A better headline - users willing to give up privacy for convenience.
Reality - there was a period where the icloud backups created backups that apple did not have access to. Critically, this mean that if you had any of a wide variety of things happen - unless you were very good about key management - your content was lost for good. ALL your photos (which could be heartbreaking) etc.
It turns out this is NOT what people want. They want apple to have access to their content, so when they have a device stolen and don't have a super long recovery key properly saved, they are not hosed.
Same issue BTW with bitlocker on windows. People DO NOT save those recovery keys, even if they should. Microsoft added a way to force a backup into an account admins and others would have access to, thank goodness, because otherwise users there would be hosed as well.
They should at least offer users the possibility to get true privacy if they so wish. Blaming the existence of this backdoor on the behavior of the average user is not correct. What's next, selling my data to the highest bidder because the average user doesn't care?
Also, calling this "E2EE" is against the unwritten rules of the profession.
They added back the 'recovery key' feature in iOS 14[0] but I'm not sure if it includes full encryption of backups or other iCloud data. I couldn't find anything on recovery keys in the Platform Security index either[1].
No, because if the party you're messaging has iCloud backup on (a good chance), or is on Android, or has their device physically accessed somehow- a third party can read all of the messages that you sent them. There is no 'true privacy'
> No, because if the party you're messaging has iCloud backup on (a good chance), or is on Android, or has their device physically accessed somehow- a third party can read all of the messages that you sent them. There is no 'true privacy'
This is surely true no matter how strong the encryption scheme, though. If you share your content with anyone else, then your security is only as strong as theirs.
They are actually. iCloud backup stores the messages by default. If you go and set Messages to use iCloud sync, then they're synced end to end encrypted. Apple then removes the messages from the iCloud backup, and instead stores a backup of the end to end encryption key for Messages. If you want your messages to be truly inaccessible to Apple / agencies with warrants (and also unrecoverable after losing end to end encryption access), then you have to turn off iCloud backup.
Apple's documentation needs to be a little clearer on this but the system is basically designed with the accurate notion that the biggest footgun for 90% of users is not "the government was able to access my messages with a warrant" but rather "I lost access to my end to end encrypted messages".
Not sure if you're referring to iCloud [device] backup or all iCloud services.
If it's the latter then yes, you can (almost) always choose not to use a service or website. That's a poor argument to defend bad privacy practices.
If it's the former then just disabling iCloud backup does not result in E2E storage of other iCloud data. iCloud photos, drive, etc. are still not E2E.
> End to end encryption has always meant transport encryption not encryption at rest.
Sure, but if someone in the middle wants to store, then they don’t have anything unencrypted to store. Ultimately it all depends what one defines the “ends” as. In general for backup, both ends are the user. For chat, the sender and recipient. Apple is not an end, but a provider in the middle.
User B screenshots all of those messages and uploads them unencrypted to a random FTP server.
Now replace the random FTP server with iCloud. Or Google Drive. Does that change the nature of the messaging between User A and User B? I would say it doesn't. In fact, WhatsApp does basically the same.
End to end encryption usually refers to users being the ends and the service provider being the transport. So while it is sitting on apples servers it is kind of in transport but delayed until you make the request to get it back.
I mean, I'm blaming the user. What's wrong with that in this context? Similarly, if your region hates spicy food and thus spicy is dying in your area, I'd be blaming the region too.
If you think the word "blame" is too morally hot, then we can always go with causal attribution.
a) this feature supposedly exists for the average user who wants to have their data back if they forget their password. Apple points at the user and says they are the reason for having this backdoor.
b) this is just false; whether the data is at rest or not has nothing to do with the definition of the term. And it is misleading in any case.
a) It's not a backdoor but an explicit design tradeoff. It's hypocritical to be calling people out for using terms correctly and then misuse the term backdoor.
b) The etymology of the term has been blurred by WhatsApp referring to it as both transport and encryption at rest. But historically it has not included the latter part.
> It's hypocritical to be calling people out for using terms correctly and then misuse the term backdoor.
