783 comments

[ 4.3 ms ] story [ 354 ms ] thread
Stuff like this is why I'm an Apple fanboy. I'm happy to pay a premium and be locked into their walled garden for some things if it means supporting a company that has the power to shift policy in favor of human rights (privacy in this case).
In fairness, Meta has said the same thing re: WhatsApp, so while Apple deserves _some_ credit here for sticking to their principles, they're not exactly leading the pack. Which brings home the point that if _Meta_ isn't onboard with your privacy-obliterating proposal then you know you've really lost the plot...
If anything that's a bolder move considering everyone uses Whatsapp there and barely anyone uses iMessage
Both are very popular in the UK.
WhatsApp is used by 78% of the users in the UK, and iMessage is used by 25%.

https://www.statista.com/forecasts/997945/most-used-messenge... (non-free link)

25% of the entire population is a pretty popular application! Not “hardly anyone”. Also, I’d like to know the volume of messages shared, I have WhatsApp, but wouldn’t miss it it it disappeared. iMessage disappearing would be very inconvenient.
I'm surprised it's even 25% in the UK, and I wonder how that's measured. Maybe the 25% includes things like "opening the iMessage app to read SMS messages sent by two-factor authentication services" etc.
I’m not surprised, SMSing people is still common, and sliding from that to iMessage is totally frictionless for iPhone users. With iOS market share being around 50%, I’m surprised (skeptical even!) that it’s not closer to 50%.
But who is that 25%? iPhone users have money. I’m sure there is some significant overlap between iMessage and WhatsApp users (I know I and everyone I know use(s) both). But if you threaten politicians with losing their blue bubbles they’re gonna fall in line.
No one in Europe cares about the blue bubbles.

I prefer iMessage over the other messengers, but I still haven’t met anyone who cares. A lot of people don’t even know why the bubbles are sometimes green.

Yet, the EU have their panties in a knot about having it be interoperable…
> But if you threaten politicians with losing their blue bubbles they’re gonna fall in line.

This is not a thing outside the United States, and I doubt that most British politicians are even aware of 'blue bubbles'.

For example, the recent controversy regarding the release of Covid-related government communications was centred on WhatsApp, with no reference to other platforms like iMessage.

https://news.sky.com/story/politicians-are-drawn-to-whatsapp...

I've noticed that too and it is super annoying having family in the UK that will only communicate via Whatsapp. Is this because cell providers outside the US charge for SMS? Even the ones who have iPhones end up using it because it is too much of a pain to use separate messaging apps.
SMS is cheap now but wasn't universally when Whatsapp gained critical mass.

Nowadays it's mostly about convenience and features compared to SMS, and iPhone has a much smaller marker share in Europe so iMessage isn't a thing.

I beg to differ. iMessage is definitely quite common in Europe as well.
It is mostly because international SMS and MMS is not free. People in the UK travel more to other countries, and communicate more with people in other countries.

Not to mention MMS is vastly inferior to WhatsApp and iMessage for sharing media and other information.

It's because SMS is simply inferior to Whatsapp, Messenger, Instagram, Line, kakaotalk, Snapchat, Signal, etc unless you own an iPhone. All of them are cross platform and aren't intentionally broken for people who don't have or use iMessage. I personally avoid giving out my phone number as much as possible as all the other platforms have much better tools for communication, blocking, media, etc.
To add to that, I can use the WhatsApp desktop app at work. Can’t do that with iMessage.
Why not? I do.

Non Apple work machine?

Signing into your personal accounts on a work machine is a terrible idea, as it opens up your personal accounts to search if there is a lawsuit (against you or against the company). That's assuming it's not already strictly forbidden by the company rules to prevent you from sending yourself confidential data.

Also outside of programmers, IT, and designers, you rarely get a choice in the company issued laptop. It never makes sense for a company to issue more expensive Apple computers instead of ThinkPads or Dell computers.

> Signing into your personal accounts on a work machine is a terrible idea, as it opens up your personal accounts to search if there is a lawsuit

The machine is mine and I do work on it. Thanks for the concern but I’m not worried about getting sued. I’m sure it’s happened here previously, but it’s not like the US.

> Also outside of programmers, IT, and designers, you rarely get a choice in the company issued laptop. It never makes sense for a company to issue more expensive Apple computers instead of ThinkPads or Dell computers.

I’m not one of those professionals and I can get my job done quicker on a Mac. My employer doesn’t dictate how I get things done and paid for the machine I want. I think this is a good thing.

Any job that requires a crappy trackpad isn't a job worth having.

Anyone working on a trackpad all day probably isn’t doing serious work ;) see we can all make unkind generalizations.
Touché.

Just seeing those laptops is frustrating. What is the point of the trackpad if you have to use a mouse?

When you need to travel between workstations I work docked all day, once in a while I need to be mobile, but it’s much easier to work on one machine vs two.
> The machine is mine and I do work on it.

> My employer doesn’t dictate how I get things done and paid for the machine I want.

That is very much not your machine. If your employer ever gets sued, or runs into some investigation, or some internal dispute escalates enough, all the data on it is now likely available for them for review.

Given large enough company and enough people, you'll get that "preserve documents for discovery" email one day. It happens outside of the US too.

To be clear sms sucks on iPhones also. iMessage is also better then sms though.
I've never really understood what people mean by this. For me, iMessage is indistinguishable from SMS, except for the color of the messages, and the fact that I can use iMessage over WiFi.
Being able to use it without a mobile network seems pretty distinguishable. As well as not being subject to international charges.

And then of course the vastly higher fidelity of pictures and video sent via iMessage.

It's easy for me to forget how different my circumstances are from most other people. I'm far more likely to be in a place where I have no WiFi than a place where I have no cell service. And I don't personally know anyone outside the US, so I don't send international messages. I guess I've never paid enough attention to the fidelity of pictures I'm sent or am sending over SMS to notice a quality difference.
Group messages.

If I send an SMS message to a group of people, they all see a message from me. They don't know who else got it. And if they reply, they reply only to me. Is your experience different?

WhatsApp (and I think iMessage) allow me to create a group with a name/purpose and send messages to the group and receive replies to the whole group.

(P.S. I went from dumb-phones to Android and have limited exposure to iMessage's feature-set).

That used to be my experience years ago, but now whether I use android or iphone, I see the whole group.
> If I send an SMS message to a group of people, they all see a message from me. They don't know who else got it. And if they reply, they reply only to me. Is your experience different?

Does MMS not exist in your country?

It does, but is priced uncompetitively compared to mobile data.
Interesting. Here in the US, plans that don't include unlimited talk+text are hard to find, even among the budget MVNOs, and that's been the case for at least a decade.
I imagine your experience of sending a message to multiple people and it not making a "group message" was your older dumb phones weren't switching to MMS, it was keeping it as pure SMS. In the SMS world, there is one recipient. In MMS, it's like an email, you can list a lot (100+ in some cases) of receipts and they can all see the list.
Just checked my provider's pricing ( in the UK) MMS are capped at 300kB and cost 30p (0.39 USD) per message.

That kind of pricing made WhatsApp an infinitely preferable alternative.

Phones automatically switching to MMS would be catastrophic.

Data (WhatsApp) is essentially free in comparison. £10 (13 USD) per month gets you 20GB: which doesn't care how many messages/recipients/photos you send.

Dang, that's some highway robbery pricing right there.

Here in the US its common to have at least 1MB MMS max size. Back in the day 300-600KB was often the max size, but that's definitely changed over the years. Maybe its just splitting it up and re-assembling it behind the scenes, I'm not sure.

I can't speak for all history, but from about 2004 or so in the US MMS and SMS were often bundled and billed the same, especially for networks which had rolled out 3G/EV-DO. Having a plan with 500 messages usually meant 500 combined SMS and MMS message.

Using it over WiFi is big feature alone for a lot of people who are often in spaces with good WiFi but poor cellular reception. Some carriers support SMS over WiFi in the same way they do "WiFi calling" which can alleviate that.

The other major feature I see for other messengers over SMS/MMS is much larger attachment sizes. It can be challenging sending an MMS with attachments >1MB. Meanwhile, I can send a 100MB file/video or an 8MB photo over Signal. WhatsApp allows for 16MB attachments. Sending a quick video in-line with the chat thread in MMS is miserable and gives an incredibly trash quality video while most other chat apps you can stick a decent quality 30 seconds or so video without any issue. Photos sent over MMS are usually junk while one could get a decent 4x6+ print off an 8MB photo.

To be fair a slightly better comparison would be MMS, but even then it doesn't compare. It's simply because data is cheap, the app is free, and the rich media features that came before iMessage/RCS existed (voice, photos/video, attachments, group chats, voip/video calling, etc), and because it's multiplatform (ios to android usage is near 50/50 or 60/40 depending on the country)
SMS was historically expensive and today is still worse with regards to features. (Also international texts as others mentioned) And once you have to choose a specific system, why would you use one that's limited to just part of the market? If you want to use a communicator to talk to people, you may as well go with one that's accessible to everyone.
The opposite is more annoying...

Whatsapp works on PC, Mac, Android and iOS

iMessage only works on Apple devices.

The price of built-in text messaging whether SMS or iMessage (or a combination of the two) largely went to zero for most people in the US texting especially other people in the US by the time other apps gained traction. And services like appointment reminders and verification codes pretty much all use SMS in the US--whatever its potential security vulnerabilities.

So I use 2 or 3 other apps for mostly a few international people I know but basically everyone I know just defaults to SMS/iMessage.

I think Meta _needs_ WhatsApp to be their loss-leader (not really, but you know) when it comes to security. They always get to say "oh but WhatsApp is E2E!! We do care about security!"
Messenger also has e2e, but it's opt in.
I mean Apple didn't give two stones about security until it became a marketing/selling point as a counterpoint to the big G.
It's called market shift.

Automative manufactures didn't give a rats ass about fuel economy until customers wanted it.

> Apple didn't give two stones about security until it became a marketing/selling point as a counterpoint to the big G

That’s not true. Apple was position itself as being better at security than Microsoft long before Google was selling devices to people.

For example:

https://youtu.be/VuqZ8AqmLPY

Apple sold itself as having better security.

It's debatable whether or not that was true, and even if you believed it it was up for another debate whether that security was by design or because Apple's vanishingly small share of the PC market made it uneconomical to write malware targeting OSX.

This isn't to say that Microsoft was doing security properly back then either, they weren't.

True, but security and privacy are different things. At most, one could say that security is necessary-but-not-sufficient for privacy.

Google is generally excellent at security, but that doesn't change the fact that they're a nightmare for privacy.

(comment deleted)
Also multiple celebrities had their nudes stolen from their iCloud.
>Apple didn't give two stones about security until it became a marketing/selling point

I don't much care. Companies don't have ethics, they have fiscal goals. If Apples fiscal goals happen to line up with my own goals, so much the better.

I would tend to trust a company who is doing something to selfishly support the bottom line way easier than I would trust a company who claims to be doing it for the common good of all humanity.

Google famously started off trying to not be evil and also be a profitable company simultaneously. It didn't work out great in that one of those goals became slightly more important than the other.

The ironic thing is that WhatsApp very heavily pushes users into Google account backups, which are unencrypted, giving government agencies all the access they want.

I remember some talk about those getting encrypted, don't k ow if that has happened yet.

You can encrypt the Google drive backup actually. It's just a toggle switch on the backup menu setting to enable it.
They seems to be end to end encrypted now. It asked me a password to encrypt the backup with. It's a recent feature and you must trust a closed source app. No idea of I can download the backup from Google drive with a web browser and decrypt it with some common decryption program.
Has Meta threatened to boycott? I know Signal has, and now Apple. However my searches for Meta/WhatsApp seem to show that there’s been contention over their introduction of E2E but they haven’t actually threatened to pull out over it.

That said, I’d be very happy to see that they did threaten a boycott as well.

https://www.theguardian.com/technology/2023/mar/09/whatsapp-...

Meta:

> Some countries have chosen to block it [WhatsApp]: that’s the reality of shipping a secure product. We’ve recently been blocked in Iran, for example. But we’ve never seen a liberal democracy do that.

They said they won't comply. UK would have to simply block WhatsApp.

Thanks. Hopefully they continue to stick to their guns.
WhatsApp was a little late to the encryption party
What do you mean? WhatsApp rolled out E2E encryption between 2014 and 2016.

It’s by far the largest messaging service that is e2e encrypted by default. I think it’s more than fair to call it ahead of the curve for a service of its size.

https://www.wired.com/2014/11/whatsapp-encrypted-messaging/ https://blog.whatsapp.com/end-to-end-encryption

It's a very easy search and might surprise ya.

As recent as 2021, there's been questions: https://arstechnica.com/gadgets/2021/09/whatsapp-end-to-end-...

But, let's go to the start - WhatsApp started in 2011.

Encryption arrived in varying degrees until there was some pressures to change the amount of privacy messages had for advertising purposes.

Lots in the news at the time.

2018 "Another point of disagreement was over WhatsApp’s encryption. In 2016, WhatsApp added end-to-end encryption, a security feature that scrambles people’s messages so that outsiders, including WhatsApp’s owners, can’t read them. Facebook executives wanted to make it easier for businesses to use its tools, and WhatsApp executives believed that doing so would require some weakening of its encryption."

https://www.washingtonpost.com/business/economy/whatsapp-fou...

2018 "Acton said he tried to push Facebook towards an alternative, less privacy hostile business model for WhatsApp — suggesting a metered-user model such as by charging a tenth of a penny after a certain large number of free messages were used up." https://techcrunch.com/2018/09/26/whatsapp-founder-brian-act...

2018 "WhatsApp CEO Jan Koum quits over privacy disagreements with Facebook" https://www.theguardian.com/technology/2018/apr/30/jan-koum-...

2018 WhatsApp co-founder: "I sold my users' privacy" to Facebook "https://www.cbsnews.com/news/brian-acton-whatsapp-on-faceboo...

Thanks for the links! I guess I shouldn’t be surprised that “E2E” doesn’t mean much for a meta service.
Haha, I was considering putting a trigger warning at the start of my post.

Encrypted in transit is not at rest, let alone the backups of messages on Google Drive / iCloud.

Interesting. I was going to say that many people use WhatsApp anyways, so if both of them go down that might actually lead to some pushback against these regulations.
I'm not even sure anyone apart from Signal is really sticking to any principles. This system would be annoying to implement, costly to legally manage, and introduce some ops overhead and security exposure. There's way more incentives for WA and iMessage here to oppose it than just protecting their users. But only one is a cool talking point.
True, but to be fair leading the pack was first Element, with Session, Threema, Viber and Signal.
In even more fairness, Meta has literally skipped the EU for Threads instead of increasing privacy. In their case, it's just a careful balance of virtue signaling, it had no qualms about pushing their spyware to hundreds of millions of people, violating basic human rights in the process.

Check Article 12:

https://www.un.org/en/about-us/universal-declaration-of-huma...

Your comment would have been stronger if you left out the piece re: the Universal Declaration of Human Rights, because it's an eye roller. Article 12 is:

> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

I'm no fan of Meta or their privacy violations, but saying that voluntarily downloading an app (which by the way does clearly outline their privacy practices) is equivalent to having my humans rights violated just really waters down what "human rights" should mean.

> voluntarily downloading an app

that's all true until an app becomes the only way to interact with certain groups of people. i certainly wouldn't call my usage of Discord voluntary. it doesn't actually matter how often i read their privacy policy and shake my head. either I break off contact with a large part of the internet that's important to me or I begrudgingly agree "voluntarily" to their terms and conditions.

May I ask, what compels you to use discord if it's not voluntary? It's absolutely impossible to use keybase or signal?
Have you ever actually tried to convince a non-technical friend or family member to use a different platform for communicating? Now try that with 10 people at the same time. The only reason Discord ever became successful is the huge vacuum of good UX that existed before it. A fragmentation of Skype, Steam, XFire, Teamspeak, Vent and Mumble. Jabber if you were playing certain MMOs. Signal and Keybase aren't even close either. Matrix is a little better, but still far off, and they have the Mastodon problem where explaining federation turns off normal peoples brains.

And aside from that, a lot of software communities are on Discord now. People are gating download links behind it, use their threading feature for support and put their knowledge base in channels. And not just small communities and developers. ASUS has made their main communication channel Discord too.

I understand! It's just that I never had to download Discord for anything.

I agree it's difficult. I've had success showing keybase to people because of how barebones simple it is - but it's not a solution for everything of course.

> Have you ever actually tried to convince a non-technical friend or family member to use a different platform for communicating

How many non technical people have heard of Discord?

Essentially everyone my age and down? I'm a late millennial.

