What is a “UK user?” Someone with their App Store region set to the UK? (Meaning they have a UK payment method.)
What about US citizens living in the UK? Would they have standing to sue Apple in a US court for breach of contract?
I’m also not clear on how Advanced Data Protection could be turned off without affirmative user consent – by definition, won’t the user need to provide their secret key to decrypt their existing data? Or will the iPhone have a multi-hour update where it decrypts its entire iCloud archive on the client-side, and then reuploads it without encryption?
Additionally, how would this work for people who have sensitive information on their phones? There's plenty of people who would have information on their (work) phones that they'd not be allowed to if the backups weren't encrypted, if Apple even potentially has access to it, this is not acceptable for that use case.
> Or will the iPhone have a multi-hour update where it decrypts its entire iCloud archive on the client-side, and then reuploads it without encryption?
More likely that the phone just sends the keys to Apple in that case
The phone doesn’t have (all of) the keys. That’s the point. I had to save a passphrase somewhere out of band.
But that passphrase you saved is an additional key, in case you lose all your Apple devices for example. You can tell it isn’t required for your phone to decrypt data because you don’t have to type it in to access your data, or even migrate to a new phone.
And if they allow rescue contacts in case you lose the password and you can decrypt the data through their account, there is a chance they also keep a key for themselves, just in case.
If you got sensitive data, learn to encrypt it yourself. That is the ONLY way to make sure. If you trust another company to do the encryption at rest for you, that is your own fault.
edit: s/passport/password, damn my phone.
>> What about US citizens living in the UK?
Why wouldn’t they be subject to UK laws like any other person living in the UK?
>> I’m also not clear on how Advanced Data Protection could be turned off without affirmative user consent
If I remember right from when this was initially discussed there isn’t any way to do it without incurring data loss (because the users device has a key Apple can’t access). As someone using ADP the risk of this led me to manually disable it at the time.
> Why wouldn’t they [US Citizens] be subject to UK laws like any other person living in the UK?
Yes, anyone in the UK is subject to UK law. But there is no UK law criminalizing the choice of a UK resident to enable Advanced Data Protection (or, if it’s already enabled, to not disable it).
They’re threatening Apple, not its users. Sure, Apple is subject to UK law (although it’s debatable if they’re even violating it). But they’re not immune to lawsuits in the US just because another country told them to violate their implicit contract with users.
> As someone using ADP the risk of this led me to manually disable it at the time.
That’s precisely the opposite of what you should have done. I was (and am still) using ADP in the UK. If I disabled it then I would no longer have the option to enable it. Nothing is forcing me to disable it – where is the threat of data loss? It’s only a risk if I don’t disable it, which I can do at any time in the future. You surrendered your only form of leverage for no reason and made yourself less safe in the process.
From https://support.apple.com/en-gb/122234
> UK users will be given a period of time to disable the feature themselves to keep using their iCloud account.
Doesn't this mean that you will be unable to use your iCloud account in the future if you have ADP enabled ?
Maybe, but any reasonable person would expect some clear, explicit notice of when that would happen. Until they “give me that period of time,” I have no reason to disable the safety feature that I won’t be able to re-enable…
And disabling your iCloud Account doesn’t mean that they would stop you from disabling ADP. It would probably be a red icon in settings that says “iCloud sync is paused, disable Advanced Data Protection to resume.”
(But I’m not sure I’m even subject to this, which is why I asked my original question… what’s a “UK user?” I have the US App Store active right now. I can switch to the UK store but that cancels all subscriptions, presumably including Apple Care+, which I could not re-purchase without buying a new device.)
I think if your region is set to the US they’re treating you like a tourist and you basically won’t need to comply.
They notified users that they would lose access to their encrypted data in the future.
The user can choose to download, delete from the server, and upload it again unencrypted, if they want.
When did this notification happen and by which channel?
It was discussed in the media when Apple announced that UK users could no longer enable ADP if they had not done so already.
> For users in the UK who have already enabled Advanced Data Protection, Apple will soon provide additional guidance. Apple cannot disable ADP automatically for these users. Instead, UK users will be given a period of time to disable the feature themselves to keep using their iCloud account.
Right, I saw that. That’s not as explicit as what you claimed, though:
> They notified users that they would lose access to their encrypted data in the future
There is an implicit threat of data loss here but it’s far from clear.
As I mentioned, it was discussed in the media back in February.
