If your OEM can be coerced into pushing a backdoor in an OTA update, maybe our software habits are to blame.
We'll always be powerless to stop top-down attacks like this until we demand real audits and accountability in the devices we own. Shaming the UK only kicks the can down the road and further highlights the danger of trusting a black box to remain secure.
That’s the trick. We don’t own the devices. We merely license their use. No root, no ownership.
People have been warning of this outcome for years and years. Stallman was right and all that. We got laughed out of the room and called paranoid weirdos.
Ever since smartphones were a thing it’s been obvious that this is where we were heading.
When a company has the ability to push OTA updates to a device locked down with trusted computing, it's not even a backdoor at that point, it's a frontdoor.
I agree political action here is totally fruitless. The UK government and Apple could already be cooperating and you would have no way of telling the difference.
> When a company has the ability to push OTA updates to a device locked down with trusted computing, it's not even a backdoor at that point, it's a frontdoor.
Ideally, everything that runs outside of an app sandbox would be 100% Open Source. Anything short of that is not sufficient to give people full confidence against a backdoor. (Even that also relies on people paying attention, but it at least gives the possibility that people outside of a company whistleblower could catch and flag a backdoor.)
I think so too. It should include full free open source specifications of hardware, as well as fully FOSS for all software that is not inside of the sandbox system, and probably also FOSS for most of the stuff that is using the sandbox, too. Other things should also be done rather than this way alone, but this will be a very important part of it.
If only specific individuals are targeted, I agree. But if it's pushed to all users, wouldn't we expect a researcher to notice? Maybe not immediately, so damage will be done in the meantime, but sooner than later.
> But if it's pushed to all users, wouldn't we expect a researcher to notice?
Think of the security a games console has - every download arrives encrypted, all storage encrypted, RAM encrypted, and security hardware in the CPU that makes sure everything is signed by the corporation before decrypting anything. To prevent cheating and piracy.
Modern smartphones are the same way.
We can't expect independent researchers to notice a backdoor when they can't access the code or the network traffic.
As someone who lives in the UK, I hope Apple tell the government where to shove their requests, and that they don't bow down like they did in China. I would prefer a company withdraws from the UK than listens to these over reaching requests of a power hungry government.
> I hope Apple tell the government where to shove their requests
They complied with the previous request, and stopped because the US government pressured the UK government because they didn't want US nationals to also fall victim to reduced security.
I'd love to see Apple stand up this time, but given their history I don't think it'll happen beyond a miffed comment on a blog somewhere.
If Apple did not stay in the Chinese market they will very quickly have a competitor appear in that market that will then threaten other markets. Arguably, there are already Apple competitors in it and Apple's position keeps them from occupying a space that quickly leads to competing with Apple globally.
China is generally viewed as a unique market and capitulating to the Chinese government may lead to capitulation to the US, but not to any other nation as they are incomparable.
The UK market will neither create an Apple competitor nor will it provide enough scope to allow existing competitors to meaningfully grow.
Capitulating to the UK government will lead to many other countries requiring similar capitulations.
Advanced Data Protection, where Apple does not keep a copy of your encryption keys (essentially), was removed in the UK.
The UK seems to now want Apple to decrypt/provide access to encrypted iPhone backups. This is where your device backs itself up in a restorable format to the cloud, including passwords and private data. Since Apple has a way to decrypt non-ADP iCloud data, UK wants it.
They don’t need to. All of the photos and iMessages are stored in iCloud without e2ee (nobody has ADP turned on, and it’s blocked in the UK anyway) and Apple provides the data to the Five Eyes without a warrant.
This is already the status quo in the US. The fact that ADP is offered as an option is irrelevant.
This isn't the type of question I normally ask people, so it sounds like you've made a bad guess here and are treating your own assumption as fact. You are incorrect; I have ADP turned on.
> Apple provides the data to the Five Eyes without a warrant.
Source? Or are you assuming here, too?
> The fact that ADP is offered as an option is irrelevant.
It's ADP. That's why Apple didn't reinstate ADP in the UK. The UK wants a backdoor for UK users of ADP.
And there are plenty of UK users of ADP - those who got in before it was banned still have it.
From the article:
> After the U.K. government first issued the TCN in January, Apple was forced to either create a backdoor or block its Advanced Data Protection feature
> the US claimed the U.K. withdrew the demand, but Apple did not re-enable Advanced Data Protection
> The new order provides insight into why: the U.K. was just rewriting it to only apply to British users
> The Financial Times reports that the U.K. is once again demanding that Apple create a backdoor into its encrypted backup services.
If you read further, or click the FT link, you'll see the UK is now demanding access to encrypted iPhone backups.