If the number in your name is your birth year I'm not too surprised, but don't assume you can project from your own experience onto others 1:1.

How many millennials on down are “non technical” at least to the point that they can’t download an app?
You are a very ignorant if you think there is no barrier to getting someone to try an app with a substantially less good UX than what someone's currently using, and that that barrier doesn't border impossible in a group of 10.

I can't even get my wife to install Element - and she works in tech as a senior python / automation engineer. People want neatness on their phone and low total complexity, and installing a messenger for a single person is over the line for most.

You have insults I have numbers. We are not the same…

> You are a very ignorant if you think there is no barrier to getting someone to try an app with a substantially less good UX than what someone's currently using, and that that barrier doesn't border impossible in a group of 10.

Yet many people do have multiple messaging apps.

And Discord the one you think is so popular is not even in the top 10…

https://www.statista.com/statistics/258749/most-popular-glob...

They aren’t counting iMessage as a separate app. But do you really think it wouldn’t rank above Discord?

> I can't even get my wife to install Element - and she works in tech as a senior python / automation engineer.

Maybe your enlightened millennial friends and family aren’t as willing to change as you think they are?

> People want neatness on their phone and low total complexity,

Yet the average person has 35 apps on their phone

https://www.thinkwithgoogle.com/marketing-strategies/app-and...

You clearly dont have many friends or relatives that you actually interact with
(comment deleted)
I sure wonder how anyone interacted with friends and family before discord eh?
So what you're really complaining about is that other people will not follow your choices. If your relations have such a hard line that a single app is "the only way to interact with certain groups of people", they are the ones to blame, not the maker of the app.
I'm afraid life (at least mine) is way more complicated than that.
(comment deleted)
I have a mobile phone SIM which only provides customer support over WhatsApp.
This isn't compulsory, it's just personally beneficial. There are plenty of beneficial contexts you need to opt into, and include some cost or compromise.
People miss the forest for the trees here. Democratic society needs a way for people to communicate freely. Those ways are dying out fast.

In modern life, people don't discuss politics in townhalls, pubs, or whatever anymore. Online communication is by now far too siloed and supervised to the point of being unusable. Media are one-way streets, pushing the agenda of billionaires.

But you need to be able to have controversial discussions about "heavy" topics without fear of being ostracised. You need to have a back-channel to give feedback to "higher ups". Etc.pp.

A society where the individual is degraded to a mere drone (even if only loosely via framing) controlled by the "hive mind", without any recourse to voice constructive criticism is a lot of things, but certainly no democracy. There looms a dystopia on our doorstep.

To be honest, I think you've got at least part of it backwards.

> But you need to be able to have controversial discussions about "heavy" topics without fear of being ostracised.

Uh, why? People should have freedom of speech, but it feels like a lot of people want freedom from the consequences of the their speech. If anything, I think a lot of our current social disharmony is a direct result of the extremely recent development of people being able to mouth offline with very little social constraints.

Mike Tyson probably said it best: "Social media made y'all way too comfortable with disrespecting people and not getting punched in the face for it."

Someone is forcing you to use Discord? An app that I personally have never used?
You are rude enough that I'm tempted to say "OK Boomer" because you clearly are a different generation with no insight into mine.
So is there now a law saying that you must use Discord?
I'm flagging this, this must be trolling.
So his use of Discord is “not voluntary” even though it doesn’t rank as one of the top 7 messenger apps?
I think that the problem is that Meta has normalized this violation so it doesn't feel like a big deal. It feels watered down even for someone like you who appears to be very aware of the problem.

It's like exploited workers and people living in quasi-slavery, many of them don't understand their rights and "voluntarily" waive them. My parents didn't really understand the implications of "voluntarily" accepting Meta's privacy statement - once I explained it to them, they were in complete horror.

(comment deleted)
>attacks upon his honour and reputation

Yikes, seems like this is built to keep people from saying things about powerful people that they don't like.

It’s just that there was a time in Europe (about 80 years ago) when among other cruel things, the honor and reputation of a lot of people were actively destroyed for arbitrary reasons.
(comment deleted)
Can you clarify what you are talking about?
Arguably it's not the voluntary downloading of an app that's the problem; it's the mandatory government imposition of privacy interference across all apps.
>> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation

If I cannot attack the honor and reputation of a person, and by extension, artificial person like a corporation, what good is freedom of speech? How can I call someone out for being a scammer, or for doing horrible things? How does one seek public redress of a grievance against a company, or an agent of the government? Does arbitrary apply to timing, or the circumstance? Who is the arbiter of arbitrary? This is not a human right. It is a nice tool for a tyrannical government to strip away rights from people. Oh, you've violated Mr. Arresting Officer by accusing him of falsely arresting you. Now you get to deal with the false arrest and a human rights crime. Likewise, Ms. Bought a Mansion with Public Money can no longer be accused because she has a human right to not have to trifle with public accountability.

I don’t think it’s because of not wanting to preserve privacy I think it’s because it takes a shit ton of time to comply with all the orders the EU has pinned on them.
It takes a shit ton of time if to weasel around the GDPR if your business model is to collect as much personal data as possible.
Threads is already GDPR compliant, that's not the only regulation the EU has made that covers these kinds of apps.
Meta already have Facebook, Instagram and Whatsapp in compliance with EU legislation.

Threads is not an attempt to push spyware on users, that would be incompliant in the EU. (And what is this spyware you believe is in Threads?) More likely they know exactly how much work it entails to be compliant and they decided to initially skip the EU market to speed up their launch.

And in even more fairness, privacy was not the reason Threads didn’t launch in the EU. It is in violation of the digital markers act, not GDPR. The leveraging of market power in one platform to boost another platform is what is at fault, and seeing the meteoric rise of Threads on the back of Instagram’s popularity the stratagem worked.
EU DMA and I don't think it really has to do with privacy at all.
Is WhatsApp still requiring access to your phone's address book before it allows you to use it? It did last time I tried it. There is no chance in hell I'm giving it all the phone numbers, emails and names of people that trusted me by giving me their details. At the time I set up a virtual android environment (samsung called it knox) just to setup WhatsApp in a way it couldn't access my phone's address book. It is extremely unethical on Meta's side to continue with this requirement. So I'm dubious every te they're presented as champions of privacy protection.
> There is no chance in hell I'm giving it all the phone numbers, emails and names of people that trusted me by giving me their details.

The sad thing is that all their details and yours are already known to Meta.

The dozen of us who behave like you will keep trying though.

I currently have WhatsApp installed without access to my address book (on Android). It doesn't require it, but it makes it harder to use and locks out some features. Among other things, you can't start a new group / direct message, but you can participate / reply if someone else messages you first.
I use an app called "Open In WhatsApp" which lets you paste / write a phone number and it will open a conversation with that number (by using android intents). You can also share contacts from the Phone app to this App, so you don't have to copy/paste manually.

https://github.com/SubhamTyagi/openinwa (I recommend downloading from f-droid)

If only there were a strong, centralized app store that could perform app review and prevent applications from degrading user experience beyond the extent actually necessary without that permission.

Good thing the EU just outlawed that model and forced everyone to support "third party app stores" that are thinly-veiled shells for Facebook/Google/etc to bypass that review process.

the "I wanna sideload" crowd are nothing more than allies of convenience for FB and others. Facebook was already experimenting with getting users to manually sideload the full-telemetry build and now they can just say "oops not supported on safari, install the native app".

https://arstechnica.com/gadgets/2019/01/facebook-and-google-...

It's kinda the point of WhatsApp tho, phone features using your phone number and phone book but over the internet.
The Phone app on my iPhone manages to do all of those things without uploading my contacts list/social graph to anybody else’s servers though.
(comment deleted)
I recently had to install whatsapp. No asking for contacts at all. The web app (via a qr code) is ok, and i run that in a vm set up just for wa. I don't let friends and fam know i have it...I prefer keeping out of dramas, 'news', and memes. I did check that i do not appear as 'x is online' on anyone's phone (but only checked with the person i needed to wa with). The app isn't bad, tbf. It's just not for me.
In Saudi Arabia and other places, Whatsapp is not encrypted. Otherwise those services would be banned.
Incorrect. WhatsApp is encrypted in all countries.
didn't eta just move to make WhatsApp not end to end encrypted?

Meta was also in the biggest mass surveillance & influence scandal of all times for a private not too long ago, please don't forget

> didn't eta just move to make WhatsApp not end to end encrypted?

If so I missed the memo (that isn't unlikely, I'm not saying you are wrong!). Any references/links for that? A quick search doesn't turn up much, but Google isn't what it used to be…

Opposite, actually. They said they're making Messenger and Instagram Direct e2ee.
I keep writing and deleting responses. I am completely baffled. Speechless, really.

You cannot actually believe that meta gives a single solitary fuck about privacy?

For me at least, it is the opposite. It is not that I think Facebook is principled, it is that I don't think Apple is particularly principled. They care about money. Unlike many of their competitors, they are not fundamentally an ad-tech company which means your personal data has much lower value to them. This has caused them to build their brand around privacy because that is something their competitors have difficulty doing due to their business models. Apple's pro-privacy stance is just as much a capitalistic position as a principled one.
This isn't Reddit, please make higher quality comments.

I think the GP is likely aligned with you anyways.

Didn't Facebook (now Meta) buy WhatsApp, and it was originally its own thing? I guess you can say Meta kept WhatsApp operational, but I don't necessarily consider it a privacy win for Meta to just buy up some privacy-centric technologies with their billions.
I hope they really do this. All too often Companies will say this then when the law is passed they back down. Why, stockholders.

Has Apple really removed iMessage and FaceTime anywere else ? Are these available with 100% full encryption in China ? If so then they are just blowing wind :(

> Are these available with 100% full encryption in China ? If so then they are just blowing wind :(

Talk less, read more.

Well here is something for you to read, if you are a Chinese Citizen living in China, then these messages can be seen by the Government because iCloud data must be stored in China.

https://www.reddit.com/r/ios/comments/cskufy/imessage_encryp...

I was looking around to see what china has access to after seeing this post... However, people mention their messages can only be visible if icloud backups are enabled? Seems risky to trust either way.
People should read actual documentation and expert or academic writing rather than a bunch of terminally online nerds on Reddit. I’ve seen nothing credible that the E2E for iMessage and FaceTime isn’t as advertised. If you backup to the cloud you’re electing to disclose your data outside the boundaries of encryption.
> People should read actual documentation

Then they should read the leaked government documents from around the world that contradict what Apple says themselves. Failing that, they should at least be able to read the actual code to corroborate its security, but that's not an option either.

> Then they should read the leaked government documents from around the world that contradict what Apple says themselves.

On what specifically?

> they should at least be able to read the actual code to corroborate its security, but that's not an option either.

Why does that matter? You're already trusting Apple hardware. Public access to source code doesn't make security systems safer. I'm not sure what a journalist or even 99% of webshits on this forum would do with trying to audit crypto.

> On what specifically?

For starters, PRISM and XKeyscore. Both are damning indictments of the state of surveillance a decade ago, and are so damaging that pretty much every FAANG company denies knowledge of their existence. PRISM was about the outreach the US government has with domestic companies, and XKeyscore showed just how far those connections could be abused.

Simply the fact that these leaked documents exist and Apple denying them is a contradiction. Everything else is speculation, but my brain can imagine a lot happening over those past 9 years.

> Why does that matter?

Accountability purposes.

> You're already trusting Apple hardware.

Ideally I don't do that either. I'm not a fan of closed firmware interfaces and if possible, I'd like to audit the code for those as well.

> Public access to source code doesn't make security systems safer.

The majority of networked servers online today beg to differ. Over time the industry actually found that it's much safer to use an open and transparent OS than it is to trust a black-box with UB that may-or-may-not be fixed.

> I'm not sure what a journalist or even 99% of webshits on this forum would do with trying to audit crypto.

This speaks to a lack of either experience or imagination, I can't tell which.

> For starters, PRISM and XKeyscore. Both are damning indictments of the state of surveillance a decade ago, and are so damaging that pretty much every FAANG company denies knowledge of their existence.

Where's this denial by Apple? Or is your argument that because Apple doesn't admit colluding with the NSA they must be doing it. Well that is not falsifiable and what evidence are you speaking to of Apple specifically colluding with the NSA.

> I'd like to audit the code for those as well.

Firmware is not hardware. That would still not address the hardware issue.

> The majority of networked servers online today beg to differ. Over time the industry actually found that it's much safer to use an open and transparent OS than it is to trust a black-box with UB that may-or-may-not be fixed.

Yes, the neckbeards chant since CatB. There are extremely few people not putting their trust in blackboxes. Slapping linux on a box doesn't magically make it transparent - nor does linux have a security record you want to brag about.

> Where's this denial by Apple?

https://www.apple.com/apples-commitment-to-customer-privacy/

> Well that is not falsifiable and what evidence are you speaking to of Apple specifically colluding with the NSA.

Wow. What a conspicuous coincidence that all of the exonerating evidence is behind closed-doors and marked "trust us"!

> That would still not address the hardware issue.

Is there a hardware issue?

That's from a decade ago. Verb tense matters. Apple denied knowledge of PRISM before the leak, I don't see where they are denying it since. In any event, you may not believe it, and it's not the craziest thing to be suspicious, but you also unfortunately don't seem to have any counter.

> What a conspicuous coincidence that all of the exonerating evidence.

What exonerating evidence? How does one generally exonerate themselves that they don't know something or were never privy to it.

And I'm no fan of Apple (I'm also not a fan of baseless conspiracy theories), and the flip side of this is what benefit would it be to the NSA to disclose a program to a multinational company of >100k employees if they didn't have to.

You're trying to make it sound like there is a smoking gun that Apple has been lying about their NSA involvement, moreover insinuating in ways that don't seem to serve the best interests of the NSA - and I might even believe you - but so far you have put up nothing but innuendo.

> Is there a hardware issue?

Ok, so you audit your firmware. Why do you trust the hardware you're going to run this audited firmware on? You have thus far proven my point about general public access to source code.

Can a Chinese person not use iMessage without iCloud? This is possible in the US. In fact, it’s the default.
Yeah, ok, try harder than a Reddit thread where supposedly authoritative commenters can’t even spell encrypt.

The idiot pmendes is wrong (if he was correct then no one knowledgeable on the subject would classify that system as E2EE - something more to read about). The encryption keys are not managed in iCloud which you can read yourself:

https://support.apple.com/guide/security/how-imessage-sends-...

https://www.apple.com/legal/privacy/data/en/messages/#:~:tex....

iCloud backup is an opt in feature - you use it full well knowing it effectively damages the affordance of E2E regardless of locale if ADP is not available.

“Read more” did not mean social media.

> The idiot pmendes is wrong (if he was correct then no one knowledgeable on the subject would classify that system as E2EE

What exactly is pmendes wrong about? Are you referring to this comment:

> In iMessage the message contents are in fact end to end encripted. Each device encripts the message using the recipient keys and then sends the message. The problem is that iCloud manages the keys by itself so you have no way of knowing who is the exact owner of the key. Addionaly, on group chats, they don't even need to be a man in the middle. They can just add their key to the list of encription keys for that chat, and receive a copy of each message.

What's wrong there, aside from spelling? The nit I would pick is that in "iCloud manages the keys", I would change "iCloud" to "Apple" or "Apple's IDS".

How, specifically, does iCloud backup damage the affordance of E2E? This doesn't make any sense.

If you have somebody's GPG public key, you can encrypt a file to that public key and then put up the encrypted file on a public FTP site [0], whence they can download and decrypt it. iMessage does nearly exactly that, except that 1) Apple's identity service effectively solved the key distribution problem, 2) the messages are, even though already encrypted, themselves also transmitted by encrypted channels to Apple's servers during transit.

[0] Well, I wouldn't do this if I were at all concerned about the contents because it doesn't allow for forward secrecy.

(comment deleted)
> What's wrong there, aside from spelling?

If you’re going to classify every critical fact as a “nit” then nothing is ever wrong.

IDS vs iCloud is far more than a nit. They’re completely different services. iCloud is run by a 3rd party in China, this is well publicized, whereas IDS is not. So that’s like not a minor detail.

iMessage does not depend on iCloud. You don't need an iCloud account. These are unrelated.

Contact key verification is a more recent addition, and again not dependent on iCloud.

> How, specifically, does iCloud backup damage the affordance of E2E?

Just saying, you can sync your data to whatever encrypted or unencrypted service you want if you choose to. This may diminish the value to the end user of E2EE but it is unrelated. I'm not the one that brought up iCloud first. Take that up with the original commenter.