> According to Apple’s Xcode console logs reviewed by BBC News, existing ADP subscribers will lose access through phased certificate revocation in Q2 2025.
https://cybersecuritynews.com/apple-discontinued-adp-feature...
The UK publicly backed down before that happened.
Aren't the English already forced to give cops their phone passwords and face jail time if they refuse to?
Giving away Apple's encrypted cloud is just another small step into making 1984 a reality.
In France, they tried to make a law to force signals, WhatsApp, and other encrypted messaging to implement backdoors so that they could catch drug dealers.
Thankfully, it wasn't voted for, but truthfully, the average people didn't give a shit. I wish there was a way to make people learn how important privacy is to freedom and, therefore, to democracy.
I blame the education system that teaches almost nothing relevant. We even had 'citizen lessons', but it was about learning how the political institution works. We never spoke about what is freedom, what it involves, how easy it is to lose it, how hard it is to gain it.
> Aren't the English already forced to give cops their phone passwords and face jail time if they refuse to?
Similar to France too right?:
> The French Court of Cassation has ruled that people who are suspected or accused of a crime are obliged to reveal the passcode of their mobile phone to the investigative authorities. The Court found that a mobile phone passcode can be considered a “secret decryption agreement of a means of cryptology” (convention de déchiffrement d’un moyen de cryptologie). Refusing to hand over the passcode of a mobile phone is punishable by a fine of up to 270,000 EUR or three years’ imprisonment
https://www.fairtrials.org/articles/news/french-court-rules-...
> In France, they tried to make a law to force signals, WhatsApp, and other encrypted messaging to implement backdoors so that they could catch drug dealers.
What this Chat Control? It's not dead, France is still in favour of implementing it if it can get a bit more support from other EU states.
France's backdoor mandate is a separate case unrelated to chat control. https://brusselssignal.eu/2025/03/messaging-app-signal-threa...
It's horrible here. Every single day it feels like they announce a new method of "cracking down" on crime/child abuse/terrorism that just ends up eroding privacy further.
The irony, as crime has been declining for decades, yet it's the reason for every new authoritarian law under the sun.
Maybe that's why it's been declining.
Another set of good reasons why countries see a decline in crime:
- better economies
- better policing
- better social protections (shocking!)
- more access to education
- programs that reintegrate offenders
These are, of course, much harder for a politician to work on.
Don't think so. As a brit I've not heard of it. AI says:
>No, people are not routinely forced to give their phone passwords to English police; police generally cannot compel disclosure without a court-ordered Section 49 RIPA notice, which must be based on reasonable grounds and proportionality.
> The Regulation of Investigatory Powers Act 2000 (RIPA), Part III, activated by ministerial order in October 2007,[37] requires persons to decrypt information and/or supply keys to government representatives to decrypt information without a court order. Failure to disclose carries a maximum penalty of two years in jail, or five years in the cases of national security or child indecency. The provision was first used against animal rights activists in November 2007,[38] and at least three people have been prosecuted and convicted for refusing to surrender their encryption keys,[39] one of whom was sentenced to 13 months' imprisonment.[40] Even politicians responsible for the law have voiced concerns that its broad application may be problematic.[41]
https://en.wikipedia.org/wiki/Key_disclosure_law#United_King...
"Giving away Apple's encrypted cloud is just another small step toward making 1984 a reality."
The big step was "Apple's cloud", i.e., people storing their data on someone else's computer^1 where the someone else is also collecting the data of millions of other people, too
1. Some HN commenters and others define "the cloud" as "someone else's computer"
There are various "threat models", one of them is people losing their life's digital cupboard. For that, Apple provided Time Machine, then provided the equivalent of a digital safety deposit box in somebody else's room, like a bank fault. People can break, lose, or have their phone stolen; then open a new one from the box and have their digital cupboard back.
Well before Apple, the recommendation was to store a backup offsite – almost nobody did. Now many do.
In response to a warrant, a bank opens that box. In response to a warrant, clouds open that box. That part of the threat model isn't new.
Another threat is forgetting the key to your safety deposit box. Most people would be angry if Apple, or their bank, wouldn't let them back in the box. Apple used to be able to help.
Now, unlike the bank, they offer a mode where only you have the key.
It's hard to say this is a step to 1984, given that up to this point, the safety deposit box threat models were similar, just Apple's digital vault was much more likely to be have the user's latest valuables when the user needed them recovered, and when they diverge it is in user privacy favor.
I have often wished all the browsers and OSes had a documented public protocal for all the stuff they sync and that you could go into them and set their endpoint. the majority of people would leave it as the default but some of us would point it to our own servers.
