https://old.reddit.com/r/privacy/comments/pcb3ej/a_timely_reminder_that_apple_can_read_your/ jump to content my subreddits edit subscriptions * popular * -all * -random * -users | * AskReddit * -pics * -funny * -gaming * -news * -worldnews * -explainlikeimfive * -movies * -todayilearned * -videos * -IAmA * -askscience * -TwoXChromosomes * -aww * -mildlyinteresting * -Jokes * -LifeProTips * -Art * -nottheonion * -Music * -Showerthoughts * -tifu * -science * -gifs * -books * -dataisbeautiful * -OldSchoolCool * -Futurology * -space * -DIY * -food * -nosleep * -announcements * -UpliftingNews * -history * -gadgets * -sports * -creepy * -EarthPorn * -WritingPrompts * -InternetIsBeautiful * -GetMotivated * -Documentaries * -photoshopbattles * -philosophy * -listentothis * -blog more >> privacy privacy * comments * other discussions (3) Want to join? Log in or sign up in seconds.| * English [ ][] [ ]limit my search to r/privacy use the following search parameters to narrow your results: subreddit:subreddit find submissions in "subreddit" author:username find submissions by "username" site:example.com find submissions from "example.com" url:text search for "text" in url selftext:text search for "text" in self post contents self:yes (or self:no) include (or exclude) self posts nsfw:yes (or nsfw:no) include (or exclude) results marked as NSFW e.g. subreddit:aww site:imgur.com dog see the search faq for details. advanced search: by author, subreddit... this post was submitted on 26 Aug 2021 2,019 points (98% upvoted) shortlink: [https://redd.it/pcb3] [ ][ ] [ ]remember mereset password login ATF Submit a new link Submit a new text post Get an ad-free experience with special benefits, and directly support Reddit. get reddit premium privacy joinleave1,203,153 readers 1,478 users here now Dedicated to the intersection of technology, privacy, and freedom in the digital world. "I don't have anything to hide but I don't have anything I want to show you either" - @CryptopartyBLN "Privacy is not a sign of wrongdoing. Privacy is a sign of freedom." - /u/blackhawk_12 Subreddit Rules and Wiki ^(updated ^2019-02-28) Before posting in /r/privacy, read the Sidebar Rules. Enjoy our Wiki! It has all sorts of nifty advice and explains most topics you're interested in if you're reading this. Latest 2020-05-01 Reddit has implemented a new Chat feature, that for now, doesn't allow Subreddits to opt out. These chat rooms are unmoderated and form a risk vector. Anyone using the r/Privacy Chat feature should exercise due caution. Do Not Share PII While Chatting! 2019-01-09 I think... I think we're going to have 400,000 subscribers soon, and that's all kinds of awesome! [DEL:2018-09-20::DEL] [DEL:I think... I think we're going to have 100,000 subscribers this week and that's all kinds of awesome.:DEL] Ongoing * Learn how to spot fake news so you can focus on the facts and protect yourself from fictions. * Before you use the "I have nothing to hide" argument please read this paper--all of it. If you can't find the time, then this article should at least get you thinking about why privacy matters. * Why surveillance is not OK * Cory Doctorow "On the Upcoming Privacy Wars" * Glenn Greenwald's 2014 TED Talk, "Why Privacy Matters" * The Electronic Frontier Foundation's, "Surveillance Self-Defense" * EFF's, "Digital Privacy at US Borders Guide" * Continuing discussion about frustrating the efforts of organizations that spy on citizens and consumers. Suggested Software Note this section has software that is under ongoing development. No one solution can guarantee your anonymity. * Tor Browser Bundle, a pre-configured web browser intended to protect your anonymity when used with safe browsing practices. * Tails - a live system that aims at preserving your privacy and anonymity * Prism Break we don't necessarily endorse all their software choices Related Subreddits: * /r/EuroPrivacy * /r/PrivAussie * /r/privacytoolsIO/ * /r/netsec * /r/Onions * /r/Tor * /r/Tails * /r/Whonix * /r/i2p * /r/GnuPG * /r/crypto * /r/NSALeaks * /r/freespeech * /r/CryptoCurrency * /r/vpn * /r/Firefox Donate Consider donating to one of the organizations that fight for your rights. Org Name ACLU American Civil Liberties Union EFF Electronic Frontier Foundation EPIC Electronic Privacy Information Center EDRi European Digital Rights FSF Free Software Foundation ORG Open Rights Group Tor Tor Torservers high bandwidth Tor exit nodes Privacy building the global movement for the protection of International privacy. a community for 13 years BTF MODERATORS * message the mods * Moderator list hidden. Learn More discussions in r/privacy <> X * 33 comments Why You Suddenly Need To Delete Google Chrome 340 * 48 comments Apple's new Private Relay is leaking your original address through WebRTC. 803 * 68 comments Chinese Police Kept Buying Cellebrite Phone Crackers After Cellebrite Said It Ended Sales. The Israeli company purportedly left China last year. The subsequent sales of its products there could cloud its impending IPO. 99 * 6 comments An Explosion in Geofence Warrants Threatens Privacy Across the US 77 * 12 comments Using FireFox w/ DuckDuckGo search engine vs. using DDG as browser on it's own? 2020 * 282 comments A timely reminder that Apple can read your iMessages (even though they're E2E encrypted) 30 * 3 comments 20 Years of Privacy: A brief History of I2P 4 * 4 comments Privacy/Confidential paid/subscription based open source project (filestorage and database) 61 * 15 comments Little-Known Federal Software Can Trigger Revocation of Citizenship 40 I2P Celebrates it's 20th Year on Linux's 30th birthday as well! Show your love and support over at r/i2p. Welcome to Reddit, the front page of the internet. Become a Redditor and join one of thousands of communities. x 2018 2019 2020 A timely reminder that Apple can read your iMessages (even though they're E2E encrypted) (self.privacy) submitted 1 day ago * by SwingRedLine[gold_48][5izbv4fn0m]2 [silver_48]3 This is a reminder, in light of the current discussion surrounding privacy and encryption, that under certain circumstances your iMessages can be read by Apple or by the government. Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple. Source This means that if you enable both iCloud backup and iCloud iMessage all of your iMessages can be decrypted and read by anyone. TO BE CLEAR, Apple WILL share your decryption key with the authorities in response to subpoena. This is an example: https://i.imgur.com/stMWX1P.jpg In this example, all of my Message activity is encrypted using a key derived from my device passcode and uploaded to iCloud. That encryption happens on-device. It is stored in iCloud encrypted. Because iCloud backup is turned off, in this example, that key is NOT part of my iCloud backup (which I don't have) and therefore is NOT stored on Apple servers. If someone, including Apple, were to look at my Messages stored on iCloud all they would see is encrypted garbage. If you were to turn on iCloud backup, and leave the iMessage toggle on, Apple and the government would be able to read all of your iMessages, despite claims that they are "end-to-end" encrypted. Everyone should be using Signal. Signal for iOS: https://apps.apple.com/us/app/ signal-private-messenger/id874139669 Signal for Android (the best package name): https://play.google.com/ store/apps/details?id=org.thoughtcrime.securesms Signal for desktop: https://signal.org/download/ ETA: /u/divideitall and /u/PNM3327 correctly point out all parties must disable iCloud backup. If one party leaves it enabled the whole message chain will be stored. Move to signal * 282 comments * share * save * hide * report top 200 commentsshow all 282 sorted by: best topnewcontroversialoldrandomq&alive (beta) [ ] Want to add to the discussion? Post a comment! Create an account [-]divideitall 783 points784 points785 points 1 day ago[vu6om0xnb7] [5izbv4fn0m] (58 children) The kicker here is that, even if you have iCloud backup disabled, the party you are messaging would also need to have it disabled, since the messages could also be in their backup. It is much safer to use signal, as OP suggests. * permalink * embed * save * report * give award * reply [-]SwingRedLine[S] 315 points316 points317 points 1 day ago (19 children) Correct. Shit I forgot about that. jesus. You're right * permalink * embed * save * parent * report * give award * reply [-]Washington_Nationals 17 points18 points19 points 1 day ago (8 children) But if the govt/whoever has access to the other party's device, they have your texts then don't they? Even with Signal There's no foolproof method here * permalink * embed * save * parent * report * give award * reply [-]Katholikos 58 points59 points60 points 1 day ago (0 children) In this scenario, the gov doesn't have access to either device. They're asking Apple for all of their data on you. They receive your encrypted messages, as well as the decryption key. * permalink * embed * save * parent * report * give award * reply [-]kdokdo 4 points5 points6 points 1 day ago (2 children) Signal encryption has plausible deniability. * permalink * embed * save * parent * report * give award * reply [-]lostlikeyou 2 points3 points4 points 1 day ago (1 child) How's that? * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]sixfourch 1 point2 points3 points 1 day ago (2 children) Signal will never back up your encrypted messages anywhere, and once they're sent, they're sent, so if both parties have Signal clients that honestly interpret the burn-on-read setting, even if an adversary forces you to reveal your Signal PIN, no previous messages will be compromised. (I also don't know, but suspect, that if you restore from a Signal PIN, the generated key would probably be useless for decrypting or verifying previously sent messages.) If your adversary has obtained the unencrypted signal database of your conversation partner, they will have a data file that claims to have messages from you in it. When other commenters mention that Signal is "plausibly deniable," what they mean is that your private key can't be used to cryptographically verify these messages in your conversation partner's Signal database. However, an adversary that was monitoring both of your device traffic to Signal would be able to show that message timestamps corresponded to a time that both of you connected to the Signal servers. I don't know of any juries that have been convinced of anyone's innocence (or of the unreliability of any evidence) on the basis of cryptographic deniability. There is usually enough other evidence to make it clear that the messages are real. The foolproof method would be to implement the Signal protocol over a higher-latency batched model where you only connected once per hour, and the messages went over something like a mix network, where messages weren't timestamped. In this case, there would be no other evidence that you were actually conversing with your conversation partner, just from the messaging app. Of course, this is still vulnerable if your conversation partner, or other people you both know, provides that evidence. It's still better to use Signal, because the likelihood of your iMessage conversation partner having the key escrow feature enabled is, IMO, higher than the likelihood of an adversary compromising an unencrypted Signal database. This would mean they would have to take your phone from you while Signal was unlocked. This is never the case while the device is locked, and you can configure a timeout so that Signal will re-lock its database even if your device is unlocked if you haven't used it after some amount of time. * permalink * embed * save * parent * report * give award * reply load more comments (2 replies) [-]secur3gamer 0 points1 point2 points 1 day ago* (8 children) Either I'm missing something, or your skipping a vital step. To decrypt messages, you would need the passcode / password in combination with the key itself, correct? Are you implying that Apple are able to bypass this? I'm not trying to defend Apple, and I definitely wouldn't defend their current push for CSAM, I'm trying to understand because if they are able to decrypt messages freely that defeats the whole purpose of E2E encryption. Edit: Wow, Apple do not encrypt data at-rest for iCloud backups... Data Encryption Encryption contd. In transit On server iCloud.com Yes - * permalink * embed * save * parent * report * give award * reply [-]SwingRedLine[S] 21 points22 points23 points 1 day ago (0 children) You're missing something. The passcode on your device is used to derive the decryption key, but it's the decryption key that decrypts. Otherwise if you lost your phone, as they say, you couldn't restore the messages. * permalink * embed * save * parent * report * give award * reply load more comments (7 replies) load more comments (1 reply) [-]Alternative_Lie_8974 4 points5 points6 points 1 day ago (1 child) The kicker here is that, even if you have iCloud backup disabled, the party you are messaging would also need to have it disabled, since the messages could also be in their backup. It is much safer to use signal, as OP suggests. In that case, Apple would only have access to the copy of the conversation with that particular person though, right? So if all your other contacts had iCloud backup disabled then, all those conversations would not be available. * permalink * embed * save * parent * report * give award * reply [-]divideitall 6 points7 points8 points 1 day ago (0 children) Yes, you are correct! * permalink * embed * save * parent * report * give award * reply [-]4david50 20 points21 points22 points 1 day ago (21 children) Even if you use Signal, you still depend on the other person not being an idiot. What if they get searched by police and they have fingerprint unlock enabled, now the police can see your messages to them. * permalink * embed * save * parent * report * give award * reply [-]dweet 40 points41 points42 points 1 day ago (3 children) Set a timer for your messages if you're worried about people you're messaging being idiots. * permalink * embed * save * parent * report * give award * reply load more comments (3 replies) [-]joyloveroot 6 points7 points8 points 1 day ago (16 children) How does fingerprint unlock enabled the police to see messages in signal? * permalink * embed * save * parent * report * give award * reply [-]4david50 29 points30 points31 points 1 day ago (15 children) In the US you can be compelled to use fingerprint unlock without a warrant * permalink * embed * save * parent * report * give award * reply [-]sophware 16 points17 points18 points 1 day ago (11 children) https://ios.gadgethacks.com/how-to/ keep-law-enforcement-out-your-iphone-your-privacy-intact-0194999/ I'm going to sleep, otherwise I'd post more about this and the arguments around it. Suffice it to say, I'm glad I know how to quickly, temporarily make my phone require a password. Do your research! * permalink * embed * save * parent * report * give award * reply [-]roshi256 8 points9 points10 points 1 day ago (5 children) I've heard about kids using their parents finger to unlock devices while they were sleeping. Same with nosy spouses. Happy dreams. * permalink * embed * save * parent * report * give award * reply [-]noman_032018 2 points3 points4 points 1 day ago (4 children) Enable logs and check them. That kind of breach of trust is not something that can just be swept under the rug. If you have reason to suspect... * permalink * embed * save * parent * report * give award * reply [-]roshi256 1 point2 points3 points 1 day ago (0 children) I don't have to worry about that stuff personally but when I was a kid I'd always get away with stuff by asking my mom for permission to do something while she was napping and half awake she'd say 'yes' to get me to go away and I'd go watch an R rated movie or something. * permalink * embed * save * parent * report * give award * reply [-]donalduck 1 point2 points3 points 1 day ago (2 children) How do you enable logs of face id/touch id? * permalink * embed * save * parent * report * give award * reply [-]noman_032018 0 points1 point2 points 1 day ago (1 child) For Apple devices it's... more problematic because devtools (which include hardware because Apple cashgrabbing) are definitely not cheap, but here's how. On Android it's as simple as plugging it into a USB host and using adb to pull out the logs. Seeing applications being used or closed while the phone was supposed to be locked would be enough to know something's wrong. * permalink * embed * save * parent * report * give award * reply [-]donalduck 1 point2 points3 points 1 day ago (0 children) Thank you then i just need to install Apple Configurator 2 * permalink * embed * save * parent * report * give award * reply [-]stratus41298 1 point2 points3 points 1 day ago (4 children) Android has a 'lockdown mode' that accomplishes a similar thing. You have to enable it in settings first but an option will show go next to reboot and power off. I use it at work when I plan to get up for a while and don't want to wait for my lock timer. * permalink * embed * save * parent * report * give award * reply [-]tails618 1 point2 points3 points 1 day ago (3 children) Why not just... Hit the lock button? E: when you're at work. I understand the purpose for quickly disabling biometric auth, but that doesn't seem necessary at work. * permalink * embed * save * parent * report * give award * reply load more comments (3 replies) [-]joyloveroot 6 points7 points8 points 1 day ago (0 children) Wow, such a fascinating loophole/technicality that is counterintuitive to the spirit of the 5th amendment... * permalink * embed * save * parent * report * give award * reply [-]AnonymousGrifter 2 points3 points4 points 1 day ago (0 children) Same in many European countries! * permalink * embed * save * parent * report * give award * reply [-]ComprehensiveTurn656 0 points1 point2 points 1 day ago (0 children) All the reason for passcodes. I've never used finger print or facial recognition on any of my devices. 