undefined | Better HN

0 pointsmicrotonal1mo ago0 comments

I think my message wooshed. I was not comparing disk encryption and iCloud backups. My point is that insecure defaults are Apple and other's alternative to backdoors. They give plausible deniability ("how is someone able to recover their data if they lost their credentials and we used E2E?"), while at the same time satisfying law enforcement, because the vast majority of people is not aware of them.

Another example is WhatsApp on Android, by default when backups are enabled, they are stored unencrypted in Google Drive. A good counter-example is Signal, which opts out of backups on iOS and Android and the only option is to do E2E backups to their own servers.

I'm also fairly confidant in Apple's full disk encryption, they've gone to court to defend it.

FWIW, in the last leaked report, iPhone was not an issue AFU for Cellebrite (macOS is most likely even easier due to looser security):

https://discuss.grapheneos.org/d/14344-cellebrite-premium-ju...

0 comments

2 comments · 1 top-level

Silhouette1mo ago· 1 in thread

Signal won't let us download our own data and back it up using our own secure systems. Whatever its other merits it gets 0% for backup policy.

Though I suppose then I have to give a negative % to all the systems that have insecure online backups. This whole area is a train wreck really.

curiousObject1mo ago

> ‘Signal won't let us download our own data and back it up using our own secure systems.

Signal is slowly, very slowly, moving toward providing real backups and cross-device transfers

I understand why you’d believe Signal still can’t deliver that, because they had been ignoring the user demands for years.

But there is real progress now

https://support.signal.org/hc/en-us/articles/9708267671322-S...

1 more reply

j / k navigate · click thread line to collapse