I don't like how this article pitches it as "if we yell about Zoom, we should yell about Apple!" It's not just those two. Most cloud companies don't offer end to end encryption. On a recent...
I don't like how this article pitches it as "if we yell about Zoom, we should yell about Apple!" It's not just those two. Most cloud companies don't offer end to end encryption.
On a recent episode of the podcast Upgrade, Jason Snell raised a good point about why Apple is hesitant to enable end to end encryption: if a user forgets their password and loses access to their account, their data is lost forever.
Imagine the Apple Genius having to explain to some poor old guy that all of the photos of his children and grandchildren are lost forever because he can't get back into his account.
In that situation, if things were E2E encrypted, then Apple would have no way of recovering that data. The way things are now, Apple can still access the data.
This could apply to any number of cloud companies.
These products are offered on a massive scale and have to cater to not just the technologically literate people like us, but also to those who know absolutely zero about technology and only have a smartphone because their kids bought them one for Christmas.
Yeah, I think the main issue here is that for transient data, such as instant-messaging or video chats—data that we don’t expect to go back and reference later—E2EE makes total sense. For data...
Yeah, I think the main issue here is that for transient data, such as instant-messaging or video chats—data that we don’t expect to go back and reference later—E2EE makes total sense.
For data that you store and need to be able to recover later, E2EE with a 3rd party storing the data without having the key is a recipe for data loss. If you are concerned about the security of your data, don’t upload it to Apple via iCloud services—make your own local backups where you hold the encryption keys (Apple lets you do this with Time Machine for macOS and FileVault, and local iOS backups to a Mac).
I think the problem is that some of that “transient data” is what people consider the most important. Imagine losing 10 years of messages between you and your friends. That would suck for most people.
I think the problem is that some of that “transient data” is what people consider the most important. Imagine losing 10 years of messages between you and your friends. That would suck for most people.
I can speak to this one on particular: my elderly mother refused to upgrade to a phone that still got security updates until I made sure she wouldn't lose the texts between her and a friend that...
I can speak to this one on particular: my elderly mother refused to upgrade to a phone that still got security updates until I made sure she wouldn't lose the texts between her and a friend that had passed away.
Well, yeah if you backup your iMessage history with Apple, it’s no longer transient. AFAIK, there’s really no benefit of having your messages be E2EE if you back them up with Apple, because once...
Well, yeah if you backup your iMessage history with Apple, it’s no longer transient. AFAIK, there’s really no benefit of having your messages be E2EE if you back them up with Apple, because once you store it in iCloud, it’s no longer encrypted with your key, it’s encrypted with Apple’s key.
Not so much it's encrypted with Apple's key, but rather your key to decipher the E2E encryption for iMessages in iCloud is included in your iCloud backup, and therefore, Apple can access it. As of...
Not so much it's encrypted with Apple's key, but rather your key to decipher the E2E encryption for iMessages in iCloud is included in your iCloud backup, and therefore, Apple can access it. As of 10.15 Catalina, you need to go into Finder, and ensure "Back up all of the data on your iPhone to this Mac" is checked to ensure Apple doesn't have your decryption key.
Of course, even if you choose this option, your messages are still readable on the recipients' end unless they have likewise enabled local backups only and ensured they're encrypted too. Everyone needs to play ball for this to work.
I'd like to see Apple provide general iCloud e2e encryption, but it should be optional and disabled by default—there's far too much risk for Joe Bloggs to irreparably lose their ability to authenticate and lose access to potentially a lifetime of documents, data, and photos. It needs to be behind an "I know what I'm doing" screen.
If it's hidden behind an "I know what I'm doing screen," doesn't that immediately slam us into the first problem, that everyone needs to play ball for it to work?
If it's hidden behind an "I know what I'm doing screen," doesn't that immediately slam us into the first problem, that everyone needs to play ball for it to work?
Not quite—that only applies to iMessages in iCloud because messaging is fundamentally a process where more than one person is involved. If you're just storing your own photos and documents, then...
Not quite—that only applies to iMessages in iCloud because messaging is fundamentally a process where more than one person is involved. If you're just storing your own photos and documents, then (usually) only you have access to them[1].
iMessages in iCloud already offers end to end encryption. I'm asking for it to be extended to all other forms of media that iCloud hosts.
[1]: Of course, everyone has the 0.1% of photos they've shared via iCloud Photo sharing or a document they've enabled collaboration on, so those files would require everyone to play ball, yeah.
