Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

iPhones with iCloud backup enabled without ADP are almost certainly the majority. I believe this is essentially the default configuration. Even if you disable backups or enable ADP Apple almost certainly still has most of your messages from the other end of the conversation. It is false advertising to claim your service is E2EE without any disclaimer when in reality you collect the keys to the majority of messages and decrypt them at the request of law enforcement.


I have addressed your concern in my comment

> They need to offer this as for most users, the risk of losing their whole digital lives because they forgot their passwords outweights E2EE.

There is no clear trade-off that is an option.


"I can't imagine a way for this feature we advertised to not suck" is not an excuse for false advertising! But there is a way to do better. Google's Android backup is E2EE by default. It does not require remembering a long password. All it requires is your phone unlock code, which you normally enter at least once per day and are extremely unlikely to forget. This is actually how Apple's works too, when ADP is enabled. Either it should be enabled by default or Apple should stop claiming iMessage is E2EE.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: