this post was submitted on 07 Feb 2025
87 points (98.9% liked)

Apple

17877 readers
312 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 2 years ago
MODERATORS
MichelleG@lemmy.world
RoyalEngineering@lemmy.world
thisisdee@lemmy.world
87
Apple ordered to open encrypted user accounts globally to UK spying (www.theverge.com)
submitted 8 hours ago by that_leaflet@lemmy.world to c/apple_enthusiast@lemmy.world
18 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] slaacaa@lemmy.world 44 points 8 hours ago (3 children)

Politicians still don’t know how E2E encryption works (and/or they don’t care)

[–] Quill7513@slrpnk.net 26 points 8 hours ago

they don't think they'll ever encounter consequences themselves

[–] bassomitron@lemmy.world 8 points 7 hours ago* (last edited 4 hours ago) (2 children)

I had thought that 5+ years ago, Google, Apple, Meta, etc. all created "master" private keys that would allow them to unencrypt users' data. At the time, the argument used was to combat CSA material/trafficking. I could be wrong, though. I'll try looking it up later.

Edit:

I did a quick search while on break at work.

Apple claims they have no master key and do not allow governments direct access to their servers. They only provide data when legally required to;

https://www.apple.com/privacy/government-information-requests/

Google claims the same thing.

As for Meta, I could only find anecdotal Reddit posts that seem to somewhat contradict the E2EE claims from Meta, as an example:

https://www.reddit.com/r/privacy/comments/1g6tqg7/meta_ai_scanning_private_conversations/

https://www.reddit.com/r/facebook/comments/1al9dk9/messenger_has_access_to_the_endtoend_encrypted/

So it seems that Meta is likely scanning content before the encryption takes place. So they can still claim that messages are indeed E2EE, but that's useless when their AI tools are still scanning the content beforehand.

There's also this recent development:

https://www.medianama.com/2024/03/223-meta-end-to-end-encryption-europe-interoperability-2/

In spite of these processes, Meta has concerns. The blog post said, “Without ownership of both clients (endpoints) we cannot guarantee what a third-party provider does with sent or received messages” and thus cannot assure that messages are safely encrypted and protected. Further they said that with interoperability they would “lose connection level signals that are important for keeping users safe from spam and scams such as TCP fingerprints.”

Finally, Meta said that having a intermediary between third party provider and a Meta server could expose the “chat metadata to the proxy server, which increases the likelihood that this data could be accidentally or intentionally leaked.”

Tldr; I wouldn't trust Meta's E2EE.

[–] pivot_root@lemmy.world 1 points 3 hours ago

I think trusting Meta's (or Google's) E2EE at any point would have been a bad decision. Facebook thrived on collecting user data, and end-to-end encryption of private conversations spits in the face of that. If it's antithetical to their profits, there's incentive to bypass the intent but still technically be implementing it (on-device keyword scanning, maybe?).

[–] homesweethomeMrL@lemmy.world 1 points 5 hours ago

Would like to know that!

[–] schizo@forum.uncomfortable.business 2 points 6 hours ago (1 children)

Oh, I'm pretty sure they fully understand how it works.

They simply expect tech to roll over when commanded, and in this case, it does indeed look like Apple is going to do exactly that.

[–] fuzzzerd@programming.dev 2 points 4 hours ago

The article says Apple is opposed. Additionally, they've already offered E2E backups, but you had to opt in. Well know they've capitulated if/when they remove that option.