Your backups could easily be stored in a way where only you have the keys and Apple can’t access the data inside, even if it’s on their servers. But that’s why you run into the problem I mentioned...
Your backups could easily be stored in a way where only you have the keys and Apple can’t access the data inside, even if it’s on their servers.
But that’s why you run into the problem I mentioned above of people losing access and all their data.
I'm thinking more like the Android or Apple Messages apps. Those just have your transcripts forever and you can easily scroll back up to see past conversations, you don't really have to "find" them.
I'm thinking more like the Android or Apple Messages apps. Those just have your transcripts forever and you can easily scroll back up to see past conversations, you don't really have to "find" them.
It’s not exactly easy to scroll back though. I doubt anyone goes back more than a day or so for transcripts like those. Even the search doesn’t work that well.
It’s not exactly easy to scroll back though. I doubt anyone goes back more than a day or so for transcripts like those. Even the search doesn’t work that well.
It is though. You literally just scroll back and your messages are all there. I'd guess a lot of people do that, either to find an address or something that was sent a few weeks ago.
It is though. You literally just scroll back and your messages are all there.
I'd guess a lot of people do that, either to find an address or something that was sent a few weeks ago.
Sort of. You scroll back until you go further than what’s cached. Then wait a while for it to pull another chunk. Then scroll further, wait. Scroll further, wait. And it doesn’t seem to really...
Sort of. You scroll back until you go further than what’s cached. Then wait a while for it to pull another chunk. Then scroll further, wait. Scroll further, wait. And it doesn’t seem to really index anything outside what’s loaded in the cache for search either.
I'm curios to how many people would actually use the ability to read back 10 years of messaging. I get the sentiment and understand it but I wonder how important it really is in reality. Of course...
I'm curios to how many people would actually use the ability to read back 10 years of messaging. I get the sentiment and understand it but I wonder how important it really is in reality. Of course suddenly losing a loved one would mean that their messages would be more important and maybe play a part in a grieving process and other similar situations could be argued but I think that in our day an age with the amount of information thrown at us it might not be the worst idea to reboot your life once in while.
I don’t think people are going back 10 years, but I could see someone going back a few months to find a friend’s address or a photo of your pet or children that you want to share again....
I don’t think people are going back 10 years, but I could see someone going back a few months to find a friend’s address or a photo of your pet or children that you want to share again.
Personally, I have maybe 5 years of messages between my wife and I that I’d be sad if I lost, since they cover our relationship from the very beginning.
It just seems like if we didn't have that opportunity or lost it we'll find another way to store and retrieve information fairly easy. I had all the texts between me and my wife from the day we...
It just seems like if we didn't have that opportunity or lost it we'll find another way to store and retrieve information fairly easy. I had all the texts between me and my wife from the day we met but lost it a long the way and while I was sad when it happened it doesn't really affect me now when I think about it. I think we like the idea but in reality we wouldn't miss it that much.
I know a surprising number of people who use WhatsApp chat history search for a years-old messages. They just don’t think about saving certain bits of info elsewhere. Even when migrating phones,...
I know a surprising number of people who use WhatsApp chat history search for a years-old messages. They just don’t think about saving certain bits of info elsewhere. Even when migrating phones, they’ll make sure to include the chat logs in the process.
This comes as no surprise. My friends wholehearted believe that Apple's products are inheritly more secure, simply because they dictate the ecosystem from top to bottom. I counter with the open vs...
This comes as no surprise. My friends wholehearted believe that Apple's products are inheritly more secure, simply because they dictate the ecosystem from top to bottom.
I counter with the open vs closed source security debate (which I won't get into here, but I am firmly in the 'open' camp), and follow with:
I fundementally trust Apple even less than Google, for some odd reasons. Apple gets your data incidentally as part of their regular operations, and thus don't have any reason to protect it beyond not getting sued...it's an added cost to protect your data.
Google, on the other hand, is intentionally grabbing as much data as they can, but they do have a big motivation to protect that data, as targetting ads with that data is their main profit generator.
If Apple's data on you leaks, it's a bad PR story. If Google's data leaks, they've lost their business model because nobody has to go through Google anymore.
That being said, neither should be trusted because of the police/surveillance state.
Google at least provides me an option to opt-out of their data collection on their hardware, by providing me an unlocked bootloader and ability to flash my own OS.