As someone who lives in the UK, I hope Apple tell the government where to shove their requests, and that they don't bow down like they did in China. I would prefer a company withdraws from the UK than listens to these over reaching requests of a power hungry government.
If you're hoping for multi-trillion dollar multinationals to fight political battles on your behalf, you're playing the wrong game.
Either your country is a democracy where people get to choose what their government does (aka, a majority of people want these invasive policies), or it's illegitimate and should be treated as such.
The UK isn't a democracy anymore. There are now five parties in England trying to co-exist in an electoral system designed for two. Our democracy is in the process of collapsing under its own weight.
How do you design for two parties? How is having more parties worse? This is very confusing!
The first past the post system works reasonably well for two parties. But now we have more, it has broken down.
Even with the most advanced statistical methods we now have no idea who would win if an election were to be held tomorrow. Even though we know the % support for each party, the way that it translates to seats is chaotic. Each of the 649 seats is a 3, 4 or 5 way race.
When we had major 3 parties (most of the 20th century) election results could at least be predicted by basic statistical methods, even if they weren't very fair they were at least predictable. Now the results are neither fair nor predictable.
As the smaller parties started to gain ground into the 21st century the polling companies developed increasingly sophisticated and expensive methods such as MRP polling to try to keep up. That worked in the 2024 election but it won't work next time.
Random selection (sortition) could be considered a viable form of democracy if the selection of members is uniform. However the precise way that random selection of members occurs now is that one party can end up with a huge number of seats regardless of their proportion of the vote. That form of random selection isn't democracy.
> Either your country is a democracy where people get to choose what their government does (aka, a majority of people want these invasive policies), or it's illegitimate and should be treated as such.
The US government has previously tried to force Apple to insert a backdoor into its iPhones.
Apple did fight it in court.
https://www.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_...
I didn't read the quoted message as saying that Apple won't fight, but that if you need to rely on Apple to fight (especially when you live outside Apple's home country), you've got serious problems.
Agreed. This is the people’s fight with their government, it’s not Apples fight.
The answer is don’t store your data on iCloud. Self host everywhere you can, and protest. Don’t wait for or rely on a corporation to fight your battles against your government for you.
I took it as a criticism of the state of affairs in the UK, and wanted to remind people that the US doesn't have the moral high ground on this issue.
Apple fought Comey and the Biden administration on this issue back in 2015, and is still fighting in the UK.
Sadly, the majority of the people want these policies because they’ve been brainwashed or they’re too apathetic to care. The major political parties want it too. Democracy is flawed.
CEOs wont go to jail for their customers, especially when there are billions of customers.
There are only two defences, the law - which is on the governments side or not giving your data to people who fuel their yacht and their jet with customer data.
> I hope Apple tell the government where to shove their requests
They complied with the previous request, and stopped because the US government pressured the UK government because they didn't want US nationals to also fall victim to reduced security.
I'd love to see Apple stand up this time, but given their history I don't think it'll happen beyond a miffed comment on a blog somewhere.
If they do it once though, they’ll have to do it everywhere that asks. I hope they can see they’re standing at the top of a very slippery slope.
I also hope our idiotic government starts to go deal with the country’s _actual_ problems sometime soon instead of coming up with pointless / dangerous bs ideas like this + digital ID
> They complied with the previous request
Nope.
They refused to comply, and then publicly announced that they would strip encryption features from UK users before they would add an encryption backdoor.
A threat they later made good on.
There's an easy way out of it but most HN users here would hate it. Apple can just donate to Trump and the problem with the British would go away overnight. Downing Street and GCHQ combined cannot match the coffers of Apple and the greenback is the only currency of power that the whitehouse acknowledges.
At the end of the day, the emperor is happy to yank on the leash of the special relationship so long you pay him off.
> I would prefer a company withdraws from the UK than listens to these over reaching requests of a power hungry government.
That doesn't sound super profitable. Apple made money by the truckload bending over to accommodate surveillance in China.
Whilst this is true; its also worth considering:
If Apple did not stay in the Chinese market they will very quickly have a competitor appear in that market that will then threaten other markets. Arguably, there are already Apple competitors in it and Apple's position keeps them from occupying a space that quickly leads to competing with Apple globally.
China is generally viewed as a unique market and capitulating to the Chinese government may lead to capitulation to the US, but not to any other nation as they are incomparable.
The UK market will neither create an Apple competitor nor will it provide enough scope to allow existing competitors to meaningfully grow.