1 touch factory resets are good to have on a device also. * permalink * embed * save * parent * report * give award * reply [-]drdaz 4 points5 points6 points 1 day ago (3 children) Technically true, but they'd need to have decrypted the other party's backup first to know that. Assuming they're not just decrypting everybody's stuff, the other party would need to be under investigation too. Seems to me there's a fairly low likelihood this becomes an issue. * permalink * embed * save * parent * report * give award * reply [-]divideitall 7 points8 points9 points 1 day ago* (2 children) What makes this a problem is that iMessage metadata is not protected like the content is. This article on iMessage by apple states: Metadata, such as the timestamp and APNs routing information, isn't encrypted. [DEL:APN = Access Point Name. These are the details like your phone number/ip address, that are used to actually deliver the message to your device over the internet or cellular network.:DEL] APNs = Apple Push Notification service. What this means is that the metadata from your account can be used to identify who you have sent iMessages to. Those individuals will then become suspects, which can then lead to additional subpoenas for their iCloud backups and metadata. Those subpeonas may or may not result in the acquisition of clear text iMessages, depending on whether those accounts had iCloud backup enabled... * permalink * embed * save * parent * report * give award * reply [-]drdaz 4 points5 points6 points 1 day ago (1 child) That's not what APNs means * permalink * embed * save * parent * report * give award * reply [-]divideitall 3 points4 points5 points 1 day ago (0 children) Ah, yep, I used the cellular definition of APN, you are right. Appreciate the correction. * permalink * embed * save * parent * report * give award * reply [-]point2blank 6 points7 points8 points 1 day ago (1 child) You forgot about the "No face, no case" defense. * permalink * embed * save * parent * report * give award * reply [-]InnerChemist 1 point2 points3 points 1 day ago (0 children) Nice thing about face is if that you can make it require attention - if you aren't looking at the phone, it won't unlock. * permalink * embed * save * parent * report * give award * reply [-]likeabuginabug 2 points3 points4 points 1 day ago (0 children) I pointed out the same for WhatsApp due to its own backup issues a while back and the person I was talking to said "well just make all your contacts turn off backups???" As if it's that easy. * permalink * embed * save * parent * report * give award * reply [-]CreedThoughts43 1 point2 points3 points 1 day ago (1 child) What if you turn off iMessage? * permalink * embed * save * parent * report * give award * reply [-]divideitall 26 points27 points28 points 1 day ago (0 children) Turning off iMessages would cause your messages to send as SMS/MMS over the cellular network. SMS/MMS are not end to end encrypted, and can be obtained from the carrier via subpoena. Additionally, SMS/MMS messages are also included in your iCloud backup if you have "Messages" ticked. iMessages does have issues, as stated in this post, but it is more secure than SMS/MMS. * permalink * embed * save * parent * report * give award * reply [-]typescriptDev99 2 points3 points4 points 1 day ago (0 children) :O fuuuuuuck * permalink * embed * save * parent * report * give award * reply [-]Naive_Inspection8183 0 points1 point2 points 1 day ago (0 children) Smart * permalink * embed * save * parent * report * give award * reply [-]Repania 0 points1 point2 points 1 day ago (0 children) Good point. And even if the other party followed the same steps, Apple could just upload your keys to iCloud anyway since they own the proprietary code that runs client side. * permalink * embed * save * parent * report * give award * reply load more comments (2 replies) [-]PNM3327 110 points111 points112 points 1 day ago (0 children) Most importantly, even if you go through this entire process to disable the cloud backups it becomes worthless if the person you're messaging hasn't done the same * permalink * embed * save * report * give award * reply [-]turd_burglar7 62 points63 points64 points 1 day ago (16 children) Wish Linux phones would hurry the fuck up and be a viable option. Haven't tried them myself, just everything I've read has said they are still a ways off from being usable. Until then the best option is a De-Googled Android phone. * permalink * embed * save * report * give award * reply [-]Golisten2LennyWhite 14 points15 points16 points 1 day ago (5 children) Pine64 has a cool watch and phone. Physical switching for turning off camera microphone etc * permalink * embed * save * parent * report * give award * reply [-]Lutrijk 11 points12 points13 points 1 day ago (4 children) The hardware is there. The software is not though, unfortunately. If all a person needs however is basic telephony then it's a viable option as long as you're OK with a 4 hour battery life (and I don't mean a 4 hour Screen On Time - just 4 hours of being on in general) then it'll work fine. * permalink * embed * save * parent * report * give award * reply [-]badRooibus 2 points3 points4 points 1 day ago (0 children) Yeah, not really a practical replacement for modern smartphones (if that's what you're looking for of course). * permalink * embed * save * parent * report * give award * reply [-]Golisten2LennyWhite 2 points3 points4 points 1 day ago (2 children) The pine watch is the shit. I got it for 27 bucks shipped and it's hackable and very functional. I have texts, calling, music control, pedometer, watch faces, games, heart bpm... it's really been cool to load different things like wasp os and try out non stock options. Also battery life is almost a week. * permalink * embed * save * parent * report * give award * reply [-]Lutrijk 0 points1 point2 points 1 day ago (0 children) It is pretty great for sure. It's unfortunate that it's Android only at the moment, but there are a couple of projects to bring it to iOS. * permalink * embed * save * parent * report * give award * reply [-]flamenwerger 7 points8 points9 points 1 day ago (0 children) Nokia N900 says hi * permalink * embed * save * parent * report * give award * reply [-]Maximilian_13 3 points4 points5 points 1 day ago (7 children) De-Googled Android phones are mostly broken for people who use a lot of "commercial" Apps, as they heavily depend on Google Services. And MircoG is just a workaround, I don't think it's a viable solution in my opinion. * permalink * embed * save * parent * report * give award * reply [-]Logical_Painter5998 3 points4 points5 points 1 day ago (1 child) GrapheneOS sandboxed Google services have been working well the past few days for me. Just swapped over. * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]MysteriousPumpkin2 0 points1 point2 points 1 day ago (4 children) Why isn't MicroG viable? * permalink * embed * save * parent * report * give award * reply [-]iamGobi 0 points1 point2 points 1 day ago (3 children) Safetynet fails * permalink * embed * save * parent * report * give award * reply [-]apetranzilla 5 points6 points7 points 1 day ago (0 children) Not many apps use safetynet though, it's only really Google pay and such iirc, which you presumably wouldn't be using anyways * permalink * embed * save * parent * report * give award * reply load more comments (2 replies) load more comments (1 reply) [-]Silent_but-deadly 67 points68 points69 points 1 day ago (2 children) Gee. So what is apple privacy good for. I mean it seems like they are all in my stuff? Oh that's right ......marketing * permalink * embed * save * report * give award * reply [-]AdonisGksu 39 points40 points41 points 1 day ago (0 children) Their most effective product * permalink * embed * save * parent * report * give award * reply [-]devilsadvocate 15 points16 points17 points 1 day ago (0 children) well. They have, in previous events been demonstrably good stewards of their customers private data. The