No, it's not because it is another instance. Someone can have one thing right and another thing wrong. And whatever the true meaning of "E2EE", its use in this case is misleading at best, so I'm pretty sure that the profession does not approve of it.
The user is being used as an excuse: "we compromise your privacy because that user over there wants it". This is not blame in the obvious sense of "it's that user's fault that they lost their data", but it is blame: "the responsibility for this thing isn't ours, the people who wrote the code, but yours."
I once saw the kind of support emails a friend got while working CS for an encrypted media storage service. Every single day, someone new was demanding, many times threatening legal action, that the company recovered their encrypted media. It was set up so only the user had the keys, and there was literally no way for the company to recover data without them - something that was a particular selling point of the service, constantly made explicit in many different ways and places. I wouldn't have believed that things were this bad had I not seen it first hand.
Given that Shamir secret sharing exists, it seems like this should be a problem you can turn around on the user though: instead of just "we'll keep your keys escrowed" it should be "please nominate N trusted friends to recover your keys" with an option (that is highlighted) to let the company be able to do this too.
There's a heck of a lot here which generally feels like a problem where the user isn't ever adequately briefed on what's happening and why, and isn't given reasonable options. People are very familiar with the idea of giving a house key to a friend, but for some reason we don't offer the substantially better options we have in this regard when it comes to encryption.
Whenever someone loses their account the first thing they do is run to the vendor and flip their shit when the vendor is unable to do anything.
I imagine from a business perspective it’s just better to keep access to data, sometimes without nefarious reasons like advertising, rather just keeping customers happy.
A bit of a tangent, but I happened to flip my shit when my folks laptop was stolen, and the thief placed a password protection on it that Apple refused to lift, despite Apple having the technical capability to do so.
They had records of my folks purchasing the laptop, but they argued that state ID's and credit cards can be faked and stolen, and were thus inadequate for their internal security purposes.
Your post is very light on details. Did they just place a new password on the device itself? If so, you can still use the laptop if you reinstall MacOS. It is only is rendered a brick if the attacker signed into their own iCloud account and enabled Find My, OR the attacker enabled Find My & enabled the recovery key feature on the existing Apple ID (meaning Apple can't let you log into the account without the key).
This was on OS X with one of the older touchbar Macbook Pro models, but there's some kind of password protection which can prompt you for a password before the usual visuals of the OS booting up.
No, it's also possible to set a firmware password, which pops up if you try to boot from any disk other than the startup disk. If you also can't log into any user accounts on the startup disk, there's no way in!
Those cards are easily forged and there is nothing you can realistically do to prove the laptop is yours without also allowing thieves/criminals to prove it's theirs. And so they have to err on the side of caution.
There was no interest to keep the data, only the hardware, which Apple initially refused to unlock. I wanted my parents to be able to do this via Apple support, and not by themselves.
Whenever someone loses their account the first thing they do is run to the vendor and flip their shit when the vendor is unable to do anything.
They certainly turn to Apple for help, but I think it's sometimes simply despair and not flipping their shit.
E.g. I was once in an Apple store and the Genius was trying to help someone who, for some inexplicable reason, did everything in the Guest account of her laptop.
The laptop rebooted for some reason (maybe she said OK to install updates?), and she lost the contents of Guest. Which means she lost everything.
Vendors like Apple need to be prepared for all sorts of data loss scenarios. Ordinary users simply don't think about computers the same way as engineers do.
Regardless of the reasoning, if you have this ability, you can and will be compelled to give up that information. Therefore, it is best to not have that information or STFU about being concerned about privacy.
>Reality - there was a period where the icloud backups created backups that apple did not have access to.
If my memory serves me correct iCloud Backup was designed as such since Day 1 ( iOS 5 ) so Apple could help its customer when they loss their phone. Is there any links to suggest Apple changed their Backup access?
I don't think whoknowswhat11's account (that there was a period where backups were encrypted but it was removed because users didn't want it) is accurate.
I dropped my plan to use Cloud Backups when Apple dropped their plan to protect their users.
If you want to know it’s safe, either don’t share it with a third party and hang onto that data yourself. Or alternatively, client-side encrypt it to be sure.
I still remember why I had to use iCloud Backup. It was the safest way to restore my data between iPhone upgrade.