Capitulating to the UK government will lead to many other countries requiring similar capitulations.
So from the selfish Apple perspective, it made perfect sense and Apple did the right thing (for them). From a rights/freedom perspective (for their users), they did the wrong thing, but that's not a battle that they they alone can win.
Out of the 197 countries in the world, how many have governments that respect the privacy rights of their citizens enough to prevent mass surveillance of them? Answer: Zero. Bring on the arguments about the various laws that prevent this, and I'll point you to the "national security and law enforcement exceptions" they they all have, sometimes in the form of "classified" contracts or court orders, and sometimes in the form of "executive orders" or other similar instruments. There are also agreements between the intelligence services of allied countries that facilitate information sharing, so each counterpart can do the collection and analysis of the partner nation and share the results, without technically violating any of their laws.
Sort of like Google designing a censorship friendly search engine for the Chinese market to try to get back into China's good graces?
> The Dragonfly search engine was reportedly designed to link users' phone numbers to their search queries and censor websites such as Wikipedia and those that publish information about freedom of speech, human rights, democracy, religion, and other issues considered sensitive by the Chinese government. It is not designed to notify searchers when the information they want has been censored.
Yes, exactly like that. If the CCP demands a morally base monopolist like Google do that for zero tangible gain, they must be holding Apple over a barrel with backdoors for market access. After all, Apple's competitors in China all acquiesce to Chinese control. Tim's really gotta give the ring lip service if he wants to keep his reputation for supply chain magic.
AOSP at least lets users disable a nosy baseband firmware and uninstall Play Services spyware. Apple customers are fish in a barrel if your rogue government orders an OTA update that compromises your security. Would be pretty nightmarish if you lived in a country like the United States where both companies have already been coerced into shipping backdoors: https://arstechnica.com/tech-policy/2023/12/apple-admits-to-...
> they must be holding Apple over a barrel with backdoors
Nope.
Apple is subject to the same restriction that every other company in China is.
Or Google in the US, for that matter.
If you store customer data on your server, when the government shows up with a warrant, you have no choice but to hand a copy over.
Handing over a copy of push notifications stored on your server isn't a "backdoor". It's how the law works in the United States when any agency shows up with a warrant.
That's what makes Google's business model of spying on customers as much as possible and hording customer data on their servers so dangerous.
If your state prosecutes women seeking an abortion, for instance, Google handing over data showing you were in an abortion clinic in response to a warrant is harmful.
Contrast with Apple, which operates it's own map service without keeping a log of everywhere you've been on their servers.
Cite at least one (1) source. I don't like taking technical arguments on faith.
> Avondale Man Sues After Google Data Leads to Wrongful Arrest for Murder
Police had arrested the wrong man based on location data obtained from Google and the fact that a white Honda was spotted at the crime scene. The case against Molina quickly fell apart, and he was released from jail six days later. Prosecutors never pursued charges against Molina, yet the highly publicized arrest cost him his job, his car, and his reputation.
https://www.phoenixnewtimes.com/news/google-geofence-locatio...
Google spying on people as much as possible and storing everything they glean on their servers (where they have no choice but to hand it over to any government agency with a warrant) is dangerous.
Keep hoping
The most important thing about this, and other similar overreach, is that there is no democratic constituency for this. It's a waste of time, almost a distraction, picking at the rationality of these constant attacks. The important thing is to find out exactly who they are doing it for.
Who asked for it? Let them speak up, and explain why they are so special that governments should and do obey them. Starmer doesn't personally care about any of this (or anything.) No Labour MP cares about any of this. Who is convincing them to override democracy to create tools that make it easier to override democracy? Force them to drop the pretense that they have come up with this themselves, and that they personally believe that it is important.
Start by finding out who the hands were who wrote the actual text. The MPs themselves, and the network of important nephews and nieces that work on their respective staffs are too stupid to write this stuff. Who are the minds that are crafting law for supposed democracies from whole cloth?
Intelligence agencies, and they have a legitimate edict to catch paedos or stop terrorists. Through Investigatory Powers regulation they have been granted powers to make such demands.
Australia has close legislation with the Technical Assistance and Access bills that can be used by Law Enforcement / Australian Intelligence Community, but it explicitly doesn't allow the deliberate weakening of security or backdoors, unless such a weakness is inherent in the technology.
