undefined | Better HN

0 pointshn_throwaway_991y ago0 comments

But that's literally the entire point of this article. That is, in this day and age, when people talk about "secure messaging apps" they are usually implying end-to-end encryption, which Telegram most certainly is not for the vast majority of usages.

0 comments

KennyBlanken1y ago

Also, iMessage is very secure...but then all your stuff is backed up on iCloud servers unless you specifically disable it. That includes all your iCloud encryption keys and plaintext messages.

Worse, iPhones immediately start backing up to iCloud when set up for a new user - the only way to keep your network passwords and all manner of other stuff from hitting iCloud servers is to set the phone up with no network connection or even a SIM card installed.

Did I mention there's no longer a SIM slot, so you can't even control that?

And that iPhones by default if they detect a 'weak' wifi network will switch to cellular, so you can't connect the phone to a sandboxed wifi network?

You shouldn't have to put your phone in a faraday cage to keep it from uploading plaintext versions of your private communications and network passwords.

jofla_net1y ago

Well summed-up. Its crazy how efficient theese things are at working together to strip users of any agency or control, across many different domains.

ummonk1y ago

That is the correct default. Every day users are far more likely to accidentally lose their data than to run into government snooping.

codedokode1y ago

If that is the correct default then why Telegram is blamed for having non-E2E chats by default? Maybe they also care about users who can accidentally lose their conversations. When Apple does it, it is good, but when Telegram or TikTok do the same, it is bad and not secure.

2 more replies

fsflover1y ago

It might be the correct default, but it doesn't make it secure (makes it insecure actually).

glitchc1y ago

> That includes all your iCloud encryption keys and plaintext messages.

Are these stored encrypted or in the clear? If the latter, please cite your source.

wrs1y ago

They are stored encrypted but whether Apple has the key depends on whether you've turned on "Advanced Data Protection" (aka "I don't expect Apple to bail me out when I lose access to all my devices"). The table in this support article details the treatment of various data categories under the two options:

https://support.apple.com/en-us/102651

The default for many categories is that your keys are in iCloud so Apple can recover them for you. With Advanced turned on, the keys are only on your personal devices. A few categories, like the keychain, are always only on your devices.

Specifically, see Note 3: "If you use both iCloud Backup and Messages in iCloud, your backup includes a copy of the Messages in iCloud encryption key to help you recover your data." Under normal protection, Apple has the key to your backups, but with Advanced they don't.

1 more reply

ants_everywhere1y ago

Apple devices are also always gossiping about which devices are where

kaba01y ago

Which is one of the best features. I wouldn’t mind having an option to disable it, but then you also don’t get the advantage of others’ phones finding your device.

xattt1y ago

Luckily, microwave ovens make easy Faraday cages.

talldayo1y ago

15 seconds on low, then 120 seconds on high.

Oh, you meant... oh.

anizan1y ago

laf every image you take on an iphone is sent to apple server regardless of it being in icloud or not.

zagfai1y ago

iMessage only encrypted messages in RSA 1280, why do you think it is very secure?..

walterbell1y ago

iCLoud can be disabled by MDM profile installed by Apple Configurator at setup.

codedokode1y ago

Looks like an easy task, even your granny can do it.

1 more reply

codetrotter1y ago

Can I enroll my personal iPhone in MDM myself? And if I can have MDM with just my personal phone, do I need to buy some kind of subscription for it from Apple? Or pay some third-party?

I thought MDM was only for enterprise businesses and schools and universities, but I may very well be mistaken about that.

2 more replies

codedokode1y ago

Many companies in the industry mislead users about encryption and just try to use it as a buzzword to attract customers. Take Apple, as example. Apple cloud backups are not E2E encrypted by default (like Telegram chats), and even if you opt into E2E encryption, contact list and calendar won't be E2E encrypted anyway [1].

Yet, Apple tries to create an image that iPhone is a "secure" device, but if you use iCloud, they can give your contact list to government any time they want.

Apple by default doesn't use E2E for cloud backups, and Telegram doesn't use E2E for chats by default. So Telegram has comparable level of security to that of the leaders of the industry.

[1] https://support.apple.com/en-us/102651

j / k navigate · click thread line to collapse

0 comments

KennyBlanken1y ago

Also, iMessage is very secure...but then all your stuff is backed up on iCloud servers unless you specifically disable it. That includes all your iCloud encryption keys and plaintext messages.

Did I mention there's no longer a SIM slot, so you can't even control that?

And that iPhones by default if they detect a 'weak' wifi network will switch to cellular, so you can't connect the phone to a sandboxed wifi network?

You shouldn't have to put your phone in a faraday cage to keep it from uploading plaintext versions of your private communications and network passwords.

jofla_net1y ago

Well summed-up. Its crazy how efficient theese things are at working together to strip users of any agency or control, across many different domains.

ummonk1y ago

That is the correct default. Every day users are far more likely to accidentally lose their data than to run into government snooping.

codedokode1y ago

2 more replies

fsflover1y ago

It might be the correct default, but it doesn't make it secure (makes it insecure actually).

glitchc1y ago

> That includes all your iCloud encryption keys and plaintext messages.

Are these stored encrypted or in the clear? If the latter, please cite your source.

wrs1y ago

https://support.apple.com/en-us/102651

1 more reply

ants_everywhere1y ago

Apple devices are also always gossiping about which devices are where

kaba01y ago

Which is one of the best features. I wouldn’t mind having an option to disable it, but then you also don’t get the advantage of others’ phones finding your device.

xattt1y ago

Luckily, microwave ovens make easy Faraday cages.

talldayo1y ago

15 seconds on low, then 120 seconds on high.

Oh, you meant... oh.

anizan1y ago

laf every image you take on an iphone is sent to apple server regardless of it being in icloud or not.

zagfai1y ago

iMessage only encrypted messages in RSA 1280, why do you think it is very secure?..

walterbell1y ago

iCLoud can be disabled by MDM profile installed by Apple Configurator at setup.

codedokode1y ago

Looks like an easy task, even your granny can do it.

1 more reply

codetrotter1y ago

Can I enroll my personal iPhone in MDM myself? And if I can have MDM with just my personal phone, do I need to buy some kind of subscription for it from Apple? Or pay some third-party?

I thought MDM was only for enterprise businesses and schools and universities, but I may very well be mistaken about that.

2 more replies

codedokode1y ago

Yet, Apple tries to create an image that iPhone is a "secure" device, but if you use iCloud, they can give your contact list to government any time they want.

Apple by default doesn't use E2E for cloud backups, and Telegram doesn't use E2E for chats by default. So Telegram has comparable level of security to that of the leaders of the industry.

[1] https://support.apple.com/en-us/102651

j / k navigate · click thread line to collapse