Privacy

@aral@mastodon.ar.al TBH the leak is the problem. If Apple could make credible in private that they would leave the UK market, the government could back down, in private.

That's just how diplomacy works. This isn't regulation but international relations between states.

But now it is public, neither side can back down without serious consequences.

@aral@mastodon.ar.al

It is worse than that. They could demand the cloud data for anyone, anywhere.

May be safer to not have an iPhone.

@aral@mastodon.ar.al I don't think Apple can even comply with this sort of request. They have never wavered on this and in fact have continued to make it even progressively more difficult with every major and even minor releases. One of my iCloud accounts (I created one for my former employer) is entirely self-managed via u2f/fido2 tokens, it doesn't use Apple's MFA at all, and i disable imessage in the cloud so they're not decrypted there. now what, guvner?

nothing stops them from doing police work does it?

@aral@mastodon.ar.al I'm willing to bet that it was another five eyes partner, like the US, who damanded the UK request this since we, shockingly, have the legal framework in place for it. I was really hoping that this new government would repeal this god awful law. I guess that is not happening now...

@aral@mastodon.ar.al The main problem is that they can do it. Encryption keys should be hosted and managed by the client or it can't be and shouldn't be trusted. Of course, that requires user ownership of the client device, which is a big NO-NO for apple.

@aral@mastodon.ar.al I don't get this. If Apple can provide this, it wasn't encrypted to begin with and they are likely already giving the info and this is just a PR campaign to adjust the public's expectations about these things.

If that cannot provide this, because it is encrypted with a key only the consumer can provide, then it's a moot point.

This is why I use @nextcloud@mastodon.xyz and host it myself.

@aral@mastodon.ar.al Given the public nature of the order from UKGov to Apple, I suspect this will mean criminals won't put their data on the platform and find other companies. Well, unless they are dumb ones like Trump.

This is the link to the act:

@aral@mastodon.ar.al and don't forget the lock picks… Where's no door, one can't pick its locks. Simple. 🤷‍♂️

@aral@mastodon.ar.al

Il faut impérativement maîtriser soi-même le processus de cryptage de A jusqu'à Z et ne pas laisser faire cela par aucun prestataire de services.

De cette façon il n'y a jamais de nécessité de backdoor.

On prend un algorithme public, tel que Aescrypt, on en prend une implémentation indépendante de tout service web, et on est le seul à connaître la clef.

Le secret doit résider dans la clef et non dans l'algorithme.

@aral@mastodon.ar.al

Apple's investors want a backdoor.

The House of Saud often uses American or UK proxies to preserve their interests & pursue dissidents

The fossil fuel industry is prepared to do anything to stop climate action.

@aral@mastodon.ar.al this is meant to force them to not offer it in GB. The intelligence agency doesn't want anyone to suspect that they have global zero day capability now.

@aral@mastodon.ar.al This is an act of war wit the public. The only the we can do is boycot all UK.

@aral@mastodon.ar.al
I wouldnt trust apple long term

They will huff and puff about the UK demand and make a great show of protecting privacy etc

But as soon as the US govt demands the same ( maybe already have?) , Apple will have a serious weighing up of costs/ benefits to apple, not customers and conclude that maybe they care more about the US govt than about their customers