This narrative of false equivalency is dangerous, IMO.
WeChat has been proven to be a heavily monitored and censored network. Whatever security failings iMessage and WhatsApp have, they pale in comparison to what's in place for WeChat.
The false equivalency also begs a deeper moral analysis. Let's assume the US government has as complete access to iMessage and WhatsApp as the CCP does to WeChat. The story doesn't end there, since you have to examine the nature of the entities that have access to your information.
Would I prefer that access be held by the US Government, which for all its faults is extremely engaged with and integrated into the global system, beholden to Law and a robust court system which enforces a strict set of checks and balances on its behavior, and is philosophically rooted in individual liberty?
Or would I prefer the CCP, which does not even recognize the concept of individual liberty, is beholden to no one but itself and its own desires, and ruthlessly upholds its iron and unquestioned (unquestionable, at least in China) will upon the entire nation with absolutely 0 oversight?
I disagree with several aspects of your depiction of the US's "robust court system" (especially in the case of mass surveillance). There have been several attempts by citizens to sue the US Government for their illegal and indiscriminate surveillance programs, but have been stonewalled for years by government lawyers arguing that such cases should not happen in public courts (where they could be held accountable) due to "national security risks". Not to mention that the NSA has their own interpretation of the US Constitution which completely twists the meaning of "collection" to allow indiscriminate mass surveillance to not be seen as "unreasonable search and seizure". Then there's the whole FISA court system, which rejects so few requests that it is in every sense of the word a rubber stamp court. And even if the court system is "robust" -- let's not forget that the PATRIOT Act exists (though it turns out that the NSA actually violated even the minimal restrictions present in the PATRIOT Act).
Now, is China any better? Of course not, and the CCP has countless policies which are far worse to their own people than the US. But the key question is -- do you live in or have any connection to China? If not, then I would go with the CCP surveillance because there is no obvious mechanism for such surveillance to harm you directly. On the other hand, if you live in a 5-EYES country (as I do), any data obtained from US surveillance can be used in parallel construction (or other not-entirely-legal methods). Hell, here in Australia our mass surveillance systems have been used to punish minor infringements such as littering.
Obviously I'd prefer not to be surveilled at all, but between the two I'd choose the one that has the smallest threat of direct impact on my life.
> But the key question is -- do you live in or have any connection to China? If not, then I would go with the CCP surveillance because there is no obvious mechanism for such surveillance to harm you directly.
they can spy on your business dealings and potentially find material to blackmail you
> But the key question is -- do you live in or have any connection to China? If not, then I would go with the CCP surveillance because there is no obvious mechanism for such surveillance to harm you directly.
Tell that to the forcibly disappeared political dissidents, or to the Uyghurs who are being "re-educated" as we speak.
And remember, even if you're not connected to China now, that can always change in the future.
> In 2014, former CIA and NSA director Michael Hayden said in a public debate, “We kill people based on metadata.”
> According to multiple reports and leaks, death-by-metadata could be triggered, without even knowing the target’s name, if too many derogatory checks appear on their profile. “Armed military aged males” exhibiting suspicious behavior in the wrong place can become targets, as can someone “seen to be giving out orders.” Such mathematics-based assassinations have come to be known as “signature strikes.”
I'm not sure I see where we're disagreeing. Yes, if you have a connection to China then you should opt to evade CCP surveillance and there are many CCP policies which are awful towards groups in China. That's what I said.
My point is that if you have a connection to the US (as all 5-EYES and allied countries do), then today that has a more direct impact on your life than any theoretical future risk that the CCP will be able to have a direct impact over your life. The premise of this discussion is that you have to choose one or the other. I am well aware of the massive threat that is retroactive surveillance, which is why I would choose neither (obviously).
> Tell that to the forcibly disappeared political dissidents, or to the Uyghurs who are being "re-educated" as we speak.
Those are all people who have direct connections to China in some respect, and what has been done to them are all horrific human rights abuses. However, I don't see what that has to do with what I said.
If you only consider the direct, personal impact on you as an individual with no current or future ties to China, then sure, the risk is probably lower. However, it is important to note that CCP surveillance is much more intrusive in general.
The point I'm trying to make is that you're not taking into account the fact that your use of CCP-backed services implicitly contributes to human rights and surveillance abuses within China. Once you consider this, I think minimizing the use of these products and services is worth incurring the added "risk" of being surveilled by the Five Eyes.
