Comment by tempodox
3 days ago
The gov’t can force them to reveal any user’s data and slap them with a gag order so no one will ever know this happened.
3 days ago
The gov’t can force them to reveal any user’s data and slap them with a gag order so no one will ever know this happened.
All user data is E2E encrypted, so the government literally cannot force this. This has been the source of numerous disputes [0, 1] that either result in the device itself being cracked [0] (due to weak passwords or vulnerabilities in device-level protection) or governments attempting to ban E2E encryption altogether [1].
[0] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
[1] https://en.wikipedia.org/wiki/Crypto_Wars
Maybe E2E, but the data eventually has to be decrypted to read it.
Then you learn that every modern CPU has a built-in backdoor, a dedicated processor core, running a closed-source operating system, with direct access to the entire system RAM, and network access. [a][b][c][d].
You can not trust any modern hardware.
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://en.wikipedia.org/wiki/AMD_Platform_Security_Processo...
https://en.wikipedia.org/wiki/ARM_architecture_family#Securi...
https://en.wikipedia.org/wiki/Security_and_privacy_of_iOS
Some of those things are not like the others. TrustZone is not a dedicated core. It is a mode of the CPU, akin to x86's SMM
What you cited is for data on a device that was turned off. Not daily internet connected usage. No one is saying you have no protection at all with Apple, it is just very limited compared to what it should be by modern security best practices, and much worse than what can be achieved on android and linux.
> much worse than what can be achieved on android and linux.
* Certain types of Android
E2E encrypted is nothing if key escrow is happening.
Why did they change their wording from:
Nobody can read your data, not even Apple
to:
Apple cannot read your data.
You know why.
When did they change their wording?
1 reply →
If they didn't want you to think key escrow might be possible, why wouldn't they just leave the wording the way it was? Why go through the effort and thereby draw attention to it? The court system doesn't use sovcit rules where playful interpretation of wording can get a trillion dollar corporation out of a lawsuit or whatever.