RSA and Diff-Hellman public key encryption easier. They will not effect things like AES, nor things like hashing:
> Client side vectorization: the photo is processed locally, preparing a non-reversible vector representation before sending (think semantic hash).
And for RSA and DH, there are algorithms being deployed to deal with that:
* https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography...
Quantum computers don't and won't meaningfully exist for a while, and once they do exist, they still won't be able to crack it. Quantum computers aren't this magical "the end is nigh" gotcha to everything and unless you're that deep into the subject, the bigger question you've got to ask yourself is why is a magic future technology so important to you that you just had to post your comment?
Anyway, back to the subject at hand; here's Apple on that subject:
> We use BFV parameters that achieve post-quantum 128-bit security, meaning they provide strong security against both classical and potential future quantum attacks
https://machinelearning.apple.com/research/homomorphic-encry...
https://security.apple.com/blog/imessage-pq3/