There is no backdoor in Apple’s encryption. That’s the reason the US and UK governments have prosecuted Apple repeatedly. They can obtain iCloud data with a warrant, but are repeatedly pressing for real-time surveillance. The UK banned encryption without a backdoor, so Apple turned off encryption rather than compromising their standard.
When it’s enabled, they can’t access iCloud data at all, even with a warrant due to the fact it’s E2E with keys they don’t control. That’s what the UK got really mad about. But Apple shut the whole feature down for the UK in response to the backdoor ask.
It’s not different from the UK banning signal because it’s E2E encrypted and they can’t access it.
They’re likely only backing down now because of consumer/media backlash
Correct, standard iCloud data is accessible with a warrant. But the UK wanted their own backdoor so they have constant access without a warrant.
But with advanced data protection, Apple can’t provide the data because they don’t have the encryption keys, regardless of a warrant.
Important to note iMessage is always E2E encrypted though, so iMessages cannot be accessed even with a warrant. Advanced data protection just expands that to all iCloud data
iMessage is far more common in the US afaik. Whereas most people elsewhere will use WhatsApp or whatever, nobody in my extended family uses anything but iMessage to communicate
Really? Mine defaults to SMS if they don’t receive it as an iMessage message. I can’t recall it ever failing, only a long while back I would get a failure that prompts me to send as SMS - and I’d do it. It’s automatic now.
Not sure how long iMessage has existed, but it never properly worked for me on any iPhone, and neither for my partner. I also helped others change the settings to just default to SMS.
By default it doesn’t show that you need to send a SMS, and it definitely doesn’t retry it, at least not in NL.
In theory you can learn mind reading from some fantasy universe and check every Apple person. Or ask a crystal ball. Or use some other way to collect full information about our universe, check every rabbit hole, so to say, and then confidently confirm “there’s no Apple backdoor here”. “Here” meaning this plane of existence.
In practice yes.
EDIT: Forgot - the “refused to cooperate” and “they have disagreements” things even in daily wisdom don’t change the probability of Apple having made backdoors. It’s PR. You most likely won’t learn it from the news if they do, in fact, cooperate.
Even in your made up scenario it doesn’t prove the negative. Maybe your mind reading didn’t work because Apple has a mind wiping device that made them forget. Maybe the crystal ball didn’t work because Apple made an even more powerful “crystal ball blocking” device. You can’t prove that’s not what’s really happening.
I didn’t say “prove”, I used another word with bigger allowance. Of “likely backdoors vs likely not” kind. I wanted to say that their “public” conflicts with governments and their statements of the “trust us, we won’t sell you” kind are all worth nothing, because being caught lying won’t cost them anything.
There is no backdoor in Apple’s encryption. That’s the reason the US and UK governments have prosecuted Apple repeatedly. They can obtain iCloud data with a warrant, but are repeatedly pressing for real-time surveillance. The UK banned encryption without a backdoor, so Apple turned off encryption rather than compromising their standard.
The funny thing is, advanced data protection was optional, and not on by default. Apple just stopped offering it in the UK
https://support.apple.com/en-us/108756
When it’s enabled, they can’t access iCloud data at all, even with a warrant due to the fact it’s E2E with keys they don’t control. That’s what the UK got really mad about. But Apple shut the whole feature down for the UK in response to the backdoor ask.
It’s not different from the UK banning signal because it’s E2E encrypted and they can’t access it.
They’re likely only backing down now because of consumer/media backlash
Apple would need to supply the data if they had the encryption key right? So can we assume that even Apple cannot see the encrypted data?
Correct, standard iCloud data is accessible with a warrant. But the UK wanted their own backdoor so they have constant access without a warrant.
But with advanced data protection, Apple can’t provide the data because they don’t have the encryption keys, regardless of a warrant.
Important to note iMessage is always E2E encrypted though, so iMessages cannot be accessed even with a warrant. Advanced data protection just expands that to all iCloud data
Using iMessage with backups does mean the backups are unencrypted and accessible by warrant (unless you use advanced data protection)
Ah yes, that’s true as well
Okay interesting, thank you for the info.
Who even uses iMessage these days? Pretty sure I turned it off completely because it was messing with the 5 SMS I send in a year …
iMessage is far more common in the US afaik. Whereas most people elsewhere will use WhatsApp or whatever, nobody in my extended family uses anything but iMessage to communicate
Ah, yeah right, the US is still stuck in the 00s with that (and payment methods).
But iMessage doesn’t work on Android and by default the message will just fail if they have an Android phone and you use iMessage.
That is interesting. In Europe it just switches to text message automatically when sending to people with android.
In The Netherlands it doesn’t and last time I checked we are still part of Europe lol
Really? Mine defaults to SMS if they don’t receive it as an iMessage message. I can’t recall it ever failing, only a long while back I would get a failure that prompts me to send as SMS - and I’d do it. It’s automatic now.
Not sure how long iMessage has existed, but it never properly worked for me on any iPhone, and neither for my partner. I also helped others change the settings to just default to SMS. By default it doesn’t show that you need to send a SMS, and it definitely doesn’t retry it, at least not in NL.
Out of my 10 most recent client contacts, only one has used SMS. The rest are all iMessage.
Sure, that’s anecdotal. But I’m in the UK and this is my experience.
There
areexistmany, manybackdoors. Dont be naïveSource?
“Trust me bro” or “do your own research”.
The burden of proof is on the person making the claims - and as they haven’t backed it up with sources, I’d say it’s bullshit.
Snowden, historical documents about CIA, info from Chinese and Russian intelligence
I didn’t think any of that was backdoors. That was the government snooping on unencrypted communications.
None of those substantiated the existence of an Apple-made back door.
These things you write, they are not in any way substantiation of the claim that Apple doesn’t make backdoors.
That’s because it’s categorically impossible to prove a negative.
In theory you can learn mind reading from some fantasy universe and check every Apple person. Or ask a crystal ball. Or use some other way to collect full information about our universe, check every rabbit hole, so to say, and then confidently confirm “there’s no Apple backdoor here”. “Here” meaning this plane of existence.
In practice yes.
EDIT: Forgot - the “refused to cooperate” and “they have disagreements” things even in daily wisdom don’t change the probability of Apple having made backdoors. It’s PR. You most likely won’t learn it from the news if they do, in fact, cooperate.
Even in your made up scenario it doesn’t prove the negative. Maybe your mind reading didn’t work because Apple has a mind wiping device that made them forget. Maybe the crystal ball didn’t work because Apple made an even more powerful “crystal ball blocking” device. You can’t prove that’s not what’s really happening.
So no, you in fact can’t prove a negative.
With that additional detail in possibilities it’s also not possible to ever fully prove a positive.
My example was with an assumption that you have the full information. Hypothetically.
I’m not claiming they don’t. I’m pointing out the absurdity of calling somebody out for not doing the impossible.
I didn’t say “prove”, I used another word with bigger allowance. Of “likely backdoors vs likely not” kind. I wanted to say that their “public” conflicts with governments and their statements of the “trust us, we won’t sell you” kind are all worth nothing, because being caught lying won’t cost them anything.
What WOULD you consider evidence of them not having backdoors, then?
Everything FOSS and a good regular security audit