Security services. You have to be absolutely blind at this point not to realise this. The "media campaigns" are identical to the ones used for the past few decades, in print media these were run by tabloids and they have moved on, with less success, online (in the 90s, the coverage of the tabloid campaigns was wall-to-wall). OSA was textbook: unrelated tragic event, young child, grieving parents, mentioning this campaign in relation to the OSA repeatedly despite them being unrelated, same thing every time.
The really odd thing is that you have people who will claim that the media is run by right-wing billionaires. On certain topics, you will see every story come from civil servants, the government is just too big (the easiest way to tell is the sources, articles run by civil servants will almost never have actual sources and will usually not be constructed in a logical way, for example a new one is to repeatedly refer to Russia). But because so many people are making so much money from the government, this kind of thing is ignored (and I will also say, the observation that this isn't the actual government just civil servants is important...some newspapers are now notorious for having civil servants contacts who brief journalists against their own ministers, Home Office is the most well-known but it has happened in almost every area...there is nothing that elected officials can do).
> Security services.
"Security services" isn't a power center, they are a tool used by power centers. We are not being attacked by nameless institutions, we are being attacked by people who have names.
I have absolutely no idea what theory of power people are operating under who believe that "civil servants" are trying to take over the world. Even if they're all secret Satanists working for the devil to impose evil upon the planet, let the devil introduce himself.
> The really odd thing is that you have people who will claim that the media is run by right-wing billionaires.
It is so odd to think that power is wielded by the powerful. No, it's actually powerless administrators on 80K/year who force heads of state to make bizarre power grabs. And I have no idea why right-wing billionaires get pointed out as absurd, and "left-wing" billionaires get off scot-free by going completely unmentioned. Unless you think that it's a contradiction for a left-winger to be a billionaire, then that's fair enough. A lot of them get called left-wing because they believe in global warming and vaccination or something (I don't remember Marx or the Jacobins writing about that, or trans people, or illegal immigrants.)
> But because so many people are making so much money from the government
That's the billionaires. You realize that there are people making money, and you realize that they're the ones that must be driving things, but you don't identify them and indemnify the most powerful people on the planet. I simply can't see this as a thought process at all. I have no idea how people are convinced to focus all of their anger on people with no power who they don't know.
> "Security services" isn't a power center, they are a tool used by power centers.
No, they /are/ a power center. They have a lot of power: they advise governments, police and business, who listen to their advice and act on it very often. A lot of the work they do is (sadly) essential in the world as it exists today. Of course the "security services" want to open and read your mail and will advise accordingly.
Yes, the people who have names are civil servants leading the security services and believe that these things are their responsibility to implement to achieve their aims.
I didn't say anything about taking over the world. These people are doing interviews (Ken McCallum has done several interviews, he is appearing on podcasts which is part of their new media strategy - https://www.bbc.com/news/articles/c4g2nwlpw1yo - this is an example, do you not know any journalists? How do you think a story like this gets written? Lol) and they are extremely explicit about this. The UK has a problem with terrorism, they believe that by breaking encryption they will be able to catch more terrorists. Again, they are doing interviews with the media telling you this, you don't have to have a complex world view that relies on shadowy cabals...they are telling you they are doing this, they are incentivized to do this, they are the only people with the power to do this.
It isn't a bizarre power grab, these people have legal powers, they are using these powers. Why do you think a billionaire is powerful? What legal powers does he have to break encryption? Can he arrest you? Is the history of the 20th century an example of governments overusing their powers or billionaires? Illogical.
If billionaires were making money from the government, you would see growth. The UK isn't growing. They aren't driving things because nothing that is happening is helping business. The assumption that you are making is that they secretly control everything...but what is happening now that is benefitting them? The size of the state is growing rapidly, they have effective lobbying power...because they run the government...this isn't a conspiracy theory, this is just logic. The people who have power...are the people with power. In the UK, if you actually understand how government works which you appear not to, elected officials have clearly limited powers over the departments they control. We had an election, and you are seeing the government cycle through the exact same policies that have been suggested by civil servants (which ministers are legally unable to dismiss). Is this the billionaires again? Lol.
This blanket refusal to actually look at what is happening rather than drop this world view that is embedded into personality is why the UK is collapsing. Who do you think is running the government other than the government?