reality is that there are always certain trade off's when using a company to do X instead of just hosting/rolling your own. Apple has, even in the very recent history, been steadfastly a solid steward of their users and their privacy. Of course that doesnt mean you can do illegal things under their protection. BUt they do require full warrants and will push back on "shortcuts" the government takes to try and gain access. The bigger concern with the more recent announcements was that many of the legal arguments they have previously made with regard to privacy may come under attack as no longer being unreasonable burdens to implement....which paves the wa for NSL's and FISA warrants. * permalink * embed * save * parent * report * give award * reply [-]goat-head-man 8 points9 points10 points 1 day ago (1 child) Time to start spamming the 10 hr loop of He Man singing "What's Going On". It's not A DDoS if they request the data. * permalink * embed * save * report * give award * reply [-]HoTbEeFsUnDaEs 3 points4 points5 points 1 day ago (0 children) How do I get in on this party? HEYYEYAAEYAAAEYAEYAA * permalink * embed * save * parent * report * give award * reply [-]wise_quote 32 points33 points34 points 1 day ago (22 children) The same with WhatsApp. * permalink * embed * save * report * give award * reply [-]shab-re 15 points16 points17 points 1 day ago (14 children) and telegram * permalink * embed * save * parent * report * give award * reply [-]wise_quote 1 point2 points3 points 1 day ago (0 children) Think Facebook has an encrypted feature as well which is probably as private as WhatsApp which isn't very. * permalink * embed * save * parent * report * give award * reply [-]Metabohai 0 points1 point2 points 1 day ago (12 children) Telegram too? I thought the whole selling point was privacy? * permalink * embed * save * parent * report * give award * reply [-]Tarzoon 6 points7 points8 points 1 day ago (0 children) Use Signal or Threema instead. * permalink * embed * save * parent * report * give award * reply [-]LtWorf_ 9 points10 points11 points 1 day ago (6 children) Telegram backs up the chats on their servers, unless you use a secret chat, which doesn't work on the computer client. * permalink * embed * save * parent * report * give award * reply [-]iamGobi 0 points1 point2 points 1 day ago (5 children) Compare e2e chats with e2e chats. Why are you comparing iMessage's e2e chat with Telegram's cloud chat? Telegram has 2 types of chats - cloud chats which are stored in their servers and secret e2e chats which are secure and not stored anywhere in the cloud. Secret chat option is currently only available for mobile. * permalink * embed * save * parent * report * give award * reply [-]LtWorf_ 0 points1 point2 points 1 day ago (4 children) Eh I use telegram myself, and since very institutional USA people are suggesting to use signal or whatsapp, I believe signal is compromised. Probably the protocol is fine but they just push updates on targets they are interested into. Signal doesn't have reproducible builds, so one can't know if the one you get is the same as the one the sources produce. * permalink * embed * save * parent * report * give award * reply [-]iamGobi 0 points1 point2 points 15 hours ago (3 children) Agreed. Also the Signal's play store version should not be trusted. US big guys are recommending because people are usually going to download from play store. * permalink * embed * save * parent * report * give award * reply [-]Diridibindy 1 point2 points3 points 7 hours ago (2 children) The code is open source, so far nobody found any security compromises. Signal right now is the most secure option. * permalink * embed * save * parent * report * give award * reply load more comments (2 replies) [-]sbdw0c 1 point2 points3 points 1 day ago (0 children) Telegram uses a proprietary encryption algorithm and stores everything in the cloud. It's the exact opposite of a private app -- what it does, however, have going for it are the excellent apps, UX, and the fact that it's not WhatsApp. * permalink * embed * save * parent * report * give award * reply [-]shab-re 2 points3 points4 points 1 day ago (2 children) yes, but you have to trust telegram completely as there is no e2e encryption only e2e is in private chats which most people don't use also, there was a security issue found in their encryption technique a few years ago and many well respected cryptographers have said it was really bad, and looked like they intentionally put it there if you wanna use it, better to just use an open source fork like nekogram x and stick only to private one to one chats * permalink * embed * save * parent * report * give award * reply [-]Lutrijk 0 points1 point2 points 1 day ago (1 child) also, there was a security issue found in their encryption technique a few years ago and many well respected cryptographers have said it was really bad, and looked like they intentionally put it there Do you have a link to this info? I'm unable to find anything and as far as I can see, their encryption method has been audited and has passed scrutiny. * permalink * embed * save * parent * report * give award * reply [-]shab-re 1 point2 points3 points 1 day ago (0 children) yes, it was in russian, that's why it didn't gain any traction back then https://habr.com/ru/post/206900/ * permalink * embed * save * parent * report * give award * reply [-]ZioTron 1 point2 points3 points 1 day ago (6 children) WhatsApp backups the encryption key on their servers??? * permalink * embed * save * parent * report * give award * reply [-]rootsvelt 2 points3 points4 points 1 day ago (5 children) No. Whatsapp sends its backups to your Google Drive or to your iCloud. WhatsApp has no data on their servers * permalink * embed * save * parent * report * give award * reply [-]ZioTron 0 points1 point2 points 1 day ago (4 children) That's what I thought. I doubt they specifically save a copy of your encryption key, that would defeat the very meaning of e2e encryption. * permalink * embed * save * parent * report * give award * reply [-]rootsvelt 0 points1 point2 points 1 day ago (3 children) I mean I'm not sure about that. When you restore you WA backup you don't need to enter any passwords, if I remember correctly. So it's entirely possible that the encryption key is stored on the cloud as well along with the backups. But I'm no cryptographer, so maybe it does not work like that * permalink * embed * save * parent * report * give award * reply [-]ZioTron 1 point2 points3 points 1 day ago (0 children) Now that I think about it, I think you're right. And at that point it's not very difficult to subpoena Google or Apple to have your complete backup with encryption keys... * permalink * embed * save * parent * report * give award * reply [-]strpradeep 1 point2 points3 points 1 day ago (1 child) I remember reading somewhere that WA backups on the Google drive are not encrypted. It's just plain text. * permalink * embed * save * parent * report * give award * reply [-]rootsvelt 1 point2 points3 points 1 day ago (0 children) Welp that's even worse than I expected. * permalink * embed * save * parent * report * give award * reply [-]the_f3l1x 34 points35 points36 points 1 day ago (0 children) On top of all of this, being the iMessage app closed source, there's no way to know if Apple is sending a second copy of your messages to their server using a key that they own * permalink * embed * save * report * give award * reply [-]Raging_Red_Rocket 5 points6 points7 points 1 day ago (5 children) Do we know for a fact that apple can't access signal data somehow? * permalink * embed * save * report * give award * reply [-]StrangeInformation31 21 points22 points23 points 1 day ago (4 children) We don't know for a fact they don't log every keystroke. * permalink * embed * save * parent * report * give award * reply [-]Raging_Red_Rocket 1 point2 points3 points 1 day ago (3 children) Fuck. That's been a worry of mine. Currently research a good non data farming option, but hard to find a good mix of privacy and functionality * permalink * embed * save * parent * report * give award * reply [-]StrangeInformation31 1 point2 points3 points 1 day ago (2 children) Only way to achieve that is only use the phone for nonprivate things. * permalink * embed * save * parent * report * give award * reply [-]Raging_Red_Rocket 0 points1 point2 points 1 day ago (1 child) Like what? Although not necessarily private, I don't particularly enjoy them deciphering through many levels of data that I'm interested in buying a new vacuum or that I am out of milk... * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]SandboxedCapybara 5 points6 points7 