ThePhysicist 12 hours ago

Man, this is really the worst case we've been fearing in Germany as well, i.e. an overzealous government that wants access to the master decryption keys of any app using end-to-end encryption so they can backdoor them anytime they like. I really hope they have enough common sense left to reverse their course, and I have to say kudos to Apple for taking this fight.

chaz6 11 hours ago

Perhaps there is an app that makes using one-time pads simple. It is really the only way to be reasonably certain that your communication is protected. With storage so abundant it is feasible to share a 100MiB pad for each contact which should be enough for a lifetime of messages.

amelius 14 hours ago

[flagged]

  • Angostura 13 hours ago

    Except, in this case you have a US company that I honestly believe takes privacy seriously, fighting to prevent that stance being undermined by the UK government

    • redserk 13 hours ago

      The problem is if you want to back up the content of your device securely. Without ADP, you’re stuck sending it into iCloud in a way that allows a government to access the data.

      If you wanted to avoid potential prying eyes, you can’t backup the device over the internet to a storage location you own. You can sort of do this with photos, but it’s absolutely a kludge.

      Apple is only one US law away from completely shutting down Advanced Data Protection for everyone.

      • jacksnipe 12 hours ago

        Encrypted backups are an intractable technical problem. The key is on the device you’ve lost, so another copy of the key must be saved somewhere.

        There has to be an element of trust, or else the actual use case that 99.9% of users have — I lost my device and want to restore my <whatever> - can’t be met.

        It’s not like there’s some great alternative solution they’re intentionally neglecting.

        • like_any_other 12 hours ago

          > another copy of the key must be saved somewhere

          Like a password you memorize? Or write down on a piece of paper and store it somewhere safe?

          • gruez 12 hours ago

            Both will inevitably get lost/forgotten, especially if it's a password that isn't used on a regular basis. Even for regular backups users rarely test recovery protocols. They just turn it on and call it a day. Heck, sometimes even companies don't even bother doing it, and find out that their disaster recovery protocols aren't up to snuff after they've been ransomwared.

            • like_any_other 5 hours ago

              There's nothing inevitable about it. If a user would rather risk forgetting/losing a password, than governments covertly and cheaply spying on them, they can do that, and the problem is perfectly tractable. It's only intractable under the demented requirements of delegating all security to someone else, and at the same time expecting to be secure against the entity you have delegated all security to.

      • gruez 12 hours ago

        >If you wanted to avoid potential prying eyes, you can’t backup the device over the internet to a storage location you own. You can sort of do this with photos, but it’s absolutely a kludge.

        Use iTunes backup and then upload the files from your PC to an online storage provider of your choice?

      • danaris 12 hours ago

        > Apple is only one US law away from completely shutting down Advanced Data Protection for everyone.

        The problem with this is that it's universally applicable.

        Any cloud service that has end-to-end encryption today can be forced to break it if the jurisdiction in which they're based passes a law requiring it.

        "So use a self-hosted open-source cloud backup system with a VPS?" Not a scalable solution. I genuinely do not believe there is a scalable solution to this problem.

        All we can do is either pick the service we trust will remain safe the longest, or DIY it for ourselves and maybe those closest to us. And fight at the ballot box to end the era of ever-expanding government surveillance of everyone's digital data.

        • jacksnipe 12 hours ago

          That is, by definition, not e2e encrypted.

          • danaris 12 hours ago

            Sorry, which "that" are you referring to?

            If you mean this:

            > So use a self-hosted open-source cloud backup system with a VPS?

            then why not? It just needs to be set up to encrypt before upload, and decrypt after download, and have some means of sharing keys to other clients. Unless I'm being dumb and missing something?

            • jacksnipe 4 hours ago

              > Any cloud service that has end-to-end encryption today can be forced to break it if the jurisdiction in which they're based passes a law requiring it.

              If a 3rd party can be compelled to decrypt it, it’s not e2e encrypted.

    • conorjh 12 hours ago

      Apple regularly comply with Law Enforcement requests for customer data though...