I know civil servants at every level, I know MPs, why do you assume that everyone is as ignorant as you? I worked in politics. No-one who works in politics and is aware of how government works disputes this. Senior civil servants do not dispute it is happening, I believe the last three Civil Service heads have said this is happening. The narrative of "the billionaires" is something that no-one believes, it only exists to fool credulous children, I would go so far as to say (in my experience) unions do not actually believe this anymore...I am not sure who actually believes it apart from people unaware of how government works. However, there are two issues: reform is very hard because any government needs civil servants to do things (as an example, the creation of Border Force was an attempt to reform a part of the government that was out of control, it happened then Home Office civil servants spent years attempting to bring it down and limit their power, which is delegated to a substantial degree), and the Civil Service has been very successful in appearing to do enough (for example, they present a policy choice, that policy choice is ineffective by design but it sounds like something that can be sold...almost all Treasury policies are like this, they cannot work, at some level i assume ministers know they cannot work but there is something to announce, it usually is designed to sound good...I am not sure why this isn't obvious either, we have years now of governments announcing policies with no impact, you aren't slightly suspicious about why? Credulous).
Of course they care about it in the sense that they care about maintaining law and order which forms the foundation of their power. Everyone knows the emperor has no clothes when it comes to "think of the children" bills. It's a fig leaf over their power grab. Everyone also knows that this will ultimately be used to crack down on dissidents, criminals, and other undesirables (likely immigrants as well) and that is where you'll find the democratic constituency for this overreach:
Authoritarians generally and right-wing populists in particular are the major proponents of government surveillance and control.
Government is overreaching, it must be someone else's fault!
Government is not a guy, it's run by guys. They've got you blaming an abstraction.
If your OEM can be coerced into pushing a backdoor in an OTA update, maybe our software habits are to blame.
We'll always be powerless to stop top-down attacks like this until we demand real audits and accountability in the devices we own. Shaming the UK only kicks the can down the road and further highlights the danger of trusting a black box to remain secure.
That’s the trick. We don’t own the devices. We merely license their use. No root, no ownership.
People have been warning of this outcome for years and years. Stallman was right and all that. We got laughed out of the room and called paranoid weirdos.
Ever since smartphones were a thing it’s been obvious that this is where we were heading.
I mean, arguably you don’t have ownership over anything without a legal right which is enforced by a government etc, and every item has exceptions. You think you own a house, but see how long that lasts if you stop paying land taxes. You only own a car as long as you don’t damage someone else’s car without insurance and it gets repossessed. These are stupid examples so don’t read too deeply into them, but it sorta outlines my point that licensing the use of things is very often as close as we get to owning just about anything. Not saying that’s good or bad, just that that’s kinda how it works.
When a company has the ability to push OTA updates to a device locked down with trusted computing, it's not even a backdoor at that point, it's a frontdoor.
I agree political action here is totally fruitless. The UK government and Apple could already be cooperating and you would have no way of telling the difference.
> When a company has the ability to push OTA updates to a device locked down with trusted computing, it's not even a backdoor at that point, it's a frontdoor.
Ideally, everything that runs outside of an app sandbox would be 100% Open Source. Anything short of that is not sufficient to give people full confidence against a backdoor. (Even that also relies on people paying attention, but it at least gives the possibility that people outside of a company whistleblower could catch and flag a backdoor.)
I think so too. It should include full free open source specifications of hardware, as well as fully FOSS for all software that is not inside of the sandbox system, and probably also FOSS for most of the stuff that is using the sandbox, too. Other things should also be done rather than this way alone, but this will be a very important part of it.
I'll go even further and bring up Trusting Trust - whole chain needs to be open source and verifiable.
and you need to be able to compile each and every part of it.
Open source alone isn’t enough. You also need a way to build and deploy the code yourself.
Agreed. And demonstrated reproducibility showing that the result is identical.
> you would have no way of telling the difference
If only specific individuals are targeted, I agree. But if it's pushed to all users, wouldn't we expect a researcher to notice? Maybe not immediately, so damage will be done in the meantime, but sooner than later.
> But if it's pushed to all users, wouldn't we expect a researcher to notice?
Think of the security a games console has - every download arrives encrypted, all storage encrypted, RAM encrypted, and security hardware in the CPU that makes sure everything is signed by the corporation before decrypting anything. To prevent cheating and piracy.
Modern smartphones are the same way.
We can't expect independent researchers to notice a backdoor when they can't access the code or the network traffic.
How long was HeartBleed exploitable? How many people looked at that code? Now, take the source away and make the exploit intentional.
Sorry, I'm not an Apple user, so I'm not 100% sure if this is about forcing Apple to avoid/break E2E encryption (E2E in the true sense like Proton Mail) in the UK or to give them the keys they already can obtain themselves?
