← Back to context

Comment by ghjfrdghibt

1 month ago

No I've not read them, I don't see why I would as I'm not an apple customer. But I do wonder if apple are in charge/control the encryption keys to your encrypted data...

5 comments

ghjfrdghibt

Reply
sgammon  1 month ago

They are not, that is what makes it secure and why you should read the manual.

  • ghjfrdghibt  1 month ago

    So no third party, including law enforcement can access data held by apple? Including apple? At any point?

    I'm asking these questions because I'm definitely not going to read the manual, for the reason I've already said, you seem to have read the manual, and I find it hard to believe. I'm only aware that apple offers advanced protection on your uploaded data, which you have to opt into, which might be what you're talking about...?

    • sgammon  1 month ago

      Ultimately, here is a user-level guide to this feature:

      (1) Do you trust iCloud? iMessage?

      If so, then you already trust weaker technologies than the ones in use here. In my opinion, trusting iMessage is sensible, and it has been tested (see: FBI and San Bernardino shooter's phone).

      (2) Do you trust TLS (i.e. HTTPS)?

      If so, then you already trust weaker encryption architectures than the ones in use here. Your counterparty over TLS necessarily needs to _decrypt_ the data you send it. That is not the case here; homomorphic encryption means Apple processes the data in _encrypted form_.

      (3) Do you consider opaque derived data as risky as plaintext metadata?

      If so (i.e. if you feel an MD5 hash of your phone number is just as risky as your actual phone number), then you may take issue with this feature. If not (you are OK with hashes of your data because you understand how encryption works, and that it must be transmitted either way, so a salted hash is obviously a strictly better choice), then you already trust weaker protections than the ones in use here.

      (4) Do you trust Face ID/Touch ID?

      Hardware-secured keys are a necessary root of trust which underpins all these features. If you don't trust these, you won't like this feature, and, in fact, all bets are off.

      Thus, the feature is secure enough to be defaulted to an active state.

    • sgammon  1 month ago

      > I'm only aware that apple offers advanced protection on your uploaded data, which you have to opt into, which might be what you're talking about...?

      This is to store your data within iCloud. You can turn it off or on at your convenience, but end-to-end encryption prevents other features, which is why they leave the decision up to users.

      In contrast, the article linked here does not involve your actual data leaving your device in any way. Even the metadata is encrypted and hashed and then compared in obfuscated form. Homomorphic encryption allows these computations to take place _on the encrypted form of the data_, _without_ revealing the results. Only you can make sense of the result.

      Thus, data can be exchanged with a foreign computer while provably keeping your _actual_ data safe, since the computation was performed on an obfuscated form of it. Apple can't even track you down to gain your device's cooperation in decoding it, since you are hidden behind a proxy.

    • sgammon  1 month ago

      > So no third party, including law enforcement can access data held by apple? Including apple? At any point?

      Correct. iMessage already delivered the features you are describing. The features described here are even stronger, since there is no centralized key escrow.