points 1 day ago (0 children) Even if both parties have iCloud Backups disabled, iMessage still hasn't implemented any verification system to ensure that you're talking to who you're think you're talking to. A feature which any messaging platform worth their salt has had since the beginning. They've got tons of problems, and should be avoided whenever possible. Signal still has some problems like their weak backups that pose their own problems, especially if you or the party you're talking to have them enabled and protecting with a weak pin. * permalink * embed * save * report * give award * reply [-]purplemountain01 13 points14 points15 points 1 day ago (3 children) Would like to use Signal but getting the people on it that I actually talk to daily is about impossible. * permalink * embed * save * report * give award * reply [-]aaa4000 5 points6 points7 points 1 day ago (0 children) The way I started was moving groups over. Every time someone hit my iMessage group out of habit I would ping the signal with a response. Pretty quickly me being the stubborn one just got everyone onto signal. They still use iMessage and stuff but at least signal is on their ohne and an option. After that I just needed to start individual threads on signal and people realized to get me they use signal. * permalink * embed * save * parent * report * give award * reply [-]mitch_brigham 4 points5 points6 points 1 day ago (0 children) This was a hurdle for me as well, and each person needed a different sales pitch, but in the end it was worth it. Android users are not a big stretch since they can use Signal as their default messaging app for SMS as well as E2EE convos, but I had the hardest time getting die-hard iMessage users to use signal. If its worth it to you, make that argument, but in a way that you don't sound crazy or they will shut down immediately. * permalink * embed * save * parent * report * give award * reply [-]treox1 0 points1 point2 points 1 day ago (0 children) I told everybody I was getting a new number (which I was) and that I wouldn't be able to text with this old number anymore (not quite since I did port it). I told them I'd eventually only be able to communicate over Signal. Everybody has moved over and seems to like it. * permalink * embed * save * parent * report * give award * reply [-]SwallowYourDreams 41 points42 points43 points 1 day ago (1 child) Bottom line: if you give away the keys to your house because you're so afraid to lock yourself out, Apple can and will rummage through your stuff. * permalink * embed * save * report * give award * reply [-]Fokoffnosy 5 points6 points7 points 1 day ago (0 children) Better take some fat sniffs of those cute knickers, need to be sure they're not child undies. * permalink * embed * save * parent * report * give award * reply [-]aniruddhdodiya 3 points4 points5 points 1 day ago (2 children) Same thing is applicable for Telegram. Their servers do have the keys that's how they able to do"multi device" chat * permalink * embed * save * report * give award * reply [-]drunckoder 1 point2 points3 points 1 day ago (1 child) Only, so called, Secret chats are E2E encrypted and they don't support multiple devices. I doubt Telegram can access those chats. They're not enabled by default, far less convenient and that's why used by a small fraction of users. So the sole reason is it doesn't really matter for them if they're unable to access secret chats. * permalink * embed * save * parent * report * give award * reply [-]aniruddhdodiya 1 point2 points3 points 1 day ago (0 children) Yes that only secret chat, otherwise it's not E2E encrypted. * permalink * embed * save * parent * report * give award * reply [-]wantingsomethingless 2 points3 points4 points 1 day ago (1 child) Question. If iCloud Backups is Turned on, but Messages are turned off, what happens? A version of the previous message history is stored and could still be decrypted? * permalink * embed * save * report * give award * reply [-]SwingRedLine[S] 1 point2 points3 points 1 day ago (0 children) iCloud messages is storing your messages in iCloud (as opposed to however they're stored when normally sent). I would like to think that with iCloud messages off (but iMessage on, and with backup on), that there would be nothing there to get. However now you ask, I'm wondering if the key encrypting the iMessages when they're stored in iCloud is the same key that encrypts them in transit and, if so, whether having backups on saves that key regardless of whether iCloud messages is enabled. TL;DR- I don't know. Have an upvote. Maybe someone else can answer with more certainty. * permalink * embed * save * parent * report * give award * reply [-]DrMisery 42 points43 points44 points 1 day ago (6 children) Remember all the Apple fanboys have said that Apple will only look at your pictures not iMessage. Apple is evil * permalink * embed * save * report * give award * reply [-]first_lvr 31 points32 points33 points 1 day ago (4 children) pretty sure Google as well, and Microsoft, and Facebook and Amazon ... oh and China we are fucked * permalink * embed * save * parent * report * give award * reply [-]ham_coffee 11 points12 points13 points 1 day ago (1 child) Not many people are dumb enough to assume Google isn't storing everything. Lots of people are dumb enough to trust apple though. * permalink * embed * save * parent * report * give award * reply [-]METEOS_IS_BACK 4 points5 points6 points 1 day ago (0 children) People don't even know that Google is storing everything and on top of that they wouldn't even care * permalink * embed * save * parent * report * give award * reply [-]DrMisery 8 points9 points10 points 1 day ago (1 child) You are absolutely right. I was just pointing out the Apple fanboys think Apple can do no wrong. * permalink * embed * save * parent * report * give award * reply [-]InnerChemist 4 points5 points6 points 1 day ago (0 children) This fact has been well known to the apple community for ages. * permalink * embed * save * parent * report * give award * reply [-]redashi 19 points20 points21 points 1 day ago* (22 children) Everyone should be using Signal. That statement is unjustified. Signal doesn't meet everyone's messaging needs. It has good crypto, but that's about it. Some of us prefer a messaging platform that has no single point of failure, and doesn't demand our phone numbers, and allows client apps that better suit our workflows, and doesn't encourage people to use app stores that are basically rootkits, and... sigh. I'll just mention Matrix as an alternative and leave it at that. * permalink * embed * save * report * give award * reply [-]b00b00jeffries 12 points13 points14 points 1 day ago (0 children) I want to love Matrix but until it can replace MMS, you still have to convince people to install another app JUST for that federated system. * permalink * embed * save * parent * report * give award * reply [-]TheUltimateAntihero 2 points3 points4 points 1 day ago (9 children) doesn't demand our phone numbers, Anything other than matrix? * permalink * embed * save * parent * report * give award * reply [-]redashi 5 points6 points7 points 1 day ago (3 children) Anything other than matrix? I don't think Session or Briar require phone numbers, and I'm sure XMPP doesn't, but all of those have significant drawbacks that prevent me from recommending them to most people. * permalink * embed * save * parent * report * give award * reply [-]okwnIqjnzZe 0 points1 point2 points 1 day ago (2 children) what's the downside with session? * permalink * embed * save * parent * report * give award * reply [-]ThaLegendaryCat 1 point2 points3 points 1 day ago (0 children) That they lie in their marketing * permalink * embed * save * parent * report * give award * reply [-]redashi 0 points1 point2 points 1 day ago (0 children) When I looked a few months ago, the crypto was still experimental and group chats were limited to a somewhat small number of participants. (I think the latter has improved since then.) Its onion routing and blockchain components aren't well established, either. Basically, it's immature. I might revisit it in a year or two. * permalink * embed * save * parent * report * give award * reply [-]p1cgxyeb 3 points4 points5 points 1 day ago (4 children) Threema is e2ee, open-source, Swiss based and does not ask for your phone number (but it's not free, something like 4$) * permalink * embed * save * parent * report * give award * reply [-]SwallowYourDreams 2 points3 points4 points 1 day ago (2 children) Threema is [...] open-source Their server software isn't open source, though, is it? * permalink * embed * save * parent * report * give award * reply [-]p1cgxyeb 0 points1 point2 points 1 day ago (1 child) I don't know for sure, I guess not. I searched about it a bit and found out a reddit comment explaining why Server side does not matter in term of privacy. I don't know if he's fully right or not, interesting nevertheless. * permalink * embed * save * parent * report * give award * reply [-]redashi 0 points1 point2 points 1 day ago (0 children) Threema is another centralized system, with all the problems that entails. It's also mobile-only. * permalink * embed * save * parent * report * give award * reply [-]SwallowYourDreams 2 points3 points4 points 1 day ago (8 children) All fair points, except for this one: doesn't encourage people to use app stores that are basically rootkits Signal offer an APK download on their page that works without GCM / doesn't require Play Services to be installed. * permalink * embed * save * parent * report * give award * reply [-]redashi 1 point2 points3 points 1 day ago (7 children) All fair points, except for this one Sorry, but you're mistaken. Signal absolutely does still encourage people to use Google's app store and builds. The download page links directly to Google, and doesn't mention the side-loading option at all. The small minority who do find the link are greeted with a big warning titled "Danger Zone", discouraging them from using it. Even Moxie himself explicitly recommends against it. Want an F-Droid build? Too bad; the folks running Signal actively fight against any such thing. Yes, after years of rejecting requests for non-google builds, they did eventually offer a direct apk download, but it makes little difference. Even if someone manages to discover it and side-load Signal, most of their contacts will still be using the proprietary app stores, which have system-level device access. That means nearly everyone's conversations remain visible to the corporations that operate them. Maybe you're comfortable with that, and with every other problem I mentioned earlier, and with Signal's long history of unilateral decisions that keep users bound to misfeatures and closed ecosystems. Some of us are not. Thankfully, Signal is no longer our only option. * permalink * embed * save * parent * report * give award * reply [-]stratus41298 1 point2 points3 points 1 day ago (4 children) Do you have any resources that discuss the 'misfeatures' portion of your comment? Last I heard Signal was the best option out there, now I'm realizing not everyone is happy with it. * permalink * embed * save * parent * report * give award * reply [-]redashi 1 point2 points3 points 1 day ago (2 children) When I finally gave up on Signal, I stopped bothering to bookmark discussions of its problematic choices. You can probably find some of them by searching for its use of phone numbers, Google Cloud Messaging, four-digit PINs, and cryptocurrency. I think you'll find that Signal is very much a walled garden. Even the project lead says so. * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]king--ludd 0 points1 point2 points 1 day ago (1 child) There is a warning, but the apk is not at all difficult to find. It's the top search result for "signal apk". * permalink * embed * save * parent * report * give award * reply [-]redashi 0 points1 point2 points 1 day ago (0 children) The people who search for "signal apk" are a tiny minority. It doesn't change anything that I wrote. * permalink * embed * save * parent * report * give award * reply [-]mitch_brigham 1 point2 points3 points 1 day ago (0 children) This should read: Everyone should at least be using Signal* * permalink * embed * save * parent * report * give award * reply [-]Neikius 0 points1 point2 points 1 day ago (0 children) Agreed. Signal is quite like apple in how it is done. We cannot trust it vecause closed source. Also centralized. * permalink * embed * save * parent * report * give award * reply [-]Anarchie48 2 points3 points4 points 1 day ago (0 children) Pretty much the same thing occurs in the case of WhatsApp, but in an arguably even worse fashion. WhatsApp message backups are stored unencrypted in the user's Google drive account. Google would not even need a key to share this with the government if need be. Even if one party has Google Drive backups turned on, the entire conversation is accessible to the government and Google. Move to Signal * permalink * embed * save * report * give award * reply [-]stratus41298 2 points3 points4 points 1 day ago (0 children) So far signal seems to be the only chat app that I'm seeing normal people switching to for better privacy. From what I've read on this thread it may not be the penultimate option, but part of the problem is that everyone keeps switching to 'the better option' so no app really gains traction because something more secure comes around. I'll be sticking with signal myself but I love trying new apps out, much to my wife's chagrin. * permalink * embed * save * report * give award * reply [-]LowConnection9178 6 points7 points8 points 1 day ago (0 children) iCloud is just filth. * permalink * embed * save * report * give award * reply [-]waumau 3 points4 points5 points 1 day ago (0 children) I dont trust anthing from apple regarding privacy. I like their products, but i dont lie to myself that they are much more privacy focused than other companies. * permalink * embed * save * report * give award * reply [-]Result_Opposite 5 points6 points7 points 1 day ago (1 child) Why would anyone, ever believe that Apple cannot read whatever is on your iPhone? * permalink * embed * save * report * give award * reply [-]SwallowYourDreams 4 points5 points6 points 1 day ago (0 children) Why would anyone, ever believe that Apple cannot read whatever is on your iPhone? One word: marketing. Maybe spiced with a fair amount of magical thinking and cultism. * permalink * embed * save * parent * report * give award * reply [-]deakzz01 1 point2 points3 points 1 day ago (2 children) Anything wrong with Wickr??? No number required to sign up... just pick a username, that's it. But if you forget your password, you're screwed!!! But is it safe though, cuz no one seems to recommend it? * permalink * embed * save * report * give award * reply [-]klv12gcn 5 points6 points7 points 1 day ago (1 child) Personally, I haven't heard anything bad about it. The only problem is that none of my contacts use Wickr. It's already hard enough to convince some of my family member to move to Signal. And, Wickr was bought by Amazon in June. I find it's a bit hard to trust Amazon with anything related to privacy. https://www.theverge.com/2021/6/25/22550361/ amazon-wickr-aws-secure-messaging-encryption * permalink * embed * save * parent * report * give award * reply [-]PitBullCH 0 points1 point2 points 1 day ago (0 children) That's an instant and easy pass then. * permalink * embed * save * parent * report * give award * reply [-]ashtrix 1 point2 points3 points 1 day ago (0 children) Thanks for sharing. I had no idea about this. I already use Signal but another reason to stop using iMessage completely. * permalink * embed * save * report * give award * reply [-]Josh__NZ 1 point2 points3 points 1 day ago (0 children) As someone who has pretty chronic IBS-D with a partner that also has GI issues, we regularly are complaining about our distress to each other using words/phrases like "b0mbed porcelain harbour", "sewer p! pe b0mb", "nuc|ear arsenal", and to be courteous to each other "I'd leave that a while, there was a Mustard gass ass-plosion". Pretty sure we're both on some sort of list already. * permalink * embed * save * report * give award * reply [-]tim-r 1 point2 points3 points 54 minutes ago (0 children) These two toggle are funny. 