FaceTime was banned in the UAE up until ~2021 when it suddenly started working again for non-UAE phones[1]. For the longest time iOS/macOS has had feature and region flags at a lower hardware level that could dictate system policy for things like FaceTime as well as the camera shutter sound required in Korea/Japan.

[1] https://apnews.com/article/dubai-middle-east-united-arab-emi...

>Stuff like this is why I'm an Apple fanboy. I'm happy to pay a premium and be locked into their walled garden

Such statements rarely end up ageing like wine in the long run. Why would you be so happy about being owned by some big corporation just because it's your favorite big corporation?

Self preservation has taught me not to trust any big corporation, regardless of how good their PR is.

Apple has been around for a pretty long time as far as tech companies go. I have grievances with them, but mostly they do a better than average job on privacy.
>Apple has been around for a pretty long time as far as tech companies go.

So have 100 year old car companies, and I'm old enough to remember many people saying the same things about their favorite car brand in the past ("I'm only buying X brand because they make quality stuff and they never broke my trust") and I also know they changed their opinion recently after a couple of decades.

And changing car brands is way easier than changing smartphone ecosystems, should one of the two players decide to screw you.

My point is people should not be fanboys of any corporation. History has proven they can always turn against their customer, even if Apple so far hasn't done it, but there's time, company management and culture can, and will always change with time, and with constant shareholder pressure for infinite growth there's plenty of opportunities in the future for the tides to turn, mark my words.

> And changing car brands is way easier than changing smartphone ecosystems, should one of the two players decide to screw you.

In what world ?

I have switched from iOS to Android and vice versa multiple times while still driving the same car.

>I have switched from iOS to Android and vice versa multiple times while still driving the same car.

Did your app purchases form the Google Play Store automatically transfer to your Apple App store, and did your photos off your Google drive transfer to your iCloud, or vice-versa?

Read my comment again, I ware referring to the ecosystems not being interchangeable, not the phones themselves.

The incompatible ecosystems is the tie-in that keeps people tied to their respective walled gardens, not the physical HW phone brick itself which is interchangeable. Once people invested enough money in one ecosystem, they're less likely to switch to the competition as all their data and purchases are trapped.

Not sure why you got downvoted, it’s purposely hard to switch ecosystems, I’m in the middle of switching from android to IOS, but still have over a decade of data in gmail, google photos, and google drive. And I waited until my wife was willing/ready to switch because it’s harder to share across ecosystems. Fortunately we don’t own many apps (mostly things with external subscriptions like news, streaming media, etc) so purchasing replacement apps wasn’t painful.
>Not sure why you got downvoted

Fanboys don't like you pointing out the hard to swallow truth pills. They expect comments to validate their lifestyle choice, not contradict them. Any contraction is a direct offense to them.

> I’m in the middle of switching from android to IOS

At least for you it's easy, because all google apps exist for iOS, but switching away from iOS is absolutely impossible as there is no iCloud or iMessage for Android, so all your data remains hostage with Apple if you try to move.

> At least for you it's easy, because all google apps exist for iOS, but switching away from iOS is absolutely impossible as there is no iCloud

1. Download Google Drive for iOS

2. Go to the Files App

3. Select all in your iCloud Drive

4. Copy

5. Go to your Google Drive in the Files app

6. Paste

Just like you would copy files from one drive to another.

There is a web version of iCloud Drive and iCloud Photos.

They are not "great" but they are more than enough to download a zip with all your files and all your photos. From there you go where you want.

> still have over a decade of data in gmail, google photos, and google drive

And apps are available for iOS that let you access all of them. If you install Google Drive on the iPhone, your drive shows up along side iCloud in the Files app and open/save file dialoga

Yes that’s what I’m doing for now, but I left android because I didn’t like sharing so much data with google, now I’m still sharing that data with google, and now apple too.
This is why, every where I can, I only use a company's web app and not their installable app. The few apps that I use as apps, I buy for each platform. This is also why I avoid subs for most apps. Not paying a sub for both platforms for a calendar app.
> Did your app purchases form the Google Play Store automatically transfer to your Apple App store, and did your photos off your Google drive transfer to your iCloud, or vice-versa?

Which apps would those be that you have to buy on iOS and Android separately? Most non game apps are subscription based that work across platforms.

My photos are already sync to Google Photos on my iPhone and if I had an Android device, I would just download the Google Photos app.

Music bought on iTunes has been DRM free since 2008 and Apple Music is available on Android.

Apple, Google, Amazon and a few other platforms and most of the studios participate in MoviesAnywhere where you buy movies from one platform and it shows up as purchased on the other platforms

What data is “trapped”?

> Did your app purchases form the Google Play Store automatically transfer to your Apple App store

Since every app that I pay to use that has an Android version is subscription based, yes.

> and did your photos off your Google drive transfer to your iCloud, or vice-versa?

Since I can download the Google Drive app on my iPhone and it shows up right next to iCloud Drive on the Files app and in File dialogs. Yes.

As far as photos from iCloud to Google, just download Google Photos on your iPhone and sync your photos.

Anything else?

>As far as photos from iCloud to Google, just download Google Photos on your iPhone and sync your photos.

That's not a direct transfer, it's a workaround which requires you to have free storage on your phone greater than the amount of photos you have.

No it doesn’t. Google uses the standard photos API.
It’s not that hard to pivot ecosystems. Unless you have extremely high-end devices and an extremely low end car, you can almost always move from Apple to another ecosystem for a lot less than changing cars (assuming you’re buying new devices and a new car OR used devices and a used car). You can even make the move gradually over months or years.
> mostly they do a better than average job on privacy

which is really a low bar.

(comment deleted)
Unless it's China in which case they will not care about it!
If they did it for China, it will be the same of UK. The cat's out of the bag on this one.

They will probably comply with some backdoor in partnership with Five-Eyes NSA & GCHQ. This is just PR posturing to build consumer trust.

Same with their venture into CSAM in the west. China could ask Apple for the ML be applied to scan for political dissidents.

It's a slippery slope and the frog gets boiled every year.

Or America, as we have seen with PRISM.

Basically, it's as usual a financial calculation of what PR can brings vs what you can lose in the market.

And fanboys believe it's because they are the good guys.

Yep in that case let’s just close down the company because every country will want some privacy breaking rules imposed on you
China had all the bargaining power, in that non-compliance meant no more iPhones, and Apple going out of business. Apple wasn't ready to move production entirely to India or another country.
Google, Meta (Oculus) are banned in China and still produce their HW there.

It was about getting a slice of hugely lucrative pie of customer market.

It's very strange because like OP, huge fanboy. Early on it felt wrong to also burden Cupertino with being a cultural leader, but somewhere around $1.0T+ market cap, that has evolved.

Vaguely remember a charity used to have a thing where they'd auction off a dinner with Steve, then later Tim. Given time with a leader who has literally revolutionized supply chain in CN and a CEO who made Apple his own following the most notable CEO ever, going after various gotcha points would feel like a wasted opportunity. But think I'd have to ask why a company designed in California of the 1960s and 1970s doesn't have line in the sand policies when dealing with a genocidal government and perpetual backdoors in software and politics, but will take a move like this. Would hope for something more than a canned answer.

Capital. Once you grow to a certain point, politics and ideas are only good for marketing. Companies will happily work with banana republics and dictators if it outweighs the losses from paying your PR team a little more for a few months. Companies are not your friend, as in the end they only care about your money.
They will only continue to do so while it remains profitable, at some point they will give in. They are a capitalist company, profits are their only concern.
How much would it affect Apple’s profit by not having iMessage in the UK?
Have you been seeing all the videos of women not dating men if they get a green text bubble! :)
We don’t need more British people mating with their fancy tea and accents anyway /s.
Except they are quite selective regarding the countries.
> has the power to shift policy in favor of human rights

Except for right to repair...

And software freedom...

Those are not human rights. Privacy, on the other hand, is.
The right to repair is a direct extension of "banging the rocks together" - i.e. toolmaking, the main thing that defines us as humans. How can that not be a human right?
> the main thing that defines us as humans. How can that not be a human right?

Plenty of animals use tools [1]. And this isn’t how we define human rights. Bipedalism is quintessentially human, that doesn’t make tunnels a crime against humanity.

[1] https://en.m.wikipedia.org/wiki/Tool_use_by_non-humans

I'm fine giving the animals the right to repair as well.
I think I'd prefer to have both privacy and control over devices I own.
I'll push back on this. I think that Right to Modify[0] is a human right. I think that software freedom and user agency (especially where it relates to vendor lock-in) is closely related to human rights, in the sense that it can directly impact people's ability to express those rights.

To say that right to repair in specific isn't a human right because the actual human right is agency/ownership/modification/whatever, is a bit like saying that encryption isn't a human right because the actual right is privacy and encryption is just a way to maintain privacy.

The end result is still that people aren't able to exercise rights. I would argue very strongly that having a degree of autonomy over the devices/objects that you own is an intrinsic right.

And if you look back at the history of Open Source software, you'll find that conversations about Libre/Free software have been regularly grounded in discussions of human rights from the start; from rights to ownership, to modification, to communication.

[0]: https://anewdigitalmanifesto.com/#right-to-modify

Sure, I'll agree they're closely aligned but software freedom and "user" agency (I'm guessing as opposed to general human agency?) require software to be relevant and therefore I wouldn't say they're universal human rights.

Important? To be sure. Just not "rights".

I sort of see where you're coming from but I would somewhat disagree, I think that software is just an expression of device ownership and modification rights more broadly. Maybe that is kind of what you're getting at, that right to repair is a higher-level concept on top of a more universal human right? It's software-specific in the sense that software makes it harder to use those rights, but I also think I should have the freedom to take apart my toaster or to modify a shovel that I buy. But...

I don't know, I don't want to argue too much, and I don't want to give you a pedantic reply when we seem to be in agreement that privacy, agency, repair are all important and whether you or I would stick them in a specific category probably doesn't change much about that or necessarily mean that we actually disagree on anything practical related to those concepts.

I think it's bad that Apple isn't willing to fight for right to repair or user agency, but it is good that Apple is willing to fight for privacy regardless of its motivations. I don't think Apple is a universal advocate for human rights and I don't like deifying the company and I don't think its positions on privacy excuse its positions on repair or agency. But it's pretty objectively good for Apple to make a statement that it will pull these products out of the UK rather than comply, and it would be silly for anyone to say that the statement is meaningless just because Apple has bad positions on other freedoms. Apple's positions on right to repair do not make it any less good for Apple to have issued that statement about encryption.

You are just giving your secrets to a company you can't change instead of a goverment you can elect.
Ok, I give my secrets to a non-privacy focused company. I still cannot change that company.
Except that those "elected" governments are already just storefronts of big corps anyway.
The company doesn't have a hundred thousand armed officers with the ability to arrest / kill me for anything they can claim they found. Government comes equipped with legal violence, the company comes equipped with targeted ads
It's true, they merely have enough cash on hand to fund a small army, enough legal power to crush you in court with anything you attempt.

Make no mistake: if Apple needed to get someone killed, they would. They're not some miraculous pinnacles of good in a sea of evil. It's just that they merely need to flex the law at you to destroy your life forever. Apple is no different, they'll hire the Pinkertons and break your fingers should they find the need to. Carnegie Steel did it, Apple's not above it either.

>Make no mistake: if Apple needed to get someone killed, they would.

Ok, I'll play along. Suppose Tim Cook wakes up tomorrow and decides for some reason he wants me dead. How exactly does he do it?

I would assume he brainwashes a male model to kill you.

Sorry for the Zoolander reference. I couldn't help it

Hiring a hitman to do it?

There are plenty of unhinged people in this world who do illegal shit for enough money. Do you think some Ex-Wagner mercenary would pass up that offer?

SOP is to have a team "suicide" you.
It doesn't even have to be good. It can be a "robbery" where you get professional-grade double-tapped on your front lawn but nothing's taken, or a "suicide" where you hang yourself from a tree whilst simultaneously shotgunning yourself in the chest. The news will just parrot the local cops' PR statement.
Do you live in China? If so, they probably just send a Foxconn employee or PRC representitive with some sort of firearm.
You lack creativity. You have multiple billions available for that. Where do you want your remains to disappear ? Hell, even sharks with lasers isn't far fetched with that amount of money.

But all playfulness aside:

* Pay professional hitmen. * Pay a hobo enough to go beat you up in your home. * Pay enough people enough money to kill you pretty much anywhere.

What are they going to do, plead in front of a judge that sees 90% of his murder cases unsolved or solved through guilty pleas that Tim Cook gave them a wad of cash when all they saw was a subordinate of a subordinate of a subordinate ? There's nothing fancy about it. Especially with an economy that drives people to drastic measures: a huge wad of cash that you're guaranteed to keep is enough for most people.

> * Pay professional hitmen

You mean, pay an undercover cop who is advertising himself as a professional hitman?

> * Pay a hobo enough to go beat you up in your home.

He'll pay the hobo, and hobo will run off with the money

> all they saw was a subordinate of a subordinate of a subordinate

This is even more crazy than the earlier suggestions. You think there is going to be a chain of subordinates at apple who will all go along with a murder conspiracy? Try arranging a surprise party with five people, see how well people can keep a secret.

"My favorite multinational trillion dollar worth conglomerate that has a history of not caring about human rights when it comes to the production of their devices surely would never do that!"

You're naïve. Less than 100 years ago the Pinkertons were still murdering workers and nothing happened to them.

> How exactly does he do it?

Just imagine this: Tim Cook travel expenses amount to an half a million dollar per year.

travel expenses only.

A professional hit man costs between 1/100th and 1/33th of that.

Tim has to simply give up on a pair of new shoes that year.

I am confused. Are you arguing that this is a thing that happens? If so, I'd like to see any shred of evidence whatsoever.

On the other hand, we know that governments do this sort of thing all the time.

> I am confused. Are you arguing that this is a thing that happens?

they simply have better tools than hitmen, but, for example

https://www.businessinsider.in/policy/news/former-ceo-of-ama...

https://www.seattletimes.com/seattle-news/clearly-lasik-co-f...

> we know that governments do this sort of thing all the time.

they also have better tools than hiring hitmen

contract killing is a fraction of all the homicides

OP asked how the multi billionaire CEO of a trillion dollars company could kill someone

He could simply hire an hitman, it would cost him peanuts

If the victim is also using one of the products the company makes, they would also be in possession of all the information an hitman would need to complete his task, no investigation would be necessary

Where do you find a hitman for $5k?
Costs vary: In Australia, contract offers ranged from $500 to $100,000, with an average of $16,500. One undercover investigator, hired as a hit man more than 60 times in 20 years, lists his largest proposed payoff as $200,000 in jewels (and that was just the down payment) and his stingiest as “seven Atari computer games, three dollar bills, and $2.30 in nickels and dimes.”

Some of the highest-profile hits nowadays happen in Russia, where the rise of wild-west capitalism has led to a boom in contract killings, with victims including politicians, editors and journalists, businessmen, even poets.

How much do you think it would cost to hire a Russian blackop/elite troop fleeing from his country?

Are you saying that the internal accounting controls at Apple are so lax that Tim Cook can pay contractors off the books out of his own travel expenses?

I also imagine the post-arrest interview of the $5000 hitman going like this:

"You're charged with Murder 1, which is a capital offense in this state. Are you ready to die for $5000?"

"Tim Cook made me do it."

Yes, misuse and misappropriation of funds is such an uncommon event for fortune 500 companies. Especially the CEO, they have to justify every little expense!

In what wonder world are you living?

> his own travel expenses?

I am simply saying that a man with 2 billion dollars in his bank account can do whatever he wants.

It is also pretty naive to think that Tim Cook expenses can be questioned by an Apple anonymous accountant.

of course this is all hypothetical, men like Tim Cook would never hire an hitman paying cash personally face to face.

> "You're charged with Murder 1, which is a capital offense in this state. Are you ready to die for $5000?"

> "Tim Cook made me do it."

at best that could legally qualify as insanity

But even assuming it costed 200 thousand dollars, would not change that for a Tim Cook it's a day's pay

Depends on your crime. If you outed his human rights overlook, then he will send you on a vacation to the place with the Human rights violation. And somehow you will get in trouble with the mob there because for some reason they don't like you for threatening their jobs.

If you don't take his vacation offer, he will invite you to a party on his dime. If you don't attend, he will use your location data, make it seem like you were in the wrong place at the wrong time. And depending on the severity and nature of your crime, the outcome will be just low ball enough to make it seem like apple needs to do something bigger than focus on human rights, like making better devices for your security.

And the company can give your data to the government with no recourse available to you and no warrant required from the government.
If they choose to sure, but I dont see what incentive they would have. After all, the post is about a company removing products from a market rather than being subject to a law that would allow the gov to force them to do so.
> but I dont see what incentive they would have.