I had seen more than a dozen iTunes Backup corruption where the backup is completely useless. And this problem exist even today. And it seems the chances of happening is higher on Windows PC. iCloud isn't without flaws I have seen three iCloud Backup suggesting it is corrupted. But there is often a backup from previous days as iCloud dont overwrite backup. Given the lower chances of happening I had to use iCloud.
I’ve never once used an iCloud Backup or even local backup between iPhone upgrades. I always set it up as a new phone and don’t migrate any old settings across.
I make the odd encrypted local backup just as a recovery point but my RTO is measured in years TBH.
> Same issue BTW with bitlocker on windows. People DO NOT save those recovery keys, even if they should. Microsoft added a way to force a backup into an account admins and others would have access to, thank goodness, because otherwise users there would be hosed as well.
I know someone that got a drive recovered once and they had no idea what BitLocker is. They were pretty happy to have the key saved in their MS account.
I had this happen to me once on my Surface Go tablet. I had no idea that BitLocker was enabled, whether I did it at initial setup and didn't remember or it was on by default. One day it refused to boot until I entered a key that I had no idea even existed. Fortunately, I was able to log in to my MS account and retrieve the key.
Bitlocker (enterprise setup) is different, you can backup into AD, and also have network unlock (requires a connection to dc that’s wired)
However I agree, I heavily use iMessage, it’s convenient because when I used signal I didn’t get notifications.
However, Apple has had the decryption keys server side for ages, and I believe the reason they don’t have E2EE is purely because users don’t store their backup keys, and kick off when they loose all their life that’s stored in iCloud, and it’s just not worth the hassle to the support team, my family is the same with 1Password, they don’t backup their secret key thing, so I have to either store it or restore their account.
Bitlocker doesn’t help in this regard either, you can bypass the mandatory saving section by using print to PDF to store the recovery file to the encrypted drive, essentially locking a safe with the key inside.
You're conflating the convenience of backing up vs being able to access data even with lost recovery keys.
People are certainly choosing convenience over privacy in that any backup is preferable to no backup.
However, Apple does not give the option to choose E2E or not so users cannot make that choice of privacy vs convenience. You're assuming that people choosing iCloud over not-iCloud means people do not want E2E. It may be the case that people prefer E2E but this is not evidence of it.
Furthermore, I don't believe iCloud backups were ever E2E and that it was a feature that was removed. Apple states which iCloud services are E2E[0] and these services I'd argue are pretty straightforward to setup and not lose. Most of the time you don't need a recovery key, just to be logged in on another device.
Even if it is the case that most users do not want E2E, there's certainly a large audience (outside of just the HN bubble) that do want it. They could make it optional.
"Please don't post insinuations about astroturfing, shilling, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data."
That's essentially a "Switzerland bank" from the movies that keeps a box on your behalf and doesn't ask silly questions. So I wonder if there's an unfilled niche of such "data storage bank" where you give them a blob of data, they store it for you and you trust them not to look inside. This could be also a useful application of those NFTs: an NFT contains a key and by nature of NFTs, the key has one owner at a time and the key is also transferrable.
I'm continually surprised that people can't seem to understand E2EE. For whatever reason they assume it means a message is encrypted forever and unreadable by anyone.
There is zero guarantee from any E2EE system that the data is encrypted at rest by the sender and receiver. In fact in most cases, the data is not encrypted at rest because people want to do silly things like read messages.
The exact same vulnerability exists on every platform that's automatically backing up local data to the cloud. Even if you disable cloud backups you're still stuck if whoever you're messaging has left them enabled.
The only meaningful way around this hole when it comes to messaging apps is row-level encryption on the backing store. This has a lot of problems of its own and potential holes when it comes to indexing and searching.
I get what you're saying... but what's the relevance here? The issue is that what Apple is doing is not E2E encryption, not the public's understanding of a reasonably complicated information science topic.
The relevance is that Apple provides two independent services:
* iMessage, which does use true E2E encryption in transit.
* iCloud backup, which backs up the contents of your device (including your unencrypted at-rest iMessage data), and does NOT support E2E encryption.
