Welcome! This is a community for all those who are interested in protecting their privacy.
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
Some of these are only vaguely related, but great communities.
Aside from regular users: Bad news for businesses that rely on such features, even if only for their compliance tickboxes. Or are those exempt?
Edit: so many more questions:
Apple is probably betting they can twist the UKs arm until they roll back the requirements. In the long run this is better for users.
For your first question, my guess would be its the largest fish. Proton probably has some users that harbor useful information but think about apples market dominace. It's massive. And as far as I know, proton doesn't have a business presence directly under UK jurisdiction; Apple has an enormous presence and billions in previous investments for employees and infrastructure there. Making it much easier to enforce those laws on them.
In other words, it's like living in the country versus living in another country. My home country will have a much easier time forcing laws on me than a country I'm not even living in.
I'm unable to answer your second question though. I don't know enough about legality.
malicious compliance?
it's the only way to maintain trust. as soon as you publicly compromise even a small part of the system the whole thing is worthless.
No, just regular keel over compliance.
Yeah, they should have taken a stand and been banned for breaking the law, that would have showed the government.
What's the alternative? Strong arm a democratically elected
even if stupid at times
government to change policy? That's a terrifying precedent.
The other alternative is to backdoor or otherwise compromise users in other jurisdictions. Glad they didn't do that.
The only way to add a backdoor to E2EE is to make it not E2E, so I don’t see how apple bad here, in this case. Can somebody clue me in?
You can add a switch inside the program which makes it give up its E2E encryption keys to some random third party who asks, who is able to demonstrate to the program's satisfaction that they are from the government. I don't know about this particular case, but that is the type of feature that governments periodically try to demand that software companies add to E2EE products, and it is exactly as bad an idea as it sounds like. And yes, Apple is being good by telling them "absolutely not." They have also said the same to the US government several times now.
Very, very occasionally, governments have succeeded in talking people into doing this. On every occasion that I know of, people who are not the government have started using the feature to eavesdrop on people's communications. Even though it means they have to lie to the software! I know, it's terrible, the things that people do in the modern world.
Thank you!
Eh, just doing it for the good PR I guess. UK is still going to get access to everyone's files through the NSA-to-UK pipeline.
I wouldn't be completely sure.
Lemmy conversational interchange in a nutshell lol
Lol I mean honestly if you believe that the governments allow people to use tech that they don’t have a backdoor in, I believe that’s good for your mental health. Just a bit naive is all.
Not everything that happens in every single software company, university, and so on, all across the land, is because the government has "allowed" it. For one thing, a lot of cryptography research and software development happens outside of "the" country, far from anywhere that "the" governments would be able to allow it or not.
Actually, the US government in the 90s actually did make a really substantial effort to make it illegal to use cryptography that they couldn't crack. Their efforts did not meet with universal success even before they abandoned them. That was the whole impetus behind T-shirts with the PGP source code (And tattoos! Seriously, one of my friends met somebody with a PGP source code tattoo, back when it was questionably legal to have one.) There are quotes by many many people about the limits of what the government is able to dictate to people that they are and are not able to do, even in very strict totalitarian societies.
You seem very confident in your opinion so I won't try to dissuade you from it any further. Just taking a little time to try to shed some light. There actually are ways you can find out about how this stuff works in reality, though, to at least a little bit of an extent. Like I said, the Snowden leaks are a really good and fascinating way.
Best of luck! Starting from a standpoint of total skepticism and suspicion of everything online-related and government-related probably isn't a bad place to start from, all things considered.
The governments doesn't control enough of the world's programmers to pull that off
Ask any competent cryptographer who read the docs and they'll tell you otherwise
(small sidenote: what the docs implied about cryptographic capabilities made it sound like they exploited weak reused Diffie-Hellman finite field primes - the description of advances in capabilities matched this outcome nearly exactly)
Feel free to visit [email protected] if you want to discuss details