undefined | Better HN

0 pointsmtgx12y ago0 comments

I wonder what would a Tim Cook-made iMessage look like from a security standpoint (probably a lot more like Skype/Hangouts than how it works right now).

0 comments

chmars12y ago

iMessage is in no way NSA-proof:

http://blog.cryptographyengineering.com/2013/06/can-apple-re...

tl;dr:

  * Apple distributes the encryption keys
  * Multiple keys can be associated with an account (iPhone, Mac – and the NSA?)
  * Apple can retain metadata
  * Apple doesn't use certificate pinning

simonster12y ago

My understanding is that this isn't that bad. If you use iCloud, then the NSA can read your old messages. If you don't sync your iMessages with iCloud, under the assumption that not every iMessage gets encrypted to an NSA key in addition to the recipient's keys, your messages are safe until the NSA/other law enforcement explicitly targets you, and even then, they can only read new messages and not previous ones.

fpgeek12y ago

I don't know, but I wouldn't be too impressed with the security of the existing iMessage: http://arstechnica.com/security/2013/06/can-apple-read-your-...

j / k navigate · click thread line to collapse