Technically if you (and all your friends) use iMessage and don’t use iCloud backup, then it is impossible for Apple to read your messages.
In reality, the alternatives to iCloud backup are too risky and/or cumbersome, so most people use it, with the result that Apple can read your iMessages once they’ve been sent/received and your phone has performed a backup.
> The issue is that what Apple is doing is not E2E encryption
They are providing E2EE with iMessage. E2EE only provides security for data in transit. It ensures that only the endpoints can decrypt the communication. That is it. There's absolutely no promises of encryption at rest on those endpoints.
Not only is Apple actually doing E2EE but the tech press (and apparently HN posters) seem to think E2EE means something that it does not.
You have a misunderstanding of Messages. There's no iCloud "endpoint". A message between users are encrypted with a session key encrypted with the recipient's device public key. The private keys are not stored on Apple's servers. They live only on your device.
When you sign into Messages on a device it generates a key pair and sends the public key to Apple. When you first send someone a message your device gets their list of device public keys. Messages are encrypted with session keys that are encrypted with the public keys. Each recipient device gets a copy of the message and uses its device private key to decrypt the message. The sender and receiver will receive copies on all their signed in devices.
The encryption "hole" with Messages is when the local device database is backed up to iCloud. This is the same hole that exists for any messenger app that has its local database backed up to iCloud. iCloud backups are encrypted at rest on Apple's servers but with keys they can access.
… if you back up your device to iCloud. (Of course, almost everyone does.)
Apple was apparently going to close this loophole, but decided not to. They probably received negative feedback from the three letter acronym agencies.
Or, as discussed there, if the person you're talking to backs up iMessage to iCloud. Both parties need to be willing to forego that convenience, and AFAIK, it can not be done on a per-message basis.
There are limitations there though. E.g. if a broad warrant to reconstruct all your messages were issued, Apple would refuse to honor it, if only due to technical infeasibility. It's one thing to execute a warrant for "data of suspect A" and another thing to execute a warrant for "access the iCloud backups of every single person who has it enabled, decrypt their backed up messages, and return any message that was received from or sent to suspect A".
On the other hand the government could certainly find a specific individual they know you've messaged with, and execute a warrant specifically for their conversations with you.
I believe they have metadata indicating who a person has sent messages to, so they wouldn't need to go through all iCloud backups but indeed a warrant for data for "suspect A" does not include data for all people "suspect A" communicated with.
> You can't trust anything to be e2ee if it's not open source too.
You can't trust anything unless you built it yourself [0]. Just because I tell you that binary is built from the source code does not mean it's not backdoored.
[0] Theoretically, reproducible builds provide the same security, but in the end you need to build it yourself to get the hash, at which point you just replace one `cp` with two `sha256sum`.
> You can't trust anything unless you built it yourself [0].
As "Reflections on trusting trust" (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...) points out, you can't trust anything including if you built it yourself, at least assuming you mean 'build' in the software sense. Even in the hardware sense, it's probably beyond the reach of anyone, let alone any individual actor, to build a modern computing machine from bare metal in a way that involves no trust of a third party.
With open systems and code, you can verify if code is doing the things you expect it to, and if you're paranoid enough, you can choose to build everything from the ground up. If there are enough security conscious people out there for there to be a market for security-focused systems, then companies can come in and offer verified systems and reproducible builds of things those people care about.
With closed systems, the best you can hope for is to treat it like a black box that can and will change out from under you.
99.999% of open source projects rely on Github Actions, Circle CI, Travis CI etc to build their code. Those are all proprietary so unless you are running your own CI/CD stack then you can't trust the code.
And of course every open source project relies on libraries. So you need to make sure this applies equally to them as well.
Yes, I'm pretty sure we're all familiar with "Reflections on Trusting Trust"[1].
Security comes in layers, and with open systems, if you want to, and if you have the resources, you can audit and verify those layers depending on your level of paranoia and your potential adversaries.
You might throw your hands up in the air because security isn't assured and go all in on closed, black box systems, but there is value in open systems when it comes to security.
having a 3p come in and perform a build doesn't ensure there's not an attack targeted at you, though. You have no idea if yours is different unless you add PKI & CT logging to the mix (which wouldn't be horrible).