In aggregate, the systems of governance and human rights that we endorse for the world will have a direct impact on our lives in the long run.
If you think you're marginally more likely to be arrested and prosecuted for littering because of super secret iMessage collection... why not consider the marginal effects of turning a blind eye to (and contributing to the economic expansion of) an illiberal, anti-democratic power that, in your words, does "far worse to their own people than the US"?
They seem to already be comfortable collecting your data as they please and influencing various levels of your government. What harm could it do to enthusiastically profile yourself for them?
I'm not endorsing, nor turning a blind eye to China's government. I was responding to a comment which was only critising China, while arguing that the US has all of these protections and thus was effectively endorsing the US government (to the point of saying that they prefer US government surveillance). I on the other hand, do not endorse the vast majority of the US government's actions, hence the criticism.
It's a bit silly to require every comment which critises the US to also have to include a disclaimer that "yes, I also think China/Russia/other-enemy-of-the-US is bad".
> They seem to already be comfortable [...] and influencing various levels of your government.
I'm really not sure what you're referring to. If you're talking about the Australian government, I'm not aware of any substantial evidence that the CCP has actually influenced our government. Our government is friendly with China and does many things against the interests of the public as a result, but there is far more evidence of just ordinary domestic corruption.
I will also point out that there is strong evidence that the US (in particular, the CIA) effectively helped facilitate a soft-coup in Australia in 1975 (in response to Menzies' threat to close Pine Gap because the US lied about what it was used for). Oh, and the CIA offered $24m of laundered money to the Opposition for that election in order to help them win -- if only there was a word to describe that...
So if we're going to point-score about foreign influence in the Australian government -- the US literally replaced our prime minister in a (to quote Victor Marchetti, a former CIA officer) "kind of Chile coup". But I'd love it if nobody interfered with other countries' democratically-elected governments.
The United States is not the leader in this process. It’s a kind of follower because the first government that publicly declared that China has to be contained was Australia’s government.
The government of Australia in 2008 had already issued a white paper clearly stating that if we do not contain China, if our allies don’t contain China, then even Australia will become a Chinese colony.
So the Australian government had already taken a clear position. We have a choice: we either contain China or we become a Chinese colony.
Then, in 2011, just immediately after the tsunami and earthquake, [Australian] Prime Minister Gifford came to Tokyo. She made a little trip up to Fukushima when she arrived, just to show she is not afraid, and then she gave a speech in Tokyo, saying very clearly that Australia and the United States, Japan, have to cooperate to hold back China.
At that time, the prime minister was Mr. Kan, and Mr. Ichiro Ozawa was a very influential politician. Ozawa believed in containment.
So, the Australian prime minister comes to Tokyo and tells the Japanese: “Get up. Deal with this issue. Face China.”"[1]
> Why can the governor general replace a prime minister who has a majority?
It's one of their constitutional rights. Their purpose is to act as a surrogate for the Head of State (currently Queen Elizabeth II) and the role was designed to mirror the process of the UK's Head of State -- the Queen picks her ministers and in theory doesn't need to choose the leader of the party with the largest number of seats.
Do I think it's a system that should be changed? Yes, but this is complicated by the need for a mechanism for double-dissolution (which cannot be automatic because it could then just be gamed to re-trigger elections).
> Why did the citizens reward and vote in the party who pulled those election tricks.
As is usual, propaganda. The laundered $24m wouldn't have been used to buy toilet paper.
> Why would you blame the US but not bother to change the laws? This can happen again.
Given that the US triggered and orchestrated the constitutional crisis in order to further their own foreign policy (which was confirmed by President Jimmy Carter to have been the case when he vowed that the US wouldn't do it again), I think it's entirely fair to blame the US.
In order to change the role of Governor-General you'd need a constitutional amendment. To say that it's effectively impossible to get a constitutional amendment passed in Australia is an understatement (only 8 amendments have been passed, out of 44 attempts in the past ~120 years -- and most of those were passed soon after Federation). One of those failed amendments was to switch Australia to a republic model which would've replaced the Head of State and Governor-General with a President -- but the overall set of rights given to the President would've been the same.
It should also be noted the inclusion of double-dissolution in our Constitution was somewhat controversial at the conventions during drafting, but was eventually agreed to be vital if the Senate was to have the powers it currently has. So we would need some mechanism to avoid deadlocks, and the lack of obvious alternative solutions to this problem results in most proposals just keeping the existing system but changing how the Head of State and Governor-General are elected.
