Teaching National Security Policy with AI (steveblank.com)
21 points by enescakir 3h ago 10 comments
CompactLog – Solving CT Scalability with LSM-Trees (github.com)
24 points by Eikon 6h ago 9 comments
Scientific Papers: Innovation or Imitation? (johndcook.com)
59 points by tapanjk 13h ago 23 comments
A Formal Analysis of Apple's iMessage PQ3 Protocol [pdf]
161 luu 134 5/9/2025, 2:54:45 AM usenix.org ↗
https://eprint.iacr.org/2024/1395
iMessage with PQ3 Cryptographic Protocol - https://news.ycombinator.com/item?id=39453660 - Feb 2024 (267 comments)
[1] https://support.apple.com/en-us/102651#:~:text=in%20iCloud%2...
1. That their messages won't be lost when they migrate between devices.
2. That their messages won't be lost when their device is stolen and they set up the new one from nothing but a password.
3. That Apple's password recovery flows work like any other password recovery flows, AKA that forgetting your password is a minor inconvenience, to be overcome at the Apple Store at worst, not a data loss disaster.
4. That they don't have to spend $$$ on some strange device called a "Yoobby Key", which they don't understand and will lose anyway.
There's no way to satisfy those demands and have your desired level of security, hence why iCloud backup encryption is a strictly opt-in feature.
There are tradeoffs to be made here, and Signal made different tradeoffs, which makes it significantly more secure but also significantly more annoying to use for somebody whose main life interest isn't figuring out why tech works the way it does. Apple does the best it can under the constraints they are given.
False. Google has done it with their backups. And Apple already does it too! Keychain passwords, health data, and a lot of other stuff is end-to-end encrypted in backups even when ADP is disabled, with recovery options if you lose your devices, no yubikey required. They simply choose not to apply the same solution to message data.
Unlike the account password that users need only once in a blue moon, users are required to practice entering their screen lock code at least once a week to continue using their device. Probably more often in most cases. And it's much shorter.
Chrome sync also supports e2ee, and using it requires that you set a sync passphrase that is separate from your Google account password. The account password is known to Google servers and so can't be used to secure e2ee data. The screen lock code, in contrast, is never stored in a form accessible to Google.
^: I concede that this might be an acceptable thing to assume they won't get to forget. At the same time, I don't think this is a worthwhile encryption given the average 4-6 digit passcode length because you do not have the ability to mix in on-device keys (otherwise backups can't restore in other devices without another key).
Here's that link again: https://security.googleblog.com/2018/10/google-and-android-h...
Google provides it: https://news.ycombinator.com/item?id=43933626
Truth be told, I don't think most users even care that the company their messenger comes from can read their messages. All of the people I chat to on Telegram seem absolutely fine with it. I begrudgingly accept their chats (I don't want to be that guy that people need to install a special app for to communicate with, as much as I'd like Matrix or XMPP to succeed).
And to be honest, who cares if Apple's backups are encrypted. They can push a software update to undo that encryption any time they want to. The only people you need to protect your backups from are criminals (but that's what your password and 2FA is for) and law enforcement ("but I'm not a criminal! I have nothing to hide!"). You can't use Apple's phone/Facebook's messenger without accepting the risk that Apple/Facebook will undo all the security they claim to have added to their software.
Of course this is true, but it's such a reductive view of the broader security picture.
If messages are plaintext, they can be leaked by a hacker, accessed by an insider, not wiped from some drives they throw out for recycling... None of these attack vectors require the provider being evil, so removing them already reduces your exposure by a lot.
Secondly, if you're being targeted by hackers that have already gotten into the messaging provider, looking at some rows in a database is waaay easier and safer than somehow sneaking exhilaration code into the next release build of the app.
Finally, if your main adversary are government agents with a warrant, there is a huge legal difference between forcing the company to ship malicious code (possibly to all users) and simply printing out a few rows in a database. IIRC Apple has already won at least once in US court on this exact point.
I used to think this was because they were intimidated by law enforcement, but they claimed otherwise. The recent UK attempt to backdoor Advanced Data Protection has made me believe them a bit less.
But it’s all or nothing and has to be applied to the entire account.
To some degree sure, but the real issue with Signal is the app UX royally sucks, not having to do much with security trade-offs per se.
I've seen many non-technical end users use Signal, immediately upon trying it, with no problems. I've never seen someone have a problem.
I understand that our opinions don't agree, so I cite Apple's market research and design decision to bolster my case.
But I will stop there. Maybe just peddle your BS to ask folks to shut up elsewhere. Who are you even to know whom I know or not?
Also, is government spying the only reason Apple decrypts messages? We don't know. They don't disclose that they do it for the government, but we know they do from other sources. What other purposes might they not be disclosing?
You mean the one that by default is a 4 digit number and therefore trivially brute forcable?