1. back my encrypted data 2. back my encryption key (if back encryption key, the e2e does not make any sense) !!!!!! * permalink * embed * save * report * give award * reply [-]bathrobehero 2 points3 points4 points 1 day ago* (0 children) E2E doesn't mean anything when it's going through proprietary code and a centralized server. * permalink * embed * save * report * give award * reply [-]exu1981 1 point2 points3 points 1 day ago (4 children) Yup, I've been saying this for years already. * permalink * embed * save * report * give award * reply [-]Kyxrn 6 points7 points8 points 1 day ago (3 children) Welcome to the party where Apple loyalists never listen to a bad thing about Apple, been happening in this sub as well. * permalink * embed * save * parent * report * give award * reply [-]SwallowYourDreams 0 points1 point2 points 1 day ago (2 children) "Well, it's better than Android / better than nothing." "Perfect is the enemy of good." Yup, heard a lot of that shit on this sub, too. Those voices have fallen silent, though. I wonder why... ;D * permalink * embed * save * parent * report * give award * reply [-]exu1981 0 points1 point2 points 1 day ago (1 child) It's all depending which Android device you get. But everything practices something we don't know about in reality. * permalink * embed * save * parent * report * give award * reply [-]SwallowYourDreams 0 points1 point2 points 1 day ago (0 children) Sure. Stock Android is a privacy catastrophe, no doubt about that. But the blind belief in Apple's proprietary promises of privacy was just as bad in my eyes, giving people a false sense of security. Well, I guess that's finally over now that all of Apple's privacy pretense has been exposed as just that. Custom Android ROMs and Linux phones are the only viable options left, and that's probably a good thing. * permalink * embed * save * parent * report * give award * reply [-]swanred 1 point2 points3 points 1 day ago (2 children) What if I got iCloud backup on and iMessage for iCloud off? The weird thing is all my messages still sync between devices even if I got iCloud off for them? * permalink * embed * save * report * give award * reply [-]Dark_Lightner 2 points3 points4 points 1 day ago (1 child) The problem is iCloud BACKUP so no issues for the syncing It's just that if you loose your devices you can't recover your iMessage data * permalink * embed * save * parent * report * give award * reply [-]Logical_Painter5998 1 point2 points3 points 1 day ago (0 children) For anyone interested, I just moved to Android (Pixel 4a with GrapheneOS) after years of Apple - 4, 4S, 6S, SE (2nd gen), even a Watch for a bit. For a while, I thought Apple was a good answer to my relatively tame threat model. No longer. First impressions, I like the 4a. The clean edge to edge screen with no chunky notch, just a hole punch front camera is nice. GrapheneOS is snappy and responsive. Was super easy to install. I followed their instructions for their sandboxed Google services and everything is working great. Loving the ability to plug into my PC and play around in a folder structure. Getting all my photos, contacts, and OTPs moved over was a breeze. Looking at my messages from an 80/20 view, I was able to get those I text most with moved over to Signal. Wish I had done this a while ago. For anyone considering a switch, Pixel 4a is a strong choice at $349 brand new. You likely won't regret it. * permalink * embed * save * report * give award * reply [-][deleted] 1 day ago* (10 children) [deleted] [-]SwingRedLine[S] 7 points8 points9 points 1 day ago (9 children) Yeah turning off iCloud backup is the easiest. I've been pushing people to signal because not all my friends have iPhone. Apple also is introducing some weakness into iMessage with their latest changes to using AI to scan the content of messages, but that's a separate discussion. Oh and also this * permalink * embed * save * report * give award * reply [-]wassona 8 points9 points10 points 1 day ago (7 children) How are you getting people to use signal? I can barely get people to care * permalink * embed * save * parent * report * give award * reply [-]intermittentsignal 7 points8 points9 points 1 day ago (0 children) Tell them that _you_ care and would appreciate if they'd contact you on Signal. This is much easier if it's preceded by at least a short explanation why you care. You can't get anybody else to care (about anything), but you can nudge them to be curious and learn more after which they might start caring. * permalink * embed * save * parent * report * give award * reply [-]SwingRedLine[S] 3 points4 points5 points 1 day ago (1 child) For people on Android, you tell them it's for the encryption but they care because of pictures--way better than MMS--and disappearing messages. * permalink * embed * save * parent * report * give award * reply [-]wassona 2 points3 points4 points 1 day ago (0 children) Good point on the image quality. * permalink * embed * save * parent * report * give award * reply [-]mitch_brigham 0 points1 point2 points 1 day ago (3 children) You have to tailor your arguments to each person. Key discussion points I used: "Signal is basically text messaging the way text messaging has always been intended. A conversation between just you and me", it has great GIFs, if you travel the free call/video chat is great (leave out the fact that all of that is E2EE if the person doesn't care. Bottom line, don't use hyperbolic statements or make it sound like they'll die if they send a single SMS, sounding paranoid to them will turn them off to Signal immediately. Think about how you'd convince them and start slowly. Quick story related, my wife, thank god, is all aboard the privacy train and jumped right in. My best friend kept calling Signal "a cheating app" because he's stupid, and it took good explaining on my end why that's ridiculous, unless you're cheating on a higher up at Google lol. HIS wife though, just wouldn't do it, she had no reason to use it, just refused. So whenever we all hung out, my wife would mention it and finally won her over. Key take away, maybe YOU aren't the one to convince some people. Be creative on your arguments. * permalink * embed * save * parent * report * give award * reply [-]wassona 0 points1 point2 points 1 day ago (2 children) My wife has always been Apple. Years ago when we were dating I was able to get her to a pixel/nexus, but that didn't last long. I'm extremely tempted to get a used pixel just to try calyxos on and use it as my work phone. Right now it feels like there are too many reasons for her to stay on iOS than there are reasons to leave. * permalink * embed * save * parent * report * give award * reply [-]mitch_brigham 0 points1 point2 points 1 day ago (1 child) My wife and I are both on GrapheneOS now, which honestly she wasn't thrilled with at first because a couple stupid apps she uses rely on Google Play Services. My compromise is we have a wifi-only Samsung galaxy at the house with apps like that on it, but it doesn't get used for any communication/banking/etc. * permalink * embed * save * parent * report * give award * reply [-]wassona 0 points1 point2 points 1 day ago (0 children) I just ordered a used unlocked p4. I'll put calyxos on it and use it as my work phone for testing. * permalink * embed * save * parent * report * give award * reply [-]5yearsago 3 points4 points5 points 1 day ago (0 children) Right, thats a good point, the other party is using a symmetrical key. I will delete my OP. * permalink * embed * save * parent * report * give award * reply [-]maddiehatesherself 0 points1 point2 points 1 day ago (1 child) Everyone suggests Signal all the time, but what about Matrix? * permalink * embed * save * report * give award * reply [-]KrazyKirby99999 1 point2 points3 points 1 day ago (0 children) Whoever controls the Matrix homeserver controls your non-encrypted data, which makes the self-hosting aspect of Matrix so appealing. * permalink * embed * save * parent * report * give award * reply [+]nokstar comment score below threshold-26 points-25 points-24 points 1 day ago* (1 child) What does Google do in this situation? Oh that's right, the same thing. What manufacturer made news that the FBI couldn't break into the phone again? Was it Android? Oh no wait, it was Apple. This subreddit is turning into a massive circlejerk. We get it, all phone manufacturers are in the government's back pocket. Either root a droid or stfu. Apple lives in y'alls heads rent-free. * permalink * embed * save * report * give award * reply [-]shab-re 9 points10 points11 points 1 day ago (0 children) Either root a droid or stfu. lmao, you are soo 2014! * permalink * embed * save * parent * report * give award * reply [+]ThaLegendaryCat comment score below threshold-7 points-6 points-5 points 1 day ago (10 children) Well well i will just leave this here as a response to saying move to Signal. https://digital-justice.com/articles/skip-signal.html * permalink * embed * save * report * give award * reply [-]SwingRedLine[S] 10 points11 points12 points 1 day ago (5 children) The only criticism is that it's a central server. Meh. It's a non-profit Organization, it's open source and can be forked, and I don't have to run a node. It's hard enough getting people to use signal. I will never get anyone to use matrix * permalink * embed * save * parent * report * give award * reply [-]ThaLegendaryCat 3 points4 points5 points 1 day ago (3 children) Did you even read why it's open source is a invalid claim? Like the problem with signal is that you essentially have a WhatsApp that promises to not be evil or cave to pressure and do an Apple or other bad thing. Edit: Just wanted