591
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 10 Aug 2023
591 points (97.9% liked)
Technology
59598 readers
1993 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
iMessage is not fully E2E encrypted unless you have advanced data protection turned on. If you don’t, the keys to your conversations still rest on Apple’s servers.
That’s untrue. The keys are generated on your device and Apple doesn’t have those stored. You need apple devices to grant access for another device as Apple doesn’t have your key. There’s other security holes where apple can generate new keys but that doesn’t change the fact that it is actually E2E encrypted.
I don’t think it’s true as long as you don’t make iCloud Backups
This is the correct answer.
No that’s only for iCloud backups of your iMessages.
It's full E2E encryption even without that turned on. However, just because something is encrypted doesn't mean it's secure, as you point out.
Regardless, governments/organizations have gotten very good at finding vulnerabilities and exploiting them before academic and/or private sector security groups discover the same vulnerabilities, who will then go and publish their findings which eventually leads to them getting patched. As a side note: For anyone interested in some modern hacker/cybersecurity history, I recommend reading the book, Sandworm by Andy Greenberg. It's pretty damn wild what it covers and that's only a fraction of the modern state of global cyber warfare (and yes, just about the entire world has been engaged in what pretty much amounts to cyber warfare/espionage/sabotage for the last 10-15+ years).