Posts by matthew_d_green@ioc.exchange
(DIR) Post #AqsXO4whrC1TyzsZbU by matthew_d_green@ioc.exchange
2025-02-07T12:23:50Z
0 likes, 0 repeats
Apple hinted at this in a filing it made over a year ago to the U.K. government. https://publications.parliament.uk/pa/cm5804/cmpublic/InvestigatoryPowersAmendment/memo/IPAB10.htm
(DIR) Post #Ar8zKpU8YHygAuBt7A by matthew_d_green@ioc.exchange
2025-02-15T13:27:28Z
0 likes, 0 repeats
Seems like a lot of the NIST standards have gone missing.
(DIR) Post #ArLcVv3gOn0EkrcCau by matthew_d_green@ioc.exchange
2025-02-21T15:23:47Z
0 likes, 4 repeats
Apple has yanked Advanced Data Protection in the U.K. https://www.bbc.com/news/articles/cgj54eq4vejo
(DIR) Post #ArLcVzdHONqywQIgdM by matthew_d_green@ioc.exchange
2025-02-21T15:39:53Z
0 likes, 1 repeats
Additionally:"Apple can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature. ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices. We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy. Enhancing the security of cloud storage with end-to-end encryption is more urgent than ever before. Apple remains committed to offering our users the highest level of security for their personal data and are hopeful that we will be able to do so in the future in the United Kingdom. As we have said many times before, we have never built a backdoor or master key to any of our products or services and we never will.”
(DIR) Post #ArLwORXHlLjSFTAqw4 by matthew_d_green@ioc.exchange
2025-02-12T19:09:29Z
0 likes, 1 repeats
I wrote a bit more about the UK’s recent move to allegedly demand backdoors in Apple encryption. https://blog.cryptographyengineering.com/2025/02/12/u-k-asks-to-backdoor-icloud-backup-encryption/
(DIR) Post #ArMzOpa8r0iVqYLXyy by matthew_d_green@ioc.exchange
2025-02-21T20:38:19Z
0 likes, 0 repeats
One thing I’m seeing re: today’s Apple news is a lot of people blaming Apple. Saying that Apple is selling people out by withdrawing encryption features from the U.K. market. For example, here’s Tim Sweeney. I want to propose a different take.
(DIR) Post #ArMzOtldIEHkpLkmRs by matthew_d_green@ioc.exchange
2025-02-21T20:38:57Z
0 likes, 0 repeats
Let’s imagine the following hypothetical. Apple is not asked by the U.K. government to compromise encryption features for only U.K. users. They are asked, by the U.K. government, to compromise encryption features for iCloud users in countries all over the world, including the US.This would be an absolutely crazy request, by the way. It would put the U.K. in the position of controlling the maximum level of security available to any user anywhere in the world, and doing it *secretly*. If you engage with that request, there is no coming back.
(DIR) Post #ArMzOy11UwyO0Ez7zc by matthew_d_green@ioc.exchange
2025-02-21T20:39:53Z
0 likes, 0 repeats
If you’re Apple in this situation — keeping in mind that you’re dealing with laws that mandate total secrecy, and a government that mixes national security and criminal law — what’s your first move? My guess is that your best strategy is to flip the table.After all, if you disable the encryption feature at issue from all U.K. customers, to some extent the issue appears moot. (It’s not moot, of course. The U.K. would still be asking for access to non-U.K. users.) But it gives you a place you can work from.So I don’t know that this is where Apple is coming from. I *do* know that, despite some deserved criticisms (many from me) Apple has never seemed like a company that just wants to submit and turn off encryption. So I want to propose that maybe, just maybe there’s more here.
(DIR) Post #ArMzP2LNPDd9QWXRGy by matthew_d_green@ioc.exchange
2025-02-21T20:40:25Z
0 likes, 0 repeats
And the fact that there’s more at stake here may be important to you, since *your data* might be what’s at stake. //
(DIR) Post #Ardk9xjNWZZie31O40 by matthew_d_green@ioc.exchange
2025-03-01T17:03:52Z
0 likes, 0 repeats
So here’s a simple request to Apple. Apple iMessage needs to enable “disappearing messages.” And they need to do it soon. https://blog.cryptographyengineering.com/2025/03/01/dear-apple-add-disappearing-messages-to-imessage-right-now/
(DIR) Post #AsPkuiIlYNBsD4ADMe by matthew_d_green@ioc.exchange
2025-03-25T09:31:38Z
0 likes, 1 repeats
You should use Signal. Seriously. There are other encrypted messaging apps out there, but I don’t have as much faith in their longevity. In particular I have major concerns about the sustainability of for-profit apps in our new “AI” world.
