Comment by reify
15 days ago
I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Anyone with a fundamental understanding of online privacy and security would encrypt any files prior to uploading them to the cloud rendering any back doors and access to those files useless and toothless.
I dont use any of these services. I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
The overlap between “criminal” and “fundamental understanding of online security” is fairly small.
I use online services and sync, but my life is so boring (and data breaches have exposed so much) that a disaster that destroys my house and all backups is far more likely that harm from government or private snooping on my cloud files.
I know we’re supposed to stand on principle and make data storage choices as if today’s cat photo were evidence of being the real JFK assassin, but I don’t have the energy.
Hamas switched from smartphones, with encrypted messengers to pagers, a communication device with encryption so weak it may as well not be there. Criminals get caught because they used plain phone calls and texts _all the time_. Hell, child abusers are regularly reported to the police because someone saw a suspicious picture on their phone when scrolling through the gallery. Crime and an understanding of cybersecurity don't necessarily overlap.
I agree that cloud services cannot be trusted to do encryption within their clients, but on platforms like iOS it's difficult to do automated backups using independent encryption. It's also quite difficult not to accidentally enable backups to these services because the setup flow for every phone guides you to hitting the "upload everything I do to Apple/Google".
To Apple's credit, while they normally store a copy of the encryption key, making most cloud encryption entirely useless, they do offer setting a custom key at least. GDrive and OneDrive sure don't.
> on platforms like iOS it's difficult to do automated backups using independent encryption.
iOS allows you to perform encrypted backups to your local PC or Mac out of the box.
https://support.apple.com/guide/iphone/back-up-iphone-iph3ec...
I believe they switched to pagers because their location can't be tracked. Every pager message is broadcast across the whole country and the pagers just listen to all of them and only tell the owner about the ones meant for them.
A phone has to at least tell the nearest tower that it's within range so that the tower can know to send it messages. After that, when it get's a message it sends some sort of acknowledgement. In theory anyone can pick up those messages with a phased array or set of directional antennas and get a directional fix on the phone.
there are dumb people out there but can you sum up (just talking about illegal drugs) an industry that makes $360 billion per year? Brazilian ghettos have army grade weapons like anti-aircraft missiles [0]
psychopathy is a mental disease who impair people to control their impulses/defected judgment; often these are permanent personality traits, which either will let them sit in a prison for the rest of their lives depending on what they did or they will be liberated if they get caught with a high chance of another incidence... search for papers/work from Kent Kiehl if you are interested in this type of stuff
[0] https://www.globalissues.org/news/2009/10/30/3330
I think you have a very high opinion of the millions of people around the globe, with varying levels of computer literacy, who are terrorists, criminals, and/or child abusers.
I once worked with a business lady who used her dumbphone as an argument in a discussion where we were deciding whether all our users have smartphones. She proudly displayed the dumbphone and said that if she has one, others probably have too.
I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
It's anecdotal evidence, but still.
You are of very low opinion of people, probably assuming that you are smarter because you are some kind of IT guy.
And you are likely wrong.
> I learned only much later that her husband was prosecuted for fraud related to government funds. So she had a good reason to have a dumbphone.
Does she? Law enforcement can wiretap and track dumbphones just as easily as smart phones. The lack of encrypted calling/texting options even make it easier for law enforcement. If she's trying to hide more fraud, the dumbphone isn't helping her. And of course if she is trying to hide fraud from law enforcement, she probably shouldn't be doing the fraud in the first place.
There are good reasons for using dumbphones (smartphones distract, and it's having a serious impact on everyone these days) but avoiding being prosecuted isn't one.
1 reply →
> I have never understood the thinking around uploading your private life to some server in the cloud when they are more secure on an external hard drive at home.
Depends on your threat model. If someone unofficial wanted at what you're doing, they'd likely find it easier to go after your home data than what you have in iCloud -- particularly if using Advanced Data Protection for iCloud.
https://support.apple.com/en-us/108756
Also, ask the folks in Los Angeles how those external hard drives at home are working out for them in the fires. There are many types of threats.
The real goldmine is WhatsApp. In most cases, WhatsApp backups are enabled and uploaded by default, including when the whole iPhone backup is created. And by default, backups are unencrypted.
So if you ever wonder how they access those WhatsApp messages, when you think that they would be end-to-end encrypted, reality is something else.
I've got backups disabled on WhatsApp and the app reminds me like once every few weeks "You should turn on your backups!". Easier to click yes.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Meanwhile, the amount of local news arrests for people getting busted for uploading CSAM to online platforms like Google and Apple is exponentially increasing.
The average "criminal" is an idiot.
News stories seem to indicate that many criminals use computers just like any given person does.
Even people concerned with security who know a little seem to be terrible at it.
A local protest group in my area was passing around an image with security tips. They were hilariously bad, suggestions based on very confused understandings of risk. These people weren’t criminals necessarily, but they were motivated and concerned and somehow just terrible at basic security.
> News stories seem to indicate
What's the inverse of survivor bias?
They are still people committing crimes. I don't think that's quite the same as the prototypical survivorship bias would imply.
There is the possibility that there is a great deal more crime being commuted by capable super criminals who understand the nuances of security .... but I'm more of a subscriber to the theory that for "most" crime, it's a lot of stupid people.
The average people have zero idea about these things. They just use phones, and do not care how they function, what they do in the background.
> I doubt very much if any terrorist, criminal or child abuser is going to use any google or apple cloud service to back up their files.
Most of the time, people become terrorists, criminals or child abusers because they're stupid, not because they're smart.
[flagged]
Don't iPhone photos automatically sync to your iCloud?
You can turn it off, and it is E2EE.
You need to enable an additional iCloud secure mode for true E2E to be enabled.