Apple Called Out in New 'Encrypt It Already' Campaign

[John.B]

First things first, currently RCS leaks read receipt info regardless of your Messages -> Send Read Receipts settings. I solve this by leaving RCS turned off.

 

[Unregistered 4U]

Have any of you wondered why the government isn't opposed to encryption? Because something called client-side scanning has the potential to render encryption useless. I have no doubt Google will implement it if they haven't already.

All governments are against encryption. They may not say it every day, but multiple governments have “concerns” about encryption. There’s not a 1 that has said they’re completely unopposed to encryption.

 

[JoeG4]

I'm not buying the idea that Apple has their users' best interests in mind anymore. Tim Cook would happily sell you out for a 1% gain in profits.

 

[JamesMay82]

with everyone oversharing on social media I wonder if the average person even cares about privacy anymore?

 

[baconcat_8964]

I thought Google and Apple already implemented RCS E2EE, and it's held back by mobile carriers not supporting encrypted messages.

 

[jimscard]

For example, the EFF said Apple and Google should deliver on a promise to implement end-to-end encryption for RCS messaging. Last year, Apple said it planned to add support for end-to-end encrypted RCS messages to the Messages app in future iOS, iPadOS, macOS, and watchOS updates, but it did not provide a specific timeframe.

Starting with the iOS 26.3 beta, Apple appears to be laying the groundwork for carriers to be able to support end-to-end encryption for RCS messaging.



The EFF also called on Apple and Google to offer users per-app AI permissions, so Apple Intelligence and Google Gemini can be turned off in certain apps.



Article Link: Apple Called Out in New 'Encrypt It Already' Campaign

Before Apple or Google can enable end to end encryption in RCS (by supporting Universal Profile 3.x), carriers have to upgrade their systems to support it first. The problem is that UP 3.x isn't a simple upgrade - in the prior version, the carriers' systems received unencrypted RCS messages, and simply used the routing information in the headers to route messages to other carriers for delivery to their customers' devices. Messages would be encrypted between the sender's device and the carrier via TLS, and between the recipient's carrier and the recipient using TLS, but otherwise, they were unencrypted.

In UP 3.x, all that changes -- the encryption is built into the protocol, and the sender and recipient's devices have to establish the keys to use -- while not directly talking to each other.It's quite complex, which no doubt explains why no carrier has announced that they've implemented UP 3.x yet.

To the second point --Apple Intelligence already has per-app AI permissions - while for the most part, you'd want to enable it for Apple Intelligence, there are some apps that you might not want your activities and app data included in personal context etc. You can go into the Siri Suggestions and Privacy section of Settings and turn off "Learn from this application" for that particular app. (see screenshot).

 

[JoeG4]

with everyone oversharing on social media I wonder if the average person even cares about privacy anymore?

Oh come on. There's a stark difference between the stuff people 'overshare' online and the actual dirty laundry. Usually people only post the good things, or spin the bad things to sound as good as possible.

There's a difference between having an argument online and like, posting the blood test results from your annual physical.

 

[tennisproha]

EFF is 100% right. Apple gives the illusion of encryption. Even though I don't agree with some of the tactics the EU is using, I'm really happy they're going after Apple for making false promises.

 

[svish]

Happy with the way Apple is leading in the privacy department. Have turned on advanced data protection for my account. The recent privacy setting to limit carrier location tracking for devices with Apple cellular modems is a good move.

 

[Wollombi]

with everyone oversharing on social media I wonder if the average person even cares about privacy anymore?

I do, but maybe I’m not the average person? 🤷‍♂️

 

[kitKAC]

I’d also add that Apple should begin upgrading to quantum safe encryption. Right now the 3 letter agencies are grabbing everything in the cloud and if encryption is broken it will all be an open book. Planning now will protect a lot of information in the future. Apple’s encryption now is quite good but this is an Achilles heal.

Apple already started:

https://security.apple.com/blog/imessage-pq3/

 

[kitKAC]

I believe you mean Pete Hesgeth?

And Signal was only insecure because he added a jorunalist to a group chat.

 

[DaveMcM76]

It's still in the air. I'm a UK user and Advanced Data Protection is still enabled for me. AFAIK, Apple are only removing this feature for new UK user accounts.

If you already had ADP enabled then - for now, there was talk about it being disabled regardless but that doesn’t seem to have happened yet - it remains enabled, but if you didn’t already have it enabled then you now can’t enable it and get this message at the top of the settings screen.

 

[JamesMay82]

If you already had ADP enabled then - for now, there was talk about it being disabled regardless but that doesn’t seem to have happened yet - it remains enabled, but if you didn’t already have it enabled then you now can’t enable it and get this message at the top of the settings screen.

View attachment 2600299

I made the mistake of throwing my toys out the pram and I just cancelled iCloud altogether and just keep everything local now. Its a pain but I refuse to use it without ADP.

Oh come on. There's a stark difference between the stuff people 'overshare' online and the actual dirty laundry. Usually people only post the good things, or spin the bad things to sound as good as possible.

There's a difference between having an argument online and like, posting the blood test results from your annual physical.

