Most active commenters
  • talldayo(4)
  • commandersaki(3)

←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
295 points djoldman | 38 comments | 06 Nov 24 13:48 UTC | HN request time: 0.004s | source | bottom
Show context
solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]
Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

replies(10): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #
1. tw04 ◴[06 Nov 24 15:59 UTC] No.42064286[source]
As soon as you start going down the rabbit hole of state sponsored supply chain alteration, you might as well just stop the conversation. There's literally NOTHING you can do to stop that specific attack vector.

History has shown, at least to date, Apple has been a good steward. They're as good a vendor to trust as anyone. Given a huge portion of their brand has been built on "we don't spy on you" - the second they do they lose all credibility, so they have a financial incentive to keep protecting your data.

replies(8): >>42065378 #>>42065849 #>>42065988 #>>42066649 #>>42067097 #>>42067858 #>>42068698 #>>42069588 #
2. talldayo ◴[06 Nov 24 17:05 UTC] No.42065378[source]
...in certain places: https://support.apple.com/en-us/111754

Just make absolutely sure you trust your government when using an iDevice.

replies(2): >>42066085 #>>42069163 #
3. afh1 ◴[06 Nov 24 17:31 UTC] No.42065849[source]
> There's literally NOTHING you can do to stop that specific attack vector.

E2E. Might not be applicable for remote execution of AI payloads, but it is applicable for most everything else, from messaging to storage.

Even if the client hardware and/or software is also an actor in your threat model, that can be eliminated or at least mitigated with at least one verifiably trusted piece of equipment. Open hardware is an alternative, and some states build their entire hardware stack to eliminate such threats. If you have at least one trusted equipment mitigations are possible (e.g. external network filter).

replies(1): >>42066004 #
4. ferbivore ◴[06 Nov 24 17:39 UTC] No.42065988[source]
Apple have name/address/credit-card/IMEI/IMSI tuples stored for every single Apple device. iMessage and FaceTime leak numbers, so they know who you talk to. They have real-time location data. They get constant pings when you do anything on your device. Their applications bypass firewalls and VPNs. If you don't opt out, they have full unencrypted device backups, chat logs, photos and files. They made a big fuss about protecting you from Facebook and Google, then built their own targeted ad network. Opting out of all tracking doesn't really do that. And even if you trust them despite all of this, they've repeatedly failed to protect users even from external threats. The endless parade of iMessage zero-click exploits was ridiculous and preventable, CKV only shipped this year and isn't even on by default, and so on.

Apple have never been punished by the market for any of these things. The idea that they will "lose credibility" if they livestream your AI interactions to the NSA is ridiculous.

replies(4): >>42069201 #>>42069206 #>>42069568 #>>42070213 #
5. warkdarrior ◴[06 Nov 24 17:39 UTC] No.42066004[source]
E2E does not protect metadata, at least not without significant overheads and system redesigns. And metadata is as important as data in messaging and storage.
replies(1): >>42066083 #
6. afh1 ◴[06 Nov 24 17:43 UTC] No.42066083{3}[source]
> And metadata is as important as data in messaging and storage.

Is it? I guess this really depends. For E2E storage (e.g. as offered by Proton with openpgpjs), what metadata would be of concern? File size? File type cannot be inferred, and file names could be encrypted if that's a threat in your model.

replies(2): >>42066793 #>>42067070 #
7. jayrot ◴[06 Nov 24 17:43 UTC] No.42066085[source]
>Just make absolutely sure you trust your government

This sentence stings right now. :-(

8. natch ◴[06 Nov 24 18:15 UTC] No.42066649[source]
As to the trust loss, we seem to be already past that. It seems to me they are now in the stage of faking it.
9. mbauman ◴[06 Nov 24 18:22 UTC] No.42066793{4}[source]
The most valuable "metadata" in this context is typically with whom you're communicating/collaborating and when and from where. It's so valuable it should just be called data.
replies(1): >>42066915 #
10. fsflover ◴[06 Nov 24 18:28 UTC] No.42066915{5}[source]
How is this relevant to the private cloud storage?
replies(1): >>42067399 #
11. ◴[06 Nov 24 18:37 UTC] No.42067070{4}[source]
12. hulitu ◴[06 Nov 24 18:38 UTC] No.42067097[source]
> History has shown, at least to date, Apple has been a good steward.

cough* HW backdoor in iPhone cough*

replies(1): >>42069415 #
13. Jerrrrrrry ◴[06 Nov 24 18:56 UTC] No.42067399{6}[source]
No point in storing data if it is never shared with anyone else.

