The thing is that whether absolute secrecy is a good thing or not depends on the circumstances. It is all relative. During the WW2 there were many resistance movements working against the Germans. From our pov absolute secrecy would have been fantastic. The Germans in turn were famously trying to communicate in secrecy to orchestrate their u-boat attacks. Turing famously cracked the code and we are all grateful. Do I want 'the government' to be able to access any communication it pleases? Absolutely not, I don't trust any government not to abuse its powers. Do I wan't terrorist groups (that is also a relative term, of course) to be able to communicate with 100% assurance they will not be listened in on? I don't think so.
While I agree with your point in theory, I think secure communication -- which cannot be intercepted by government agencies -- is absolutely critical to the long-term future of free societies. While it is comforting to think that the NSA/DHS/DIA can break encryption and intercept terrorist communications, there will always be the danger that they abuse this unique power under the guise of "security". While the NSA doesn't care about your dirty text messages sent to your boyfriend, the same technology can be used to intimidate/blackmail/locate political and corporate whistleblowers, political rivals, and anyone else the current government in power deems as a "threat". With the advent of public security cameras, facial recognition, cellphone tracking, and now the NSA communications dragnet, is it really unrealistic to expect a future, (even more) corrupt government (say, 25 years from now) from abusing this technology and consolidating their power?
1. Thank you for architecting a secure system that so far has not been broken government agencies and security organizations. Many people are trying and will celebrate if it is ever broken.
2. Thank you for attempting to protect the privacy of your customers. There are not many companies actually adhering to the statement they do not want to know what their customers are texting.
3. More than ever many eyes in this world are focused on you to see you falter in your efforts. Every security technology you deploy in your iDevices will be scrutinized for flaws. If no flaws are found in the technology, it will be reported that you are the flaw.
4. Remain focused on surprising, delighting and strengthening customer loyalty with great products that are envied by your competitors.
I probably trust Apple more than most, but I don't trust any of them much given recent revelations. The mainstream internet seems to be little more than a surveillance tool of the US intelligence and military apparatus. I don't have anything particularly to hide, so little to fear, but that doesn't mean I trust it.
Please tell me, why does trusting Google less mean that Apple should get a free pass?
I probably trust Apple more than most, but I don't trust any of them much given recent revelations. The mainstream internet seems to be little more than a surveillance tool of the US intelligence and military apparatus. I don't have anything particularly to hide, so little to fear, but that doesn't mean I trust it.
Please tell me, why does trusting Google less mean that Apple should get a free pass?
In the recent past all internet traffic pass through one of 5 Service providers in the US. No matter if your data was going to someone down the street or not, it was routed through those main points and if someone want to see and collect all that in formation they just have to be connect to those 5 points and they can capture, copy and redirect those packets to anywhere they like. Just like the phone system in this country the government has access and listen in on any call they want using the network.
Talk to any network administrator and ask them if they physically need to be near a piece of network equipment in order to work on and ask them if they can see what kind of traffic is going through the equipment and whether they can redirect that traffic. It was not done to so someone can spy on you, it was done so engineer can easy diagnose and fix problem, it has a sign benefit that is allow for snooping if someone wants to do that.
How do you think the NSA, FBI and CIA all can monitor what emails a target of interest is getting, it simple be connected to one of those main connection point and know the IP and MAC address of your intended target. I am not sure if there is only 5 points today or if that has expanded to include more central points. People act like it a hard thing to do, it is not.
This. I think anyone who assumes the government can't crack Apple's encryption is on the losing side. If I were the DEA I'd leak internal memo's saying we can't crack Apple's code too. Its called 'fishing for drug dealers dumb enough to believe that'
They are really not that hard up to generate the little bit of business that doing that would create.
Another statement made on assumptions and a lack of information. Same thing these 'experts' are doing. They haven't proven their claims and yet sites are picking up their claims as facts. Why? Because folks like you and those even less educated about tech will assume that a 'security company' would never say something that isn't true without noting the total lack of proof.
I asked a simple rhetorical question, I did not make a statement.
Don't insult me with the patronising 'folks even less educated than you' crap when I am just participating in a discussion....or by assuming you are somehow capable of knowing anything about my critical thinking and comprehension skills that allow me to see through all sorts of crap from all sorts of people.
>If the key pair is generated in Apple's server, surely they could use them or pass them on if required.
Why would the key pair be generated in Apple's servers? Generating a public and private key pair is well within the computational power of even a decade old feature phone (your mobile browser does exactly this to enable SSL browsing). It is simply unthinkable that Apple would even consider generating them centrally, as it's not only unnecessary, but it would open up several dozen potential security holes, such as how they're going to get the private key securely to your device, for example.
The real story is that Apple was telling the truth. They claimed they used end to end encryption and cannot read the messages, and this was shown to be true. Theoretically, they could hack their own system (illegally) if they were so inclined, but do you know what else they could do? They could simply not have set up the system to use end to end encryption in the first place, as they were certainly not in any way obliged to do so. When all is said and done, not being able to read the contents of iMessages is advantageous to Apple. It gives them plausible deniability when a court subpoenas them for retained information%u2014"we can't even read it, so we've nothing to give you". That way they have the public image of standing up for the customers' rights without falling foul of the law, a win win for Apple.