For all that matters, Apple may be already sharing "encrypted" data with governments and law enforcement. It's a locked down device running closed source software, and it's impossible to know what it really does behind the user's back.
> It's a locked down device running closed source software, and it's impossible to know what it really does behind the user's back.
That’s hardly true, analyzing binaries is not significantly more difficult without access to the source code. Even if you did have the source code, any serious analysis would focus on the binaries as seemingly innocuous code can be transformed into something else by a compiler.
If we’re talking about some deep hardware level backdoors, you presumably don’t have your own fab and therefore are stuck with trusting whoever you get hardware from.
May? We already know that they do it since Snowden.
If they succeed, we'll probably never know.
As long as they keep pushing we have a 80% chance that they haven't succeeded yet.
Everyone is so preoccupied with losing their minds every time Trump trolls the media with some new nonsense on the socials that they're ignoring the completely insane things going on in the UK right now. Like arresting people for using naughty language online.
20 years ago this would have been daily outrage on Slashdot's YRO section but I get the feeling no one cares enough anymore.
The UK has gone full thought control. They have also gone full immigration.
Going to be a very different place in 10 years.
Probably Farage in 3 years and back the other way.
The article states that apple removed the feature in the UK. So what are the UK government demanding access to?
Advanced Data Protection, where Apple does not keep a copy of your encryption keys (essentially), was removed in the UK.
The UK seems to now want Apple to decrypt/provide access to encrypted iPhone backups. This is where your device backs itself up in a restorable format to the cloud, including passwords and private data. Since Apple has a way to decrypt non-ADP iCloud data, UK wants it.
Just want to elaborate on this:
If you do not have ADP enabled (which is the case in the UK as of now), device (iPhone) backups are not end to end encrypted and are stored on Apple's systems unencrypted (or encrypted with a key that Apple knows).
If you have ADP enabled then device backups are end to end encrypted; only you have the keys and therefore only you can decrypt the backup.
Frankly if Apple (or any provider for that matter) hold the encryption key then it isn't encrypted.
Frankly most of the services you use work exactly like this, so you must think very few things are encrypted
A locked door with a key in the lock is not really locked. As far as a court order is concerned, if they hold the keys they are available with the "encrypted" data".
Apple already (can and do) provide any and all data they hold, including decrypting data they hold the decryption keys for in response to a court order worldwide.
> A locked door with a key in the lock is not really locked.
A physical key sitting in a lock? Anyone walking by can turn it. Done. That's not what's happening with iCloud data.
Apple's decryption key isn't sitting there for the turning. It's stored in access-controlled systems and requires deliberate action and legal process to use. An employee or passerby can't just stroll by and "turn the key."
If you want the only copy of the key to your digital safety deposit box where you store all your stuff, thankfully there is Advanced Data Protection.
> As far as a court order is concerned
All service providers you use will provide data in response to lawful requests.
It's encrapped.
encrappted
It's not removed in the UK for users who enabled it before the ban. There may be existing users of it that the UK gov are interested in.
Why the down vote?
The reason this is a story again is because the reporting the last time was piss poor. The UK only agreed to drop the request for access to data for all users regardless of their nationality after pressure for the USG. They never said they were going to back down from the request for UK user data.
They don’t need to. All of the photos and iMessages are stored in iCloud without e2ee (nobody has ADP turned on, and it’s blocked in the UK anyway) and Apple provides the data to the Five Eyes without a warrant.
This is already the status quo in the US. The fact that ADP is offered as an option is irrelevant.
> nobody has ADP turned on
This isn't the type of question I normally ask people, so it sounds like you've made a bad guess here and are treating your own assumption as fact. You are incorrect; I have ADP turned on.
> Apple provides the data to the Five Eyes without a warrant.
Source? Or are you assuming here, too?
> The fact that ADP is offered as an option is irrelevant.
Only if you think no one uses it.
On warrantless access: Apple’s own transparency report says they turn over data on roughly 100k users per year to US government without a warrant.
ADP adoption: https://daringfireball.net/linked/2023/12/05/icloud-advanced...
Don’t be glib. Of all Apple device users, those who have ADP enabled are almost certainly a rounding error.
Once you turn it on, you can only see your files and photos on other trusted Apple devices.
So anyone that has a Windows machine that has iCloud sync to their machine can’t use it.
> Don't be glib
followed by
> almost certainly
with zero links. Sure, I'll take your word for it.
Do you really think that most users enable such a feature? Do you think everyone compiles their own Linux kernel, and port forwards for their own Minecraft server, too?