Whom it is shared with can infer the intent of the data.

replies(1): >>42069525 #
14. vlovich123 ◴[06 Nov 24 19:26 UTC] No.42067858[source]
Strictly speaking there's homomorphic encryption. It's still horribly slow and expensive but it literally lets you run compute on untrusted hardware in a way that's mathematically provable.
replies(2): >>42069609 #>>42069845 #
15. ◴[06 Nov 24 20:19 UTC] No.42068698[source]
16. spondyl ◴[06 Nov 24 20:50 UTC] No.42069163[source]
When it comes to China, it's not entirely fair to single out Apple here given that non-Chinese companies are not allowed to run their own compute in China directly.

It always has to be operated by a sponsor in the state who hold encryption keys and do actual deployments etc etc.

The same applies to Azure/AWS/Google Cloud's China regions and any other compute services you might think of.

replies(1): >>42069787 #
17. lurking_swe ◴[06 Nov 24 20:53 UTC] No.42069201[source]
> They made a big fuss about protecting you from Facebook and Google, then built their own targeted ad network.

What kind of targeting advertising am i getting from apple as a user of their products? Genuinely curious. I’ll wait.

The rest of your comment may be factually accurate but it isn’t relevant for “normal” users, only those hyper aware of their privacy. Don’t get me wrong, i appreciate knowing this detail but you need to also realize that there are degrees to privacy.

replies(1): >>42070119 #
18. Tagbert ◴[06 Nov 24 20:54 UTC] No.42069206[source]
They have not been punished because they have not abused their access to that data.
replies(1): >>42069642 #
19. evgen ◴[06 Nov 24 21:08 UTC] No.42069415[source]
cough bullshit cough

Don't try to be subtle. If you are going to lie, go for a big lie.

20. fsflover ◴[06 Nov 24 21:16 UTC] No.42069525{7}[source]
Backups?
replies(1): >>42070331 #
21. commandersaki ◴[06 Nov 24 21:19 UTC] No.42069568[source]
> If you don't opt out, they have full unencrypted device backups, chat logs, photos and files.

Also full disk encryption is opt-in for macOS. But the answer isn't that Apple wants you to be insecure, they just probably want to make it easier for their users to recover data if they forget a login password or backup password they set years ago.

> real-time location data

Locations are end to end encrypted.

replies(1): >>42070921 #
22. sunnybeetroot ◴[06 Nov 24 21:20 UTC] No.42069588[source]
Didn’t Edward reveal Apple provides direct access to the NSA for mass surveillance?

> allows officials to collect material including search history, the content of emails, file transfers and live chats

> The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

> It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

https://www.theguardian.com/world/2013/jun/06/us-tech-giants...

replies(2): >>42069904 #>>42070700 #
23. commandersaki ◴[06 Nov 24 21:21 UTC] No.42069609[source]
Yeah the impetus for PCC was that homomorphic encryption wasn't feasible and this was the best realistic alternative.
24. sunnybeetroot ◴[06 Nov 24 21:23 UTC] No.42069642{3}[source]
Some might call this abuse: https://news.ycombinator.com/item?id=42069588
25. talldayo ◴[06 Nov 24 21:34 UTC] No.42069787{3}[source]
It's entirely fair. Apple had the choice to stop pursuing business in China if they felt it conflicted with values they prioritized. Evidently it doesn't, which should tell you a lot about how accepting Apple is of this behavior worldwide.
replies(2): >>42070703 #>>42070732 #
26. romac ◴[06 Nov 24 21:37 UTC] No.42069845[source]
And they are pushing in that direction: https://machinelearning.apple.com/research/homomorphic-encry...
27. theturtletalks ◴[06 Nov 24 21:42 UTC] No.42069904[source]
Didn’t Apple famously refuse the FBI’s request to unlock the San Bernardino’s attacker’s iPhone. FBI ended up hiring an Australian company which used a Mozilla bug that allows unlimited password guesses without the phone wiping.