They are frequently subpoenaed for information, and turn over that data more often than not: https://www.apple.com/legal/transparency/us.html

Yeah, because they are asked to/legally required. I was questioning incentives to hand over information on their own accord, just because they can.
All of these are their own accord. That's even what OP's article is about - if Apple is legally required to break their encryption in the EU, then they will discontinue their product.

Let's not pretend this is a privacy-motivated decision. Where Apple doesn't have negotiating power (eg. China) they have been forced to compromise user safety and privacy[0]. We live in a post XKeyscore world, pretending like this doesn't also happen in America or the UK is a bedtime story for helpless capitalists.

[0] https://support.apple.com/en-us/HT208351

edit: s/EU/UK

Huh? Isn't this story about the possibility of the UK government legally requiring Apple to do something?
Which is a good reason to avoid giving your data to either one in the first place. If I don't have a choice though, I'll take the company over the government any day.
Difficulty: "Any day" meaning 1917 in Russia or 1933 in Germany.

(Edit: for my next trick, I will read the post more carefully before replying)

I don't understand this comment the Tsar and the Nazi's were both governments.

Another good example is the Dutch housing all the data in an building that was used to track down and kill the right people.

The data existing is the problem. The ideal situation is that there is no data.

D'oh, you're right, I misread the GP. Finish coffee first, then post.
I had to double check everything to make sure it wasn't me.
> The company doesn't have a hundred thousand armed officers with the ability to arrest / kill me

ask Foxconn employees if that's true or not.

The company can't send me in jail if they don't like what I'm trying to keep secret
Sure they can. History is full of examples of powerful corporations doing things like putting people in jail, commanding armies, etc.
Companies can’t put you in a box at gunpoint if you break one of their rules.
Sure thing, goes quick, and never changes, and works everywhere :)

The power a government has over you is likely also potentially the same as a company?

And lastly it is wrong, if the apps do E2E right (but I have no clue about that) you don't give them a secret at all?

You also cannot change one company, but you can change companies usually better than governments ;)

How many people are going to make encryption their top priority when voting?

And besides, private corporations don’t have a “monopoly on violence”, the government does

(comment deleted)
WTF? I can buy a phone from another company if I disagree with Apple's approach, or use no phone at all. Try doing that with your government sometime and see how it goes for you.

Nobody worries about the government giving customer data to Apple, do they? Why do you suppose that might be?

>Stuff like this is why I'm an Apple fanboy. I'm happy to pay a premium and be locked into their walled garden

@dang Is there any way I can counter-argument this statement without it getting flagged? If so, please let me know how.

Because so far I have failed and I don't know what rule I broke by countering this statement.

(comment deleted)
Flags aren't for rule breaking, they just mean enough people found your comment inflammatory or otherwise objectionable enough to hit the "flag" button.

If you have a link to the flagged comment, I can probably help you understand why HN users would have flagged it. This comment is getting downvotes because complaining about downvotes and flags always does.

What's objectional or inflammatory about my opinion here: https://news.ycombinator.com/item?id=36800745
It doesn’t show as flagged for me. Time heals all wounds, if your comment is not objectionable it will usually be vouched for eventually. Which is one of the reasons it’s a rule here that you don’t complain about voting. Such comments also rarely age like wine :)
Well it was flagged in the beginning, it's not like I imagined it.

IMHO people should be allowed to complain otherwise how can we spot deficiencies and injustices and improve?

You can complain, you'll just get a small karma hit for it. It's inevitable because it's off topic, but karma on HN is more or less meaningless anyway.
It's usually brigading by other Apple fanboys. Their master can do no evil. You could see this alot during the local device scanning controversy, but anytime you try to point out obvious facts (like Apple building the largest Ad empire for example, while virtue signaling about Meta's ads on their platform) you get downvoted and flagged.
Sounds like their PR works. I bet that's the exact "feeling" they're aiming for.
Yea, and even if it is actionable and "real" - they're .. i think, correct me if i'm wrong, by law a for-profit company. Meaning none of this is noble, this is just aligned with our interests because they believe that to be the most profitable image for them currently.

Which is all well a good for now, but profit directions can change, and i suspect it's easier to change a direction guided by profit than a direction guided by morals. Ie i suspect their current "good direction" is less stable than some would suggest.

Ignoring the client side scanning ability that is built into the OS, which raises other suspicions.

It takes a lot of unearned trust to to assume that there isn't classified surveillance occurring.

If it is, public virtue signalling about not breaking encryption is theater. As the surveillance occurs prior to encryption.

> Ignoring the client side scanning ability that is built into the OS

Which client side scanning would that be?

https://www.wired.com/story/apple-photo-scanning-csam-commun... This scandal about scanning your end-to-end encrypted photos on one of the ends, kinda defeating the purpose and reducing everyone's privacy. It lead directly to the legislation that Apple is coming out against today, which I would call ironic but is very predictable. How dare governments require us to do this thing we already planned to do.
That CSAM detection method was something that apple published a whitepaper about to get feedback. The feedback was strongly negative, so they never implemented it.

I would hope that the grandparent was not referring to this thing that never existed as "the client side scanning ability that is built into the OS."

Unless it's the human rights of those working at apple assembly lines.
> Stuff like this is why I'm an Apple fanboy.

https://en.wikipedia.org/wiki/Choice-supportive_bias

the tendency to retroactively ascribe positive attributes to an option one has selected and/or to demote the forgone options. It is part of cognitive science, and is a distinct cognitive bias that occurs once a decision is made. For example, if a person chooses option A instead of option B, they are likely to ignore or downplay the faults of option A while amplifying or ascribing new negative faults to option B. Conversely, they are also likely to notice and amplify the advantages of option A and not notice or de-emphasize those of option B

Actions like this is why I used to trust Google. Fighting government overreach should have been a critical part of technology and data.

But it seems Google was more political in its relationships than idealistic. And now the entire sector is compromised.

Apple will be one day compromised too. In some crevice of some unknown government office is a person working on a ten-year initiative to get access to inaccessible information in the tech sector. AT&T was compromised this way. Microsoft was compromised this way. Google was compromised.

What is to say Apple won't be compromised??

They are already compromised. They give data to the US government, China, and Russia.

OP is repeating marketing.

https://en.wikipedia.org/wiki/PRISM

Apple is a participant in the NSA's PRISM mass surveillance program. They've been compromised for a long time. I doubt any decent sized corporation isn't.

Exactly this. When some government makes a big public proposal to invade privacy, Apple will speak up with bravado. But they won't say a word in all the other cases when a government demands to invade privacy when those demands are made in secret.
I am going to give them the benefit of doubt in the case of PRISM. It is not clear whether PRISM is the result of forced/voluntary participation, or the result of vulnerabilities found in their systems. Because of the diagrams in the PRISM powerpoint mentioning some of the integration is "coming soon", I feel it is definitely not legally coerced, otherwise everyone would participate at once. Also due to the integration having varying limits from service to service tells me this not given to NSA on a silver platter. Lastly, the outright denial of these companies further tells me that they are unaware.

PRISM is the result of vulnerabilities found and purchased from hackers. And integrated together in a project codenamed PRISM. Each source has different levels of information sharing. And with Dropbox being a less integrated and more primitive resource for search, I know the entire PRISM program was a gum and shoestring project.

I hope they do this, I would not trust my govt (Brazil) with this power. Judges would use it all the time.
Apple, while imperfect, is the only large tech company with anything like a principle when it comes to user privacy. Meta/IG would sell literally any piece of information about you they can get their hands on and monetize.
I'd have thought it'd be more profitable to sell access to you based on criteria rather than outright selling your data. If they sell your data then anyone can buy it and use it whereas only they can sell your attention.
I came here just to say this, thanks @obituary_latte for putting this nicely.
The way I put it, is Apple's business is selling high added value products (i.e. luxury, overpriced whatever you want), while most of the other big tech companies have you and your data as their main product. I'm fine paying for the luxury and privacy that comes with it
This is marketing though.

PRISM for the US, giving personal data to China, and Russia are examples of them not respecting privacy.

Seems that the UK market is not big enough. In China Apple had no problems with ceding control of their local servers to the Chinese government [1]. Not to mention of using forced labor (mostly Uyghurs, against which China is committing acts of genocide [2]). So, Apple and human rights my ass!

1. https://www.nytimes.com/2021/05/17/technology/apple-china-ce...

2. https://en.wikipedia.org/wiki/Uyghur_genocide

None of those investigations showed that parts supplied to Apple came from Xinjiang. Only that one of their suppliers operates a plant there. These suppliers are huge conglomerates with plants all over China. Apple is one of a tiny handful of companies that actually audit their supply chain, but they only audit the chain that actually supplies them.

From now on though any kind of audit in China is going to be almost impossible. They've started arresting researchers who perform due diligence reports for revealing 'state secrets'.

I don't think it has anything to do with the market size, which after the Brexit fiasco and the pandemic has shrunk considerably, but it has the most to do with the UK labelling itself as a democracy while behaving like a dictatorship when it comes to surveillance and other "think of the children" laws.

I would say Apple is pointing out the hypocrisy.

> a company that has the power to shift policy in favor of human rights

Well you're _technically_ right; they do indeed have that power. However, it sounds like you're suggesting they are using that power _to_ shift policy in favor of human rights (emphasis is of importance).

Whilst I can't prove that their intention has nothing to do with human rights, it's only in the same way that I can't prove the last U.S. invasion of Iraq wasn't about protecting the world from weapons of mass destruction.

It is patently obvious to me that this is a business decision fuelled by the drive to keep profits up, that just happens to coincide with happily with a PR friendly action. It's great that they're doing this, but it's just a coincidence that it aligns with what we want.

iMessage and FaceTime are large parts of the Apple Ecosystem lock-in. What obvious profit motive (separate from PR) would removing them provide?
It doesn't have to deal with compliance issues, which are not only getting more complicated, but also increasing in number.

"Sorry guv, I don't have the keys for that, so I'm not responsible for what went on as I couldn't have known".

Though the biggest money maker is the idea itself. Many believe that Apple is "on their side", and these kinds of plays re-enforce that. The moment it's more profitable to sell you out than "stand up for privacy", they'll do it.

(comment deleted)
> but it's just a coincidence that it aligns with what we want.

I agree with your comment, but I think it is naïve to assume that Apple does PR by happenstance. Effective marketing/messaging is the bedrock of their business strategy.

So yes they probably did this primarily for raw profit/power reasons, but the positive PR is a close secondary.

It's not happenstance. They planned this action. But, "A broken clock is right twice a day" applies here.
An $3T company can literally buy governmnets
They also have the power to redefine what a text message is. They don't care about people like you think they do. They're a company who makes decisions to make money.
Ridiculous stuff like this is why I'm cringing everytime any apple fanboi appears. Are you dense? Apple and all other major companies are cooperating with FBI/NSA/CIA all the freakin' time.

These things they throw up is actually smart play from these global police agencies, so sheeps like you feel safe. (Android is the same thing)

From a security point of view, there is no difference between being able to access your data and actually doing it. You may picture such or such company as better than another one (and maybe it is, though I strongly doubt it) if you want, but behaving yourself as if that company really cares about your privacy is extremely naive.

I would rather suggest firmly believing whatever company you chose is spying you (be it true or not), and adjusting what you can accordingly (settings, apps, usage, etc.).

I used to think like this about Google, back in the "Don't Be Evil" days.

I end up living day by day, knowing that nothing is permanent. Right now, I'm with Apple, acutely aware that someday, this will change -- probably when some snake finally manages to slip through similar legislation in the US and it becomes profitably unattractive for Apple to maintain it's privacy stance.

Apple's privacy stance is a marketing thing, after all.

Pretty sure it's just section 75 that Apple / Meta take offense to.

(1) OFCOM may require a provider of a regulated service to pay a fee in respect of a charging year which is a fee-paying year.

(2) Where OFCOM require a provider of a regulated service to pay a fee in respect of a charging year, the fee is to be equal to the amount produced by a computation—

(a) made by reference to—

(i) the provider’s qualifying worldwide revenue for the qualifying period relating to that charging year, and

(ii) any other factors that OFCOM consider appropriate, and

(b) made in the manner that OFCOM consider appropriate.

https://bills.parliament.uk/publications/51870/documents/367...

You must love Meta then, who refused to compromise to enter China (and boy, they tried). While Apple happily shares data with Chinese government to make billions.
Similarly, Bing is happy to run in China while Google pulled out of there.
You mean how Facebook wouldn’t “compromise” when it was outright banned?
If they would have compromised they wouldn't have been banned.

So, yes?

https://www.investopedia.com/articles/investing/042915/why-f...

China never asked them to compromise. They were banned in 2009.

And you know for a fact that they never communicated with Facebook and just banned them out of the blue?

Or is this just speculation (fitting considering the source)?

Seeing that every non Chinese social media company was banned and that Zuckerberg later tried to get back into China

> In 2018, Facebook attempted to set up a $30 million subsidiary in Hangzhou to incubate startups and give advice to local businesses. Permission to run the startup was quickly withdrawn

Do you really think that Facebook is out of China for any moral reason?

Zuckerberg was courting China hard around 2015-ish, to allow them to operate. He learnt mandarin, spoke at Tsinghua University in Beijing, met Xi, etc.

Of course, we don’t know real reasons why they didn’t open there, but end result is that Apple shares data with China and Meta doesn’t.

Corporations > Democracy

What could go wrong?

> Stuff like this is why I'm an Apple fanboy.

A fanboy without iMessage and FaceTime ...

The fact that there are companies that have the power to shift public policy is the problem. Because they use that power for their interests that don't align with our interests.
Headline: Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources

https://www.reuters.com/article/us-apple-fbi-icloud-exclusiv...

Even with the new iCloud e2ee, which is not on by default, if you enable it, Apple and FBI/DHS/et al can still read all your messages (unless each and everyone you iMessage with also enables it), because iCloud still escrows iMessage sync keys in non-e2ee iCloud Backups, breaking the e2ee in iMessage.

For 99.99%+ of iMessages, they ARE NOT E2EE and can be read at any time by Apple and provided to the state without a warrant. This is by design. HT202303 explains this, because for some reason Apple doesn't like to publicly lie.

This article is brand marketing, nothing more. It worked on you.

Apple has the ability to ship private devices. They don't because they choose not to fight city hall.

Thanks for the reply. So am I misunderstanding their data security overview page?[0]

>For additional privacy and security, 14 data categories — including Health and passwords in iCloud Keychain — are end-to-end encrypted. Apple doesn't have the encryption keys for these categories, and we can't help you recover this data if you lose access to your account. The table below includes a list of data categories that are always protected by end-to-end encryption.

The table includes Messages in iCloud with the caveat that the key is stored in iCloud backups if enabled, but the e2e key is still private, no?

[0]https://support.apple.com/en-us/HT202303

iCloud Backups are enabled by default, and the Messages in iCloud key is in the non-e2ee iCloud Backup.

That means the iMessages being synced are encrypted to an endpoint key which is held by both the endpoint and the middle transit service (iCloud/iCloud Backup). That's end-to-middle-and-end encrypted, i.e. not end to end encrypted.

Even if you turn on iCloud Backup e2ee (it's an option now) then your iMessages to everyone who hasn't (99.9%+ of people) aren't e2ee because the other end of the conversation is backing up their endpoint sync key.

I have seen some arguments that they don't care about your privacy and it's all right there in the privacy policy if you're willing to read it. A video on the subject [1]

[1] https://youtu.be/r38Epj6ldKU

Privacy is a fundamental human right!
Not in a society.
Not only is privacy a fundamental right within a society but it is fundamentally necessary to the advancement, and thus long term survival, of any society.
To be honest that sounds like both an idealised slogan and a sophism empty of logic.

Can you expand upon how the advancements in western society since (say) WWII have been neccesarily dependant upon privacy?

> how the advancements in western society since (say) WWII have been neccesarily dependant upon privacy?

Alan Turing. Hell, Tim Cook, a gay man who grew up in Alabama. Neither would have survived childhood with their personalities intact had their governments had the access No. 10 Downing demands.

Privacy preserves society’s margins. The margins, by definition, are where change—growth—is nurtured.

To be clear, I'm in favour of privacy.

However your examples don't demonstrate how the many advances in western society depend upon privacy nor do they prove that it would not have advanced without privacy.

Alan Turing, for example, was open about his sexuality (an issue that bit him when a robbery took place long after his work at Bletchley).

Even had he been somehow taken out of the picture pre WWII it remains true that Marian Rejewski, Jerzy Różycki and Henryk Zygalski would still have cracked the Enigma cipher, built the prototype Bombe's and passed that knowledge to the likes of Tommy Flowers and William Thomas Tutte.