So given the choice between Apple and Google for phone hardware, I'm choosing Google every time.
That logic is flawed, as Apple's marketing for privacy, so data leaks hit them as hard as Google. One could also argue it's easier to find alternatives for Apple products than for Google's.
Google, on the other hand, is intentionally grabbing as much data as they can, but they do have a big motivation to protect that data, as targetting ads with that data is their main profit generator.
If Apple's data on you leaks, it's a bad PR story. If Google's data leaks, they've lost their business model because nobody has to go through Google anymore.
That logic is flawed, as Apple's marketing for privacy, so data leaks hit them as hard as Google. One could also argue it's easier to find alternatives for Apple products than for Google's.
Additionally, no one is going to be using leaked Google data as their business model—and Google knows that. It's not sustainable to run a company on a one time leak of probably meaningless...
Additionally, no one is going to be using leaked Google data as their business model—and Google knows that. It's not sustainable to run a company on a one time leak of probably meaningless information, which makes the risk the same for both companies: bad PR if there's a breach.
The difference is at the point of ingestion. Apple wants less data, because it knows data is a liability. Google wants more data, because that's how it generates the majority of its profit. How anyone can make an argument otherwise is ridiculous.
Case in point: I advise all of you to monitor how much data the Google Maps Web Client sends back to Google versus Apple Maps JS. If you run a business, and care about your customer's privacy, it's unfathomable to choose Google Maps as a mapping provider.
Apple has little incentive to gather your data the way Google does. Their primary revenue stream is selling you expensive pieces of hardware, not selling ads driven by your data. Their own...
Apple has little incentive to gather your data the way Google does. Their primary revenue stream is selling you expensive pieces of hardware, not selling ads driven by your data. Their own messaging platform, iMessage, uses e2e encryption by default, which you can't say about any of Google's various messaging platforms. Since they don't run any kind of ad network, invading user privacy the way Facebook and Google do little more for the company than tarnish their reputation as a "premium" user-centric alternative to Android and Windows. When they did run their own ad network, it failed to attract customers because it lacked the in depth user-data driven features of its competitors.
Also, contrary to popular belief, most of Google's products are not very open source. The version of Chrome most people use has lots of proprietary bits added in, almost none of their services (search, Gmail, Hangouts, etc.) are open source, and AOSP bears little resemblance to the Android most people are familiar with without Play Services and other Google-specific Android components. Manufacturer-specific components are even more of a black box. They probably don't contribute much more to open source than Apple. Safari iOS, and macOS are also reliant on open source projects Apple maintains (like WebKit, XNU, and Darwin).
Google, on the other hand, is intentionally grabbing as much data as they can, but they do have a big motivation to protect that data, as targetting ads with that data is their main profit generator.
My issue with Google's stance on privacy isn't that someone other than Google might get their hands on my data. Google is already doing bad things with my data, by using it to drive ads. That is literally how they make their money, and I'm not OK with it. Their primary customer base is people who want something, like messaging or email, for free*, so they have to find whatever other means they can to make money off those users. I will opt for a paid alternative whenever I feasibly can, because I want to make sure I'm the customer.
I'm skeptical of this kind of reasoning. Incentives may be simple or complicated but either way, they are blunt instruments. Rule-based incentives especially are stupid compared to people. It's...
I'm skeptical of this kind of reasoning. Incentives may be simple or complicated but either way, they are blunt instruments. Rule-based incentives especially are stupid compared to people. It's not that easy to control people using incentives, except on a statistical basis. To put it crudely, if someone can be bought, someone else can buy them out for a higher price, and this leads to instability.
Sometimes the best you can do is arrange it so that people are reasonably secure and aren't being punished for doing the right thing, and then rely on leadership.
And when it comes to companies like Google and Apple, they have many different constituencies to satisfy and sometimes it seems like everyone is out to get them, so it's hard to tell from the wide variety of positive and negative incentives what they're going to do.
I don't like how this article pitches it as "if we yell about Zoom, we should yell about Apple!" It's not just those two. Most cloud companies don't offer end to end encryption.
On a recent episode of the podcast Upgrade, Jason Snell raised a good point about why Apple is hesitant to enable end to end encryption: if a user forgets their password and loses access to their account, their data is lost forever.
Imagine the Apple Genius having to explain to some poor old guy that all of the photos of his children and grandchildren are lost forever because he can't get back into his account.