ADP is not relevant beyond the history; the UK is not doing anything with ADP but I understand the confusion if you don't know that "iPhone iCloud backup" is a separate service for iPhones.
What is happening in the UK really?. I see numerous clips of the desperate state of many parts of various cities. It seems the country is in a steep decline. The once mighty UK sailing the world now became an island of elitists and many more poor low class folks. Sad reality
I'd be very curious to see the desperate state you are talking about.
For physical infrastructure, there are certainly less well maintained areas and historical policies causing issues, but I'm not aware of any areas that are structurally/physically unsafe.
There are 'rougher' areas, places where theft is more likely but very, very few areas that are genuinely unsafe to walk through. The only ones I'm really aware of are two very small areas in London (basically 2-3 buildings) and certain kinds of traveller camps.
For pretty much everything else, it seems to be on par with other European nations - generally behind the Nordics of course.
Share the videos - I'd love to understand where you are coming from.
Clips don't tell you anything. The UK is suffering in the same way as every other developed country outside of the US and China - low growth that isn't propped up by booming AI and demographic issues.
They didn’t just “sail the world”. They brutally conquered the world. Over time those conquered colonies said no thanks to being ruled. Hard to maintain a great empire when you can’t keep stealing from your subjects.
I have been following this thread for a long time. The UK is poor, simply put, but it has taken a long time to realize it. But the chickens are coming home to roost now. The blame is primarily the rich and immigrants. The real problem is socialism and heavy taxes, plus a denigration of entrepreneurs and business owners. They will learn, once everything has gone to utter shit
If your OEM can be coerced into pushing a backdoor in an OTA update, maybe our software habits are to blame.
We'll always be powerless to stop top-down attacks like this until we demand real audits and accountability in the devices we own. Shaming the UK only kicks the can down the road and further highlights the danger of trusting a black box to remain secure.
That’s the trick. We don’t own the devices. We merely license their use. No root, no ownership.
People have been warning of this outcome for years and years. Stallman was right and all that. We got laughed out of the room and called paranoid weirdos.
Ever since smartphones were a thing it’s been obvious that this is where we were heading.
When a company has the ability to push OTA updates to a device locked down with trusted computing, it's not even a backdoor at that point, it's a frontdoor.
I agree political action here is totally fruitless. The UK government and Apple could already be cooperating and you would have no way of telling the difference.
> When a company has the ability to push OTA updates to a device locked down with trusted computing, it's not even a backdoor at that point, it's a frontdoor.
Ideally, everything that runs outside of an app sandbox would be 100% Open Source. Anything short of that is not sufficient to give people full confidence against a backdoor. (Even that also relies on people paying attention, but it at least gives the possibility that people outside of a company whistleblower could catch and flag a backdoor.)
I think so too. It should include full free open source specifications of hardware, as well as fully FOSS for all software that is not inside of the sandbox system, and probably also FOSS for most of the stuff that is using the sandbox, too. Other things should also be done rather than this way alone, but this will be a very important part of it.
Open source alone isn’t enough. You also need a way to build and deploy the code yourself.
> you would have no way of telling the difference
If only specific individuals are targeted, I agree. But if it's pushed to all users, wouldn't we expect a researcher to notice? Maybe not immediately, so damage will be done in the meantime, but sooner than later.
> But if it's pushed to all users, wouldn't we expect a researcher to notice?
Think of the security a games console has - every download arrives encrypted, all storage encrypted, RAM encrypted, and security hardware in the CPU that makes sure everything is signed by the corporation before decrypting anything. To prevent cheating and piracy.
Modern smartphones are the same way.
We can't expect independent researchers to notice a backdoor when they can't access the code or the network traffic.
How long was HeartBleed exploitable? How many people looked at that code? Now, take the source away and make the exploit intentional.
As someone who lives in the UK, I hope Apple tell the government where to shove their requests, and that they don't bow down like they did in China. I would prefer a company withdraws from the UK than listens to these over reaching requests of a power hungry government.
> I hope Apple tell the government where to shove their requests
They complied with the previous request, and stopped because the US government pressured the UK government because they didn't want US nationals to also fall victim to reduced security.
I'd love to see Apple stand up this time, but given their history I don't think it'll happen beyond a miffed comment on a blog somewhere.
> I would prefer a company withdraws from the UK than listens to these over reaching requests of a power hungry government.
That doesn't sound super profitable. Apple made money by the truckload bending over to accommodate surveillance in China.
Whilst this is true; its also worth considering:
If Apple did not stay in the Chinese market they will very quickly have a competitor appear in that market that will then threaten other markets. Arguably, there are already Apple competitors in it and Apple's position keeps them from occupying a space that quickly leads to competing with Apple globally.
