Security and privacy are especially laughable since iMessage encryption lacks forward secrecy (all your messages throughout time are encrypted with the same keys), and just today we find the encryption hardware on Macs is fatally flawed and can be hacked by a user-mode process (no admin/root privelege required). Oh, and it’s un-patchable because it’s in the hardware itself.
Eeeeehhhhhh… you can’t really fault a company for a previously unknown hardware defect going against their stated principles. That’s like faulting the devs of OpenSSH for their principle of security because CVE-2023-38408 existed for years.
Hate on Apple for legitimate things, of which there are many.
@technology For those that don’t want to read here’s a TL;DR:
Apple’s business model is to charge high fees to those in their platforms, and to restrict the openness so that they can’t argue about it.
They reduce the ability for alternatives that could help other platforms through it’s review processe.
Moons ago they got the DOJ to chase Microsoft, but they have become the very thing you swore to destroy (Anakin!)
Apple uses the excuse of privacy and security to justify it’s actions.
Security and privacy are especially laughable since iMessage encryption lacks forward secrecy (all your messages throughout time are encrypted with the same keys), and just today we find the encryption hardware on Macs is fatally flawed and can be hacked by a user-mode process (no admin/root privelege required). Oh, and it’s un-patchable because it’s in the hardware itself.
The new encryption standard apple is using for iMessage achieves forward secrecy.
https://security.apple.com/blog/imessage-pq3/
“The first ratchet, called the symmetric ratchet, protects older messages in a conversation to achieve forward secrecy.”
@technology Wow! I always though Apple was awful for privacy (close source and what not), but I though they at least had pretty good security.
Eeeeehhhhhh… you can’t really fault a company for a previously unknown hardware defect going against their stated principles. That’s like faulting the devs of OpenSSH for their principle of security because CVE-2023-38408 existed for years.
Hate on Apple for legitimate things, of which there are many.