      • gruez 12 hours ago

        What else are they supposed to do? Defy court orders? That's why they introduced ADP, which avoids this problem by making it impossible for them to comply.

  • oneplane 13 hours ago

    There is no silicon for useful laptops that isn't US-controlled or China-controlled. On top of that, there is no ISA or reference CPU that isn't US-based.

    In the future, we might have RISC-V, but right now, we don't. You can get laptops with Intel, AMD, ARM or IBM, and that's about it. All of the chips that are fast enough to be useful are US-based (in design and manufacturing instructions, but Asia-based in physical construction).

    Say you'd be more interested in something that looks/feels like it's not from the US, you are pretty much restricted to stuff that's from ODMs in Asia. But it's the same hardware from the same production facilities, running the same firmware and operating systems.

    • Havoc 13 hours ago

      >On top of that, there is no ISA or reference CPU that isn't US-based.

      ARM HQ is in Cambridge & owned by Japan (Softbank group)

      • oneplane 13 hours ago

        I suppose that's true. My mind was already on the likes of Qualcomm, Apple, Ampere and Broadcom but the base ISA and some of the reference designs used in public are indeed pure ARM (the company).

        Ideally there'd be a player like Fujitsu (also an ARM licensee), they can do an entire laptop where only the manufacturing and software is not in-house (they don't have the capacity to do that AFAIK). If you then slap some coreboot (or U-Boot) and linux on it, you'd be pretty close to a much less US-attached laptop.

        • robin_reala 13 hours ago

          You can get pure(ish)-China laptops if you’re willing to go that far to get away from the US. Hauwei have a range of laptops using HiSense ARM cores: https://qingyun.huawei.com/

          • oneplane 12 hours ago

            Didn't Samsung try to do the same? That'd be a Korean option if amelius has that in scope. Unless they are using Snapdragon for those of course.

  • traceroute66 12 hours ago

    > laptop of a non-US origin soon

    Maybe NitroPad[1] from Nitrokey (Germany) ?

    I don't think Fujitsu Siemens make PCs/Laptops any more, only servers. But that would have been an option as their factory is in Germany.

    [1] https://shop.nitrokey.com/shop?&search=nitropad

    • amelius 11 hours ago

      Thanks, and glad to see a comment that actually answers my question :) rather than telling me things like who Europeans should or should not trust.

      • rightbyte 9 hours ago

        Bringing up UK in the context made me worried about you.

        • amelius 7 hours ago

          Snowden made me worry a lot more about a lot of people.

  • itscrush 14 hours ago

    Certainly not the UK, they're spearheading much of the privacy problem.

  • rightbyte 13 hours ago

    Your own government is usually the biggest threat to your privacy. And namedropping the UK as some gov you would prefer from a privacy point of view is silly.

    • whynotmaybe 13 hours ago

      I don't have any gov app installed on my phone, though it came with the whole Google suite, Facebook and Instagram installed. And I can't remove it unless I root it.

      If you're in a country where the gov is a threat to your privacy, you're in a dictatorship.

      A democratic gov does not really care a lot about personal data, it only wants tax money.

      A private company cares a lot about personal data because each bit of personal information is sellable to anyone interested.

      • vladvasiliu 13 hours ago

        Didn't the UK have an issue with Apple the other day, trying to get some "backdoor" to icloud? Which prompted Apple to say they'd remove E2E encryption for those users?

        How's that tax related and not caring about personal data? Does that make the UK a dictatorship?

      • rightbyte 13 hours ago

        > If you're in a country where the gov is a threat to your privacy, you're in a dictatorship.

        Really? Nothing to hide?

        Any practical democracy does strange stuff.

    • londons_explore 12 hours ago

      > Your own government is usually the biggest threat to your privacy.

      Few people think of this. More should.

  • ohgr 13 hours ago

    The government or other parties will come and take your data wherever you are without a moment's notice. There is no defence against that.

    The objective should be to make that as hard as possible by not putting it somewhere you make it easy for them to do so without your knowledge or without legal due process.

    And that is NOT in some cloud.