←back to thread

Private Cloud Compute Security Guide

(security.apple.com)

295 points djoldman | 1 comments | 06 Nov 24 13:48 UTC | HN request time: 0.208s | source

Show context

solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]▶

>>42062230 (OP) #

Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

replies(10): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #

1. isodev ◴[06 Nov 24 17:57 UTC] No.42066343[source]▶

Indeed, the attestation process, as described by the article, is more geared towards unauthorized exfiltration of information or injection of malicious code. However, "authorized" activities are fully supported where that means signed by Apple. So, ultimately, users need to trust that Apple is doing the right thing, just like any other company. And yes, it means they can be forced (by law) not to do the right thing.