Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
sneak 2 days ago

It’s not really a secret; it’s by design and it’s public. iCloud is not end to end encrypted by default. Apple and the state can read the on-by-default iCloud Backup which contains your iMessage sync keys and all your historical iMessages and attachments. iCloud Photos, Contacts, and Mail are all similarly not e2ee and trivially readable by Apple, DHS/FBI, and anyone else under FAA702 (aka PRISM, aka the #1 most used US intel source) without a warrant.

https://www.reuters.com/article/world/exclusive-apple-droppe...

Apple processes FAA702 orders on upwards of 80,000 Apple IDs per year per their own annual transparency report.

Snowden himself said that they see so many nudes that they got desensitized to it.

This clever setup allows them to claim iMessage is e2ee while still escrowing keys in effective plaintext to Apple in the iCloud Backup, rendering the e2ee totally ineffective.

I think “backdoor” is probably an appropriate term for it, but they have made no secret whatsoever of it.

It’s terrifying to think that the US federal government can read every iMessage in the entire world across a billion devices (except China, where the CCP can do the same) in effectively realtime. The power that that enables (if only in blackmail ability) is staggering.

staplers 2 days ago | parent [-]

  allows them to claim iMessage is e2ee while still escrowing keys in effective plaintext to Apple in the iCloud Backup
Does this also apply to their advanced data protection feature?
thewebguyd a day ago | parent | next [-]

I don' think so, but, even with advanced data protection on - if you communicate with someone via iMessage, for example, that does not use advanced data protection, and then they use iCloud backup, then it nullifies it essentially. Feds could get your messages via the recipients iCloud backup.

Advanced Data Protection needs to be turned on for both you, and everyone you communicate with if you want the full chain to be E2EE. Your communications are only ever as secure as its recipient.

intrasight a day ago | parent | prev [-]

My read is that it does not apply to ADP.

Also, what regular criminal, let alone terrorist, would leave iCloud backup turned on after all the hacks and leaks over the years. I assume that most in the HN community, like myself, have iCloud backup turned off.

sneak a day ago | parent [-]

Criminals (that get caught, or get put under surveillance) are generally criminals because they are stupid.

I would venture a guess that almost all criminals have iCloud Backup enabled, because that is the default setting.