Is it just me or this whole find my network capability is a security nightmare? I mean I understand its usefulness but can the [insert authority here] just request apple to tell them where this person is even without cellular coverage? Ive decided to move away from the apple ecosystem either way because of this but it just seems to me to be a surveillance nightmare.
The system is designed specifically to make this impossible.
Your tag doesn't know its position, it simply broadcasts its own, rotating public key. Since the key changes randomly (in a way that you as the legitimate owner can predict), a third party can't easily follow the tag.
Other devices see that key, and share their position, encrypted with your tag's public key.
That makes it relatively hard to get the data, essentially impossible without forcing Apple to re-design the system and push malicious updates, which is generally considered as something that goes beyond what normal subpoenas can do.
The US government has told Google to query its location database for any device in the vicinity of certain crimes before. There's no way they're not trying to get Apple to do the same.
If Apple designed they'd crypto system as well as they claim that's not viable at this moment in time, but the government can certainly try.
Anybody can write a subpoena, but Apple is on record as having absolutely no problem telling anyone who does so to go fuck themselves and then backing it up with litigation.
No, because Apple doesn't have the private key of the account holder, and so can't see which rotating codes are associated with that account holder since it's all encrypted.
No they can't. Apple doesn't know who has which tag. It's built with privacy in mind. I know Apple listen touts privacy while having ulterior motives but I looked at the technical design specs and this is pretty great
I doubt Samsung and Google have gone to such lengths with their trackers.
Apple always seems to design services the way a privacy-obsessed nerd would, (if you forced said privacy nerd to design a P2P tracking network).
It's like, "oh, you want all your photos to be searchable, like 'dogs' or 'Eiffel tower'? Fine, we'll create an on-device embedding of each photo, use homomorphic encryption so you can share it with us and we can match it to its contents without even knowing what they are, then we'll send that back to your device for storage. Oh, and we'll use a relay so we don't even see your IP address while doing this, not that it matters since we can't decrypt the content anyway." It's pretty wild, like they could have easily skipped all this and only a fraction of a fraction of a fraction of users would even know or care.
In fact, I was pretty annoyed that the news story from the above example was "Apple is looking at all your photos and violating your privacy", since they spent so much effort doing it the right way, in a way that respects your privacy, it makes it less likely they will bother going through the effort again
I think when you're at apple's scale, the cost of doing all of that difficult engineering pales in comparison to the cost of responding to subpoenas and bad press/lost sales from compromising user privacy. (google did something similar when they stopped storing per-user location data)
Separately; it doesn't matter how good your technology is or how much you believe in it, you need to win the PR battle of convincing people of how it works. An example is VPN companies who claim not to keep logs testifying in court under oath that they can't produce requested logs, or Mullvad being unable to comply with a search warrant for storage drives because their servers didn't contain any.
You misunderstood the point of the news story. Apple automatically opted in everybody's iPhones to sending data to Apple, unlike every other company that requires explicit opt in.
No other company automatically sends data about pictures users take on their phones off the phone. Not a single one. All required explicit opt-in except for Apple. Hence, the news story.
I guess it's a matter of informing the public that homomorphic encryption means no information is visible to Apple, so Apple never receives any information about your pictures at all.
I guess you could make the argument "well what if one day they stop using homomorphic encryption", but that argument doesn't make much sense since 1) why would they and 2) you could already ask the same question today "what if they just started sending info anyway"
I was mainly thinking of Samsung's SmartTag, not Google's recent venture. I have looked for info on the SmartTags in the past and couldn't find it. I have some Samsung ones myself.
I didn't look at the Google ones because I don't use a Google account. So I couldn't use them anyway.
But good to hear that they did design it well, I'll check that video.
I'm absolutely not an Apple fanboy actually. I use Samsung phones. And FOSS on my computers. I moved away from iOS and Mac years ago because I found them too locked in.
I don't trust Samsung and Google as far as I can throw them but apparently in this case they did an ok job. And unfortunately there's no meaningful alternative to the duopoly of iOS and Android. So I was left with two bad choices.
But I don't trust any big tech no. It's just really hard to do without them, sadly.
Interesting thanks. I understand that its designed to be anonymous, but I guess it requires faith in Apple not complying to any forceful request from a security authority in the US to not modify it in secret.
Which mobile phone maker do you have more faith in? Which telco?
Apple have done work, and published tools for researchers, to make it so they can't "modify it in secret". The tools for security research community help verify that and "keep them honest". For instance, this is partly what the prompts about new devices or log in on other devices are about, there's a key exchange happening, and you get told. You can also exchange keys with Messages contacts to verify you're talking to them. You can turn on iCloud Advanced Security and Apple don't get even your backup keys. Also see the new Lockdown Mode.
Granted, Apple can change their minds and become anti-privacy or pro data-brokers and ad-tech, but some of these proofs would break so folks would know.
Anyway, if the government wants to know where you are, they can just ask the Chinese who've been watching Americans' cell phone identifiers move around.
In seriousness, the telcos already sell* this position data to data-brokers and law enforcement have portals to just watch you scurry around, even without a warrant.
* Sometimes telcos share your location data in ways that aren't "selling" so they can say they don't sell it. But the data goes and telcos derive value in exchange.
Just because someone doesn't trust Apple to build a worldwide live location tracking system doesn't mean they don't want someone else to build a worldwide location tracking system. There's an inherent risk to worldwide location tracking systems and while I think the genie is out of the bottle now, I would prefer there not to be a worldwide location tracking network at all.
Airtags have become a commodity at this point and despite attempts to prevent this, criminals are already using them to follow potential victims to their homes. I know GPS trackers and a bunch of different find-my style networks existed long before Apple brought the airtag to market, but those didn't turn up in purses and cars quite as often as Airtags now do.
Apple tries their best to make this thing secure and safe, but there's only so much safety they can add before the devices become useless.
Cryptographers who design these systems do consider the threat of a malicious future iteration of the company and thus try to reduce the trust in a centralized authority.
Apple did fight in court to not have to crack the San Bernardino shooter’s phone, which probably didn’t garner much sympathy with the general public, specifically against government power to compel them to make changes to subvert security.
They also publish a Transparency Report about government requests they’ve received and how many they’ve responded to.
It didn't garner sympathy with the public because they had previously lied to the public that they were technically incapable of complying with those data requests. After the government explained how Apple could comply, Apple shamefully removed the erroneous claim from its website without informing its customers who had believed that claim.
All the big tech companies that have user data publish government data request transparency reports.
The government attempted to force them to write a new operating system for them that would allow them to get the data on the phone. This was never about the San Bernardino phone, everyone knew there was nothing of any use on it and everyone involved was dead. It was about getting precedent on record that they could force a company to backdoor their OS on a court order.
They eventually dropped their request when it became obvious Apple wasn't going to roll over for them.
Your post reeks of some personal vendetta against Apple, and has no factual basis.
If the statement isn't true, then why did Apple stop making that claim? It's because my statement is true. Apple was capable of getting the data.
It is possible for Apple to build a device that Apple wouldn't have been able to access the data on, as they claimed. That isn't what they provided to their customers.
You're using bad faith arguments to defend a multi-trillion dollar company that pushes a restrictive model of computing on its customers for its own benefit for what purpose?
Apple can't access the data on the devices. They've spent absolute fucktons of money building their infrastructure that way, and they give up hundreds of millions of dollars that Meta and Google gladly suck up by not monetizing their customers' data.
Apple provides me with the devices I want that do the things I want them to do. "restrictive model of computing" is a concept that doesn't really mean anything. I can do anything I want on my Mac. My iPhone is way more locked down, and it doesn't bother me a bit. My guess is that like most Apple haters, you don't use Apple devices and have taken up a cause against them based on things that don't have any effect on you.
> The government attempted to force them to write a new operating system
Which they are absolutely capable of, but refused to that time. People in this thread keep talking about provable trust when the software is fully under Apple’s control, which is just puzzling. It’s still a “trust me bro”. Whether you trust them due to past track record is something else. In fact, that you even need to bring up their refusal as evidence means you don’t believe they’re technically incapable of complying.
The government wanted Apple to backdoor iOS at their command.
Apple told the government to go fuck themselves.
None of that addresses whether it was technically possible or not. You've made up a theory in your head about how it was possible based on what some dumbfuck government lawyer made up to file with a court, but that doesn't make any of it true.
And again, none of this had anything to do with that phone. The government wanted to establish precedent that they could order Apple to create a backdoored iOS for them, so that they could use that to spy on people. They gave up when it became obvious Apple wasn't going to roll over for them and rewrite iOS so they could use it the way they wanted to.
Your beliefs about some theory about Apple claiming something about "provable trust" or whatever are really probably unfounded and don't even make any sense.
> Your beliefs about some theory about Apple claiming something about "provable trust" or whatever are really probably unfounded and don't even make any sense.
> Cryptographers who design these systems do consider the threat of a malicious future iteration of the company and thus try to reduce the trust in a centralized authority.
It’s no use. All the opaqueness to Apple relies on
> This private key pair and the secret are never sent to Apple and are synced only among the user’s other devices in an end-to-end encrypted manner using iCloud Keychain.
Which is trivial to compromise from Apple. They do their best to minimize trackability from third parties though.
Provable how? iOS software is closed source and unverifiable. New code can be added to send any data anywhere at any point. Explain to me how you prove closed source software won’t send data under its control ever.
And we don’t even need to go as far as key exchanges, and forget about Find My. Maybe those are better protected and it’s harder for them to pull a sneaky without someone noticing. The location data of your phone isn’t in Secure Enclave and the OS can do whatever the hell it likes with it, good luck verifying a huge closed source OS which phones home all the time isn’t sending your location home. At the end of the day you’re trusting them (or just don’t care because you probably aren’t pissing off TLA, which is certainly true in my case), provable security is extremely limited.
iCloud Keychain escrow data is encrypted by HSM clusters that have administrator keys destroyed; if Apple tried to compromise a keychain by installing malicious HSMs users would first get notified that their data had been lost due to failed/destroyed HSMs.
Trusted computing is a technical concept. People use Bitcoin because it’s provably secure against clearly outlined threats, not because they trust some vendor. Apple and a certain group of fans want to present iOS as a trusted computing platform for certain use cases, but it’s not.
Anyway, I see you’re just trolling here, so there’s no point talking to you.
Given apples outright refusal to help the FBI previously I have more faith than other companies that they’ll do the right thing. But nothing’s perfect.
I think it's worth mentioning that FindMy consists of two distinct "networks"; there's the one where other Apple devices find your stuff, and another where your devices upload their locations straight to Apple. The FindMy app combines these two networks to show the most recent location. As far as I can tell this project only uses the former network, which would require an explicit backdoor due to the way it is designed. But if you're trying to defend against government agencies, that latter network is probably more of your concern.
Is it just me or this whole find my network capability is a security nightmare?
Settings → your_name → Find My → device → toggle off
If you don't trust that this will really disable the feature, then you are going to have to think hard about every electronic device you own.
Do you trust the firmware in your Android phone? What about the non-open-source modem chip? What about the SIM card, which runs Java? Are there microphones you haven't noticed built in to your TV remote? (Many have them.) Your toaster likely has a chip in it more powerful than a networked DOS-era computer. (Mine does.) How do you know it's not joining a nearby wifi network and sending out information?
Ever since the China/iCloud thing, I don't fully trust Apple. But among big tech companies, it's certainly the one that I trust the most.