My point is that with open systems, you have vastly more options depending on how paranoid you are and who your adversary is compared to closed systems.
And of course have to audit the hardware design, and then audit the manufacturing and supply chain for that hardware to ensure someone hasn't substituted hardware with spyware installed.
Trusting a million eyes is acceptable for most people's threat models. I trust (Apple AND a community of people who can tell me the hash of the build) much more than I trust Apple alone.
It's like if you're trying to figure out how a magician does a trick, "he must have a collaborator in the audience" is a reasonable guess. "Everyone in the audience other than me is a collaborator" is usually not.
This is the only real sensible approach.
Even with open source signal, people say they still might be able to see things.
Is there no way to test this?
Loopholes already make E2EE impossible. The "end" of encryption is not the entry point of your device, it's you: the user (more specifically, as close as possible the place where the data is displayed/entered). If there is some additional stage before/after encryption, then it's not end-to-end.
There is always some additional stage after the encryption.
It’s silly not to call it E2E, since e2e just means that no eavesdropper in the middle can intercept it.
If you don’t trust the person who wrote the software you are using, that is a different issue. Just as serious, but it has nothing to do with either it is E2E or not.
If you allow untrusted or undersired stages between the "end" and the user, how do you define "end-to-end" without allowing unencrypted intercontinental links?
iCloud Backup not being encrypted is not new and necessary.
Apple's ads will age fine since they invest far more effort in keeping your data private than every other OEM. Even their CSAM effort which blew up is far better than other companies who are doing server-side scanning.
> they invest far more effort in keeping your data private than every other OEM.
Especially in China...
Apple's privacy claim sounds silly, knowing that they gave up on protecting users data where it truly matters - against the government abuse and focus mostly on the least dangerous threat (if threat at all) - online advertising.
Apple operates the only legal E2E encrypted messaging system in the country, and I’m sorry but your characterization of online tracking and advertising as harmless is at best an opinion.
If Apple doesn't obey China's laws, they can't operate there. Also, why do you want to force your ideals onto Chinese people? Flip it around. If China forced their ideals on the US, would you find that okay? Is the difference that we're right and they're not? Objectively? Is it that they commit human rights atrocities? The US has done the same, just typically outside of its own borders.
Without reading the post I assume it's talking about iCloud backup (which is on by default) backing up your raw messages with just an Apple encryption key? That's well documented and makes sense as a default functionality - average users would be too prone to losing their data if data weren't backed up without E2EE.
Ah right. Caveat though that that applies if Messages is set to use iCloud. In that case iCloud backup backs up the decryption key to ensure you don't inadvertently lose access to the messages because they're end to end encrypted.
If Messages is not toggled in iCloud, then as long as iCloud backup is toggled, it will directly back up the raw messages - encrypting with an Apple stored key just as for any other non end to end encrypted data.
Yes. iCloud backups are the easiest way to get the messages in clear text.
But honestly you don’t need it. Even though iMessage is end to end encrypted, Apple mediates the key exchange. It’d be trivial for them to do a man in the middle attack by saying the other guy has a new key.
Doesn't Apple simply happen to be both the chat provider and backup provider, so Apple-A does the E2E encryption and Apple-B sees your backup because you sort of want that?
And people worrying about the other end of the chat... come on, you talked to them in the first place. They can forward anything, even if it's via Signal.
The entire story is just hilarious and memeable. Users want backup; Apple open up the gate. Users want E2E; Apple shut up the gate. Users want iCloud recovery; Apple partially open the gate.
Unless you know something about the protocol that I don't (quite possible), it's not silent: all you devices get "new device registered to iMessage" dialog box.
Since Apple operates the key service and there is no key transparency mechanism, they could certainly do it (technically) with only a server side change.
I find this acceptable. My threat model includes pickpockets and nosy siblings. It doesn't include nation states and highly sophisticated attacks.
If the government wants to look at my data, and has gone through the proper channels to do so, I believe that, generally, that system will protect me from a consequential privacy intrusion. It's not a perfect system, but I believe the benefits of the power of subpoena are worth the costs, so I'm happy to participate in it.
> It doesn't include nation states and highly sophisticated attacks.
Do you really believe that only nation states can get into Apple's machines? I'd agree that Apple is pretty far up there in security reputation, but if there was a headline tomorrow of "iMessage Backups of 2 Million Users For Sale On Tor" would it really surprise you?
I don't even trust _myself_. I self-host my family's Matrix server, and we still encrypt all our conversations.
Would it surprise me? Yes, it would surprise me substantially and force me to revise my beliefs around the security of my data at Apple.
Hacking isn't a magic wand, where bad guys cast spells and good guys just look foolish. I've worked in cybersecurity for ~10 years, and I know generally what the reputations are of various large tech companies. Apple has a good reputation for protecting properly secured data.
It is currently, based on the information we have available to us, paranoid to think your data isn't secure from hackers when it's stored properly in Apple's infrastructure. Your behavior is, by a gigantic margin, more likely to cause a compromise of your secure data than Apple is to cause a compromise of your secure data.
I’ve always disabled cloud backups. They don’t really serve much purpose anyway since it’s just settings and to me settings are less valuable than content. I can easily set my device up again from scratch - in fact I like to do that every now and then to get new defaults or see how UX has changed.
If you connect your device locally you can, just using Finder, make an encrypted local backup which IMHO is much better.
Even if Apple did say Cloud Backups were encrypted you’d have to take it at face value anyway. Always be in charge of your own data, and secure and back it up yourself.
Yet another reason to disable iCloud, if you’re privacy conscious.
Although you’re relying on your recipient disabling it too. So really you have to use something else. Signal, etc.
With that said, I still think an iPhone with iCloud disabled is better than other phones on the market privacy-wise. And for the average consumer, iPhones offer a good tradeoff between privacy and usability.
Patiently awaiting the obligatory HN 'iPhone considered harmful' thread at this point with complementary link to a medium article. Seriously though after the San Bernardino shooter fiasco and the ongoing us government regulation demands it was basically all but guaranteed apple would pull all the stops to get Sam off their back.
This post is wrong. iCloud Backup is the only setting that matters. Whether you enable iCloud Messages or not has no baring on whether Apple can read your messages. With iCloud Message sync, Apple doesn’t store a decryption key on their servers.
If they can do this, surely this evaporates any security-related rationale for not providing a web-accessible version of iMessages.
If they just added that, it would be so incredibly useful. I'm sure they won't though, because that might mean that people could access iMessages from non-Apple hardware (the HORROR).
This preoccupation with Apple maintaining your privacy from themselves is ridiculous. They commit to protecting your privacy from others and are clear on what they have access to themselves.
If you want true E2E encryption and encryption at rest, then build your own infrastructure.
Edward Snowden's article earlier this week posited that some 80% of iPhone users leave auto-sync on for iCloud, meaning that there's about a 20% chance that the next thing you send over iMessage isn't encrypted.
Why is guesswork like that acceptable in a privacy tool? Furthermore, who actually believed that Apple couldn't read their messages? 'End-to-end' means very little when both ends are Apple-controlled.
It’s pretty simple. iMessage is relatively secure and most criminals, nation states etc, won’t be able to access your messages unless they have a legal means to do so.
If you need protection from a nation state that can force Apple to divulge content, such as the US, use something else such as signal.
It's included in iCloud backups, just not toggled to use end to end encrypted iCloud sync (in which case iCloud backups would back up the decryption key).
Reality - there was a period where the icloud backups created backups that apple did not have access to. Critically, this mean that if you had any of a wide variety of things happen - unless you were very good about key management - your content was lost for good. ALL your photos (which could be heartbreaking) etc.
It turns out this is NOT what people want. They want apple to have access to their content, so when they have a device stolen and don't have a super long recovery key properly saved, they are not hosed.
Same issue BTW with bitlocker on windows. People DO NOT save those recovery keys, even if they should. Microsoft added a way to force a backup into an account admins and others would have access to, thank goodness, because otherwise users there would be hosed as well.