You could use something like VeraCrypt which has the hidden volume feature, which essentially allows you to hand over a dummy password if required and it's not possible to prove the existence of a second hidden encrypted volume.
RIPA Request to Apple by UK
- Thread starter Richie
- Start date
Not really - nullifying the main selling point implies there are others - it just makes the whole thing redundant.
No, this is incorrect too Goggle can't mine it for data as of 2017.
Google literally does the very thing being discussed re: Gmail. Google Drive etc.. the data is encrypted but they hold the keys and can respond to warrants - it's a pretty relevant comparison to make. Ditto to say Dropbox or indeed the default settings for iCloud if you don't select advanced data protection.
It’s not the legitimate investigations that are the worry, it’s the inherent problem of creating a backdoor or not allowing people to protect their own privacy against non-officially warranted intrusion.
This is exactly the problem.
If you create a backdoor for "official" use it is automatically a weakness that is going to be targeted by "non official" elements (not to mention any mission creep by the official user).
You create a master backdoor code and you can bet that every major ciminal group in the world will start looking for it, as well as state actors, you keep a copy of the the key per account and you can bet those same groups will be trying extremely hard to get into the list of those keys.
We know that the government (any government) can't stop hostile access to it's own systems, and that every almost every major private firm that handles our data has been breached (often repeatedly), with the ones that hold the most personal/most important data being higher value targets.
A backdoor is always a deliberate weakness just awaiting exploitation.
Apparently they can because there are so many phone network providers globally that are willing to sell their access into the global phone network for a fee
Plus there is Pegasus if they are prepared to pay a lot
Last edited:
But they're not creating a backdoor - a backdoor is the default already for Gmail. Google Drive, Dropbox, iCloud.
This extra encryption is an optional setting most users don't make use of and isn't offered by Apple's rivals.
A few times in this thread people have made vague references to "backdoors" but it might be useful if they were more specific with the objection and what they feel are the issues with say opting to use Google's services or Apple's default services vs specifically wanting this extra layer of "advanced data protection"?
I think this is perhaps getting conflated with the worries that arise re: people deliberately creating a backdoor in some encryption algo itself so as to allow interception of otherwise secure communication or leave open a "backdoor" that anyone with knowledge of it could use/abuse. But the "backdoor" in this case in the standard case (not using Apple's "advanced data protection") is simply that say a few Google/dropbox or apple staff can access keys in response to a warrant etc..not that there is some gaping flaw in the encryption itself.
But to make that possible means weakening the effectiveness of the encryption, which is essentially a backdoor for all intents and purposes even if you want to argue over the specifics of the definition.
No, it doens't impact the encryption at all, it's just a case of who has access the the keys.
But then you have to generate and/or transmit an extra set of keys, if the organisation's systems are compromised then it exposes that data, it effectively erodes how worthwhile the encryption is and opens new attack vectors for compromising it.
It's the standard already for most services the "advanced data protection" offered by Apple is the change.
You could say the same about almost all your data anywhere - whether that's the NHS, your bank account, your criminal records, your tax records - all of that is compromised in a similar way in so far as an insider can access it - in fact it's far worse for that sort of data in that multiple insiders can and do access it.
But somehow messages and iCloud photos are what people are up in arms about - I'd bet half the people posting about "backdoors" in this thread don't even have the setting turned on, the majority of apple users don't make use of it and it doesn't cover email either.
Last edited:
And the user has to enable it, most people wont even have it turned on
Easy enough to check, go to settings, your account, icloud and there is a toggle option Advanced Data Protection
Soldato
- Joined
- 31 Jan 2022
- Posts
- 3,630
- Location
- UK
I think there are two sides to this. Those who have genuinely sensitive data (company secrets, financial data and so on), and those who just object to the government trolling their data. The latter seems more nefarious than Amazon or Google taking a peek, while I consider the former to be a very real problem.
As far as I am concerned, I'm the only person who has the key for my data. I consider a back-door as any other means of accessing that data, and that includes copies of the key stored without my knowledge. As I see it, a data centre is far more likely to be the target of a hack than my home PC, which makes the copy a quite serious risk. If I discovered that there is any form of back-door for my data, I would close my account and find some other way of doing things.
This was only available from Apple as of 2022 though so you clearly have had many products with backdoors before then, also if you are using Apple for email then that's not covered.
Not to mention your NHS records, bank records etc.. are way less secure than whatever random iPhone photos or messages etc.. you have extra security for in iCloud as of the past couple of years.
Soldato
- Joined
- 3 Jun 2005
- Posts
- 3,339
- Location
- The South
Unfortunately the government feels this is a slam dunk solution when in reality this just pushes people to other encrypted solutions, double encryption or rolling their own solution and it'll do little to prevent criminals.
Specialists have been saying the same but the government is firmly sticking it's fingers in it's ears over this
Specialists have been saying the same but the government is firmly sticking it's fingers in it's ears over this
It's the same reason you don't allow the government or your neighbours to have CCTV in your bedroom, privacy. If you're ok with unknowns invading your privacy, and the overreach that comes with surveillance programmes, then i'm sure one of the TV production companies have a reality TV show for you to be involved inLike I said, the only people who have cause to worry are criminals and the paranoid
As someone else mentioned it's highly likely other cloud businesses have received the same, especially those with E2E features like Apple's iCloud ADR, it just happens that the request to Apple has been leaked.
Soldato
- Joined
- 31 Jan 2022
- Posts
- 3,630
- Location
- UK
I wouldn't trust Microsoft, Google or Apple with my Christmas list, let alone anything important
When Microsoft, Google or Apple start locking people up for breaking laws they make, and choosing not to use them involves upending my entire life, give me a call.
That's not to say their propensity for collecting data on us is somehow better or anything, it's just the implications and potential consequences between companies and state actors doing it are miles apart.
That's not to say their propensity for collecting data on us is somehow better or anything, it's just the implications and potential consequences between companies and state actors doing it are miles apart.
Care to elaborate how exactly? Throughout this thread you've demonstrated a fundamental failure to grasp:
a) the technical barriers to creating a "backdoor" for encrypted data
and
b) the negative implications of doing so
Congratulations, Deno has just had his identity stolen and house robbed while he was away, because scans of his passport, driving licence, birth certificate and trip itinerary were all leaked online.
Oh, and you caught zero terrorists because their data was already encrypted before uploading (but just in case, they moved all their data to a self-hosted server you aren't even aware exists).
I'm fully on board with giving the police access to data which will help catch bad actors - the problem with proposals like this is that they will not only fail to achieve that goal, but also will hurt plenty of other people in the process.
Then you should be familiar with Kerchoffs's principle and the concept of "security by obscurity", and how much of a Bad Idea(tm) it is. If your "encryption" has a "backdoor", then it's not really encryption at all. Your security is reduced to keeping that "backdoor" a secret. All it takes is a disgruntled developer or code leak and it's game over.
The alternative is of course keeping a copy of every user's key, but then you have the same issue - a database leak and goodbye security.
If you're so happy to have your personal data out there relatively unprotected, then feel free to put your money where your mouth is and post some scans of your passport, driving licence etc.
Last edited: