Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ysnp 12 hours ago

Could you elaborate a bit on why you've judged it as privacy theatre? I'm skeptical but uninformed, and I believe Mullvad are taking a similar approach.

greentea23 12 hours ago | parent | next [-]

Mullvad is nothing like Apple. For apple devices: - need real email and real phone number to even boot the device - cannot disable telemetry - app store apps only, even though many key privacy preserving apps are not available - /etc/hosts are not your own, DNS control in general is extremely weak - VPN apps on idevices have artificial holes - can't change push notification provider - can only use webkit for browsers, which lacks many important privacy preserving capabilities - need to use an app you don't trust but want to sandbox it from your real information? Too bad, no way to do so. - the source code is closed so Apple can claim X but do Y, you have no proof that you are secure or private - without control of your OS you are subject to Apple complying with the government and pushing updates to serve them not you, which they are happy to do to make a buck

Mullvad requires nothing but an envelope with cash in it and a hash code and stores nothing. Apple owns you.

Melatonic 10 hours ago | parent | next [-]

Agreed on most points but you can setup a pretty solid device wide DNS provider using configuration profiles. Similar to how iOS can be enrolled in work corporate MDM - but under your control.

Works great for me with NextDNS.

Orion browser - while also based on WebKit - is also awesome and has great built in Adblock and supposedly privacy respecting ideals.

greentea23 8 hours ago | parent [-]

Apple has records that you are installing that, probably putting you on a list.

And it works until it's made illegal in your country and removed from the app store. You have no guarantees that anything that works today will work tomorrow with Apple.

Apple is setting us up to be under a dictator's thumb one conversion at a time.

MrDarcy 11 hours ago | parent | prev | next [-]

This comment confuses privacy with anonymity.

asadotzler 7 hours ago | parent | next [-]

Anonymity is a critical aspect of privacy. If you cannot prevent your name being associated with your data, you do not have real privacy.

whilenot-dev 10 hours ago | parent | prev | next [-]

Anonymity is an inherent measure to preserve ones individual privacy. What value did you intent to add with your remark?

greentea23 8 hours ago | parent | prev [-]

Not for all points. And not being anonymous means your identity is not private...

apparent 8 hours ago | parent | prev [-]

You do not need an email address to set up an iPhone, and you do not need an email address or phone number to set up an iPad/Mac.

If you want to use the App Store on these devices, you do need to have an email address.

natch 11 hours ago | parent | prev | next [-]

They transitioned from “nobody can read your data, not even Apple” to “Apple cannot read your data.” Think about what that change means. And even that is not always true.

They also were deceptive about iCloud encryption where they claimed that nobody but you can read your iCloud data. But then it came out after all their fanfare that if you do iCloud backups Apple CAN read your data. But they aren’t in a hurry to retract the lie they promoted.

Also if someone in another country messages you, if that country’s laws require that Apple provide the name, email, phone number, and content of the local users, guess what. Since they messaged you, now not only their name and information, but also your name and private information and message content is shared with that country’s government as well. By Apple. Do they tell you? No. Even if your own country respects privacy. Does Apple have a help article explaining this? No.

threatofrain 10 hours ago | parent | next [-]

If you want to turn on full end-to-end encryption you can, if you want to share your pubkey so that people can't fake your identity on iMessage you can, and there's still a higher tier of security than that presumably for journalists and important people.

It's something a smart niece or nephew could handle in terms of managing risk, but the implications could mean getting locked out of your device which you might've been using as the doorway to everything, and Apple cannot help you.

dpoloncsak 10 hours ago | parent | prev | next [-]

>Also if someone in another country messages you, if that country’s laws require that Apple provide the name

I don't mean to sound like an Apple fanboy, but is this true just for SMS or iMessage as well? It's my understanding that for SMS, Apple is at the mercy of governments and service providers, while iMessage gives them some wiggle room.

Ancedotal, but when my messages were subpoenaed, it was only the SMS messages. US citizen fwiw

richwater 8 hours ago | parent | prev | next [-]

You people will never be happy until the only messaging that exists is in a dusty basement and Richard Stallman is sleeping on a dirty futon.

classicsc 9 hours ago | parent | prev [-]

[dead]

drnick1 12 hours ago | parent | prev | next [-]

Because Apple makes privacy claims all the time, but all their software is closed source and it is very hard or impossible to verify any of their claims. Even if messages sent between iPhones are E2EE encrypted for example, the client apps and the operating system may be backdoored (and likely are).

https://en.wikipedia.org/wiki/PRISM

tempodox 12 hours ago | parent | prev [-]

The gov’t can force them to reveal any user’s data and slap them with a gag order so no one will ever know this happened.

MontyCarloHall 12 hours ago | parent [-]

All user data is E2E encrypted, so the government literally cannot force this. This has been the source of numerous disputes [0, 1] that either result in the device itself being cracked [0] (due to weak passwords or vulnerabilities in device-level protection) or governments attempting to ban E2E encryption altogether [1].

[0] https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...

[1] https://en.wikipedia.org/wiki/Crypto_Wars

mmh0000 12 hours ago | parent | next [-]

Maybe E2E, but the data eventually has to be decrypted to read it.

Then you learn that every modern CPU has a built-in backdoor, a dedicated processor core, running a closed-source operating system, with direct access to the entire system RAM, and network access. [a][b][c][d].

You can not trust any modern hardware.

https://en.wikipedia.org/wiki/Intel_Management_Engine

https://en.wikipedia.org/wiki/AMD_Platform_Security_Processo...

https://en.wikipedia.org/wiki/ARM_architecture_family#Securi...

https://en.wikipedia.org/wiki/Security_and_privacy_of_iOS

dmitrygr 5 hours ago | parent [-]

Some of those things are not like the others. TrustZone is not a dedicated core. It is a mode of the CPU, akin to x86's SMM

greentea23 12 hours ago | parent | prev | next [-]

What you cited is for data on a device that was turned off. Not daily internet connected usage. No one is saying you have no protection at all with Apple, it is just very limited compared to what it should be by modern security best practices, and much worse than what can be achieved on android and linux.

nozzlegear 7 hours ago | parent [-]

> much worse than what can be achieved on android and linux.

* Certain types of Android

natch 11 hours ago | parent | prev [-]

E2E encrypted is nothing if key escrow is happening.

Why did they change their wording from:

Nobody can read your data, not even Apple

to:

Apple cannot read your data.

You know why.

ajam1507 7 hours ago | parent | next [-]

When did they change their wording?

nozzlegear 7 hours ago | parent | prev [-]

If they didn't want you to think key escrow might be possible, why wouldn't they just leave the wording the way it was? Why go through the effort and thereby draw attention to it? The court system doesn't use sovcit rules where playful interpretation of wording can get a trillion dollar corporation out of a lawsuit or whatever.