I agree but I just don't think young people seem to be as bothered about their data like us older folks (I'm 43).. I've no proof, im just basing it off a few conversations ive had with teenagers/early 20's crowd. they just seem blasé about it all. dont back up anything etc

 

[JohannesO]

I wish everybody could have end-to-end encrypted email tomorrow by default.

 

[I7guy]

It's true... Ive been saying this for years! For a company that loves touting "privacy is a human right", they sure don't give two craps what happens once your data leaves the device. They should just release imessage for all platforms so they don't have to implement encryption into RCS. They could essentailly take over the messaging world and dethrown RCS, whatsapp, FB, and *insert your crap-tastic shady crypto bro messaging platform here* (signal/telegram). I say this as an Android user too...

Rcs is not their platform. Their services and platforms are encrypted. Stop misusing the “privacy is a human right” for some unknown narrative.

 

[randomgeeza]

If you already had ADP enabled then - for now, there was talk about it being disabled regardless but that doesn’t seem to have happened yet - it remains enabled, but if you didn’t already have it enabled then you now can’t enable it and get this message at the top of the settings screen.

View attachment 2600299

The keys to disable ADP for those that have it already enabled (of which I am one) are only available on the devices. To force the device to decrypt it, before disabling it is not possible. Therefore, turning it off could and would lead to data loss. However, if you were to disable it, you would not (at this time) be able to enable it in the UK, which sucks!! Apple could force you to disable it, by restricting other services. But, would they do that??? Personally I think the UK government needs to back down.

 

[fatTribble]

The EFF also called on Apple and Google to offer users per-app AI permissions, so Apple Intelligence and Google Gemini can be turned off in certain apps.

Yes please! 👏

 

[CarAnalogy]

The would not work.

1: some cry baby some where would complain about an Apple monopoly.

2: pretty sure one of the reasons Apple was against RCS was because of the lack of encryption support by the big carriers. Remember, those carriers make money off your info.

3: it was China that finally forced Apple to support RCS even with the lack of encryption support.

The time to release iMessage for all platforms was at least ten years ago. It's way too late now.

Even if they did release it now, it would just go in the folder with all the other messaging apps.

 

[Zondar]

iCloud already provides end-to-end encryption for more than a dozen data categories by default. For users looking for additional protection, Apple offers an optional feature called Advanced Data Protection, which extends end-to-end encryption to iCloud Backup, Notes, Photos, Voice Memos, and more.

I've long wondered why "advanced data protection" isn't the default, or why non-ADP even exists. One suspicion out there has been that Apple threw the US government a bone by saying "yeah, we encrypt passwords and these other little things, but don't hurt us! Here: you can have all the rest!" If true, then there's a disincentive for them to increase security much further.

 

[I7guy]

The time to release iMessage for all platforms was at least ten years ago. It's way too late now.

Even if they did release it now, it would just go in the folder with all the other messaging apps.

Not on my iPhone. iMessage is front and center.

 

[Apple_Robert]

While I appreciate and like the current state of Apple security, I definitively would like to see Apple push forward with more encryption ability of user device OS and apps.

 

[Mr. Heckles]

I love the EFF. They’re such a great organization. Always fighting for the rights of citizens. It’s worth it to donate to them if you can

They are, and one of the few I'll donate to.

 

[TimFL1]

I’d also add that Apple should begin upgrading to quantum safe encryption. Right now the 3 letter agencies are grabbing everything in the cloud and if encryption is broken it will all be an open book. Planning now will protect a lot of information in the future. Apple’s encryption now is quite good but this is an Achilles heal.

iMessage has quantum encryption since 2024.

The wait for RCS UP 3 without any updates since Spring is upsetting. I thought they learned their lesson about talking about features before they were ready, but they keep repeating the same mistakes.

I highly doubt they go UP3. The only leaks so far is E2EE being in the OS behind a feature flag, stuff like reactions or replies are notably absent. They probably do not honor the UP playbook

The requires carrier support as Apple will not send this through Google’s Jibe infrastructure.

Every carrier uses Jibe as their implementation, point is moot.

First things first, currently RCS leaks read receipt info regardless of your Messages -> Send Read Receipts settings. I solve this by leaving RCS turned off.
View attachment 2600202

Doesn‘t happen here, are you sure it‘s really sending receipts?

I've long wondered why "advanced data protection" isn't the default, or why non-ADP even exists. One suspicion out there has been that Apple threw the US government a bone by saying "yeah, we encrypt passwords and these other little things, but don't hurt us! Here: you can have all the rest!" If true, then there's a disincentive for them to increase security much further.

It‘s off by default cause once it‘s on, Apple can no longer help you get your account back. It‘s why they require you to add a backup key or recovery contact. Imagine all the elderly people losing access to their account cause ADP is enabled and wrongfully configured in terms of recovery options for them. Absolute nightmare.

 

[Zondar]

Yes, that's the ostensible reason, and yes, it is easier to recover if you grant Apple access to your keys.

But Apple already end-to-end encrypts parts of your info. Why not your chats and photos too? Is that really only possible with additional risk that grandma loses everything? I do not believe this is necessarily the case.