| ▲ | jcalvinowens 3 hours ago |
| > Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order. Nope. For this threat model, E2E is a complete joke when both E's are controlled by the third party. Apple could be compelled by the government to insert code in the client to upload your decrypted data to another endpoint they control, and you'd never know. |
|
| ▲ | dcrazy 2 hours ago | parent | next [-] |
| That was tested in the San Bernardino shooter case. Apple stood up and the FBI backed down. |
| |
|
| ▲ | ezfe an hour ago | parent | prev [-] |
| Yeah and Microsoft could insert code to upload the bitlocker keys. What's your point? Even linux could do that if they were compelled to. |
| |
| ▲ | jcalvinowens an hour ago | parent [-] | | > Even linux could do that if they were compelled to. An open source project absolutely cannot do that without your consent if you build your client from the source. That's my point. | | |
| ▲ | ezfe 23 minutes ago | parent [-] | | Wait I'm sorry do you build linux from source and review all code changes? | | |
| ▲ | jcalvinowens 11 minutes ago | parent [-] | | You missed the important part: > For this threat model We're talking about a hypothetical scenario where a state actor getting the information encrypted by the E2E encryption puts your life or freedom in danger. If that's you, yes, you absolutely shouldn't trust US corporations, and you should absolutely be auditing the source code. I seriously doubt that's you though, and it's certainly not me. |
|
|
|
