Like, there’s a lot of people freaking out about Apple ending End to End encryption in iCloud in UK. I’m just like: So What? It was probably backdoored from the beginning
So is Big Tech’s E2E actually not backdoored? Or is that just a PR stunt to trick people into trusting iCloud, and this is a secret honeypot? 🤔
What are your thoughts?
There is a difference between probably backdored, and we’re not event trying to look secure anymore.
There’s also a big difference between published specifications and threat models for the encryption which professionals can investigate in the code delivered to users, versus no published security information at all with pure reverse engineering as the only option
Apple at least has public specifications. Experts can dig into it and compare against the specs, which is far easier than digging into that kind of code blindly. The spec describes what it does when and why, so you don’t have to figure that out through reverse engineering, instead you can focus on looking for discrepancies
Proper open source with deterministic builds would be even better, but we aren’t getting that out of Apple. Specs is the next best thing.
BTW, plugging our cryptography community: !crypto@infosec.pub
I’d say the difference is minimal though.
the difference is closer to maximal. only way to be worse is not just on purpose, but expertly on purpose.