Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Tim Cook Speaks on Privacy in New Interview: 'We Try Not to Collect Data'

Apple can reset your password at any time, they can get into your account whenever they want to - let's no be silly here.

Doesn't mean they read everyones messages, they don't care.

But they will give access to your account when the government knocks on their door - they have to.

Cook is intentionally misleading in his statement about the encryption of messages.
 
Last edited:
X-X said:
Apple can restore your password at any time, they can get into your account whenever they want to - let's no be silly here.

Doesn't mean they read everyones messages, they don't care.

But they will give access to your account when the government knocks on their door - they have to.

Cook is intentionally misleading in his statement about the encryption of messages.
Click to expand...

No they can't. You saying it over and over does not make it so. There is no evidence to the contrary, and I have no idea what you mean by "restore your password." Call Apple as many times as you want and ask for your password and they can't give it to you because they don't have it.
 
cmaier said:
No they can't. You saying it over and over does not make it so. There is no evidence to the contrary, and I have no idea what you mean by "restore your password." Call Apple as many times as you want and ask for your password and they can't give it to you because they don't have it.
Click to expand...

Maybe he means Resetting your password? :apple:
 
Do you know the function "Password Reset".

You clearly have no idea about the technology behind these services. Believe what you want, I don't care.
 
Crocodoc said:
Maybe he means Resetting your password? :apple:
Click to expand...

Perhaps, but of course that doesn't help apple spy on you. Even if they could reset the password to something they know (and thus spy) they couldn't set it back, so it would be discovered. And, of course, resetting doesn't actually help decrypt existing backups since it doesn't unlock the private key.
 
Velin said:
Makes no difference what Apple says. NSA spliced right into the backbone cables, diverting everything to Sparc servers. Frontline had an excellent program on this.
Click to expand...

Makes a difference to apple and its reputation. The Frontline stuff makes it clear that Apple wasn't complicit in any of the NSA activity as was previously rumored.
 
You want to not have to promise us that you don't share our info? Let us heavily encrypt all our iCloud data with passwords stored nowhere but in our brains. No password resets, especially not using security questions. Logging in = decrypting your RSA data with your key. THAT is the "no BS" solution. That's what Apple does with the safety key (optional) they store for FileVault.

I want my info protected by prime numbers, not Apple :)
 
X-X said:
Do you know the function "Password Reset".

You clearly have no idea about the technology behind these services. Believe what you want, I don't care.
Click to expand...

A password reset doesn't unlock existing backups. And you'd be surprised how much I know about the technology behind these services. It merely gives you a new password (with an associated new private key) that can be used to encrypt future backups. Unless you leave your password as something apple assigns to you, it's useless to apple.

----------
AlecZ said:
You want to not have to promise us that you don't share our info? Let us encrypt all our iCloud data with a password stored nowhere but in our brains. Logging in = decrypting your RSA data with your key.
Click to expand...

That's exactly what they do! The actual password is stored nowhere other than your head. Only a salted and hashed version is stored elsewhere.
 
cmaier said:
That's exactly what they do! The actual password is stored nowhere other than your head. Only a salted and hashed version is stored elsewhere.
Click to expand...

It's unlockable using three security questions or a verification email, allowing the user (or hacker) to see some user info like emails, contacts, and… oh yes photos ;) So Apple is not doing as I said. And for this to work, I want a guarantee that my device is receiving data encrypted with a key Apple doesn't have then unlocking it, not unlocking it on Apple's side.
 
@cmaier

Just take your iCloud email for example, all you mails are stored on Apple's servers.

Do you think they even bother to encrypt your mails? Nope, only the transmission.

All Mails and attachments are stored completely unencrypted.
 
AlecZ said:
It's unlockable using three security questions or a verification email, so Apple is not simply doing that. And for this to work, I want a guarantee that my device is receiving data encrypted with a key Apple doesn't have then unlocking it, not unlocking it on Apple's side.
Click to expand...

The three questions are used to reset your password, not to unlock it. They, in effect, act as a second password. And, like your password, Apple does NOT have the answers to your questions - it has salted, encrypted versions of the answers.
 
cmaier said:
Perhaps, but of course that doesn't help apple spy on you. Even if they could reset the password to something they know (and thus spy) they couldn't set it back, so it would be discovered. And, of course, resetting doesn't actually help decrypt existing backups since it doesn't unlock the private key.
Click to expand...