(DIR) Post #AsPkuj0iuwLuPOjJse by matthew_d_green@ioc.exchange
2025-03-25T09:33:17Z
0 likes, 0 repeats
I have too many reasons to worry about this but that’s not really the point. The thing I’m worried about is that, as the only encrypted messenger people seem to *really* trust, Signal is going to end up being a target for too many people.Signal was designed to be a consumer-grade messaging app. It’s really, really good for that purpose. And obviously “excellent consumer grade” has a lot of intersection with military-grade cryptography just because that’s how the world works. But it is being asked to do a lot!Right now a single technical organization is being asked to defend (at least) one side in a major regional war, the political communications of the entire US administration, the comms of anyone opposed to them globally, big piles of NGOs, and millions of “ordinary” folks to boot.(There is no such thing as “ordinary user” cryptography BTW. Those ordinary users include CEOs, military folks, people doing many-million-dollar crypto trades through the app, etc. It’s a lot to put on one app and one non-profit.)On top of this, it’s only a matter of time until governments (maybe in the US or Europe) start putting pressure on the infrastructure that Signal uses — which is mostly operated by US companies. I’m not sure how this will go down but it’s inevitable.
(DIR) Post #AsPkunGT6LK7bO7wye by matthew_d_green@ioc.exchange
2025-03-25T09:34:06Z
0 likes, 1 repeats
I guess my takeaway (1) is: no matter what people say, actual privacy is one of the most valuable services in the entire world, (2) network effects ensure a winner, yet (3) it is a totally unstable balancing act for for-profit companies to provide this, long term.
(DIR) Post #AsPkurvNmAQa3RIgIy by matthew_d_green@ioc.exchange
2025-03-25T09:34:32Z
0 likes, 0 repeats
So there is one Signal Foundation doing the work that a dozen companies should be doing. No idea what to do about any of that.
(DIR) Post #AsYMofJsBrq5ji1R0y by matthew_d_green@ioc.exchange
2025-03-29T14:14:57Z
0 likes, 1 repeats
I just heard that a cryptography professor at Indiana University had his house raided and was fired. Don’t know much more. https://www.heraldtimesonline.com/story/news/local/2025/03/28/fbi-department-of-homeland-security-agents-search-house-in-bloomington-indiana/82710451007/
(DIR) Post #AsYMol1eyUprQxXySW by matthew_d_green@ioc.exchange
2025-03-29T14:20:48Z
0 likes, 0 repeats
House belonged to Xiaofeng Wang.
(DIR) Post #AsYMoq52BNVP6sAEue by matthew_d_green@ioc.exchange
2025-03-29T14:22:36Z
0 likes, 0 repeats
Xiaofeng’s profile is no longer available on IU sites. So here’s his Google Scholar. https://scholar.google.com/citations?user=pONu-5EAAAAJ&hl=en
(DIR) Post #AscSjlvDamc77eNaz2 by matthew_d_green@ioc.exchange
2025-03-31T16:25:05Z
2 likes, 1 repeats
The Indiana University chapter of the American Association of University Professors have written a letter demanding Dr. Xiaofeng Wang’s reinstatement.
(DIR) Post #AscmlJPWZ73OMJZCWu by matthew_d_green@ioc.exchange
2025-03-30T01:05:14Z
0 likes, 1 repeats
I am jumping down with frustration at our academic community. People: we cannot do anything if everyone is unaware of professors getting arrested for multiple weeks.
(DIR) Post #B2ZzwKvODD1JmFOQ0e by matthew_d_green@ioc.exchange
2026-01-23T13:59:23Z
0 likes, 2 repeats
Microsoft is handing over Bitlocker keys to law enforcement. https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/