No, it’s a feature tucked away in Settings where small, small percentages of users are going to use it.
It’s great that it exists, but let’s listen to life experience. You don’t need to retort “Source! Source!” for things like this. Be our guest, ask everyone in your life and keep a tally.
I've got it on. I don't take any other extensive means to protect my security but this was very easy and felt worth it given the honeypot of info living in my phone.
There may, in fact, be dozens of us.
> Do you really think that most users enable such a feature?
No one is claiming most people use it. You are claiming no one or essentially no one uses it, which is untrue.
> but let’s listen to life experience
Your life experience is apparently that you don't use ADP, so therefore no one uses ADP. This is not a useful data point.
> You don’t need to retort “Source! Source!”
So... you don't have a source?
> Be our guest, ask everyone in your life and keep a tally.
As I stated in my first response to you, it isn't a question most people ask so I'm not sure why you'd think a few comments later my take on this would change.
https://support.apple.com/en-us/102651#:~:text=Advanced%20Da...
Lots of things to fault apple about. This likely is not one of them.
That is only true with ADP on, and it’s disabled in the UK. Look directly above it.
> likely
These load-bearing assumptions are part of Apple's issue.
Anyone can write a whitepaper, keeping a transparent SBOM is a different level of commitment.
This must be a response to the headline, without reading the article. It's specifically users' ADP content that the UK gov wants to be able to access.
It's encrypted iCloud backups, not ADP.
ADP hasn't been available in the UK for some time now.
It's ADP. That's why Apple didn't reinstate ADP in the UK. The UK wants a backdoor for UK users of ADP.
And there are plenty of UK users of ADP - those who got in before it was banned still have it.
From the article:
> After the U.K. government first issued the TCN in January, Apple was forced to either create a backdoor or block its Advanced Data Protection feature
> the US claimed the U.K. withdrew the demand, but Apple did not re-enable Advanced Data Protection
> The new order provides insight into why: the U.K. was just rewriting it to only apply to British users
perhaps you overlooked the literal first line?
> The Financial Times reports that the U.K. is once again demanding that Apple create a backdoor into its encrypted backup services.
If you read further, or click the FT link, you'll see the UK is now demanding access to encrypted iPhone backups.
ADP is not relevant beyond the history; the UK is not doing anything with ADP but I understand the confusion if you don't know that "iPhone iCloud backup" is a separate service for iPhones.
What, so JD Vance was right ?!
What is happening in the UK really?. I see numerous clips of the desperate state of many parts of various cities. It seems the country is in a steep decline. The once mighty UK sailing the world now became an island of elitists and many more poor low class folks. Sad reality
I'd be very curious to see the desperate state you are talking about.
For physical infrastructure, there are certainly less well maintained areas and historical policies causing issues, but I'm not aware of any areas that are structurally/physically unsafe.
There are 'rougher' areas, places where theft is more likely but very, very few areas that are genuinely unsafe to walk through. The only ones I'm really aware of are two very small areas in London (basically 2-3 buildings) and certain kinds of traveller camps.
For pretty much everything else, it seems to be on par with other European nations - generally behind the Nordics of course.
Share the videos - I'd love to understand where you are coming from.
Sounds like you spend too much time watching clips on the internet.
Clips don't tell you anything. The UK is suffering in the same way as every other developed country outside of the US and China - low growth that isn't propped up by booming AI and demographic issues.
>What is happening in the UK really?
Everyone knows it, but you're not allowed to say it, and you're definitely not allowed to say it in the UK or you will literally be arrested for speech.
viz.: they let in a bunch of low-quality people, and now they have to deal with it.
In the long run they're still way ahead because they exploited those "low-quality" people for centuries, extracting all their labor and material resources for virtually nothing.
Wasn't that the marketing canpaign for brexit? The EU is sending all these people in, we want out?
I have been following this thread for a long time. The UK is poor, simply put, but it has taken a long time to realize it. But the chickens are coming home to roost now. The blame is primarily the rich and immigrants. The real problem is socialism and heavy taxes, plus a denigration of entrepreneurs and business owners. They will learn, once everything has gone to utter shit
> The UK is poor, simply put
That's far too simply put
The UK has incredible wealth, it is just more concentrated than ever in a few select pockets
Yes like I said you have the socialism take and your enemy is the rich. You will learn eventually
Capitalism and socialism are both pretty effective at killing competition and rewiring the government & economy to seek extractive rents. Granted, it takes longer with capitalism.