Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nicce 6 days ago

I wonder how is this different from Apple's approach (Private Cloud Compute).

soulofmischief 6 days ago | parent | next [-]

I believe Apple provides guarantees that data access is impossible under most circumstances, create auditable, cryptographically secure hardware logs and allow for third-party inspection of their facilities to ensure compliance with their own stated design and protocols.

bugsMarathon88 6 days ago | parent [-]

Which independent audit has validated such claims and can attest they are factual?

soulofmischief 6 days ago | parent [-]

https://security.apple.com/blog/private-cloud-compute/

> the system doesn’t even include a general-purpose logging mechanism. Instead, only pre-specified, structured, and audited logs and metrics can leave the node, and multiple independent layers of review help prevent user data from accidentally being exposed through these mechanisms

> We consider allowing security researchers to verify the end-to-end security and privacy guarantees of Private Cloud Compute to be a critical requirement for ongoing public trust in the system

> Private Cloud Compute hardware security starts at manufacturing, where we inventory and perform high-resolution imaging of the components of the PCC node before each server is sealed and its tamper switch is activated. When they arrive in the data center, we perform extensive revalidation before the servers are allowed to be provisioned for PCC. The process involves multiple Apple teams that cross-check data from independent sources, and the process is further monitored by a third-party observer not affiliated with Apple. At the end, a certificate is issued for keys rooted in the Secure Enclave UID for each PCC node. The user’s device will not send data to any PCC nodes if it cannot validate their certificates.

> Every production Private Cloud Compute software image will be published for independent binary inspection — including the OS, applications, and all relevant executables, which researchers can verify against the measurements in the transparency log. Software will be published within 90 days of inclusion in the log, or after relevant software updates are available, whichever is sooner. Once a release has been signed into the log, it cannot be removed without detection

> Additionally, PCC requests go through an OHTTP relay — operated by a third party — which hides the device’s source IP address before the request ever reaches the PCC infrastructure

I'm not saying it's an infallible system. Just relaying what Apple themselves announced.

isodev 5 days ago | parent [-]

That only says that Apple self-certifies as being open for audit and that they don’t get any of this data. Who is keeping an eye on that externally though? For every release?

soulofmischief 5 days ago | parent [-]

I don't know. They posted this about a year ago and some language was intentionally vague ("third-party") presumably because they were still selecting partners. Not everything was implemented at the time. Hopefully we get an update soon about the status of their private datacenter and more information about the auditing process. As it stands now, supposedly a third-party reviews new machine provisioning, and for releases security researchers will be able to cross-check transparency logs and use cryptography to ensure the binary running on the machine is what Apple says it is.

I think it's a pretty advanced and thoughtful approach, but it definitely has its limitations. Hopefully Apple iterates on this over time.

Between you and me, though, it's hard to tell if Apple's ostensible commitment to privacy is just theatre due to the locked down and user-hostile nature of their operating systems.

PeterStuer 5 days ago | parent | prev | next [-]

Apple is still a US company and must adhere to US intelligence covert data access regulations.

theshrike79 5 days ago | parent [-]

But you can't give what you don't have access to.

The Apple private could is specifically built so that if it's tampered with it stops working.

isodev 5 days ago | parent | next [-]

The rest of iCloud is quite open by default though. It’s a lot simpler to just get the data from there than to try to access the private cloud context used by Apple’s models.

PeterStuer 5 days ago | parent | prev [-]

That is not how that type of regulation works. Try to run a covert communication service. FAFO, big time!

herbst 4 days ago | parent | prev | next [-]

Apple just cosplays privacy while proton at least thinks they care

ignoramous 6 days ago | parent | prev [-]

No where close to Apple [0]. In comparison, Proton's mostly going "trust me bro".

[0] https://xeiaso.net/blog/2025/squandered-holy-grail / https://archive.vn/sveXf