And neither android hardware nor the google servers have any kind of secure element enforcing brute force protections like '3 tries then we wipe the keys'.
I don't know why you would say this when it is obviously false. https://security.googleblog.com/2018/10/google-and-android-h...
One can't implement brute force protections without such a UI...
"You need to wait 5 minutes" isn't sufficient for a 4 digit pin...
https://www.reddit.com/r/samsung/comments/13nnphc/delete_pho...
Otherwise you can simply say "yeah, we power cycled you and now the year is 100,000, can I have another guess?"
I don't see any mention of that functionality in any public documentation.
(Relying on wall clock time caused a bug in an early iOS version of this feature, where it would show a really long delay when the clock was reset, and there was no way to set the clock correctly)
And that’s with a power cycle, so 14,000 a day? I’ll not going to assume the button will last more than 100,000 presses, so I don’t see many combinations being tried.
The Titan M chip is present on all Pixel devices:
https://grapheneos.org/faq#encryption
Do you consider all security to be a joke then? If you send me a message, how will you actually guarantee that I do not make a copy of it once it's on my own computer?
So what secure communication system should we be using given that none of them can guarantee that the recipient doesn't leak information to another country by choosing to use a compromised version of the client?
That's great, naming those would have been better though since it would have actually answered the question.
> With Advanced Data Protection, the number of data categories that use end-to-end encryption rises to 25 and includes your iCloud Backup,...
> iCloud Backup (including device and Messages backup) (3)
> (3) .... Advanced Data Protection: iCloud Backup and everything inside it is end-to-end encrypted, including the Messages in iCloud encryption key.
On Google, the Google Drive and Photo are encrypted to a key owned by google.
On iCloud, the iCloud Drive and Photo are encrypted to your account key. In which, without ADP, this key is shared with Apple. When ADP is enabled, Apple does not store this key. iCloud Backup is stored with the same technology as iCloud Drive.
When it comes to lost password account recovery:
- Google can just reset your password, and your drive and photo are still accessible. All barrier are procedural, not technical.
- iCloud (with ADP), they can still reset your password, but then your icloud drive and icloud photo are loss forever.
There are some trade off ..:
- Lost password recovery experience. _Some_ user will lost their password anyway. How high should the bar be?
- Cloud first? or local device first with cloud backup?
- Are you giving the cloud data same protection as local device?
In google's solution, they put the google drive data at risk...
In apple's solution, it need extra steps to ensure you have proper account recovery flow covered.
In fact I would say calling iMessage an e2ee system is false advertising until this is corrected. Reasonable people would assume that an Apple system advertised as e2ee would make an effort to prevent Apple servers from having the keys to decrypt most iMessages, while the reality is with these defaults it's likely that a large majority of iMessages can be decrypted by Apple servers at will.
The simple fact of the matter is that if I have ADP enabled, my chats should be excluded from the backups of those I'm communicating with (it should be as an opt-in basis at the very least).
Not having this renders ADP useless for the purpose of its stated threat model.
Why can you reach into my phone and wipe data you sent to me?
Why are _you_ the final arbiter?
Once you send a message it is _out of your hands_. You do not own that message. You do not have the right to dictate to others what they can do with what you send to them. That’s life, that’s reality.
If you want to be able to delete your sent messages from other’s devices, there are many apps out there that can provide it to you and both you and the person you are talking to can go in “eyes wide open” to what you agreeing to (I can delete messages I sent to you and you have no record).
The potential for abuse of this is high and the vast majority of users would _not_ want this feature. The same way that mostly people probably shouldn’t use ADP due to the risks, this type of feature will cause way more issues IMHO. It doesn’t take much imagination to get to “Grandpa pressed the wrong button and deleted years (decades) of conversation from everyone’s phone”.
I am not interesting my normal conversations potentially disappearing. That was not the agreement that we had and changing the rules later on that is gross to me. If you want disappearing chats or the ability to wipe all the messages you’ve sent there are other apps (with their own pitfalls, what if I keep my phone offline and never get the update to clear out your conversations?).
https://www.youtube.com/watch?v=BLGFriOKz6U&t=26m50s
(Be sure to watch through the section from 34m to 36m...)
sure, reminder 'Apple pays millions to woman after explicit photos posted online'
'Technicians posted the private photos and video from her iPhone after she sent it to Apple for repair, according to legal documents'
https://www.telegraph.co.uk/business/2021/06/06/apple-pays-m...
For some people it isn't a concern and that's fine, just so long as we acknowledge that it is a real and legitimate concern for other people, and that's also fine.
The gap between perception and reality when it comes to Apple as a “privacy champion” has never been so big as it is today.
You can still turn everything compromising off and end up with a device secured to paranoid levels. That's definitely more than an empty promise, or what other vendors provide.