Turing proved a result applicable to the third part of Hilbert's second problem, the Entscheidungsproblem.

He was very nearly beaten to that as a first by Kurt Gödel who provided an answer to the first two parts of Hilbert's second while indicating an approach to the third part.

Turing was beaten to the goal by Alonzo Church who demonstrated the halting problem for lambda calculus is not effectively calculable.

Later, in 1939 J. Barkley Rosser highlighted the essential equivalence of "effective method" defined by Gödel, Church, and Turing.

So, uhh, yes - it would be nice to see some notion of proof come to in to play here.

No discovery depends solely on one person. The example illustrates the mechanics in the last line.

Fringe elements are analogous to a society's surface. They, by definition, interact with novel elements and ideas at a higher rate than population.

Internal interactions exchange information. That distributes information (physical and intellectual). It also increases entropy and thus homogeneity. Conductivity (the term of art is legibility [1]) and complexity are at odds with one another.

Ceteris paribus, internal homogeneity shouldn't change the surface. But humans have agency. Homogeneity precedes conformity which drives more homogeneity. Furthermore, less diversity means fewer novel opportunities/interactions between the fringe and the unknown.

Privacy preserves a diversity of fringes which drives social complexity. A society without privacy is simpler, and thus less capable of innovation, than one with it. (There is obviously an upper bound to this phenomenon. A perfectly opaque system is static. But humans, as social creatures, resist isolation more naturally than conformity.)

[1] https://publications.aston.ac.uk/id/eprint/27204/1/Linked_da...

This is what’s called “anecdotal evidence”.
1. You cannot compare Cook to Turing with a straight face, even in terms of their sexuality situation.

2. Privacy is about as personal of a fight to Cook as shareholder obligations are, and only one of them gets him removed if he neglects it.

3. It's pretty fucking stupid to suggest the UK would do the same thing to Turing today if they had the data. You may recall that there are now laws in both the UK and, yes, Alabama since 2009, that render this a hate crime and deter it properly. It's the lamest possible excuse to support corporate power.

Ultimately Tim Cook will say whatever gets investors horny. If you're dumb enough to factor his sexuality in to your trust quotient, you deserve to be XKeyscored.

> cannot compare Cook to Turing with a straight face

A series of examples isn't necessarily a comparison and is certainly not an equation.

> stupid to suggest the UK would do the same thing to Turing today

Re-read the comment. Nobody suggested as much.

As long as humans remain irrational and tribalism exists, privacy is essential to anyone that isn't the most boring, vanilla, cookie person that has any amount of non-mainstream ideas or beliefs or qualities.
I think, in theory, a society with much less privacy could work, as long as there is information symmetry, not a panopticon controlled by a few. We're not building an open society, though. The asymmetry is the point.

If we ignore the open society angle and assume surveillance would be one sided:

Competition is needed for healthy capitalist economies. Competition doesn't work well with great power imbalances. To the extent entrenched business could leverage the government, as they do, powers of surveillance could be used to stifle competition. That leads to stagnation.

Democracy, even in a limited form, doesn't work when everyone is under surveillance by a powerful minority. I don't think I need to elaborate since there's been plenty of writing on that.

Also, people don't want to make civic contributions to a society that treats them like cows with a criminal bent. There's not much argument against being a hedonic leech in a society that benefits from your labor but resents your autonomy.

I haven't answered your question exactly, but it's a bit difficult when framed that way. I still think it's pretty clear that the massive power imbalance that comes with dragnet surveillance can catalyze corruption, stagnation, and malaise, thus impeding progress.

> I think, in theory, a society with much less privacy could work...

I suspect what many forget or were perhaps unaware of is the in practice society with near zero privacy existed for the vast bulk of actual human history.

Before the car and the radical change in individual human movement that came about for those parts of the world privileged enough to have a car for every family the majority of people lived within a small radius surrounded by people who effectivel knew every detail of each others lives .. if not as it happened then almost certainly by the next quarter as word spread.

Again, as I mentioned above, I like privacy .. but it remains true that the greatest expansions of modern western economies; mass production, feeding quantitively more with less land and labour, etc .. all happened without any essential dependance upon privacy to bring these changes about.

It is the upstream grandparent claim that privacy is fundemental and essential for any advancement in a society that doesn't pass the smell test and certainly hasn't yet been well argued for.

I absolutely do agree that it is desirable .. but essential (in a strict sense) for the continuation of human society .. that needs better argument to pass muster.

> Before the car and the radical change in individual human movement that came about [...]

The lack of privacy in a local town is surely quite different in its effect on society than a centralized and wide reaching dragnet surveillance program. That local lack of privacy was limited in reach, not automatic nor persistent, and mostly symmetric... which doesn't present the same potential harms.

Advancements depend on the ability to change and often break the rules and to protest injustice.

With no privacy there’s no civil disobedience and no advancement.

Without privacy there’s no resistance to Putin’s regime, or to prohibition (of abortion, homosexuality, alcohol, drugs, …).

Privacy is essential.

Something you can prove?
Wrong. Society is just a social construct, but your right to independent thought and agency, which is powered by privacy, are fundamental to the human experience.
No one is taking away anyone's right to independent thought, at least for now. Patent was talking about privacy though, I'm not sure our species has a fundamental right to it, how did you arrive at that conclusion?
It's a bit difficult to grasp the reasoning behind humans not having the fundamental right to privacy. It seems like the right to privacy/private communication with other sentient creatures is corollary to the right to independent thought, since humans are fundamentally social creatures with an inbuilt need to communicate.

I'm a bit curious how you arrived at the conclusion that you're "not sure our species has a fundamental right to [privacy]". That seems like the absurd claim requiring actual support here, seeing as how privacy is the norm, not the other way around.

> I'm a bit curious how you arrived at the conclusion that you're "not sure our species has a fundamental right to [privacy]". That seems like the absurd claim requiring actual support here, seeing as how privacy is the norm, not the other way around.

I didn't claim anything, I said I wasn't sure. Our species is much much older than the concept of privacy. Back when we were still sitting in trees there was no privacy. We decided that that was a thing quite a bit later. Now in the year 2023 I would say many of us see privacy as a fundamental human right though obviously and a privilege to defend.

Having rights is a social construct. Unless you believe in divine order of things. But I suspect there’s nothing in physical reality that requires any rights to be granted to anyone.
The religious far outnumber the not so I think your "unless" is really the norm. Talking only the various Jesus fanclubs you have a literal divine right to privacy in confession and it's sinful to reveal another's secrets. The Adam and Eve creation myth establishes privacy when God created clothes.

The very concept natural rights is basically divine rights but without explicitly mentioning a god.

It seems that more religious societies have much less privacy. Like, go back to Middle Ages. It would blow out minds how those people lived.
If having rights is a social construct as opposed to a universal truth, then you don't have any rights at all. You have temporary granted permissions, but not fundamental rights.

As such, it's much more likely that they are universally true rather than a result of human consensus.

There are no rights in the first place without a society. The entire concept of "a right" is meaningless if it isn’t in the context of a social contract.
Interesting viewpoint.

Care to elaborate on your thinking? Genuinely interested.

The parent post defined “human rights” as something from holy scriptures. What I can see from being part of highly functional societies is that they require me to give up a big part of my privacy. Like, I can’t get salary without bank account. Which I can’t get without submitting a whole lot of personal information to the bank. There’re many essential services which you can’t access anonymously. At a very least “privacy” isn’t a binary category. There could be more privacy or less privacy, but not 100%.

One more example: some societies will require you to disclose any relation to politically exposed persons. Which is beneficial to society, but I can’t withhold even if I wanted.

Very valid points, which I agree with.

As the famous saying goes: There are no solutions, only trade-offs.

Privacy is a trade-off.

Privacy cannot be defined in solitary situations. : )

The only place where privacy has meaning is in the company of other people. Including society as a kind of group of people.

> Privacy cannot be defined in solitary situations. : )

Here lies the paradox.

See article 8, European Convention on Human Rights, is literally about privacy. UK is a signatory last I checked

(Russia was finally kicked out after continuing what they started in 2014, but their pledge was a joke anyway, or wishful thinking at best).

Sure, but what exactly is "privacy" ? That's the debate.

No sane person believes that there aren't really nasty, organized criminals in the world, and no sane person believes that said criminals have a right to absolute privacy, including e.g. (the moral equivalent of) search warrants.

I grew up in a time/place where organized crime was rampant, and if you looked at the wrong person you could be killed. It was time of racism-by-default, thievery-by-default, a lack of investment in R&D, science or infrastructure, and the opposite of a meritocracy. It was an "invasion" of their privacy that ended that era, and now we can comfortably watch Scorcese movies about it over an internet those people would never have invented or invested in.

> No sane person believes that there aren't really nasty, organized criminals in the world, and no sane person believes that said criminals have a right to absolute privacy, including e.g. (the moral equivalent of) search warrants.

That's just a strawman.

Plenty of sane people believe that the threat of criminals doesn't outweigh the threat to individual liberty posed by the state. Additionally, plenty of sane people wouldn't support a ban on locks and safes because it makes it harder to search criminals.

I'm pretty sure I have my sanity in check, and I don't think there's any reason for the government to require private enterprise to break encryption to ease prosecution. It should be hard or impossible for governments to spy on their citizens.

I do like how Apple has backed themselves into a consumer-protecting hole here. I’m sure they would love to have access to that much conversational data themselves, of which no other company has access to.

If Siri ever improves too significantly I’ll get nervous.

The difference is that they make money on hardware and the app stores, not on advertising (they have a small ad product but it's probably closer to a rounding error).
Like all the PC companies of the 70's. When Apple was launched software was mostly free.
Since Apple does not disclose how much money they make from advertising specifically, conflating it into their "services" business, we have to guess a bit:

"In 2021, Apple generated 3.7 billion U.S. dollars with its global advertising business." [1]

"Apple’s services business, which includes advertising and subscription revenues, grew 24% year over year last quarter to a record $19.5 billion" "It’s likely that a large share of this category’s growth comes from advertising" [2]

"Apple ad business could reach $6B by 2025, with $4.1B from Search Ads" [3]

For reference, 2023 Q2 revenue from "services" amounted to 20.9B USD, while hardware product sales amounted to 73.9B USD. [4]

We're thus talking about ~4%, not exactly a rounding error.

[1] https://www.statista.com/statistics/1330127/apple-ad-revenue...

[2] https://www.insiderintelligence.com/content/apple-ad-revenue...

[3] https://appleinsider.com/articles/22/06/15/apple-ad-business...

[4] https://www.apple.com/newsroom/pdfs/FY23_Q2_Consolidated_Fin...

I don't think so. There are people in the world that don't want to pry into other's lives. Collecting un-needed data on people is Nixonian.

I think Apple managed to understand and attract those types of customers. I find a generational disconnect between the 70's computer users and the user in the 00's.

I don’t think it’s possible for a company as big as Apple to act solely on principle. We’re just lucky the profit motive aligned with consumer privacy for once.

Untainted (without ML-generated content) human communication is becoming more and more scarce. It’s only a matter of time before they take advantage of that.

They'll forbid any app using ML generated content from providing iMessage extensions, or possibly it’ll receive a warning mark in iMessage when sent. Could also work with content pasted from those apps. Some sort of “provenance check”. They’ll pitch it as a consumer privacy thing, I promise.

That’ll also be the same update where E2E encryption falls off the the marketing.

There is very much a motivation to access massive amounts of user data, especially when you control the OS that would be the gate keeper to that data, as well as how the “choice” is presented to the end user.

I don’t think it’s possible for a company as big as Apple to act solely on principle.

I agree but think that Apple is the exception that proves the rule. Its origin story is as good as any Shakespeare.

The second act of Apple started small and focused and re-built itself while keeping the Wall Street mind set at a distance. I think your sentiment misses the fact that Apple doesn't really need Wall Street. Their stock can do whatever it wants the lower it goes the more they can buy. Why would Apple lower their standards?

On their conference calls they always talk about reaching cash neutrality as their goal. I never really understand what that looks like

Untainted (without ML-generated content) human communication is becoming more and more scarce. It’s only a matter of time before they take advantage of that.

I'm not sure if I understand this comment. Apple's size relative to other nation's GDP enables them to hire real humans at an amazing scale. This different than a company that doesn't have a culture of support built-in already. They also have the advantage that many countries would partner with them to raise their own GDP.

I think their approach is to grow the AI to help the existing workforce scale. Get more work done using fewer live bodies.

They'll forbid any app using ML generated content from providing iMessage extensions, or possibly it’ll receive a warning mark in iMessage when sent. Could also work with content pasted from those apps. Some sort of “provenance check”. They’ll pitch it as a consumer privacy thing, I promise.

I hope so that is why I'm Apple customer. I also think you are misreading the times. Apple is about to hand over a lot of authority to the customers.

There is very much a motivation to access massive amounts of user data, especially when you control the OS that would be the gate keeper to that data, as well as how the “choice” is presented to the end user.

Don't project your ambitions on others.

I do believe that Apple's ability to maintain their performance is mystifying and wonder how long it will last.

Companies like money. You can’t eat data, you need a machine that can turn it into money.

Facebook uses user data to target ads. Apple doesn’t do this, so they don’t need the data.

If Siri gets better, it’s because Apple have switched it to a better LLM, not because Apple started sucking up magic data dust.

I’m pretty sure that Siri can already read your messages, that’s the point, it’s a speech interface that runs in your phone.

Siri's real trick is being able to answer anything without knowing who is asking or the context.
Conversational data between human beings is exactly the sort of tokens you’d want to train a massive in-house LLM on. Then you could have embeddings for the local stuff on-device, and still call it “private” models.

The magic data dust is only useful if they can use all of it though. I just see some incentive there that I can’t imagine them ignoring in a couple years.

> Apple previously withdrew plans for its own CSAM-scanning feature for iCloud Photos, following pushback from customers and human rights groups. Apple’s solution was more privacy-preserving than what is now proposed by the UK government.

Preface: I don't have an opinion on one side or the other.

Question: what were the arguments lobbied against apple that caused them to withdraw? Also, is CSAM the motivating factor for UK or do they want backdoor for more general national security surveillance (or whatever you want to call it)?

Of course it's just about surveillance. CSAM is just an excuse that is a sensitive topic so it's easier to justify which masks their actual intentions.
> Also, is CSAM the motivating factor for UK or do they want backdoor for more general national security surveillance

Baroness Beeban Kidron has been lobbying for stringent anti-CSAM measures in tech for years [0]. She's lead a major pressure campaign in the US, Canada, and the UK for years [1]. Her charity 5Rights and WeProtect both have been able to back Labour and the Tories so she's able to lobby across the aisles.

It doesn't hurt that the publishing company her parents founded (Pluto Press) has a strong niche in the political space.

The Molly Russell suicide also played a role [2], which she leveraged to highlight the need for restrictive anti-CSAM measures, especially as it became a top tabloid story in the UK.

[0] - https://en.m.wikipedia.org/wiki/Beeban_Kidron

[1] - https://www.politico.com/news/2023/06/14/british-baroness-on...

[2] - https://www.nytimes.com/2022/10/01/business/instagram-suicid...

I know I’m from a different culture - but I don’t understand how the UK still has the House of Lords in 2023.

It just doesn’t seem aligned with the principles of a republic or democracy to have unelected lifetime members who are able to draft legislation.

I, broadly, think the House of Lords is a good thing in principle. Having a board of experts who can trounce things like the Illegal Migration Bill's potential for human rights abuse is a good thing.

FYI, the House of Lords can't reject the same bill more than three times, and can't reject a bill that calls an election, so its undemocraticness isn't as bad as you might assume.

There are many issues with it but I don't think many of them are much worse than those that already exist with the House of Commons. (Lobbying: exists in both. Unelectedness: the first past the post system is pretty bad here too. Ability of unelected people to introduce bills: private members' bills exist too).

All of these are problems I'd like solved but I wouldn't support removing the House of Lords.

it's fine because it's subordinate to the commons in every way

it acts as a brake for controversial legislation, which is generally a good thing

I think it was a preemptive attempt by Apple to avoid the current situation. They looked at the what was supported by 4th Amendment and designed a technical system that was the best compromise of no access and the ability to search for known images.

They would rather have maintained the status quo but thought they had hit on something that would work. Since they didn't need to do anything pulling the software was an easy fix to the controversy. The governments are the ones that are pushing this so let them take the heat.

Apple has a working solution and they can just wait and see what happens and react accordingly.

One common argument was that bad state actors would get non-CSAM, but still "undesirable" (as defined by the state), material into the database and use it to target dissidents, badthink, etc.

