undefined | Better HN

0 pointsAndrew_nenakhov5y ago0 comments

Where do you see changing goalposts? First, I started from the obvious truth that apple wasn't the first service that advertised itself as 'secure'. Then I addressed the popular technofetish about the e2ee: people kinda like to feel secure, but are rarely ready to accept all strings that come attached to real security & privacy.

You see, e2ee is only practical against the service provider that you have reasons not to trust. But if you don't trust Apple, then you should not trust it all the way to the bottom: and at the bottom we see that iMessage apps give a user zero control over said e2ee. You don't really know who decides your messages on another end: your chat partner or MitM proxy.

If you trust Apple that they do not have such proxy, you might as well trust them to not snoop on your chats and store them unencrypted on Apple's servers, saving you from a lot of problem worrying about your keys, devices, etc.

0 comments

2 comments · 2 top-level

monadic25y ago

> Then I addressed the popular technofetish about the e2ee: people kinda like to feel secure, but are rarely ready to accept all strings that come attached to real security & privacy.

Yea, but most people don't think about security in terms of black and white, and neither should they. There is no such thing as "real security & privacy" and it's completely disingenuous to suggest that you've found it when it involves trusting you or your company as a third party in placement of, say, Apple.

mehrdada5y ago

> If you trust Apple that they do not have such proxy, you might as well trust them to not snoop on your chats and store them unencrypted on Apple's servers, saving you from a lot of problem worrying about your keys, devices, etc.

As a universal statement, this is far too simplistic of a comment about a system's security and trust. Security without a notion of threat model is quite irrelevant. There's quite a large spectrum between trusting Apple with respect to the binary they serve me not being actively malicious and by-and-large does what it says it does; that they are not actively presenting someone else's key to my chat parties, vs. trusting them with my unencrypted data on their servers. At the very least, the latter would not be safe under subpoena, or data leak, or a rouge employee, for instance. Plus, in practice, if they present a malicious binary to everyone or substitute keys, someone likely notices at Apple scale. If I am that interesting of a target for them that they decide to target me specifically, I have bigger worries, as I am trusting the OS and hardware anyway (and still, there's hopefully some level of forward secrecy). In fact, to me, and to vast majority of people, a random exploit in their OS or physical theft of the phone carries a higher risk than Apple directly attacking them.

So, no, I fully reject that iMessage security is substantially equivalent to say, "Facebook Messenger" (even if run by Apple). I posit the delta is almost as much as HTTPS with Let's Encrypt cert compared to plain HTTP. And yes, there are no doubt use-cases that iMessage is ill-suited for; doesn't mean we should just give up on it for the other 99%.