Comment by varenc

1 month ago

This whole thing is reminding me of the outrage over Apple and Google's privacy preserving 'Exposure Notification System' system from the Covid years. It defies intuition that they can alert you to exposure without also tracking you, but indeed that's what the technology lets you do.

Similarly here, it feels like the author is leaning into a knee jerk reaction about invasion of privacy without really trying to evaluate the effectiveness of the technologies here (client side vectorization, differential privacy, OHTTP relays, and homomorphic encryption).

Though I 100% agree Apple should ask the user for consent first for a feature like this.

12 comments

varenc

Reply
naruhodo  1 month ago

I would love to evaluate the privacy of these technologies.

Someone reply with a link to the source code so I can see exactly what it is doing, without having to take an internet rando's word for it.

Better yet, let me compile it myself.

  • jmb99  1 month ago

    If you have the capability to actually skillfully analyze this type of crypto, disassembling the binaries from your device (or at the very least, an ipsw for your device) should be trivial.

    After all, you wouldn’t actually be trusting the source code given to you to match what’s running on your device, would you?

    • realusername  1 month ago

      Reverse engineering is a separate skillet on its own, on top of the other ones you need to read the source code and good developers aren't necessarily good at that.

      > After all, you wouldn’t actually be trusting the source code given to you to match what’s running on your device, would you?

      That's why the best practice in the industry follows reproducible builds.

WA  1 month ago

That COVID feature was opt-in. Author is complaining about a lack of opt in now.