I think X-X needs to have a good trawl through OWASP to see what most companies do for tech security.

https://www.owasp.org/index.php/Main_Page

:apple:
 
X-X said:
@cmaier

Just take your iCloud email for example, all you mails are stored on Apple's servers.

Do you think they even bother to encrypt your mails? Nope, only the transmission.

All Mails and attachments are stored completely unencrypted.
Click to expand...

First, I don't use iCloud email. We were talking about iMessages.

Email is problematic because email protocols don't handle end-to-end encryption. If Apple encrypted mail you send through its smtp servers the recipients couldn't read it, and vice versa. Unless Apple invents its own email protocols, there's not too much it can do.

----------
Crocodoc said:
I think X-X needs to have a good trawl through OWASP to see what most companies do for tech security.

https://www.owasp.org/index.php/Main_Page

:apple:
Click to expand...

I find that for people to be this paranoid two things have to be true: first, a complete misunderstanding understanding of asymmetric cryptography and common security practices. Second, a personality such that if that person were in charge of a product they would be snooping into other people's business, so they can't fathom that someone else wouldn't build in some sort of secret back door.
 
cmaier said:
I find that for people to be this paranoid two things have to be true: first, a complete misunderstanding understanding of asymmetric cryptography and common security practices. Second, a personality such that if that person were in charge of a product they would be snooping into other people's business, so they can't fathom that someone else wouldn't build in some sort of secret back door.
Click to expand...

Then you've just got cynical people like me, who know how the tech works but don't trust it anyway because I know how programmers work. :apple:

X-X said:
Oh well if YOU don't use it, I guess it doesn't matter that Apple is storing all mail communication and attachments completely unencrypted.

What a relief.
Click to expand...

Not what he said.
 
X-X said:
@cmaier

Just take your iCloud email for example, all you mails are stored on Apple's servers.

Do you think they even bother to encrypt your mails? Nope, only the transmission.

All Mails and attachments are stored completely unencrypted.
Click to expand...

One of my pet peeves, perhaps my biggest one, is people who make assumptions without any supporting evidence and then convince themselves that their assumptions are truth. This seems to be what you're doing.

Apple does, in fact, "bother" to encrypt iCloud email stored on the servers:

This means that your data is protected from unauthorized access both while it is being transmitted to your devices and when it is stored in the cloud
Click to expand...

http://support.apple.com/kb/HT4865
 
X-X said:
Oh well if YOU don't use it, I guess it doesn't matter that Apple is storing all mail communication and attachments completely unencrypted.

What a relief.
Click to expand...

What, exactly, would be the point of encrypting it? It's unencrypted at the recipient, at various points in transmission from non-apple-controlled servers... Email is fundamentally not a secure protocol. If you want secure email you need to encrypt at the source and have a key exchange protocol with the recipient.

You're just changing the subject. iMessage is a secure messaging protocol. Email is not. If Apple encrypted it so that Apple could not read it, it would still arrive at Apple's servers unencrypted. And the resulting cipher text would be unreadable by you (except if Apple broke the email protocol so you could only read email sent to you in apple email clients). And email you sent to third parties would not be readable by the third parties, unless they were also apple customers.

Is that really what you want?

Apple can encrypt so third parties (NSA) can't read (at least by hacking servers - but eventually it has to be sent in plain text), and that's the best they can do.
 
X-X said:
Completely wrong again, please just stop.

Google is encrypting all mails and attachments in transmission AND in their data centers for quite some time.

http://techcrunch.com/2014/03/20/gm...servers-now-encrypted-to-thwart-nsa-snooping/
Click to expand...

Sigh. But they encrypt it as against third parties (NSA), not themselves. Eventually it has to be decrypted, or you the recipient can't read it.

And Apple does EXACTLY the same thing.

http://www.newsy.com/videos/apple-to-boost-email-encryption-between-providers/

If you don't know how this stuff works you should stop guessing.
 
X-X said:
Completely wrong again, please just stop.

Google is encrypting all mails and attachments in transmission AND in their data centers for quite some time.

http://techcrunch.com/2014/03/20/gm...servers-now-encrypted-to-thwart-nsa-snooping/
Click to expand...

Google, like Apple, only encrypts email in transit IFF the receiving server supports such encryption. Many do not support it because email is, as cmaier pointed out, inherently insecure. The base protocol has no option for encryption.
 
Mr. Retrofire said:
Why? Apple is part of the NSA PRISM program:

Click to expand...

That doesn't mean that they joined. It just means they have access. DROPOUTJEEP was an exploit and NOT an already installed backdoor like other companies have. (Microsoft, Google, etc..) Just to prove my point... DROPOUTJEEP exploit has been fixed: http://www.iphonejd.com/iphone_jd/2...ty-flaw-in-ios-perhaps-thanks-to-snowden.html

All the articles about Apple collecting your data has no proof in it. Don't you think that if the NSA wants your information they would try NOT to get you to buy things they don't have access to? Think of why the media always bash Apple every chance they get.The NSA and government DON'T WANT YOU TO BUY ANY APPLE PRODUCT PERIOD! Facebook is filled with bots that bash Apple products by trying to convince people that Android is better or that people are switching more to Android.

9to5Mac has been invaded by 2 journalists that posts negative things about Apple and I have blasted them out on comments and they completely removed it to shut me up. The two journalists are below:

1. Stephen Hall (Stephen is publisher of a few of his own wearable tech news sites, at which he spent most of the middle part of 2013 searching for and breaking news about Google Glass. But in the past, Stephen has written at many technology publications across the web including Envato’s AppStorm, 148apps, and others. His main writing interests are currently Google Glass, smartwatches, and other wearable technology topics, but he also has extensive experience writing about the Apple ecosystem, jailbreak, and mobile applications and games. You can find more of his current work on the flip side at 9to5Google.

If you want to get in touch with Stephen, be sure to follow him on Twitter and Google+. Or, you can send him an email at stephen (at) 9to5mac (dot) com.)

2. Ben Lovejoy (Ben Lovejoy is a British technology journalist who started his career on PC World and has written for dozens of computer and technology magazines, as well as numerous national newspapers, business and in-flight magazines.

He is old enough to have owned the original Mac, and still has his Mac Portable in a cupboard as he can’t quite bear to part with it, despite the fact that he has no idea where the power supply is. He is occasionally tempted to turn up to a Genius Bar with it.

He currently owns a rather upgraded MacBook Pro 17, a MacBook Air 11, iPad Air, iPhone 4S and Thunderbolt Display 27 – and suspects it might be cheaper to have a cocaine habit than his addiction to all things anodised aluminum.

He thinks wires are evil and had a custom desk made to hide them, known as the OC Desk for obvious reasons.

He considers 1000 miles a good distance for a cycle ride, and Chernobyl a suitable tourist destination. What can we say, he’s that kind of chap.

He speaks fluent English but only broken American, so please forgive any Anglicised spelling in his posts.

If @benlovejoy-ing him on twitter, please follow him first so that he can DM you if appropriate. If you have information you can pass on, you can also email him. If you would like to comment on one of his pieces, please do so in the comments – he does read them all.)
Click to expand...


Both these guys work for corporations and I advise everybody to start researching their stuff so you get to know your journalists on what is fact and what is fake.

Has Apple ever lied to you before? When the iPhone 4 had the antenna gate did they lie about it? No... When the whole thing of Foxconn happen did they lie about it? No... While many other companies refuse to comment on their NSA deal or if they do comment about it they're all lies Apple is the only one that is showing they are trying to do something about it. It's time to wake up and realize what our government and the NSA is doing.
 
Part 1 was really good, wanted to watch part 2 now but can't find a link!
 
cmaier said:
The three questions are used to reset your password, not to unlock it. They, in effect, act as a second password. And, like your password, Apple does NOT have the answers to your questions - it has salted, encrypted versions of the answers.
Click to expand...

They unlock either my password or, more likely, my data. If my data were encrypted so that only my password were able to open it, nobody (including me) would be able to reset the password and access any of my data uploaded under the old password. However, that's exactly what someone can do.

Secondly, there is no guarantee that Apple does not have some way into my data because the entire login and decryption process takes place on their servers. If they are giving any data to the NSA, they must have a back door… or TRANSLTR :)D). For it to be secure and honest, I would need the decryption done on my side on an open-source component of OS X or iOS.

The fact that Apple and other companies always state that they "try" to keep our data private or state that they share a few things is ominous. You'd think that they'd at least say "we share nothing". I mean, that's what the privacy policy on my networked app says, even though there's nothing in place to guarantee that.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back