> extremely engaged with and integrated into the global system, beholden to Law and a robust court system
Uhm yeah but countries do nothing when Russia annexes Crimea, what do you think they’d do if the US simply spies on them? Absolutely nothing. It’s literally happening right now and it’s public knowledge and “it’s just a matter of national security.” Case closed.
This depends on your point of view, of course. If you're a US citizen with US legal protections and representatives in US government and access to US lawyers, you might find that reassuring. From the outside, the picture of the modern US is not nearly as pretty.
For me, this narrative seems to remind people don't over trust iMessage and WhatsApp, instead of "why don't you use Wechat they are not different anyway".
All the westerners I know in China don't send sensitive information through Wechat. It's just good to have a low trust stance by default.
I totally agree. When you employ lossy compression to reduce a multidimensional assessment of degree and kind of risk to a single bit ("Do any potential risks exist, yes or no?") you are deleting almost all information that can be used for risk assessment. Presumably you would do so either because you genuinely think there is only one bit worth considering or you prefer others not think about the other bits.
I think the assumption behind your claim of false equivalency is exactly what the parent comment wanted to discuss.
You say the security failings of iMessage and WhatsApp pale in comparison to WeChat; I agree with parent comment and ask - in light of PRISM etc. - on what grounds can you say we should not be just as suspicious?
Whether or not compromised, I am sure my messages on iMessage are not used to train censorship applications by the NSA. Messages on WeChat are used for censorship.
I also, separately, think that in aggregate Apple has incentives to make iMessage secure. While Tencent has incentives to share WeChat data with CCP.
These are among many reasons why the comparison was false equivalence. The world is not just black and white “secure vs not secure.”
To your question: Relative transparency and relative accountability of the governments in question.
But your question is by nature setting up a false comparison. There is no observed censorship apparatus in place in the US. You can always pose "what if" scenarios about super classified efforts, but functionally there is no active system in place.
Compare this to the vastly-resourced, all-encompassing one operated openly and enthusiastically by the CCP.
On the basis that there is no automatic censorship of user content shown to me via iMessage. I am highly certain that my friends can send me arbitrary (within technical reason) text and images and not get censored. This is not the case with WeChat in China right now.
Given societal norms I think there is a strong expectation that my iMessages will not be censored in the near future either.
This means there is little incentive for NSA to train and develop an actionable automatic censorship application.
Again, this is true even if they intercept, decode, analyze, commit physical action on the basis of the analysis, and store every one of my messages.
Ah, sorry, I erroneously read "censorship" as "surveillance".
I suppose there is not really the same kind of overt deployed censorship in the US like there is in China. I do personally think that the NSA somehow gets most messages sent in the US, but I have no idea what they would do with it or if that hypothesis is reasonable.
You misread your parent post. Bgorrman didn't say that WeChat being insecure means that iMessage and Whatsapp are insecure. Bgorrman questioned if we have reason to believe that iMessge and Whatsapp are more secure than WeChat.
A implies B & C is not the same as asking whether B & C share the same qualities as A.
You actually created a strawman in order to say that your parent had a false equivalence.
All the technical explanations already given aside, the fact that companies in the US can and do resist attempts to undermine cryptography (see the San Bernardino case), and that there's an actual transparent public legal system where we can all follow along.
It's not perfect but compared to the pretty much unlimited control the Chinese censors have over their companies it's a hell of a lot more trustworthy.
There's a whitepaper on iMessage's security as it was at a single point in time. It may be possible to verify this on a recent build with enough effort, but the average user will never be able to make that validation. So we can't be completely secure there.
More secure than WeChat? ABSA-FREAKING-LUTELY. And do I trust Apple to remain secure? Yes.
I'm mostly putting this here because I've heard people talking about security guarantees without considering tweaks in the supply chain or binary deliveries. Even Signal could get breached with enough effort from Google to push new bits and bypass certificate validation. (Though practically that is not going to happen.)
WhatsApp is end-to-end encrypted so the service providers themselves can't read the message content, yes, definitely. Although, technically the security guarantees are nil unless you verify safety numbers which I can guarantee almost nobody actually does.
