Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
j45 6 hours ago

This make little to no sense.

This is being reported on because it seems newsworthy and a departure from the norm.

Apple also categorically says they refuse such requests.

It's a private device. With private data. Device and data owned by the owner.

Using sleight of hand and words to coax a password into a shared cloud and beyond just seems to indicate the cloud is someone else's computer, and you are putting the keys to your world and your data insecurely in someone else's computer.

Should windows users assume their computer is now a hostile and hacked device, or one that can be easily hacked and backdoored without their knowledge to their data?

cornholio 4 hours ago | parent | next [-]

The Bernardino incident is a very different issue where Apple refused to use its own private key to sign a tool that would have unlocked any iPhone. There is absolutely no comparison between Apple's and MS conduct here because the architectures of the respective systems are so different (but of course, that's a choice each company made).

Should Apple find itself with a comparable decryption key in its possession, it would have little options but to comply and hand it over.

blackcatsec 5 hours ago | parent | prev [-]

Firstly, Apple does not refuse such requests. In fact, it was very widely publicized in the past couple of weeks that Apple has removed Advanced Data Protection for users in the UK. So while US users still enjoy Advanced Data Protection from Apple, UK users do not.

It is entirely possible that Apple's Advanced Data Protection feature is removed legally by the US as well, if the regime decides they want to target it. I suspect there are either two reasons why they do not: Either the US has an additional agreement with Apple behind the scenes somewhere, OR the US regime has not yet felt that this was an important enough thing to go after.

There is precedent in the removal, Apple has shown they'll do the removal if asked/forced. What makes you think they wouldn't do the same thing in the US if Trump threatened to ban iPhone shipments from China until Apple complied?

The options for people to manage this stuff themselves are extremely painful for the average user for many reasons laid out in this thread. But the same goes for things like PGP keys. Managing PGP keys, uploading to key servers, using specialized mail clients, plugging in and unplugging the physical key, managing key rotation, key escrow, and key revocation. And understanding the deep logic behind it actually requires a person with technical expertise in this particular solution to guide people. It's far beyond what the average end user is ever going to do.

ViktorRay 5 hours ago | parent [-]

You seem to be forgetting the time the Obama administration asked Apple to unlock a suspect’s iPhone and Apple refused.

blackcatsec 3 hours ago | parent [-]

That was before Tim Cook presented Donald Trump with a gold and glass plaque along with a Mac Pro.

We live in far different times these days. I have no doubt in my mind that Apple is complying 100% with every LE request coming their way (not only because of the above gesture, but because it's actually the law)

ViktorRay 2 hours ago | parent [-]

Apple’s lawyers were able to resist the Obama administration’s pressure.

American presidents are not dictators. The system has checks and balances and the courts decide. It doesn’t matter who the president is.