(Personally, I think this was an overblown risk, since the plan was for the images to first be reviewed by Apple before being sent to the authorities. Presumably if an Apple employee/contractor saw a photo of, say, Tank Man, they wouldn't pass it on. But it's reasonable to be concerned.)

I agree. That was just an argument using Apple's CSAM implementation as a vector for a bad state actor. The same misuse could be facilitate any number of ways.

I have come to the conclusion that part of corporate combat involves apparent grassroots outrage.

If a system without a wide open backdoor is proven effective it becomes more difficult to argue for a bigger backdoor.

The fear was that Apple would be coerced to add in non-CSAM hashes to the hit list, much as Apple is now compromised fully in China.

Thus any undesirable material - a campaign poster, a meme, a video leak of classified info - would be yanked from customer devices and trigger this automated reporting flow.

Apple already gives the Chinese government access to iCloud data for Chinese citizens. Being bullied into searching for eg anti-Xi material is a small jump.

The other concern is that the hashes themselves are prone to false positives. This is true of the source hashes and concerns in the algorithm. The National Center for Missing & Exploited Children data has been known to match on pictures of tricycles and monkeys (clearly not CSAM). Do now we are in a world of pushing automated child abuse charges against people because a faulty algorithm.

The whole thing is just prone to abuse.

Apple's solution was to run every photo through a perceptual hash algorithm with a neural network inside of it and then compare that against a list of known hashes. This is actually not materially different from the system that every image host has used for a while now. The main difference was that they were going to use a bunch of cryptography to ensure that...

- Images could be scanned only after a threshold number of illegal images had been flagged

- Law enforcement agencies could not use the system to flag non-CSAM images

Part of the way they achieve the former - and what makes the system unworkable - is that it's client-sided.

To be clear, every service already scans for CSAM. But the naive way of doing this - comparing SHA-2 message digests - can be trivially manipulated into producing false negatives. Just flip a bit in the image and it becomes a new image. Perceptual hash algorithms instead use notions of image similarity to protect against this, but it also introduces the possibility of false positives - i.e. images that look innocuous but match against CSAM and get you flagged. This is not merely a problem to be solved, but a consequence of such systems being differentiable, which is necessary for them to actually work.

For remote scans, you can at least keep the perceptual hash algorithm secret and avoid leaking information about what images do and don't get flagged. This will frustrate attempts at adversarial training. However, when you put the perceptual hash on everyone's phone, it can be extracted, and people who don't like the idea of running a spying dragnet will deliberately break the hash just to tell you to fuck off. So people were making tools that would modify one image to look like another, which could be used to either hide CSAM or, worse, making cat pictures that get your iCloud flagged.

There's also a bit of moral insult involved with having your phone do things that aren't in your benefit, even if this ostensibly were to keep the feds from demanding explicit backdoors[0]. This system is laughably easy to defeat if you're jailbroken - just turn the daemon off. Hence why Apple made no attempt to integrate it into macOS where users have root access[1].

Law enforcement would never firewall their capabilities to "just CSAM." That's not how the law works. You can't sue your drug dealer for not giving you the weed you paid for, and for similar reasons, law enforcement is never going to only wiretap pedophiles and not drug dealers. There's a few exceptions to this[2], but generally, you should assume that if you're about to give the feds the legal capability to spy, it will be used for every crime down to and potentially including routine traffic stops.

Apple's bulwark against that was to have the system only scan for images that were flagged by multiple independent child protection agencies. However, this isn't a guarantee; the western world routinely collaborates in very not independent ways. There's no guarantee that, say, Europe's pedo-fighters wouldn't have had their arms twisted by their countries' intelligence apparatus, operating in concert with the American CIA who was arm-twisting NCMEC. Apple promised they'd be reviewing all reports before forwarding them to law enforcement, but in this situation there's nothing preventing them from having their arms twisted here, too[3].

[0] For the record, there was no evidence that Apple was using this system to enable iCloud end-to-end encryption. They'd already turned that off because of a UX problem: too many people were permanently locking themselves out of their own data and Apple couldn't break into it for them.

[1] Root access on macOS is complicated by the fact that SIP and boot security exists. They could at least theoretically have made the kernel refuse to terminate the CSAM scanner process at all, but that would be a speed bump at best. Users absolutely can turn off SIP or boot modified kernels on Macs ...

Most don't use the naive way to scan for images, NCMEC distributes hashes as PhotoDNA which is a perceptual, not a cryptographic, hash, which is tolerant to some level of changes.
Apple's "solution" was the technical equivalent of Microsoft having Windows Defender scanning every single file on a user computer and attaching a "hash" / tag to it. Then downloading a database of "forbidden hashes" from an unspecified government authority.

Their initial plan was to only compare against the database when you upload to iCloud (in the comparison, OneDrive) and notify the authorities, but of course once the infrastructure for local scanning was in place, extending it to other "scenarios" was just a small update away (I'm sure RIAA/MPAA would love to hear about your old mp3 folder you kept moving over from pc to pc over the years).

Good, more companies need to fight back crazy UK demands. Blocking MS<>Activision deal, because they think they are a global superpower.
The MS Activision deal should be blocked, it's awful for the people
Blocking the MS-ABK deal isn't about being a global superpower, but about MS and ABK doing business in UK. It's the same with EU, Netherlands, Japan and US.
Why shouldn't the deal be blocked?

Whatever services MS want from Activision they can purchase on an ongoing basis without blocking others like Sony just to block the competition.

Who wants Call of Duty to go xbox only like Halo?

Microsoft is a platform provider, the content creators that use their platform should be free to publish to any platform. Otherwise Microsoft bump the prices and say take it or leave it but you can't get it anywhere else.

Because patches to military software could be "delayed". What operating system does military hardware run on?
They should beta test on everyone in the House of Commons. Today.
They all use WhatsApp
Not for calls / VC - the quality is trash compared to FaceTime
What is WhatsApp's perspective on this matter?
Nobody in the UK uses iMessage. Not sure about Facetime but it's definitely not anything anyone relies on.

This is a meaningless threat.

There aren’t many other widely used easily accessible services with as good video call quality as FaceTime in the UK. WhatsApp VC is trash.
I agree WhatsApp VC is rubbish. Google Meet is way better. I don't know about Facetime but it probably is way better too.

But that's not especially relevant - people still mainly use WhatsApp for video calls despite the bad quality because everyone is already using WhatsApp.

Are iMessage and Facetime disabled in China?
No they are not. I talk to my family often on Facetime
No. iMessage and Facetime use end-to-end encryption in China, probably among only a few apps allowed to do so.
Thats really weird, kinda like how Steam existed for so long in China.
Steam has e2e?
No, but it was a massive unregulated catalog of games. It would be like hosting American Netflix in China.
It has horrible slanderous counter-revolutionary and despicably immoral anti-chinese content.
Keys are managed by the government.
iCloud Keys are managed by a Chinese company, so in practice, yes. iPhone E2E stuff like iMessage, by definition, does not have keys that anyone else (including the government) possess.

Though it hardly matters when ~90% of iPhone users likely have iCloud Backup on. In which case their messages will be backed up to the cloud to where the government could get keys.

Source? IIRC Apple was hosting data from Chinese citizens in China to comply with regulation but still keeping encryption keys outside of China.
They gave it over. Apple does not care about privacy the way it has trained American consumer to think it does.
Well, to be fair, the alternative is to simply leave China entirely. Considering how much malware and spyware the average Chinese phone has... Better a compromised iPhone than some of those things.
This is… such a bad train of thought.

If you don’t know apple turned over private text messages of congressional officials and NYTimes reporters WITHOUT protest or question to the Trump Administration. And before you say otherwise Google and Microsoft both did not.

They do not care about privacy, it’s all marketing.

(comment deleted)
iMessage and FaceTime are available in China, but it hardly matters because most communication in China happens over WeChat. If all the important stuff is happening over the heavily monitored app, leaving a few scragglers is not a big deal. Especially because, it's not like a criminal gang is going to have the money to arm every member with an iPhone with China's wages (and the ones that do are likely white-collar and detectable elsewhere), and it's also not like Apple is allowed to actively advertise or even discuss themselves as being "more secure than WeChat."

EDIT: Also, ~80%-90% of iPhone users in the country likely have iCloud Backup on. iCloud Backup is not E2E-encrypted in China, and is hosted by a Chinese company instead of Apple. If you want full E2E, you need to use iMessage and hope everyone in the party doesn't have iCloud Backup on... and that's a pretty niche threat now.

iCloud backup is not E2E encrypted anywhere by default, although it does now have the option to turn it on in non-China countries.
It is technically E2EE, but the keys are stored by a Chinese company. So, yeah it's not encrypted from the Chinese government.
Yeah, that's a bit of a double standard.
My understanding is that Messages and Facetime are still E2E encrypted in China. However, if you back things up in iCloud, China does have the keys to decrypt that. The difference is the UK wants to violate E2E encryption in Messages/FT.

I could be wrong about the current state, but I need to see evidence first.

Kinda apropos, I’ve used international data roaming in mainland China and was (initially) astonished to find it totally bypassed the GFW and I could run IPsec and SSH unencumbered, none of the unabashed MITM fuckery I saw from using strong crypto over Chinese hotel wifi for more than a couple of seconds. That was a few years ago, I don’t know where their interception regime is at today, but it was a reminder that propaganda begins at home.
LTE and 5G standards allow end-to-end encryption of the roaming traffic. So, it's by design. If your operator chooses to enable e2e (and usually they do), there would be just two options: block your traffic entirely or let it pass as it is.
What's the end in this case?
Why does UK do this to themselves? Insisting on companies to take part in human rights violations is pure evil.
The current conservative government is on its last legs before being banished for at least a decade. It appears they already have their eyes on the lucrative private sector and are willing to vandalise the UK with little thought to public protest.
Labour are even more in favour of this than the tories are. Lib Dems, too. No mainstream party in the UK values your privacy.
I can't help but think the other parties would put forward better policies that don't alienate the electorate nor swathes of international business. Some would say the current conservative cabinet are the low-grade remnants of the recent party turmoil, and their policies demonstrate this. Unfortunately for us, they really have nothing to lose over the next year.
Agreed, Sir Keith Starmer honestly seems like a relic from the Cold War
He’s from the same Labour right faction of those as conservative as any Tory, just pretending to do conservatism in a nicer way. Just like Blair, who ended up doing more of Thather’s plan to chip away at privatising bits of the NHS (through PFIs on hundreds of hospitals) than Thatcher managed. Not to mention the Iraq war…
Correct - NewLab, just like the DLC (a subgroup of the Democrats) over in the US.
It’s really astonishing that Joe Biden seems to be generally to the left of the Labour party leadership. By USA standards Biden is a centrist moderate. We had the good sense to eject the Mark Penn “must go right-wing” types from mainstream Democratic circles; why didn’t Labour follow this path too?
You’ve gotta be in a wild echo chamber if you consider Biden centrist moderate.
Right? He's clearly center right. Sanders or Warren or AoC are centrist moderates. Or maybe center left.

Kshama Sawant is a leftist. There are folks left of her.

If you don't see Biden as centrist or even center right, you have a narrow view of the spectrum.

(comment deleted)
We have recently seen what happens when somebody even slightly left of centre gets anywhere near power in the UK.

Our major parties are now squashed into the spectrum between the mean US Democrat and the mean US Republican, it's quite depressing.

Are you referring to Jeremy Corbyn? He was brought down by a dishonest campaign by the Jewish lobby.
(comment deleted)
It started well before the antisemitism nonsense, MPs in his own party were openly discussing a challenge before the results were even in for the 2015 leadership election.
I think you might have inadvertently revealed why he was so toxic to the electorate here
I wonder if the UK ever decides to have a written constitution. On one hand they've been doing fine without one for centuries. On the other if this law passes the parliament that's it. There is no "constitutional court" to strike it down. No "president" to "not sign it". Etc.
The UK does have a system of judicial review and various laws are classed as “constitutional” (such as the Human Rights Act) and have special protection.

The UK courts are currently weak because the government threatens their independence. But the same thing is happening in other countries such as Israel, so it’s not something that a written constitution can prevent. Ultimately the only thing that can guarantee judicial independence is for people to believe in it, and for people to take to the streets. Most British people just don’t care, that is the problem.

> There is no "constitutional court" to strike it down.

The Supreme Court exists for this very purpose, although it is subject to Parliamentary Sovereignty[0].

> No "president" to "not sign it".

Bills do not become law until given Royal Assent by the King. The King may refuse to give Royal Assent to any bill, although this has not been done since 1708.[1]

[0] https://en.wikipedia.org/wiki/Supreme_Court_of_the_United_Ki...

[1] https://en.wikipedia.org/wiki/Royal_assent#United_Kingdom

The problem with relying on a written consititution is that it can easily be changed.

The USA is in a position where it seems to be perpetually stuck in a 50/50 split of the elected government, so it's not possible for major constitutional reform to be passed by one party.

On the other hand, the current government in the UK has a majority of 80 MPs - if there was a written constitution, it's likely they could simply pass a law to re-write it.

In the US you need a super majority (of legislators or states) to amend the constitution. You'd have to do something like that. But the UK government system isn't really set up like this, there aren't the checks-and-balances of the US. (It's just civil servants undemocratically dragging their feet/slowing down processes they disagree with... which is not democratic.)
You should be more like us Americans and give it up of your own volition to any private company who gives you a moment of free entertainment.
We have been able to bug phones, homes, offices, whatever, for years to keep the country safe. If enough people had a major issue with that they’d start a new political party and vote it in.

Personally I quite like it. Evidence suggests there’s quite a lot of people trying to blow us up and stuff.

i simply prefer not to believe anything that any government or any trillion dollar company says about encryption and privacy.

Apple:

> "We have never heard of PRISM", "We do not provide any government agency with direct access to our servers"

https://web.archive.org/web/20130609061546/https://www.culto...

..some things are just not discussed on public forums.

That could be true? IIRC, PRISM was less about direct access, and more about abusing every potential method of gaining information.

For example, imagine a Login page that said, "Password incorrect," versus "User does not exist." If you have "User does not exist," you could use that to figure out whether a given email address has an account with a service. That could be useful information to PRISM when looking for a target to subpoena or monitor. (This is also why it's now best practice to just say "Login incorrect" or something vague that doesn't say whether the username, or the password, was wrong.)

Though, I could be wrong, I'd love more info.

> That could be true? IIRC, PRISM was less about direct access, and more about abusing every potential method of gaining information.

Direct access to the data was mentioned in the Guardian and other newspapers

It was not mentioned in the leaked documents that the Guardian published. Instead, it said that the data came "directly from" the tech companies (who responded to wiretap requests on specific accounts). Greenwald couldn't be bothered to understand what the documents said and hallucinated the phrase "direct access" like a low capacity language model, but we on HN are functionally literate.
More info?

It goes further than just the error message. I think the original exploit was based on how quickly Unix would fail to login. (Bad user failed faster than bad password) and that allowed you to enumerate the user names.

As far as "We have never heard of PRISM", that could be true. When you receive a national security letter it isn't like they give you detailed info about the specific operation and why you are receiving it. It's more along the lines of "you're going to do this pursuant to US code section..."
What's more, a National Security Letter is not necessarily addressed to the company's executives and lawyers. A National Security Letter could be send to somebody lower in the organization, closer to the targeted data (for instance a sysadmin) with a clause threatening them with prison time if they tell anybody, even their boss or company lawyers about it.

They can essentially conscript anybody in the company to work as a spy using (probably bullshit but still intimidating) legal threats to keep them quiet.

I didn't consider that, but it aligns with my experience as well. From a C-Level perspective that is probably desirable as they don't want to get involved with that sort of thing in the first place.
(comment deleted)
Is there any evidence that low-level people have been targeted, or is this just speculation around what could happen?

Yes, "evidence for a secret program" is a bit tricky to produce, but the one I know of - Doe v. Ashcroft - the president of the company was compelled to produce data. I'd be very surprised if this wasn't the universal approach.

This sounds scary, but unlikely. Do you have a source that this tactic is used and effective?

My immediate reaction to such a letter would be to contact the company legal department regardless of whether the letter said not to, simply because I'd assume unless given very good evidence (and originating from a .gov domain isn't good enough) that it was a scam.

Edit: According to the EFF you can talk to an attorney about an NSL.

https://www.eff.org/issues/national-security-letters/faq#24

I would not suggest taking legal advice from the EFF. You might as well contact the sovereign citizen movement at that point.
Letters can be intercepted, letters have tracking, letters of this magnitude will require certification, and at the very least will require a courier. All of that assumes the letter can be delivered, and also assumes that the recipient believes that the letter is authentic. If I sent you an authentic looking NSA letter, would you just do what you're told? Fat chance...

