184

UK government demanding access to encrypted iCloud (www.bbc.co.uk)

submitted 13 hours ago* (last edited 13 hours ago) by milicent_bystandr@lemm.ee to c/privacy@lemmy.ml

43 comments fedilink hide all child comments

UK government is trying to get into iCloud end-to-end encryption. (Again?)

Makes me think about email servers too. Most of my private information is in emails, and not only I use a service where the host machines access the email, so do almost everyone I email to/from.

you are viewing a single comment's thread
view the rest of the comments

[-] milicent_bystandr@lemm.ee 2 points 10 hours ago

Thanks for the well-meaning advice.

The recovery password in iCloud to stop even Apple accessing it is exactly what the UK is trying to undermine. It protects you - for now.

I tried to start using pgp for email years ago, the problem is of course adoption by everyone you're communicating with, be that personal, corporate or official. I got one friend to make a gpg key! And most email servers, as I understand, pass to each other with TLS, and the connection from your computer to your email service is encrypted. The problem is the emails at rest on both ends, including hosted by the email provider. Moving my email off Fastmail, whether to something like Protonmail or stored only on my computer, would remove one particular attack surface.

[-] Gayhitler@lemmy.ml 4 points 10 hours ago

Here’s hoping Apple sticks to their guns and pulls adp instead of caving.

In case you didn’t see it a few weeks ago, 3.3 million servers are doing unencrypted transport.

The way email delivery is handled also means you’re not safe just because you aren’t talking to those servers.

[-] milicent_bystandr@lemm.ee 1 points 8 hours ago

Wow, thank you for this! But it looks like IMAP and POP, not server-to-server. And how would one of these severs compromise security if not one of the end points?

[-] Gayhitler@lemmy.ml 1 points 6 hours ago

SMTP is only encrypted if the second server responds correctly to the first servers starttls.

The striptls type of attack, which prevents the servers from getting a valid starttls exchange, was in use over a decade ago by some telcom against its own customers.

Even if you know the person you’re emailing has a correctly configured client you can’t control a man in the middle attack between servers which has been in widespread use for years.

[-] refalo@programming.dev 1 points 2 hours ago

And SMTP/IMAP do not support end-to-end encryption, so a malicious server can still spy on you even if it uses TLS.

this post was submitted on 07 Feb 2025

184 points (100.0% liked)

Privacy

33459 readers

489 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS