undefined | Better HN

0 pointsmhowland9y ago0 comments

No need to do in transit. I mean iMessage could simply proxy all http/https requests post decryption in iMessage, pre-request.

At the end of the day this privacy trade off (apple gets your browsing info) is probably more secure than an embedded webview that could potentially be exploited and is auto-loaded. Similar to how Chrome alerts of malicious sites...I see this as a long term larger attack vector than privacy leakage.

0 comments

pfg9y ago

The URL being disclosed to Apple was what I was getting at, which would happen with any approach that involves Apple performing the request on behalf of the user. I don't think the trade-off you're describing is necessary given that the sender could prepare the preview.

j / k navigate · click thread line to collapse

0 pointsmhowland9y ago0 comments

No need to do in transit. I mean iMessage could simply proxy all http/https requests post decryption in iMessage, pre-request.

0 comments

pfg9y ago

j / k navigate · click thread line to collapse