Comment by gruez

Comment by gruez 17 hours ago

3 replies

View on Hacker News

>If you read the link you would know that contrary to your expectation other apps advertising E2EE don't allow the app maker to read your messages.

What does that even mean? Suppose icloud backups doesn't exist, but you could still take screenshots and save them to icloud drive. Is that also "Apple has always been able to read encrypted iMessage messages"? Same goes for "other people having icloud backups enabled". People can also snitch on you, or get their phones seized. I feel like people like you and the article author are just redefining the threat model of E2EE apps just so they can smugly go "well ackshually..."

modeless 16 hours ago

It means, for example, Google Messages uses E2EE backups. Google cannot read your E2EE messages by default, period. Not from your own backup, not from other peoples' backups. No backup loophole. Most other E2EE messaging apps also do not have a backup loophole like iMessage.

It's not hard to understand why Apple uploading every message to themselves to read by default is different from somebody intentionally taking a screenshot of their own phone.

Reply View 2 replies
  • gruez 14 hours ago

    >Google cannot read your E2EE messages by default, period.

    Is icloud backups opt in or opt out? If it's opt in then would your objection still hold?

    Reply View 1 reply
    • modeless 13 hours ago

      I'm less concerned with whether it is technically opt in or opt out and more concerned with whether it is commonly enabled in practice.

      What would resolve my objection is if Apple either made messages backups E2EE always, as Google did and as Apple does themselves for other data categories like Keychain passwords, or if they excluded E2EE conversations (e.g. from ADP people) from non-E2EE backups, as Telegram does. Anything short of that does not qualify as E2EE regardless of the defaults, and marketing it as E2EE is false advertising.

      Reply View 0 replies