←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
295 points djoldman | 5 comments | 06 Nov 24 13:48 UTC | HN request time: 0.65s | source
Show context
solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]
Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

replies(10): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #
tw04 ◴[06 Nov 24 15:59 UTC] No.42064286[source]
As soon as you start going down the rabbit hole of state sponsored supply chain alteration, you might as well just stop the conversation. There's literally NOTHING you can do to stop that specific attack vector.

History has shown, at least to date, Apple has been a good steward. They're as good a vendor to trust as anyone. Given a huge portion of their brand has been built on "we don't spy on you" - the second they do they lose all credibility, so they have a financial incentive to keep protecting your data.

replies(8): >>42065378 #>>42065849 #>>42065988 #>>42066649 #>>42067097 #>>42067858 #>>42068698 #>>42069588 #
1. sunnybeetroot ◴[06 Nov 24 21:20 UTC] No.42069588[source]
Didn’t Edward reveal Apple provides direct access to the NSA for mass surveillance?

> allows officials to collect material including search history, the content of emails, file transfers and live chats

> The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

> It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

https://www.theguardian.com/world/2013/jun/06/us-tech-giants...

replies(2): >>42069904 #>>42070700 #
2. theturtletalks ◴[06 Nov 24 21:42 UTC] No.42069904[source]
Didn’t Apple famously refuse the FBI’s request to unlock the San Bernardino’s attacker’s iPhone. FBI ended up hiring an Australian company which used a Mozilla bug that allows unlimited password guesses without the phone wiping.

If the NSA had that info, why go through the trouble?

replies(2): >>42069938 #>>42072847 #
3. talldayo ◴[06 Nov 24 21:44 UTC] No.42069938[source]
> If the NSA had that info, why go through the trouble?

To defend the optics of a backdoor that they actively rely on?

If Apple and the NSA are in kahoots, it's not hard to imagine them anticipating this kind of event and leveraging it for plausible deniability. I'm not saying this is necessarily what happened, but we'd need more evidence than just the first-party admission of two parties that stand to gain from privacy theater.

4. astrange ◴[06 Nov 24 22:42 UTC] No.42070700[source]
That seemed to be puffery about a database used to store subpoena requests. You have "direct access" to a service if it has a webpage you can submit subpoenas to.
5. tkz1312 ◴[07 Nov 24 02:50 UTC] No.42072847[source]
FBI already had full access to the unencrypted icloud backup from a few days prior.