Comments
The thing is that whether absolute secrecy is a good thing or not depends on the circumstances. It is all relative. During the WW2 there were many resistance movements working against the Germans. From our pov absolute secrecy would have been fantastic. The Germans in turn were famously trying to communicate in secrecy to orchestrate their u-boat attacks. Turing famously cracked the code and we are all grateful. Do I want 'the government' to be able to access any communication it pleases? Absolutely not, I don't trust any government not to abuse its powers. Do I wan't terrorist groups (that is also a relative term, of course) to be able to communicate with 100% assurance they will not be listened in on? I don't think so.
While I agree with your point in theory, I think secure communication -- which cannot be intercepted by government agencies -- is absolutely critical to the long-term future of free societies. While it is comforting to think that the NSA/DHS/DIA can break encryption and intercept terrorist communications, there will always be the danger that they abuse this unique power under the guise of "security". While the NSA doesn't care about your dirty text messages sent to your boyfriend, the same technology can be used to intimidate/blackmail/locate political and corporate whistleblowers, political rivals, and anyone else the current government in power deems as a "threat". With the advent of public security cameras, facial recognition, cellphone tracking, and now the NSA communications dragnet, is it really unrealistic to expect a future, (even more) corrupt government (say, 25 years from now) from abusing this technology and consolidating their power?
To Tim Cook and Apple...
1. Thank you for architecting a secure system that so far has not been broken government agencies and security organizations. Many people are trying and will celebrate if it is ever broken.
2. Thank you for attempting to protect the privacy of your customers. There are not many companies actually adhering to the statement they do not want to know what their customers are texting.
3. More than ever many eyes in this world are focused on you to see you falter in your efforts. Every security technology you deploy in your iDevices will be scrutinized for flaws. If no flaws are found in the technology, it will be reported that you are the flaw.
4. Remain focused on surprising, delighting and strengthening customer loyalty with great products that are envied by your competitors.
Regards,
leavingthebigG
Wow...just wow....
Please tell me what tech company do you trust?
I probably trust Apple more than most, but I don't trust any of them much given recent revelations. The mainstream internet seems to be little more than a surveillance tool of the US intelligence and military apparatus. I don't have anything particularly to hide, so little to fear, but that doesn't mean I trust it.
Please tell me, why does trusting Google less mean that Apple should get a free pass?
I probably trust Apple more than most, but I don't trust any of them much given recent revelations. The mainstream internet seems to be little more than a surveillance tool of the US intelligence and military apparatus. I don't have anything particularly to hide, so little to fear, but that doesn't mean I trust it.
Please tell me, why does trusting Google less mean that Apple should get a free pass?
In the recent past all internet traffic pass through one of 5 Service providers in the US. No matter if your data was going to someone down the street or not, it was routed through those main points and if someone want to see and collect all that in formation they just have to be connect to those 5 points and they can capture, copy and redirect those packets to anywhere they like. Just like the phone system in this country the government has access and listen in on any call they want using the network.
Talk to any network administrator and ask them if they physically need to be near a piece of network equipment in order to work on and ask them if they can see what kind of traffic is going through the equipment and whether they can redirect that traffic. It was not done to so someone can spy on you, it was done so engineer can easy diagnose and fix problem, it has a sign benefit that is allow for snooping if someone wants to do that.
How do you think the NSA, FBI and CIA all can monitor what emails a target of interest is getting, it simple be connected to one of those main connection point and know the IP and MAC address of your intended target. I am not sure if there is only 5 points today or if that has expanded to include more central points. People act like it a hard thing to do, it is not.
Ok.
What does any of that have to do with Apple controlling the encryption keys of a "private" communication channel that it provides to its customers?
This. I think anyone who assumes the government can't crack Apple's encryption is on the losing side. If I were the DEA I'd leak internal memo's saying we can't crack Apple's code too. Its called 'fishing for drug dealers dumb enough to believe that'
They are really not that hard up to generate the little bit of business that doing that would create.
I asked a simple rhetorical question, I did not make a statement.
Don't insult me with the patronising 'folks even less educated than you' crap when I am just participating in a discussion....or by assuming you are somehow capable of knowing anything about my critical thinking and comprehension skills that allow me to see through all sorts of crap from all sorts of people.
They have refuted the suggestions that Messenger is insecure.
One cannot rebuke a suggestion, but rather a person. Rebuke means to upbraid, to sharply criticize someone. Refute means to disprove.
Please hire a literate editor, or simply avoid using fancy words.
Why would the key pair be generated in Apple's servers? Generating a public and private key pair is well within the computational power of even a decade old feature phone (your mobile browser does exactly this to enable SSL browsing). It is simply unthinkable that Apple would even consider generating them centrally, as it's not only unnecessary, but it would open up several dozen potential security holes, such as how they're going to get the private key securely to your device, for example.
The real story is that Apple was telling the truth. They claimed they used end to end encryption and cannot read the messages, and this was shown to be true. Theoretically, they could hack their own system (illegally) if they were so inclined, but do you know what else they could do? They could simply not have set up the system to use end to end encryption in the first place, as they were certainly not in any way obliged to do so. When all is said and done, not being able to read the contents of iMessages is advantageous to Apple. It gives them plausible deniability when a court subpoenas them for retained information%u2014"we can't even read it, so we've nothing to give you". That way they have the public image of standing up for the customers' rights without falling foul of the law, a win win for Apple.