Does it really? There is no option to use my own hardware/software for backup storage. I mean what would usually go to icloud.
That i would really trust.
So to me the answer is no.
That’s pretty much exactly what all the other vendors in the market provide: insecure and spying by default.
I don’t really understand why Apple should somehow get good points for their stance on privacy when they are actually doing pretty much the same thing than everyone else.
Users want convenience, and security always brings inconveniences (e.g., inter-client sync, no chat data before a client logged in first time, etc.).
Some vendors might provide convenience because they want to have your data. Others might provide you the convenience because you as a user want it, but see the resulting data as nothing but a liability.
Some providers are known to have the majority of their business be based around such data, whereas others might have little to no presence in that field.
Honest question, apart for the marketing, why?
Does Apple collect your data? Yes. Does Apple operate an advertising platform and give itself a large amount of rights on your data for advertisement purpose? Yes. Is Apple an American company and therefore subject to the non sensical and draconian USA spying laws? Yes.
I don’t really see how Apple is better than Google here. Both are pretty much equally bad.
Google's primary business is and have always been ads, and they practically invented the kind of global tracking we have all come to know and hate. Google actively tries to expand tracking and ad exposure to their own benefit. See the Google TV Streamer home screen as an example of their ad behaviors.
Apple has a miniscule ad business, and from the estimates I can find, the money in that is just a fraction of the Google search sponsorship they get (which counts towards the revenue of the same "services" bracket as their own ads). Apple actively tries to limit tracking, pissing other ad companies like Meta off. See the Apple TV home screen as an example of their ad behaviors.
In general, having access to data and using it are entirely orthogonal, and many companies that have your data consider it a liability they would much rather be without - it's just sometimes hard to provide a service without data passing through, and not everything can reasonably be E2E (either for technical or UX reasons).
They're expanding it: https://www.axios.com/2024/11/19/apple-news-ads-direct-sales...
> many companies that have your data consider it a liability they would much rather be without - it's just sometimes hard to provide a service without data passing through
Apple collects much more data than needed for the service. They also make it practically impossible to use the phones without giving a ton of personal information:
https://news.ycombinator.com/item?id=39927657
And once more, you're conflating access to information and spying.
So what's the difference? In this particular case, the access is unwanted and unnecessary, i.e. it very much looks like spying to me.
> There's a big difference between "expanding miniscule business unit" and
Apple is a for-profit company, not a charity. They collected a ton of personal data on everyone and are continuously expanding their ad business. How naive you must be to trust that they're on the side of users forever? It's the same discussion on HN every time: https://news.ycombinator.com/item?id=39928611
If you fail to understand that holding or processing user data as part of providing a service is different from making a business out of selling and/or analyzing said user data, then there isn't much to discuss.
Does a small ad business use personal data? Sure, but there sure are differences in how and the extend. How blind you must be to not see that.
Did you read my link? The Apple's data collection is far beyond what they need to provide the service. Unlike the doctor. This is my main point.
> Does a small ad business use personal data?
Again, you are missing the point. Look at the trend, not the current state. The ad business is expanding, and you can't be sure that it stays small for long. See also: enshittification, https://pluralistic.net/2025/02/26/ursula-franklin/
I don't believe this is the case. Apple generally prefers to diminish the importance and risks of specific actions unless they have some monetary advantage. e.g. Apple is happy to warn you (multiple times) that an alternative marketplace is "dangerous" and yet iMessage iCloud Backups are just a click away with a friendly "so your messages are available everywhere".
Another example is Photos - Apple has no problem activating features that collect "anonymized" information from my pictures. Yes, there is an opt-out, but having all that on by default is not in the spirit of a privacy-minded operation.
And about the choice - someone already pointed out in other comments, there really is no way to replace iCloud with anything else for backups and app data sync. So the choice is not really a choice.
Same reason FileVault isn't on by default on macs.
Apple could do a lot to promote this feature to more advanced users, but they don’t. I don’t believe for a second this decision is unrelated to the government pressure they’ve been receiving from the UK.
The best analogy I can give is the way Apple gradually raised MFA from an optional feature with 1-2% adoption to a recommended feature that had majority adoption (even if it was not required.) They did this by heavily encouraging users to turn the feature on during setup, and then bugging them about it after setup. Apple is capable of encouraging and advertising security features it cares about, even when there’s risk.
1. Legacy devices are going away naturally. I doubt the number of Apple accounts with legacy (iOS/Mac) devices and routine iCloud usage is anywhere near a majority, and I assume the number drops every year. You can test for this condition whenever a user adds a new device, and encourage adoption for people who don't have this problem.
2. Apple already requires that you have backup phones and emails for MFA. They could easily enforce recovery contacts as a basic requirement for any new iOS device (even if ADP isn't turned on) and measure the stability of those relationships over time, until they're confident that these recovery relationships are viable. This would probably reduce their support costs as well.