An email/phone call to a legal department is much less work and provides all the same protections.

Even internally at Apple is it common to work on projects that you do not know the name or details of. I was disclosed and worked on multiple projects that my own team members were not aware of.
Why?
Why what?
Why would you not know the name or details of a project you are working on?
Testing voice recognition models in preps of the initial HomePod is one example, but quite a few software services built for unreleased hardware would do this.
It might not be cited on any given NSL, but saying they've never heard of it when it's received ample news coverage is disingenuous.
While it's correct that they had never heard of PRISM, PRISM has nothing to do with NSLs. It ingests data from FISA Section 702 requests.
We now know that PRISM was (is?) the NSA internal source designation for data acquired through FISA warrants executed by the FBI.

So actually Apple was being honest. They had not heard of PRISM, because that term was only used inside the NSA. And they were not allowing direct government access to their servers, they were responding to FISA warrants.

While technically true, it's also a complete BS. It's in the same vain as Torrent websites are not hosting copyrighted content - technically true but complete BS.
But they are actually not hosting it.

If we are being pedantic, one can claim that all data, can be very well anything because there is always a "one-time pad" transforming all communication into something malicious.

If the law is not precise, then it is on the government to improve it.

I agree. If we stated that torrent sites are hosting it then what other systems are implicated? eg: DNS itself provides a pointer to the torrent sites which then have a pointer to the data.
Apple has perfected their virtue signaling game and all the simps love it.

I don't really mind it either anymore, a lot of people have this hero worship fetish and they can't help painting everything in black and white, even though they're all just different shades of gray.

Apple is definitively brighter on that scale then Google or Meta, but they're all corrupt multinational corporations that will do everything they can get away with to increase their bottom line.

You knowing this, by the tone of your writing, what do YOU do about it? What computer are you working on right now? Are you sure every component on it is legit? I take it you're using some for of Linux because they're not "corrupt" (well, depending on what distro as even that is a big debate).

Or do you live and operate like RMS?

Prism also involved an NSA program that was done without the knowledge of the tech companies. They inserted a splitter on the fiber lines leaving data centers to copy all the traffic.
Does anybody remember one December where Apple shut down all the developer systems. It had the feel to me at the time that it was a hack by it's suddenness.

I have always associated that period with the discovery of Prism. I would love to hear if anybody knows what I'm talking about.

Easy decision considering Apple gains little to no money from them.
What? How did you arrive at this conclusion?! Apple enjoy a good market share in the UK. Over 50% of the market according to my cursory search.
I'm talking about iMessage and FaceTime as apps not the entire business. Apple is threatening disabling those apps not their presence in the UK.
This is a scam by the UK government, they don't care about child abuse, they are going to look into all sorts of communications to leverage people. If they cared about child abuse they would have shut down the open child prostitution rings running rampant. They openly let it continue because they are afraid of being branded racist since the gangs running them are minorities.

https://en.m.wikipedia.org/wiki/Telford_child_sexual_exploit...

The Wikipedia article doesn’t exactly support your claim.
The police didn't investigate child sex crimes because the perpetrators were non-white and the police didn't want to be seen as racist. What about that is incorrect?
The implication that this local police force is the same "UK Government" pushing for encryption standards.
I think it's pretty ridiculous to think there aren't white people dealing in organized sexual abuse of children
Who said there wasn't? I'm not saying only minorities do this, far from. I'm saying the police openly ignored it because they were minorities in this case. This is not some sort of accusation that only minorities abuse kids, only that the government that wants your data to protect kids is questionable at best in this area.
"the gangs running them are minorities" pretty strongly implies it's only minorities doing this
It’s a reference to a specific news incident a few years ago.

A gang, composed of minorities, was explicitly ignored by the police because the police were afraid of being seen as racist for cracking down on them.

It certainly doesn't imply that, strongly or other. It's referencing a specific trend, but not negating other possibilities at all. Context is important.
(comment deleted)
[flagged]
What? The police openly admitted after an investigation that this is the reason they let it continue for generations. I'm framing this in reference to the UK government claiming they need the information to prevent child trafficking while their track record indicates that even with data they ignored it for decades. Please save the hysteria and wild accusations for Twitter

https://www.google.com/amp/s/news.sky.com/story/amp/1-000-ch...

Are there sources other then the police, who failed to act and have a vested interest in finding excuses?

Because "the dog ate my homework" I mean "no, cause I didn't want to be racist" stretches credulity.

It was an independent investigation not performed by the police department. The link is in the article in my prior post.

Direct link is below:

https://www.iitcse.com/

"Think of the children" is always the reason rights (good or bad) get taken away.
"We must scan all of your personal devices and personal moments for illegal terrorist, cannibal, pedophile, and unapproved political content to safeguard our children against this vague, unrelenting menace. If we happen to stumble upon other content that could be automatically construed by AI to be criminal evidence, we will refer it to the proper prosecution service automatically. The net result is society will be safe. If you committed no crime, then you have nothing to fear. If you disagree with this, then a crime can always be located." - How I imagine this being pitched
Ok, I take it back because I found at least one counterexample, the Patriot Act didn't use children as an excuse.
They should just publicly publish all the messages from politicians' accounts.

If they want to see our messages we should be able to see theirs, fair is fair.

Strange that you got downvoted for stating that people should have power to hold politicians accountable.

Look at the top comment and see how illogical it is:

> I'm happy to pay a premium and be locked into their walled garden for some things if it means supporting a company that has the power to shift policy in favor of human rights (privacy in this case).

Morons like this actually believe taking away human rights and privacy will make them safer. News flash, the danger are people in power that can't be held accountable. Lastly, be skeptical of anything Apple says as they work together with governments to take away your privacy. Psychopaths will say anything to get you to trust them.

iMessage is pretty pointless with backdoors
Which backdoors does it have?
this is a backdoor that they're refusing to put into it, because it would make iMessage pointless
Huh, interesting. I interpreted OP as "Messages is pointless today, as it already has backdoors". I hadn't even considered your reading of it until you pointed it out.
I wonder why the UK legislators not preparing a new regulation mandating every keys to every door and safe having a bypass mechanism for government officials.

Behind every door and every locked place there could be child pornography and illicit materials hidden!! Every house, every hotel safe are suspects!

Criminal oversight, criminal oversight!

(and if they think their reasoning for backdoors into online chat and conversation is mandated by this supid reasoning of theirs then it must be valid for all entrance doors of every home and buidlding and every locked spaces as well! Getting easy access to material without assistance or knowledge of the people involved.)

Anecdotally, I've heard the argument made that police can knock in doors for raids, and they should have the same power over technology.
Dunno how I feel about that metaphor. To me the current situation isn't just saying "police have the power to kick in doors". It's more like "citizens are banned from building houses with doors that make it hard for police to enter".
I think if you could build such a thing they would be banned on the same grounds.
It already exists. You can have a door with a steel core. It's not illegal.

https://www.reddit.com/r/facepalm/comments/zcvwno/steel_rein...

Are the windows and walls of the said house also made of steel? In that video, why are the armed personnel so obsessed with entering through the door?
Because real life isn't an action movie, and police would rather try to ram the door for a while and hope it budges, instead of instantly going for rappelling from the rooftop or for using a ladder. Especially given how relatively uncommon steel core doors in apartments are in practice.
One guy climbing through a shard-lined window is easy to mow down; the first cop that dies halfway through will block access to the rest. It also disarms the guy with the riot shield.

Opening the door lets a group of them quickly file in at once to swarm the occupants.

but you know

- they still have to be physically there

- one team can do only one raid at a time

- people know if they did a raid

- they needs a judge order and because the previous point you can counter sue if reasonable, at least theoretically

- they can't impersonate you all around the globe including in countries outside of the UK just by raiding you

- a raid is time wise also limited

- police being able to raid doesn't prevent you from guarding yourself against random criminals or agents of foreign hostile governments raiding you

- you know when you are raided

- you are still allowed to put steal doors in your home

- I probably missed a bunch of points

I.e. it's not the same, not at all.

A more correct comparison would to state police can raid you, so they should be able to hack your device but only to retrieve information and being required to leaf a message behind (and even that comparison has issues).

The obvious counter is that raiding a house is a very public and relatively expensive action. There's a natural disincentive to it. OTOH digital surveillance is more akin to being a ghost who can float through a door without anyone ever knowing you're there, and teleport there and back instantly with no physical time or effort

I think this is the big change people miss when it comes to police powers in the digital age. There's not been really been a culture shift from the police nor the citizens about police powers, just a increase in quantity of ability that has turned into a difference in quality. For decades agents of the state have had the theoretical ability to surveil people, and the people were generally OK with it because of the assumption that "well they won't bother doing it to a random guy like me", which was true, back when it required actual footwork, and even pulling up someone's file was a physical task

Assuming one does accept targeted surveillance in extreme cases, then I'm not sure how to solve this apart from the frustratingly "stupid" and probably unenforceable solution of requiring the police and intelligence agencies to be stuck on 90s tech. Theoretical legal sanctions against doing this appear to have no teeth, the only way to discourage surveillance abuse is to make each instance have a non-circumventable operational cost

So to use a concrete example: I actually like private CCTV in public spaces. I do feel safer knowing the police can use that footage if I'm a victim of crime. But I only accept it because most systems are just writing to a local device, meaning there's a cost to the police asking for it. Any scheme to automate access to these records over the internet, no matter how well-meaning and theoretically legally restricted they are, would inevitably be used to make those scenes from The Bourne Ultimatum seem quaint

Wait until you hear about search warrants
If you could invade someone's house as easily and invisibly as digital surveillance, physical search warrants would be swiftly ignored by the police too
I'll play Devil's Advocate (because I enjoy throwing myself into the fray — especially when arguing against a point I actually agree with).

No one is mass-sharing their safe of child-porn worldwide with thousands of other child-porn voyeurs.

The internet and its ubiquitous accessibility combined with digital image file formats has changed the landscape for those that would fight these heinous crimes.

It is indeed a new and special case where a locked safe is not.

> No one is mass-sharing their safe of child-porn worldwide with thousands of other child-porn voyeurs.

I wouldn't call 1 on 1 chats mass sharing

You can have multiple 1-on-1 chats, and CP collectors are pretty good at finding each other online. While I'm very much against this UK legislation, people in the tech sector do themselves no favors b¥ minimizing/handwaving the CP problem.
Isn't that why we pay gov agents to hang out in the seedy parts of the web? If CP consumers are able to find each other with relative ease, I'm sure agents impersonating them can find them too. Then it's up to them to locate them, likely by exploiting an opsec failure along the way.

I see no reason the give the gov eyes on everything when they have a perfectly valid route to investigations.

I'll also play Devil's advocate even though I'm a very vocal advocate for data privacy in real life.

These government agents are people as well, and as people they'll suffer to wade through the dark corners of the web to locate a minuscule part of all the CP data available worldwide. These people will inevitably require mental care to deal with the trauma of looking at GiBs and GiBs of small kids being raped, that's not a cost we can handwave to "we employ government agents", there's not a limitless supply of people willing to do this job, and doing this job doesn't come for free, not for the individuals doing it neither for society (mental trauma care; staffing high enough to allow rotations and avoid burn out, or PTSD, etc.).

I'm not sure I subscribe to that. I've spent a lot of time or the web, and I've seen a lot of gore. So much so it doesn't phase me now, even after not visiting those sites for a decade. I haven't dealt with csam, but I imagine the impact is similar. You get desensitized to it. The difference: LE gets to put and end to it via their investigations. That is rewarding enough for people to stay, I assume.

Plus even if you did dragnet everything, you'll still need a human in the loop to verify the findings, even if ml classifiers are used to find leads.

Plus what about people that just encrypt their messages locally before sending them across a backdoored platform? The gov can't make encryption illegal. It's just math. Folks will steno it into memes or whatever is hot that gets shared to allow it to live in plain sight.

I know LLMs aren’t a magic bullet for everything, but this seems like exactly the kind of problem they could solve well as they become more cost effective. Dramatically shrink the pool of real people required to keep an eye on this, and sub in virtual agents adept at detecting CP patterns.

Security back doors also carry the risk of having the opposite effect. We’ve seen many examples of powerful, nation state developed tools being leaked online.

There may be a rise in scenarios where people (including children) have their personal devices breached and are extorted for the exact thing the security backdoors were created to prevent.

To a point LLMs can help with this. Additionally software has played a part in this for many years but nobody is getting convicted for possessing media that hasn’t had its contents validated and graded by a human.
Stop focusing on CP/Abuse.

Governments use CP/Abuse to pass legislation, which is immediately used for almost anything other than that. If a government did actually care about child welfare there are many things they could do that would actually help children.

But this law to "protect children" is being passed by a government that is simultaneously cutting services that help children, and also trying to reduce/restrict sex ed that so that it is easier to abuse children, I'm going to say that "protecting children" is not their goal with this law.

As I said elsewhere, any argument for "we need the ability to remotely access the content of a phone" (which is what the law is demanding: silent updates to remove encryption and anything else they "need") equally applies to having a government mandated cameras in every house. That would actually prevent child abuse. It would prevent domestic violence. If such was happening the police could intervene immediately. It would remove he said/she said from courts: you can simply play the video from the home.

By the definition of "no encryption because protect-the-children", mandatory cameras in every room of every house is both acceptable, and also objectively superior to BS anti-encryption laws. You can't abuse or beat your family members in the first place if a camera is watching, but anyone moving CSAM around on the internet isn't going to have a problem getting an actual encrypted channel - all the law does is make your personal communication, banking, finances, etc insecure, criminals are safe. Of course even if someone does use a now insecure communication channel to share their child abuse it's moot: the cameras in their house would have already caught them.

So why screw around with "make everyone (including children) unsafe to 'protect the children'" when there's a much more effective solution that would stop the abuse in the first place?

Also, the UK already passed a bunch of "you don't get privacy" laws in order to "prevent terrorism", and they seem to be used primarily to catch people not picking up dog poop, not paying tv licensing fees, etc which sure as shit doesn't sound like it's terrorism related.

In summary: if a law that would otherwise violate fairly basic rights is being pushed with clearly emotive justifications like "child abuse", "terrorism" you should assume you are being played.

The police do not need more power. They do not need to violate everyone's rights. They need to do their jobs and do actual work with what they already have, and demonstrate basic competence before they get any more invasive tools. Recall the Ariana grande bombing in the UK? Multiple friends and family of the bomber had independently and repeatedly reported them to the UK police. 9/11: multiple US government agencies had all the information needed, but were too busy trying to compete with each other. In addition (tens of, if you look at the US) thousands rape kits that aren't even processed, and weirdly they keep finding serial killers and rapists when. they. just. do. their. job.

Throwing away more of our privacy, when police already have huge amounts of information that they just can't be bothered to look at, is beyond stupid.

Similarly, based on the track record of supporting and aiding child abusers, and cutting support for children, any claims a government makes saying something is to "protect children" is clearly false.

And how introducing backdoors would change that?
The very, very large majority of child abuse happens at schools, half by other children, half by staff. Especially in phys ed/sports. Think about this: this is so prevalent you will probably remember cases of this yourself. Of course, government has made sure there is absolutely nothing child services or police can do about teacher abuse, and nothing can be done at all about teacher (or school) responsibility when they fail to protect children during school (despite the law saying they are responsible). The only thing child services can do is effectively attacking the child (using violence to demand the child be "treated"). And while the police technically can go after the perpetrator, they don't need any proof to go after the child (which "solves" the problem), but they need proof to go after the perpetrator ...

The whole system around children is setup to protect government against children, FIRST. This will not change with surveillance, in fact it will be made a lot worse, and this is a far bigger problem than CP.

So if people claim that all government people are "good people", who are "just trying to help". The problem is the result. The real question is what happens to those children, to the victims, the rest doesn't matter.

To some extent that's actually true. Most teachers that eventually get convicted for ... students aren't pedophiles. They're people with no previous offences, who really did start their job to teach, who at some point lose their self control when dealing with children, because it's so easy. The problem with it being so easy, which leads to the sad observation that they tend to be responsible for a LOT of children, and therefore make a lot of victims before anything is done, because the system is set up to protect them. The current record is a German director of child services, who sexually abused over 30000 children. You might ask how you can even do that, that's almost one child per day, for a decade. The sad answer to that is that he had a large team around him. Teachers, in more normal cases are accused of abusing between 5 and 10 children.

And the outcomes ...

