←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
295 points djoldman | 3 comments | 06 Nov 24 13:48 UTC | HN request time: 0.599s | source
Show context
solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]
Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

replies(10): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #
tw04 ◴[06 Nov 24 15:59 UTC] No.42064286[source]
As soon as you start going down the rabbit hole of state sponsored supply chain alteration, you might as well just stop the conversation. There's literally NOTHING you can do to stop that specific attack vector.

History has shown, at least to date, Apple has been a good steward. They're as good a vendor to trust as anyone. Given a huge portion of their brand has been built on "we don't spy on you" - the second they do they lose all credibility, so they have a financial incentive to keep protecting your data.

replies(8): >>42065378 #>>42065849 #>>42065988 #>>42066649 #>>42067097 #>>42067858 #>>42068698 #>>42069588 #
talldayo ◴[06 Nov 24 17:05 UTC] No.42065378[source]
...in certain places: https://support.apple.com/en-us/111754

Just make absolutely sure you trust your government when using an iDevice.

replies(2): >>42066085 #>>42069163 #
spondyl ◴[06 Nov 24 20:50 UTC] No.42069163[source]
When it comes to China, it's not entirely fair to single out Apple here given that non-Chinese companies are not allowed to run their own compute in China directly.

It always has to be operated by a sponsor in the state who hold encryption keys and do actual deployments etc etc.

The same applies to Azure/AWS/Google Cloud's China regions and any other compute services you might think of.

replies(1): >>42069787 #
1. talldayo ◴[06 Nov 24 21:34 UTC] No.42069787[source]
It's entirely fair. Apple had the choice to stop pursuing business in China if they felt it conflicted with values they prioritized. Evidently it doesn't, which should tell you a lot about how accepting Apple is of this behavior worldwide.
replies(2): >>42070703 #>>42070732 #
2. musictubes ◴[06 Nov 24 22:43 UTC] No.42070703[source]
You don’t have to use iCloud. Customers in China can still make encrypted backups on their computers. I also believe, but please correct me if I’m wrong, that you can still do encrypted backups in China if you want.

All the pearl clutching about Apple doing business in China is ridiculous. Who would be better off if Apple withdrew from China? Sure, talldayo would sleep better knowing that Apple had passed their purity test, I guess that’s worth a lot right? God knows consumers in China would be much better off without the option to use iPhones or any other Apple devices. Their privacy and security are better protected by domestic phones I’m sure.

Seriously, what exactly is the problem?

3. astrange ◴[06 Nov 24 22:45 UTC] No.42070732[source]
iCloud E2E encryption (advanced data protection) works in China.

There are other less nefarious reasons for in-country storage laws like this. One is to stop other countries from subpoeanaing it.

But it's also so China gets the technical skills from helping you run it.