to point out you don't have to run your own node to use matrix and P2P would fix the issue with "having to run own node" * permalink * embed * save * parent * report * give award * reply [-]shab-re 2 points3 points4 points 1 day ago (2 children) Just wanted to point out you don't have to run your own node to use matrix and P2P would fix the issue with "having to run own node" then what's the point in using it over signal? you are putting trust on that server just like you have to in signal...? * permalink * embed * save * parent * report * give award * reply [-]ThaLegendaryCat 0 points1 point2 points 1 day ago (1 child) Signal gives you the choice of our way or the highway. Matrix well you can choose whatever server you want and because of Federation unless the server of a user disappears from the federation you can talk to anyone on other servers that are a part of the public federation. Signal if they go evil it's WhatsApp all over again. On matrix it's a simple well time to Switch HS but that's the extent of the damage * permalink * embed * save * parent * report * give award * reply [-]shab-re 2 points3 points4 points 1 day ago (0 children) well, as I see it, people are just gonna do the same and stick on that server on matrix just like normal people would stick to signal if they turned evil just like normal people have sticked to whatsapp even after all this drama and the reason that's bad for you is that both user's server must be good, if one is bad, that's the loophole for data just like how icloud is for imessage * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]LtWorf_ 1 point2 points3 points 1 day ago (3 children) Oh it seems a very nice article. Too bad signal cult members are downvoting your comment. It has plenty of valid points. * permalink * embed * save * parent * report * give award * reply load more comments (3 replies) [+]thedonaldsucks comment score below threshold-7 points-6 points-5 points 1 day ago (2 children) Since when did r/piracy become such paranoid nutjobs? No one has the time to care about your messages unless you do some crime, at which point you kinda brought upon yourself to be searched. * permalink * embed * save * report * give award * reply [-]StrategicBlenderBall -1 points0 points1 point 1 day ago (0 children) Yeah this sub has become an absolute minefield of stupidity lol. * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]icanflywheniwant 0 points1 point2 points 1 day ago (0 children) I suppose I need one of those phones with just a Cellular Signal without Bluetooth or WiFi or NFC or other such implementations which is capable of only calling people and should not be Made in China. * permalink * embed * save * report * give award * reply [-]solo798 0 points1 point2 points 1 day ago (0 children) Its obvious, they hold the keys. * permalink * embed * save * report * give award * reply [-]Nail-Emergency 0 points1 point2 points 1 day ago (2 children) I was actually wondering about something similar for CSAM. if you have media stored in the Files app (iCloud Drive) would that also be scanned before being uploaded? Because it not, then why bother with iCloud photos I guess? * permalink * embed * save * report * give award * reply [-]SwingRedLine[S] 1 point2 points3 points 1 day ago (1 child) Apple still can scan the cloud * permalink * embed * save * parent * report * give award * reply [-]Nail-Emergency 0 points1 point2 points 1 day ago (0 children) Oh damn thank you * permalink * embed * save * parent * report * give award * reply [-]Dark_Lightner 0 points1 point2 points 1 day ago (1 child) iCloud backup is really the least private thing from Apple... Are photos uploaded to iCloud secured ? Or is something behind that breaks it like with iMessage ? Could there be a way to enable iCloud backup but disable iMessage ? * permalink * embed * save * report * give award * reply load more comments (1 reply) [-]treox1 0 points1 point2 points 1 day ago (0 children) Your logic is sound, but I'm still not convinced they couldn't get the key if needed now that client-side scanning is on the table. If not now, then in a future update. We are already seeing enormous pressure from governments to be able to monitor all parties "for the kids" or "for your safety to prevent terrorism." * permalink * embed * save * report * give award * reply [-]DifferentAstronaut 0 points1 point2 points 1 day ago (0 children) Does this also apply to Apple's Keychain? Can the unlock the vault? * permalink * embed * save * report * give award * reply [-]NoStupidQu3stions 0 points1 point2 points 1 day ago (2 children) Question about Signal. I use an iPhone, iPad and Mac. iMessage delivers messages to all three and works fine even if the phone is switched off. Does Signal work like that when used on desktop? Or does it work like WHatsApp where it is essentially showing the messages delivered to a nearby phone? * permalink * embed * save * report * give award * reply [-]aaa4000 0 points1 point2 points 1 day ago (0 children) Your messages are synced across all your devices. I text from my phone then jump to my laptop or iPad and keep the convo going. * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]ness0013 0 points1 point2 points 1 day ago (2 children) What if you have messages disabled for "Apps using iCloud" but iCloud is still turned on for select apps like Notes? * permalink * embed * save * report * give award * reply [-]SwingRedLine[S] 0 points1 point2 points 1 day ago (1 child) You're good, you just won't have messages synced across devices if those devices were offline when the message was received ( or weren't logged in to an Apple ID used for messaging). However that has to be true for both parties * permalink * embed * save * parent * report * give award * reply [-]ness0013 0 points1 point2 points 1 day ago (0 children) That's what my gut told me. Thanks for confirming * permalink * embed * save * parent * report * give award * reply [-]C2C4ME 0 points1 point2 points 1 day ago (4 children) Your picture is a bit confusing. Are you saying to turn off all 3 of IMessage Keychain and Cloud Backup in iCloud? Your post itself makes it seem like you only need to turn off Cloud Backup to be safe. * permalink * embed * save * report * give award * reply [-]SwingRedLine[S] 0 points1 point2 points 1 day ago (3 children) The circles are larger because my fingers are fat. Follow the text instructions. Circles just showing you where the toggles are * permalink * embed * save * parent * report * give award * reply [-]C2C4ME 0 points1 point2 points 1 day ago (2 children) But it says iMessages are only insecure if you keep your key stored via iCloud Backup no? In that case it would mean you can keep iMessage toggle on? Or is there something else to it? * permalink * embed * save * parent * report * give award * reply [-]SwingRedLine[S] 0 points1 point2 points 1 day ago (1 child) Yes, that's what it says. * permalink * embed * save * parent * report * give award * reply load more comments (1 reply) [-]die-microcrap-die 0 points1 point2 points 1 day ago* (0 children) Move to Signal. Tried and failed miserably, since only 2 of my contacts switched when the WhatsApp fiasco happened. If that fiasco didnt push people to it, maybe/hopefully, this one might, but I am not holding my breath. * permalink * embed * save * report * give award * reply [-]WowIndescribable 0 points1 point2 points 1 day ago (0 children) This is all thoroughly depressing. * permalink * embed * save * report * give award * reply [-]aka_Brosef 0 points1 point2 points 1 day ago* (0 children) Help a layman understand. So, I take a photo, it lives on my iPhone I share it via Signal, but since it's stored on the iPhone they can see it right? Now, assuming that's true, if I take the photo from within Signal and Signal text it to whoever, Apple never sees it right? * permalink * embed * save * report * give award * reply [-]Guilty-Boot827 0 points1 point2 points 1 day ago (0 children) Message backup off and iCloud backup on? * permalink * embed * save * report * give award * reply load more comments (67 replies) * about * blog * about * advertising * careers * help * site rules * Reddit help center * reddiquette * mod guidelines * contact us * apps & tools * Reddit for iPhone * Reddit for Android * mobile website * <3 * reddit premium * reddit coins * redditgifts Use of this site constitutes acceptance of our User Agreement and Privacy Policy. (c) 2021 reddit inc. All rights reserved. REDDIT and the ALIEN Logo are registered trademarks of reddit inc. [pixel] p Rendered by PID 74502 on reddit-service-r2-loggedout-5dcf755fd8-pqhk5 at 2021-08-28 23:00:58.430149+00:00 running cb9caca country code: US.