In that situation, if things were E2E encrypted, then Apple would have no way of recovering that data. The way things are now, Apple can still access the data.
This could apply to any number of cloud companies.
These products are offered on a massive scale and have to cater to not just the technologically literate people like us, but also to those who know absolutely zero about technology and only have a smartphone because their kids bought them one for Christmas.
Yeah, I think the main issue here is that for transient data, such as instant-messaging or video chats—data that we don’t expect to go back and reference later—E2EE makes total sense.
For data that you store and need to be able to recover later, E2EE with a 3rd party storing the data without having the key is a recipe for data loss. If you are concerned about the security of your data, don’t upload it to Apple via iCloud services—make your own local backups where you hold the encryption keys (Apple lets you do this with Time Machine for macOS and FileVault, and local iOS backups to a Mac).
I think the problem is that some of that “transient data” is what people consider the most important. Imagine losing 10 years of messages between you and your friends. That would suck for most people.
I can speak to this one on particular: my elderly mother refused to upgrade to a phone that still got security updates until I made sure she wouldn't lose the texts between her and a friend that had passed away.
Well, yeah if you backup your iMessage history with Apple, it’s no longer transient. AFAIK, there’s really no benefit of having your messages be E2EE if you back them up with Apple, because once you store it in iCloud, it’s no longer encrypted with your key, it’s encrypted with Apple’s key.
Not so much it's encrypted with Apple's key, but rather your key to decipher the E2E encryption for iMessages in iCloud is included in your iCloud backup, and therefore, Apple can access it. As of 10.15 Catalina, you need to go into Finder, and ensure "Back up all of the data on your iPhone to this Mac" is checked to ensure Apple doesn't have your decryption key.
Of course, even if you choose this option, your messages are still readable on the recipients' end unless they have likewise enabled local backups only and ensured they're encrypted too. Everyone needs to play ball for this to work.
I'd like to see Apple provide general iCloud e2e encryption, but it should be optional and disabled by default—there's far too much risk for Joe Bloggs to irreparably lose their ability to authenticate and lose access to potentially a lifetime of documents, data, and photos. It needs to be behind an "I know what I'm doing" screen.
If it's hidden behind an "I know what I'm doing screen," doesn't that immediately slam us into the first problem, that everyone needs to play ball for it to work?
Not quite—that only applies to iMessages in iCloud because messaging is fundamentally a process where more than one person is involved. If you're just storing your own photos and documents, then (usually) only you have access to them[1].
iMessages in iCloud already offers end to end encryption. I'm asking for it to be extended to all other forms of media that iCloud hosts.
[1]: Of course, everyone has the 0.1% of photos they've shared via iCloud Photo sharing or a document they've enabled collaboration on, so those files would require everyone to play ball, yeah.
Your backups could easily be stored in a way where only you have the keys and Apple can’t access the data inside, even if it’s on their servers.
But that’s why you run into the problem I mentioned above of people losing access and all their data.
Most of my friends wouldn’t know how to find their chat records if they wanted to.
I'm thinking more like the Android or Apple Messages apps. Those just have your transcripts forever and you can easily scroll back up to see past conversations, you don't really have to "find" them.
It’s not exactly easy to scroll back though. I doubt anyone goes back more than a day or so for transcripts like those. Even the search doesn’t work that well.
It is though. You literally just scroll back and your messages are all there.
I'd guess a lot of people do that, either to find an address or something that was sent a few weeks ago.
Sort of. You scroll back until you go further than what’s cached. Then wait a while for it to pull another chunk. Then scroll further, wait. Scroll further, wait. And it doesn’t seem to really index anything outside what’s loaded in the cache for search either.
I'm curios to how many people would actually use the ability to read back 10 years of messaging. I get the sentiment and understand it but I wonder how important it really is in reality. Of course suddenly losing a loved one would mean that their messages would be more important and maybe play a part in a grieving process and other similar situations could be argued but I think that in our day an age with the amount of information thrown at us it might not be the worst idea to reboot your life once in while.
I don’t think people are going back 10 years, but I could see someone going back a few months to find a friend’s address or a photo of your pet or children that you want to share again.
Personally, I have maybe 5 years of messages between my wife and I that I’d be sad if I lost, since they cover our relationship from the very beginning.