>> WhatsApp is end-to-end encrypted so the service providers themselves can't read the message content, yes, definitely. Although, technically the security guarantees are nil unless you verify safety numbers which I can guarantee almost nobody actually does.
Except that there is no way to prove this. There is no way to prove that it isn't also sending a copy from the client back to the server. Whatsapp could deploy individualized specific clients to target users, perhaps at the behest of governments. The only full answer is totally open-source software with users able to cryptographically verify that they are downloading and running the same software as everyone else.
That's still not a full answer, of course, your proprietary operating system or closed chipsets can spy on you.
Absolutism isn't helpful IMHO, there is no true security in this world only degrees of trust and risk. You can always go one step further in securing a product but the first step still matters.
I think there's real value in companies implementing e2e (and it's hard! it's super hard politically to get this done when the business sees little value for the effort and I know this because I've successfully fought to get e2e into a product).
The reality from my point of view is that it takes idealists inside to convince a commercial entity to lock themselves out of value (commercial surveillance) they could capture. I find a company's stance on e2e to be a valuable signal.
Verifying the software one is running is not absolutism. Just because one cannot provide 'perfect' security isn't a reason to give up trying to provide some security by elevating the effort requires to conduct an attack. That locks can be picked isn't an excuse to not bother locking the door.
You'll note that logically a company cannot actually solve this problem themselves in a satisfactory way, since you would have the same problem trusting the verification mechanism as you did trusting their app in the first place.
What you want belongs as an operating system or app distribution mechanism concern. A third party OS extension might make sense. Even that's a bit fraught if there is any kind of dynamic code execution (aka code that appears at runtime, say, a web view).
"We report all apparent instances of child exploitation appearing on our service from anywhere in the world to the National Center for Missing and Exploited Children (NCMEC),"
The fact that one of the founders of Whatsapp left Facebook in a disagreement, leaving $850M of unvested options on the table, and took what he had earned to found the Signal Foundation is a pretty clear indicator towards something in that direction at least.
There's another downfall of iMessage. If you have iCloud backup enabled, your iMessage encryption keys are saved to iCloud, allowing Apple to decrypt your messages. And even if you disable iCloud backup, Apple can still read your messages if the person you're talking to has iCloud backup enabled.
Are your iMessage encryption keys stored in iCloud? Or is a seperate copy of your messages (encrypted with a key Apple controls) uploaded to iCloud for sync?
Edit:
> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.
So Messages in iCloud is end-to-end encrypted, but if you enable iCloud Backup (a different product/feature), then your backup will include the key used to encrypt it.
You also have to trust the source code, or trust a recent audit, then also make sure the build you have kept it's integrity and matches the audit build.
There are degrees of security between "I personally built it from source using a compiler I personally built from source" and "Xi Jinping is CC'ed a plaintext copy of every message". The allegation here is that WeChat is basically the latter. No one makes any remotely similar claim about iMessage or WhatsApp.
If you have never read "Reflections on Trusting Trust" by Ken Thompson, I wholeheartedly recommend it. It's a short read (3 pages), but absolutely worht your time.
People might've mistaken it for pedantry/condescension? I certainly didn't take it that way (gave it an upvote) -- though I have read that paper, and was thinking of it when I wrote my original comment :)
It was not my intention to be condescending. I legitimately enjoyed that paper (the technical part mostly), and thought it was relevant to what you were saying.
I've found a lot of many interesting articles in hackernews comments and wanted to share one back.
You forgot "I personally built it from source using a compiler I personally built from source with a micro-compiler that I handcoded in assembly on a computer that I assembled from transistors myself."
That is if you allow backups, and considering 99.9% of messages are unimportant faff, there's not much reason to.
I changed phones a while ago. Lost hundreds of thousands of messages. Didn't inconvenience me in the least. Anything important is on less ephemeral services like email or backed up manually.
It's really dangerous to downplay bad news with "Geez, you're surprised at this news? What a moron." It's newsworthy for badness, not for unexpectedness.
wrt iMessage, yes, it’s E2EE and the keys are not stored in iCloud if you disable iMessage backup. Granted Apple still owns the keyset gets so, eh, depends on how paranoid you wanna get.
Yep. WhatsApp is better and Signal is better still, but iMessage's level of privacy and security is more than enough for someone who isn't specifically targeted by a nation-state-level actor.
Do we have reason to believe iMessage and Whatsapp are more secure?