←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
398 points djoldman | 1 comments | 06 Nov 24 13:48 UTC | HN request time: 0.234s | source
Show context
solarkraft ◴[06 Nov 24 15:40 UTC] No.42063965[source]
Sibling comments point out (and I believe, corrections are welcome) that all that theater is still no protection against Apple themselves, should they want to subvert the system in an organized way. They’re still fully in control. There is, for example, as far as I understand it, still plenty of attack surface for them to run different software than they say they do.

What they are doing by this is of course to make any kind of subversion a hell of a lot harder and I welcome that. It serves as a strong signal that they want to protect my data and I welcome that. To me this definitely makes them the most trusted AI vendor at the moment by far.

replies(13): >>42064235 #>>42064286 #>>42064293 #>>42064535 #>>42064716 #>>42066343 #>>42066619 #>>42067410 #>>42068246 #>>42069486 #>>42073933 #>>42078582 #>>42088020 #
tw04 ◴[06 Nov 24 15:59 UTC] No.42064286[source]
As soon as you start going down the rabbit hole of state sponsored supply chain alteration, you might as well just stop the conversation. There's literally NOTHING you can do to stop that specific attack vector.

History has shown, at least to date, Apple has been a good steward. They're as good a vendor to trust as anyone. Given a huge portion of their brand has been built on "we don't spy on you" - the second they do they lose all credibility, so they have a financial incentive to keep protecting your data.

replies(9): >>42065378 #>>42065849 #>>42065988 #>>42066649 #>>42067097 #>>42067858 #>>42068698 #>>42069588 #>>42078686 #
afh1 ◴[06 Nov 24 17:31 UTC] No.42065849[source]
> There's literally NOTHING you can do to stop that specific attack vector.

E2E. Might not be applicable for remote execution of AI payloads, but it is applicable for most everything else, from messaging to storage.

Even if the client hardware and/or software is also an actor in your threat model, that can be eliminated or at least mitigated with at least one verifiably trusted piece of equipment. Open hardware is an alternative, and some states build their entire hardware stack to eliminate such threats. If you have at least one trusted equipment mitigations are possible (e.g. external network filter).

replies(3): >>42066004 #>>42073091 #>>42079308 #
1. godelski ◴[07 Nov 24 03:33 UTC] No.42073091[source]

  > E2E(E)
I assume you wanted the second E

But no, this might not be enough. If you have full control over the device, especially at the hardware level, then you got nothing. The data has to go from “not encrypted” to “encrypted” at some point. Yes, this is best if it’s on device. Even better if it is encrypted on and in memory. But can you read it? If so, there’s access. You don’t need to break encryption if you get it before, after decryption, or can just read the screen.

Security is not a binary thing. It’s not ever perfect. It is “make it really fucking hard to break or get around.” But if you can get it down to needing to infect the supply chain then you’re doing really good. Because at that point the governments are looking for it and are not going to allow those devices at least for themselves (yes, it’s the governments putting the stuff in but you know… there’s more than one government and devices don’t stay in one border…)