Hacker News new | past | comments | ask | show | jobs | submit login

Apple's investigation code executes on the device, which allows them to preserve their definition of end-to-end as long as you plug your ears and ignore where the 'ends' are.



I’m not interested in Apple’s newspeak definition of “E2EE” (where they are between the ends) or “Privacy” (terms and restrictions may apply).

I want the real thing.


> I want the real thing.

If you used iOS/iMessage, you have always trusted Apple. To be truly 'end to end' you would assume that there's no opportunity for another party to intercept your messages: the only trust would be in the keys you exchanged with your peer.

1. They are a trusted broker for iMessage key exchanges. You didn't do the key exchange, you assumed that when Apple did so on your behalf that you're really communicating with the peer you think you are.

2. They designed the iOS features that you trust keep iMessage data inaccessible to other untrusted software on your device.

3. They designed the secure enclave and make public statements that they won't compromise it for law enforcement. You trust that their deeds in private match their public statements.


They used to trust Apple, now they have learned they shouldn't trust Apple. This is progress.


In this case, they wouldn't be "between" the ends, no? They'd be _at_ the ends, just as sending a message on Signal doesn't prevent someone from stealing your phone and reading your messages.

I'm not in agreement with this being ok, but if it truly is on device, it still technically can be E2EE


> but if it truly is on device, it still technically can be E2EE

What do you think this software does when it finds a matching hash entry? Toss a notification to ask you nicely to pop round your nearest FBI office?

What meaning does 'end-to-end' have anymore if this applies? If Apple wrote software on-device to forward a copy of all messages prior to encryption to iCloud for 'backup', would it still be end-to-end? What if they sent it to an AdTech firm to index for interesting terms that match products you should be pitched? The software in this case is still Apple's, running on-device.


E2EE implies it's encrypted between the two parties exchanging messages, which it still is. I'm not suggesting that this isn't an immoral circumvention of the system, but it's still certainly end to end encrypted between the two clients, given that the scanning is performed on device, and not in transit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: