Interesting thanks. I understand that its designed to be anonymous, but I guess it requires faith in Apple not complying to any forceful request from a security authority in the US to not modify it in secret.
Which mobile phone maker do you have more faith in? Which telco?
Apple have done work, and published tools for researchers, to make it so they can't "modify it in secret". The tools for security research community help verify that and "keep them honest". For instance, this is partly what the prompts about new devices or log in on other devices are about, there's a key exchange happening, and you get told. You can also exchange keys with Messages contacts to verify you're talking to them. You can turn on iCloud Advanced Security and Apple don't get even your backup keys. Also see the new Lockdown Mode.
Granted, Apple can change their minds and become anti-privacy or pro data-brokers and ad-tech, but some of these proofs would break so folks would know.
Anyway, if the government wants to know where you are, they can just ask the Chinese who've been watching Americans' cell phone identifiers move around.
In seriousness, the telcos already sell* this position data to data-brokers and law enforcement have portals to just watch you scurry around, even without a warrant.
* Sometimes telcos share your location data in ways that aren't "selling" so they can say they don't sell it. But the data goes and telcos derive value in exchange.
Just because someone doesn't trust Apple to build a worldwide live location tracking system doesn't mean they don't want someone else to build a worldwide location tracking system. There's an inherent risk to worldwide location tracking systems and while I think the genie is out of the bottle now, I would prefer there not to be a worldwide location tracking network at all.
Airtags have become a commodity at this point and despite attempts to prevent this, criminals are already using them to follow potential victims to their homes. I know GPS trackers and a bunch of different find-my style networks existed long before Apple brought the airtag to market, but those didn't turn up in purses and cars quite as often as Airtags now do.
Apple tries their best to make this thing secure and safe, but there's only so much safety they can add before the devices become useless.
Cryptographers who design these systems do consider the threat of a malicious future iteration of the company and thus try to reduce the trust in a centralized authority.
Apple did fight in court to not have to crack the San Bernardino shooter’s phone, which probably didn’t garner much sympathy with the general public, specifically against government power to compel them to make changes to subvert security.
They also publish a Transparency Report about government requests they’ve received and how many they’ve responded to.
It didn't garner sympathy with the public because they had previously lied to the public that they were technically incapable of complying with those data requests. After the government explained how Apple could comply, Apple shamefully removed the erroneous claim from its website without informing its customers who had believed that claim.
All the big tech companies that have user data publish government data request transparency reports.
The government attempted to force them to write a new operating system for them that would allow them to get the data on the phone. This was never about the San Bernardino phone, everyone knew there was nothing of any use on it and everyone involved was dead. It was about getting precedent on record that they could force a company to backdoor their OS on a court order.
They eventually dropped their request when it became obvious Apple wasn't going to roll over for them.
Your post reeks of some personal vendetta against Apple, and has no factual basis.
If the statement isn't true, then why did Apple stop making that claim? It's because my statement is true. Apple was capable of getting the data.
It is possible for Apple to build a device that Apple wouldn't have been able to access the data on, as they claimed. That isn't what they provided to their customers.
You're using bad faith arguments to defend a multi-trillion dollar company that pushes a restrictive model of computing on its customers for its own benefit for what purpose?
Apple can't access the data on the devices. They've spent absolute fucktons of money building their infrastructure that way, and they give up hundreds of millions of dollars that Meta and Google gladly suck up by not monetizing their customers' data.
Apple provides me with the devices I want that do the things I want them to do. "restrictive model of computing" is a concept that doesn't really mean anything. I can do anything I want on my Mac. My iPhone is way more locked down, and it doesn't bother me a bit. My guess is that like most Apple haters, you don't use Apple devices and have taken up a cause against them based on things that don't have any effect on you.
> The government attempted to force them to write a new operating system
Which they are absolutely capable of, but refused to that time. People in this thread keep talking about provable trust when the software is fully under Apple’s control, which is just puzzling. It’s still a “trust me bro”. Whether you trust them due to past track record is something else. In fact, that you even need to bring up their refusal as evidence means you don’t believe they’re technically incapable of complying.
The government wanted Apple to backdoor iOS at their command.
Apple told the government to go fuck themselves.
None of that addresses whether it was technically possible or not. You've made up a theory in your head about how it was possible based on what some dumbfuck government lawyer made up to file with a court, but that doesn't make any of it true.
And again, none of this had anything to do with that phone. The government wanted to establish precedent that they could order Apple to create a backdoored iOS for them, so that they could use that to spy on people. They gave up when it became obvious Apple wasn't going to roll over for them and rewrite iOS so they could use it the way they wanted to.
Your beliefs about some theory about Apple claiming something about "provable trust" or whatever are really probably unfounded and don't even make any sense.
> Your beliefs about some theory about Apple claiming something about "provable trust" or whatever are really probably unfounded and don't even make any sense.
> Cryptographers who design these systems do consider the threat of a malicious future iteration of the company and thus try to reduce the trust in a centralized authority.
It’s no use. All the opaqueness to Apple relies on
> This private key pair and the secret are never sent to Apple and are synced only among the user’s other devices in an end-to-end encrypted manner using iCloud Keychain.
Which is trivial to compromise from Apple. They do their best to minimize trackability from third parties though.
Provable how? iOS software is closed source and unverifiable. New code can be added to send any data anywhere at any point. Explain to me how you prove closed source software won’t send data under its control ever.
And we don’t even need to go as far as key exchanges, and forget about Find My. Maybe those are better protected and it’s harder for them to pull a sneaky without someone noticing. The location data of your phone isn’t in Secure Enclave and the OS can do whatever the hell it likes with it, good luck verifying a huge closed source OS which phones home all the time isn’t sending your location home. At the end of the day you’re trusting them (or just don’t care because you probably aren’t pissing off TLA, which is certainly true in my case), provable security is extremely limited.
iCloud Keychain escrow data is encrypted by HSM clusters that have administrator keys destroyed; if Apple tried to compromise a keychain by installing malicious HSMs users would first get notified that their data had been lost due to failed/destroyed HSMs.
Trusted computing is a technical concept. People use Bitcoin because it’s provably secure against clearly outlined threats, not because they trust some vendor. Apple and a certain group of fans want to present iOS as a trusted computing platform for certain use cases, but it’s not.
Anyway, I see you’re just trolling here, so there’s no point talking to you.
Given apples outright refusal to help the FBI previously I have more faith than other companies that they’ll do the right thing. But nothing’s perfect.