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8225538/

https://www.jstor.org/stable/30034577

These people know this. They go through the web merely to punish and use violence against society to force what they consider decency standards. The problem is, they do not help these children, they usually only damage them (which leads to constant embarrassments. FBI 2 years ago proudly announced they had done a razzia, and "saved" 43 children from prostitution. Before 2 weeks passed 41 out of 43 of them had run away, with the very large majority very likely going back to prostitution). They just throw them into the child services system which destroys these children's lives far more than even actual abuse does. And, of course, mostly they were not abused but protected by their parents, and were far safer at home. And even that's ignoring that this is government: a significant fraction will get deported if they don't run away.

And this is ignoring the "accidental" studies, which follow this pattern: someone wants to make a career and needs, effectively, to find a large amount of children abused, to get attention. These can't be actually abused because of how humans work: abused children ... abuse others themselves, damage themselves, do drugs, act in criminal ways, ... So nobody in the system wants those, at best they are very problematic children. What these individuals need to do is convince authorities that a large cohort of normal (very young) children are in fact abused, and "need help". Mostly, of ...

Yes, and I specifically said I don't support the UK legislation so I'm not sure what point you're trying to make.
My point was that minimizing the csam issue isn't that relevant to the terribleness of a proposed law. Csam will likely always exist, unfortunately. It's too hard to prevent; the punishments seem to be nondeterrents.

We already have mountains of awful laws that are passed via appeal to csam emotion. I see no reason to pass another one under the appeal of csam reduction when we all know how it will really be used.

Again, I'm not arguing in favor of this law, quite the opposite. I don't require you to persuade me of an opinion I already hold.
(comment deleted)
> No one is mass-sharing their safe …

They literally are though? Numerous cases of child abusers abusing their children and publishing the footage of it from their homes, not to mention the mass storage and hosting (hosting _may_ be less common now).

People physically abuse their family and children at scale (domestic violence is not rare), a really good way to stop this would be to mandate cameras and microphones in everyone’s houses.

Don’t worry though: to see/hear recordings from inside someone’s house police will need a warrant.

I was going to say that I know someone who went to jail for sharing pictures of under-age porn. It happens.

(But Apple is in the right in this case.)

I suspect, as always, the bad guys would find ways around any such measures. Leaving, normal, law abiding, tax paying citizens with diminished rights and freedoms.
When privacy is outlawed, only outlaws have privacy.
In order to distribute illegal material, you have to go public with it, i.e. contact strangers. One of those strangers is going to be a police agent or a snitch seeking favors from the police.

Sure you could limit yourself to known contacts, but that wouldn't make you rich nor would it create self-sustaining network.

The most amazing psy op I’ve ever seen is this convincing the public that it’s people who use encryption who are the perverts, and not the people who literally want to creep on other people’s private photos of their kids / spouses / romantic partners.

This is exactly the opposite of how it works in the real world.

Do you change with the curtains open?

Or, better, do you shit with the door open?

Defensive arguments like this are good, too.

But it feels like to really achieve successful political pushback on something of this magnitude, it really requires going on offense.

Like, why are all the headlines not "Dudes in law enforcement demand access to millions of young women's intimate photos"?

[flagged]
That is… entirely divorced from reality.
>any violence against attacker with a weapon...

Is that yourself with a weapon, or the attacker?

At least in England and Wales, unreasonable force can be used in self defense (Crime and Courts Act 2013) as long as it is not grossly disproportionate, and people are regularly let off for that, so you're wildly off base.

This includes cases where people have killed unarmed intruders.

What will typically get people in trouble is not self defense, but cases where the victim continues after an attacker is no longer a threat (is subdued or fleeing).

Bad acid trip?

Hope you feel better soon.

Given the possibility of invisible and essentially free screening of private conversations, the analogy is probably more "install cameras in every home that only the government can access". But we promise, they'll be turned off most of the time.
School boards already successfully do this with 'student laptops' also known as in-home monitoring devices that cannot be switched off.
Well, one difference is that those laptops belong to the school. They don’t put in-home monitoring devices on privately owned devices.

That said, it’s still creepy, I agree.

Has there been a case where a school board activated such a device to spy on the parents? That would be absolutely mental.
> every keys to every door

Have you seen doors in the uk? Most are just there for design.

Because it is very easy for them to break down the door, or smash a nearby window, or simply wait for someone to go in or out and demand entry.
Likely because they know they don't actually need a bypass mechanism to bypass most physical barriers.
They don't mandate every keys to every door because they CAN break almost every door with force. The police can do it with a warrant and some "special forces" can do it clandestinely.

They can't break most encryption with force.

Will Apple still support SMS? Will users be notified that they’re “suddenly” dropped down to a less secure channel or will the simply have to pay attention to the text color and actually know what they mean?
I assume just green text boxes instead of blue ones.
They could also add support for RCS if they didn't feel like punishing their non-iMessage iPhone users by falling back to SMS.
The Messages app doesn't just rely on text color, it also shows the text "iMessage" or "Text Message" whenever the mode of conversation shifts.
Why do the British still think they have power to do dumb stuff like this? Their economy is floundering, their consumer market is small, and their government is a joke.
In a word, populists. This is part of a stance of being 'tough on crime'. Whether or not the bill succeeds or fails isn't really important, what's important is that they can trumpet how tough on crime they are. If it fails it's not their fault, it's the opposition and how they care more about criminals' rights than your/childrens' safety etc. etc.

As to why the public themselves go for it, the media landscape in the UK is in a pretty bad way at the moment. An enormous amount of power is still wielded by the traditional press - specifically the power to set the national conversation.

70M is small, but not that small. Larger than any US state, larger than most countries in the EU.

It's also anglophone, which to anglophone companies (Apple still is, to a significant degree), means that its 70M are worth a bit more than the absolute number suggests.

The UK is still the 6th biggest market in the world. Enough potential profit that most companies will be happy to follow slightly ridiculous laws.

The only reason Apple are saying this is because it's good PR and nobody in the UK uses iMessage anyway, so they won't lose any money.

Wake me up when WhatsApp say the same...

I'm not against breaking e2ee when the right protections are in place.

1, Court signed order 2, Public Disclosure during prosecution or within X time of the court order being signed (including when no wrongdoing found) 3, Some sort of test to ensure it's not misused (imminent threat to life, serious crime like murder/child kidnap or something)

The idea that a judge can order a cavity search to find information leading to the location of a suspected murdered/dying child but not to read a message between the suspected murders phones seems ludicrous.

It appears at least in some of the US/UK, a judge can order you to give information including your phone password and if you don't, you become a criminal for that.

I'm just suggesting the question should be around where do we draw the line on privacy vs protection and what safeguards do we put in place.

I.E on a scale of speeding ticket to terrorist attack.

E2EE is a true/false label. Either it is, or it ain’t.

It is not mathematically possible to selectively break E2EE. If it’s broken, it’s not E2EE.

(comment deleted)
There are stronger and weaker forms of it, though. Apple holds the keys to the identity (public key) exchange in iMessage. You're still trusting Apple not to mitm your conversations, but at least they wouldn't be able to do this retroactively. Other E2EE messaging apps at least have a way to verify each others' pubkeys, but it's not required and very few people do it.
The device manufacture could silently push an update to reveal the keys? but the semantics of a label aren't important.

I think the important question is should an authority be able to read messages and if so, under what circumstances?

What if it's to prevent a major terrorist attack, should you have an absolute right to privacy so much so that, a means that would never be used against you can't exist even if it means the loss of a lot of life?

As I say, I think the question should be around where we draw the line and what protections we put in place to ensure it's not crossed.

There's a lot of good reasons to hate Apple, but when they're right they're right, and I definitely appreciate that they're willing to stand up for something like this, even if it is in their best interest.
This is marketing.

PRISM in the US is proof they don't really care. China and Russia also have data collection on iphones.

I think Apple truly cares about iMessage in particular maintaining E2EE. iCloud backup, for those who use it, is a different story.
E2EE iCloud backup is generally available since January this year. I have been using it since then with 0 issues. https://support.apple.com/en-us/HT202303
Yeah but I'm not sure if that's going to be available in China.
Should they withhold the feature entirely because they can't deliver it to China?
The same company who showed all governments that mass local photo scanning is possible, now wants to counter security legislation?

The damage done by apple with their previous plans for CSAM scanning is huge, and apple will be partially responsible for all the upcoming anti privacy / encryption laws.

"it would", not "it will". this submission's title is misleading and should be corrected to match the article
Hm, I wonder what they do in China.

In China they are running their own infrastructure on servers owned by party-affiliated businesses. I wonder how strong their encryption is over there?

China blocks many services with strong encryption but it doesn’t block iMessage.

Seems nobody uses iMessage in China. The stats I can find don't even list it. Maybe they're ok with leaving it as a way for visitors to talk to people at home.
So the CCP is just content to leave this encrypted form of communication controlled by an American company while simultaneously locking down every other avenue of electronic communication? Because “no one uses it?” If no one uses it why not block it then?

I mean, I hope so. Im not convinced though.

People do use it, just not Chinese nationals, so blocking it would only inconvenience visitors. Or because Apple has some special kind of leverage. Can only speculate.
But they can. Easily. And many people have iphones. Just doesn't seem likely that the CCP would be fine with it.
Chinese do use iMessage, although not necessarily deliberately. SMS is very commonly used in China and when a iPhone user want to message to another, the default is to use iMessage instead of SMS. So I did have tens of native Chinese contacts, including my computer illiterate parents, using iMessage back when I was in China and using an iPhone. Also, SMS cost a fee in China for the most popular mobile subscriptions, while iMessage is almost free.

So it is a good question why CCP didn't block iMessage, despite we know that SMS is heavily censored and monitored (see 金盾工程).

Chinese don’t use iMessage with each other much, at least these days. It’s all wechat.
Facetime is disabled in China, and on any phones purchased in China.

iMessage worked, last I went there.

Only Facetime Audio calls are disabled. Normal Facetime calls with video work fine with mainland china purchased iphones....so you have to call people using those phones with video even if you just want to talk to them and not see them. It's kind of silly because it's really unclear what actual problem this solves for anyone including the government. Perhaps the goal is to just make enough friction so that no one really uses it.

IIRC it's something to do with needing a license for audio-only telecommunications services. But I also might be entirely wrong about that.

Pretty sure that is related to competition with China Telecom. When I was working in China, it was the same: voice only calls had to be made via our phone and charged according to China telecom rates, while video calls could be made for free.
The same Apple that lets the CCP operate its entire App Store in China?

It's easy to criticize a government when you know there will be no retaliation. To judge a company's true stance on such issues see how they behave when there's a prospect of real financial loss.

The UK and China are not comparable. China is the worlds most populous country (for now). The UK has a population of under 70m. China is a totalitarian regime where even an imperfect freedom is preferable to no freedom at all. The UK is a democratic country which should be upholding the right to privacy.

If Apple weakens crypto for the UK, it affects people in other countries as well. iMessage is not exactly popular in the UK, so it is disproportionately used for transatlantic communication compared to WhatsApp. If Apple complies with the law, they are violating the privacy of users in the US as well.

Just an interesting note I learned recently - it’s estimated that India’s population overtook China’s this year (within the last couple of months)
> The UK and China are not comparable. China is the worlds most populous country (for now). The UK has a population of under 70m.

You say they are not comparable, and then compare them in a way that backs up the point you're trying to argue against. It _is_ two-faced of Apple to give China a pass here, undoubtably in large part due to the massive loss of sales were they not to comply and be removed by the Chinese regime.

> China is a totalitarian regime where even an imperfect freedom is preferable to no freedom at all.

If the Chinese gov't has the keys to unlock "private" conversations, how is this "imperfect freedom" in any way different from WeChat or other state-sanctioned messaging systems?

> The UK is a democratic country which should be upholding the right to privacy.

I mean sure, but Chinese people should have the same rights of privacy as anyone else. It's not suddenly less-bad because their government is totalitarian.

> If Apple weakens crypto for the UK, it affects people in other countries as well. iMessage is not exactly popular in the UK, so it is disproportionately used for transatlantic communication compared to WhatsApp. If Apple complies with the law, they are violating the privacy of users in the US as well.

How is this any different than what Apple currently does when an iMessage user outside China messages someone inside China? My understanding is that it acts precisely as you describe, but I could be wrong. And likewise, from what I understand iMessage is likewise unpopular in China so cross-country communications would potentially be a major source of iMessage activity as well? ( I don't see any statistics on this)

>> The UK is a democratic country which should be upholding the right to privacy. > >I mean sure, but Chinese people should have the same rights of privacy as anyone else. It's not suddenly less-bad because their government is totalitarian.

The extent to which Chinese people oppose the government being able to read anyone's conversations is quite different vs. the UK. Unfortunately, it's not likely that this or the Chinese government's behaviour will change any time soon. But in the UK it is an active political question that is still undecided.

And as you said, the size of the market -> how much money they get probably has an influence on Apple's decision to operate in China, even with all the caveats. But it's also not the only factor. If it was, Apple wouldn't consider blocking iMessage/etc for UK customers.

> China is the worlds most populous country (for now).

nit: they arent. India is.

No, the UK is a democratic country that is voting to reduce privacy.

A massive company in a foreign country affecting the laws of your own is anti-democratic.

Democracy doesn't mean privacy.

> UK is a democratic country

Democracy is a bit more than just rule of the majority (or sub-majority due to the peculiarities of the UK voting system).

Apple is clearly entitled to not provide iMessage in the UK if they feel that the extraterritoriality of a UK law will hurt their interests in other jurisdictions. That’s not anti-democratic, unless you think the UK rules the world.
Democracy requires privacy if you take a few minutes (shouldn't take too long) to think about it. And not even just a bit of it, it is often required for voting to be anonymous for similar or the same reasons.
Are you sure the UK is a democratic country?
Furthermore, Apples phones are made in China. Apples phones are not made in the UK.
What are you trying to say with the message? Are you saying if UK government turns bad tomorrow, it is fine for Apple to remove encryption there? But now it is not fine as UK is not bad?

Why does Apple even care about how bad the government is? Either they care about user privacy over money, or they value money over privacy. It is fine if they value any of those as I frankly believe it's not Apple's job to moral police governments.

> If Apple complies with the law, they are violating the privacy of users in the US as well.

As is the case now with US-China communication?

There is no such thing as a company's true stance. This is a fiction to make it easy to criticize.
You don't think there's a prospect of financial loss? They literally just said they would pull their products.

Ecosystem features like those are huge contributors to platform retention. And if the cynic in you doesn't believe that, just ask yourself why they burn the money to keep staffing development and maintenance teams for iMessage and FaceTime - they aren't doing it out of kindness right?

They said they would pull two services and not all their products. I know you didn't say "all products", but was just clarifying.
> Ecosystem features like those are huge contributors to platform retention

In the UK, Facetime maybe. But iMessage isn't used to the level as it is in US. I can't imagine Apple's UK share would take a significant hit due to no iMessage when everyone already uses cross-platform Whatsapp.

In the end the choice is simple: follow local laws or drop features or devices.

The calculation is going to be different in each country, but there is no hypocrisy here.

The Chinese government messing with Chinese servers affect the Chinese market, which makes a lot of money so there is a strong incentive to remain in it. The UK backdooring FaceTime compromises it for the rest of the world and would actually put Apple in jeopardy in other jurisdictions with stronger privacy and data protection laws, for a comparatively minor market. It’d be more significant if the issue was with the EU or the US (both scenarios can realistically happen in the next few years, unfortunately). All they are saying is that they will comply if the regulations are put in place. Also, the British government is known for making noises along these lines before quietly dropping the whole project when it turns out that it’s actually not that simple. Different countries will lead to different risk assessments.

So yeah, there is no inconsistency, it’s just a matter of how you stay on the clear side of the law.

> It's easy to criticize a government when you know there will be no retaliation. To judge a company's true stance on such issues see how they behave when there's a prospect of real financial loss.

A company is not sentient, it does not have a stance. Its policies have no value except when they are decided and enforced by people. It’s dangerous to talk of corporations in terms of ideology, because these things can change and often cash trumps good intentions. In the end all that matters is how much the company and our interests align. The best way to have a company behave over the long term is if it makes sense for it to do so from a business point of view.

Companies are made up of people, who absolutely have stances.
But they’re not the same stances. And it’s not one person making every decision.
This kind of black and white thinking is defeatist.

China: already a lost cause (before iPhones and messaging existed, in fact).

The UK: a leading western nation.

Let's try to have western countries not be like China? The UK could be a domino... if it falls the authoritarians in other western countries may be emboldened to follow.

(comment deleted)
so the government that arrested people for jokes, knocks on people's doors over mean tweets, and politically ousts people for having the wrong opinion now wants to destroy privacy for the 84th time in 10 years

wew, its just one big firework waiting to blow. glad i've got the spectator seats