Uhm this is exactly why you only store already-encrypted data on remote servers
this post was submitted on 21 Feb 2025
170 points (98.9% liked)
Technology
63082 readers
3816 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Google or Facebook should stop using HTTPS there with a big red banner saying WE HAD TO DISABLE ENCRYPTION BECAUSE YOUR GOVERNMENT WANTS TO SEE WHAT YOU DO, THE SIDE EFFECT IS EVERYONE CAN SEE WHAT YOU DO
All UK machines, phones, and servers should just remove all root certificates. Can't trust encryption right?
X509Brexit.
Then they wouldn't have to interact with any part of the encrypted internet.
Why didn't you take the obvious: "BreX609it"
Lol. Some galaxy brains were 'Oh my Apple would never roll over and simply do what they're told! They'll keep our data safe!' and mad at me for saying exactly this was going to happen.
Well, huh, look at that. A corporation that rolled over faster than a well-trained golden retriever. Who would have guessed it.
To be fair this is the opposite of rolling over. Rolling over would be adding the back door.
Yep. This is exactly what I expected them to do. They don’t want the liability of losing your data or enabling your privacy to be compromised on their devices, and the eroded trust of their customer base from that.
Unfortunately the UK put them between a rock and a hard place here. As shitty as it is, I’m glad they opted to remove the feature for only that market, rather than weaken it for everyone. It sucks, but it’s the lesser evil.
I don’t think they had any good choices here. Just like the San Bernardino shooter’s iPhone, they decided not to make the device’s OS inherently less secure with the inclusion of a backdoor and I can at least appreciate that much.
Apple said users who already had it turned on will be given a period of time to disable it in order to keep using their iCloud accounts, although the length of time was not stated.
I'm in the UK and have ADP enabled but I am yet to be informed by Apple when/if it will be disabled in the future. I'm glad we had a change in government but this is a serious misstep from Labour.
ETA: I've written to my local MP to voice my disapproval of this "technical capability notice" and I urge anyone else in the UK to do so as well.
Start a petition, I’m sure people will sign it based on how serious this could be for security in general
When was the last time a petition achieved anything? Better off writing directly to your MP. Parliamentary petitions exist purely to allow MPs to ignore the problem as it's easier to dismiss a few thousand signatures on a petition rather than a few thousand letters stacking up on their desks.
Both. Do both. Make it easier for them to address the issue than ignore you. Depending on which side of the aisle your MP is on, focus your letter on either "those evil are doing thus terrible thing, I know you're bold enough to stand up to them." or "this policy seems to have the following problems, and it's leaving you open to attack from . It'd be a shame if you lost your position over it."
Looking at it from that point of view I agree with what you are saying, I haven’t thought about it that way before.
So despite all the tough talk, they just roll over and capitulate. The only way to protest this is to move your stuff off Apple.
Apple’s choices here were:
-
Do what they did, and remove the feature for the UK only
-
Create a backdoor into their OS that can potentially be used by not just governments, but bad actors too, effectively crippling security for every single device they sell worldwide and bypassing the usefulness of on-device encryption entirely.
-
Exit the UK market, which is not realistic and would leave millions of UK customers without any further recourse than to replace their Apple devices, which is incredibly wasteful and expensive (not to mention inconvenient).
Apple chose the lesser evil. What more could you possibly expect in this situation? If you want to protest, protest the government demanding that level of surveillance on their citizens.
…to less-secure alternatives? Do you really think Google is going to say “no backdoor, we’re keeping encryption, we don’t need YOUR market”?
To a more secure alternative, obviously. There are other options than Apple and Google.
No? Kinda? I'd say a Pixel (so Google hardware, yeah) with Graphene, and either self-hosted, or independent end-to-end encrypted could storage.
There are alternatives to the tech conglomerates.
Even your alternative requires someone to give money to a tech conglomerate. There is no perfect alternative this late into capitalism Even if there was, it’s not realistic for millions of Apple devices around the world to suddenly be replaced.
By no means should that discourage anyone reading this from taking action to control your data better, however. I also self-host and am doing everything I can to minimize my reliance on big companies, but there are time, skill and monetary gaps there not everyone can overcome.
You could swap out the Pixel+Graphene for say a FairPhone+LineageOS. I ran misc-secondhand-phone+LineageOS for over a decade. Still selfhost everything I need. My family have all their photos upload to my nextcloud instance instead of Google.
My switch to Pixel+Graphene is because ultimately the problem is political not technical. A banking app I needed for work refused to run without the real Google services. It also refused Custom ROMs. I tried a lot of tricks. Also GoogleMaps is the only satnav with traffic information in the route planning. There is other things, but Graphene allows you a compromise of running the Google services, but sandboxed.
The problem is not technical, it's political. Most people don't understand the difference between a standard and a monopoly. The law makers are asleep to monopolies and the need for competition in the tech world, so have allow this tech dystopia to happen. Some that are more awake know big monopolies are easier to get things like this story from. Multinational corporation are money machines, they won't really fight for their users. But they miss the bigger picture.
If you care about all this stuff, there is groups like:
Maybe also https://openuk.uk/ , though they more work with big tech.
This is why "privacy" doesn't work on a closed system controlled by a third party.
….or a government demanding a way in.