3. Apple has a tool called "Safety Check" that's designed to help you secure your device. Last I checked, ADP isn't recommended or even mentioned by the tool as an option. This seems like an obvious place where Apple could boost understanding and knowledge about ADP, but they've chosen not to.
So yes, I do think there's quite a bit more that Apple could do. I think it's unfortunate that people believe that Apple is not currently downplaying this feature globally due to the UK mess, because that is certainly what they are doing.
Maybe people think that was all for show but I’m struggling to think of other examples of massive companies saying that so publicly/firmly. See also, all the times the police/FBI/etc have complained or even tried to force Apple to provide a backdoor.
All that said, I guess a, very legitimate, argument could be made that if Apple provided ways to swap out iCloud for whatever service you wanted then there might be an escape hatch of sorts even if iCloud was compromised/limited.
Would be a shame if they claimed they can’t decrypt but an old back up had the keys to the kingdom
I can't sign into Apple Music on Android because it doesn't support security keys – small price to pay.
Also, even if you enable ADP Apple can likely still read the vast majority of your messages in other people's default-non-e2ee backups. The bad default is the problem here.
"No, not like that." :O) But seriously, you can also just turn off iCloud Backups for Messages. (iCloud > Storage > Messages > Turn Off and Delete from iCloud)
> …otherwise they need to stop falsely advertising iMessage as a strong e2ee system when it literally uploads its encryption keys to Apple by default.
iMessage is E2EE, but iCloud Backup is not, which I understand is a distinction probably not well understood by most HN readers, much less your average consumer.
It's all Apple software on Apple software and Apple's responsibility to match user expectations based on the claims Apple makes. No reasonable person would expect that Apple intentionally retains the ability to decrypt the majority of iMessage communications given their marketing of iMessage as e2ee.
It's extremely common for Apple services to be encrypted in transit and on Apple's servers by default, and additionally also at rest when you opt into ADP (which is how you say "I want E2EE and understand the ramifications of that" in the Apple Cinematic Universe).¹ As you noted, for the average consumer, ADP² is overkill and therefore a terrible default.³
¹ https://support.apple.com/en-us/102651 ² https://support.apple.com/guide/security/advanced-data-prote... ³ https://news.ycombinator.com/item?id=43934995
ADP doesn't need to be default for iMessage to be e2ee. Keychain passwords are e2ee without ADP. So is health data. Even Memoji are e2ee in backups! And I believe they can be restored even if you lose all your devices, using the same technique Google uses in their system. Apple could literally turn it on for iMessage tomorrow using the same infrastructure. Every day they are deliberately choosing not to.
Not quite. You can still have automatic local backups set up for iOS and macOS devices to your own NAS. And that NAS can then do cloud backups of whatever is on it in any way you want. It's certainly more effort than the stock iCloud solution, but it's still an option.
I'm willing to bet that the number of people who have ever set all of that up as described is in the triple digits worldwide. A rounding error.
So the only case that is relatively unusual is having the Mac back up to a local NAS, but that's only because NAS themselves are a power user thing. Still, turnkey ones like Synology etc are much more common than "triple digits worldwide", and if you have a Mac and a NAS, why wouldn't you set up Time Machine to backup to said NAS?
macOS yes, but iOS?
iTunes (or Mac OS's built-in iPhone sync) is the recommended way to do this, although the protocol has been reverse-engineered to hell and back and third-party software exists for it. iMazing is the most notable one, although there are probably others, and you could hack something on top of libimobiledevice if you really wanted to.
Getting those backups from your computer to the NAS is an exercise for the reader.
The fact that this is so unintuitive that I had to explain it and I am only 95% sure I got it right is precisely the problem.
For Notes, I've migrated to Obsidian since I couldn't find a reliable backup method for Apple Notes.
Messages is tricky - I just screenshot anything important since it's so tightly integrated with Apple's ecosystem. Most of my important conversations happen on WhatsApp anyway, which lets me export anything I need to preserve.
Would be very interested in this.
It's also the same way ProtonMail encrypts their email. They have to store the private key for you to be able to use the email on any browser.
Only enabling ADP, disabled by default and unavailable in UK, makes it like you describe.
Of course iCloud backup is itself optional. But Apple gives you and the people you're messaging no other option for cloud backups. ADP actually encrypts your backups, but since it defaults to off your messages are almost certainly still readable by Apple thanks to the keys stored in other peoples' backups.
No, if you do not use “Messages in iCloud” then your iMessage private key does not leave your device.
If the messages were still protected by e2ee with key storage only on your devices then it would specify that in the table. Some other data types like keychain passwords and Memoji are in fact protected by e2ee even when ADP is not enabled, and the table reflects that. Messages do not fall in the category of e2ee without ADP.