China is generally viewed as a unique market and capitulating to the Chinese government may lead to capitulation to the US, but not to any other nation as they are incomparable.
The UK market will neither create an Apple competitor nor will it provide enough scope to allow existing competitors to meaningfully grow.
Capitulating to the UK government will lead to many other countries requiring similar capitulations.
I think the best outcome would be for Apple to have a Chinese competitor. If Apple had to compete, it would get better.
Keep hoping
The article states that apple removed the feature in the UK. So what are the UK government demanding access to?
Advanced Data Protection, where Apple does not keep a copy of your encryption keys (essentially), was removed in the UK.
The UK seems to now want Apple to decrypt/provide access to encrypted iPhone backups. This is where your device backs itself up in a restorable format to the cloud, including passwords and private data. Since Apple has a way to decrypt non-ADP iCloud data, UK wants it.
It's not removed in the UK for users who enabled it before the ban. There may be existing users of it that the UK gov are interested in.
Discussion:
https://news.ycombinator.com/item?id=45440226
They don’t need to. All of the photos and iMessages are stored in iCloud without e2ee (nobody has ADP turned on, and it’s blocked in the UK anyway) and Apple provides the data to the Five Eyes without a warrant.
This is already the status quo in the US. The fact that ADP is offered as an option is irrelevant.
> nobody has ADP turned on
This isn't the type of question I normally ask people, so it sounds like you've made a bad guess here and are treating your own assumption as fact. You are incorrect; I have ADP turned on.
> Apple provides the data to the Five Eyes without a warrant.
Source? Or are you assuming here, too?
> The fact that ADP is offered as an option is irrelevant.
Only if you think no one uses it.
https://support.apple.com/en-us/102651#:~:text=Advanced%20Da...
Lots of things to fault apple about. This likely is not one of them.
> likely
These load-bearing assumptions are part of Apple's issue.
Anyone can write a whitepaper, keeping a transparent SBOM is a different level of commitment.
This must be a response to the headline, without reading the article. It's specifically users' ADP content that the UK gov wants to be able to access.
It's encrypted iCloud backups, not ADP.
ADP hasn't been available in the UK for some time now.
It's ADP. That's why Apple didn't reinstate ADP in the UK. The UK wants a backdoor for UK users of ADP.
And there are plenty of UK users of ADP - those who got in before it was banned still have it.
From the article:
> After the U.K. government first issued the TCN in January, Apple was forced to either create a backdoor or block its Advanced Data Protection feature
> the US claimed the U.K. withdrew the demand, but Apple did not re-enable Advanced Data Protection
> The new order provides insight into why: the U.K. was just rewriting it to only apply to British users
perhaps you overlooked the literal first line?
> The Financial Times reports that the U.K. is once again demanding that Apple create a backdoor into its encrypted backup services.
If you read further, or click the FT link, you'll see the UK is now demanding access to encrypted iPhone backups.
ADP is not relevant beyond the history; the UK is not doing anything with ADP but I understand the confusion if you don't know that "iPhone iCloud backup" is a separate service for iPhones.
What is happening in the UK really?. I see numerous clips of the desperate state of many parts of various cities. It seems the country is in a steep decline. The once mighty UK sailing the world now became an island of elitists and many more poor low class folks. Sad reality
I'd be very curious to see the desperate state you are talking about.
For physical infrastructure, there are certainly less well maintained areas and historical policies causing issues, but I'm not aware of any areas that are structurally/physically unsafe.
There are 'rougher' areas, places where theft is more likely but very, very few areas that are genuinely unsafe to walk through. The only ones I'm really aware of are two very small areas in London (basically 2-3 buildings) and certain kinds of traveller camps.
For pretty much everything else, it seems to be on par with other European nations - generally behind the Nordics of course.
Share the videos - I'd love to understand where you are coming from.
Clips don't tell you anything. The UK is suffering in the same way as every other developed country outside of the US and China - low growth that isn't propped up by booming AI and demographic issues.
They didn’t just “sail the world”. They brutally conquered the world. Over time those conquered colonies said no thanks to being ruled. Hard to maintain a great empire when you can’t keep stealing from your subjects.
I have been following this thread for a long time. The UK is poor, simply put, but it has taken a long time to realize it. But the chickens are coming home to roost now. The blame is primarily the rich and immigrants. The real problem is socialism and heavy taxes, plus a denigration of entrepreneurs and business owners. They will learn, once everything has gone to utter shit
> The UK is poor, simply put
That's far too simply put
The UK has incredible wealth, it is just more concentrated than ever in a few select pockets
Yes like I said you have the socialism take and your enemy is the rich. You will learn eventually
What, so JD Vance was right ?!