It just seems like if we didn't have that opportunity or lost it we'll find another way to store and retrieve information fairly easy. I had all the texts between me and my wife from the day we met but lost it a long the way and while I was sad when it happened it doesn't really affect me now when I think about it. I think we like the idea but in reality we wouldn't miss it that much.
I know a surprising number of people who use WhatsApp chat history search for a years-old messages. They just don’t think about saving certain bits of info elsewhere. Even when migrating phones, they’ll make sure to include the chat logs in the process.
Well, that's handy but doesn't seem like at good way to store information anyways in the long run.
Users often don't do the logical thing, but that doesn't stop them from complaining when you fuck it up for them.
I agree and I think that complaining would die down really fast so nothing's really lost.
This comes as no surprise. My friends wholehearted believe that Apple's products are inheritly more secure, simply because they dictate the ecosystem from top to bottom.
I counter with the open vs closed source security debate (which I won't get into here, but I am firmly in the 'open' camp), and follow with:
I fundementally trust Apple even less than Google, for some odd reasons. Apple gets your data incidentally as part of their regular operations, and thus don't have any reason to protect it beyond not getting sued...it's an added cost to protect your data.
Google, on the other hand, is intentionally grabbing as much data as they can, but they do have a big motivation to protect that data, as targetting ads with that data is their main profit generator.
If Apple's data on you leaks, it's a bad PR story. If Google's data leaks, they've lost their business model because nobody has to go through Google anymore.
That being said, neither should be trusted because of the police/surveillance state.
Google at least provides me an option to opt-out of their data collection on their hardware, by providing me an unlocked bootloader and ability to flash my own OS.
So given the choice between Apple and Google for phone hardware, I'm choosing Google every time.
That logic is flawed, as Apple's marketing for privacy, so data leaks hit them as hard as Google. One could also argue it's easier to find alternatives for Apple products than for Google's.
Additionally, no one is going to be using leaked Google data as their business model—and Google knows that. It's not sustainable to run a company on a one time leak of probably meaningless information, which makes the risk the same for both companies: bad PR if there's a breach.
The difference is at the point of ingestion. Apple wants less data, because it knows data is a liability. Google wants more data, because that's how it generates the majority of its profit. How anyone can make an argument otherwise is ridiculous.
Case in point: I advise all of you to monitor how much data the Google Maps Web Client sends back to Google versus Apple Maps JS. If you run a business, and care about your customer's privacy, it's unfathomable to choose Google Maps as a mapping provider.
Apple has little incentive to gather your data the way Google does. Their primary revenue stream is selling you expensive pieces of hardware, not selling ads driven by your data. Their own messaging platform, iMessage, uses e2e encryption by default, which you can't say about any of Google's various messaging platforms. Since they don't run any kind of ad network, invading user privacy the way Facebook and Google do little more for the company than tarnish their reputation as a "premium" user-centric alternative to Android and Windows. When they did run their own ad network, it failed to attract customers because it lacked the in depth user-data driven features of its competitors.
Also, contrary to popular belief, most of Google's products are not very open source. The version of Chrome most people use has lots of proprietary bits added in, almost none of their services (search, Gmail, Hangouts, etc.) are open source, and AOSP bears little resemblance to the Android most people are familiar with without Play Services and other Google-specific Android components. Manufacturer-specific components are even more of a black box. They probably don't contribute much more to open source than Apple. Safari iOS, and macOS are also reliant on open source projects Apple maintains (like WebKit, XNU, and Darwin).
My issue with Google's stance on privacy isn't that someone other than Google might get their hands on my data. Google is already doing bad things with my data, by using it to drive ads. That is literally how they make their money, and I'm not OK with it. Their primary customer base is people who want something, like messaging or email, for free*, so they have to find whatever other means they can to make money off those users. I will opt for a paid alternative whenever I feasibly can, because I want to make sure I'm the customer.
I'm skeptical of this kind of reasoning. Incentives may be simple or complicated but either way, they are blunt instruments. Rule-based incentives especially are stupid compared to people. It's not that easy to control people using incentives, except on a statistical basis. To put it crudely, if someone can be bought, someone else can buy them out for a higher price, and this leads to instability.
Sometimes the best you can do is arrange it so that people are reasonably secure and aren't being punished for doing the right thing, and then rely on leadership.
And when it comes to companies like Google and Apple, they have many different constituencies to satisfy and sometimes it seems like everyone is out to get them, so it's hard to tell from the wide variety of positive and negative incentives what they're going to do.