If the NSA had that info, why go through the trouble?

replies(2): >>42069938 #>>42072847 #
28. talldayo ◴[06 Nov 24 21:44 UTC] No.42069938{3}[source]
> If the NSA had that info, why go through the trouble?

To defend the optics of a backdoor that they actively rely on?

If Apple and the NSA are in kahoots, it's not hard to imagine them anticipating this kind of event and leveraging it for plausible deniability. I'm not saying this is necessarily what happened, but we'd need more evidence than just the first-party admission of two parties that stand to gain from privacy theater.

29. talldayo ◴[06 Nov 24 21:58 UTC] No.42070119{3}[source]
> What kind of targeting advertising am i getting from apple as a user of their products?

https://searchads.apple.com/

https://support.apple.com/guide/iphone/control-how-apple-del...

  In the App Store and Apple News, your search and download history may be used to serve you relevant search ads. In Apple News and Stocks, ads are served based partly on what you read or follow. This includes publishers you’ve enabled notifications for and the type of publishing subscription you have.
replies(1): >>42072261 #
30. threeseed ◴[06 Nov 24 22:06 UTC] No.42070213[source]
It's disingenuous to compare Apple's advertising to Facebook and Google.

Apple does first party advertising for two relatively minuscule apps.

Facebook and Google power the majority of the world's online advertising, have multiple data sharing agreements, widely deployed tracking pixels, allow for browser fingerprinting and are deeply integrated into almost all ecommerce platforms and sites.

31. Jerrrrrrry ◴[06 Nov 24 22:15 UTC] No.42070331{8}[source]
yes, got me there.

but i feel in the context (communication/meta-data inference) that is missing the trees for the forest

32. astrange ◴[06 Nov 24 22:42 UTC] No.42070700[source]
That seemed to be puffery about a database used to store subpoena requests. You have "direct access" to a service if it has a webpage you can submit subpoenas to.
33. musictubes ◴[06 Nov 24 22:43 UTC] No.42070703{4}[source]
You don’t have to use iCloud. Customers in China can still make encrypted backups on their computers. I also believe, but please correct me if I’m wrong, that you can still do encrypted backups in China if you want.

All the pearl clutching about Apple doing business in China is ridiculous. Who would be better off if Apple withdrew from China? Sure, talldayo would sleep better knowing that Apple had passed their purity test, I guess that’s worth a lot right? God knows consumers in China would be much better off without the option to use iPhones or any other Apple devices. Their privacy and security are better protected by domestic phones I’m sure.

Seriously, what exactly is the problem?

34. astrange ◴[06 Nov 24 22:45 UTC] No.42070732{4}[source]
iCloud E2E encryption (advanced data protection) works in China.

There are other less nefarious reasons for in-country storage laws like this. One is to stop other countries from subpoeanaing it.

But it's also so China gets the technical skills from helping you run it.

35. dwaite ◴[06 Nov 24 23:02 UTC] No.42070921{3}[source]
> Also full disk encryption is opt-in for macOS. But the answer isn't that Apple wants you to be insecure, they just probably want to make it easier for their users to recover data if they forget a login password or backup password they set years ago.

"If you have a Mac with Apple silicon or an Apple T2 Security Chip, your data is encrypted automatically."

The non-removable storage is I believe encrypted using a key specific to the Secure Enclave which cleared on factory reset. APFS does allow for other levels of protection though (such as protecting a significant portion of the system with a key derived from initial password/passcode, which is only enabled while the screen is unlocked).

replies(1): >>42072248 #
36. commandersaki ◴[07 Nov 24 01:25 UTC] No.42072248{4}[source]
Yeah its a bit nuanced. You're correct encryption is automatic, but the key is unprotected unless you enable FileVault, which is the opt-in bit I was talking about.

So by default it is easy to recover data on a mac.

37. luqtas ◴[07 Nov 24 01:27 UTC] No.42072261{4}[source]
so just stocks, apps and news? their hardware quality unsnarl me with their performance per watt every time i need to flee from civilization and program Java on Nepalese caves for _THREE_ days without plugging into a power outlet. i accept the compromise and their word on my data!

/s

38. tkz1312 ◴[07 Nov 24 02:50 UTC] No.42072847{3}[source]
FBI already had full access to the unencrypted icloud backup from a few days prior.