Apple (tweet, Hacker News, MacRumors):
In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment (VRE).
Today we’re making these resources publicly available to invite all security and privacy researchers — or anyone with interest and a technical curiosity — to learn more about PCC and perform their own independent verification of our claims. And we’re excited to announce that we’re expanding Apple Security Bounty to include PCC, with significant rewards for reports of issues with our security or privacy claims.
To help you understand how we designed PCC’s architecture to accomplish each of our core requirements, we’ve published the Private Cloud Compute Security Guide. The guide includes comprehensive technical details about the components of PCC and how they work together to deliver a groundbreaking level of privacy for AI processing in the cloud. The guide covers topics such as: how PCC attestations build on an immutable foundation of features implemented in hardware; how PCC requests are authenticated and routed to provide non-targetability; how we technically ensure that you can inspect the software running in Apple’s data centers; and how PCC’s privacy and security properties hold up in various attack scenarios.
[…]
We’re also making available the source code for certain key components of PCC that help to implement its security and privacy requirements. We provide this source under a limited-use license agreement to allow you to perform deeper analysis of PCC.
Saagar Jha:
It’s interesting to note that Apple’s PCC code is not open source but only available under a limited 90-day license for use as described here. However, posting code on GitHub requires the code to be viewable and forkable. IANAL, but this seems sketch.
mike_hearn:
All remote attestation technology is rooted by a PKI (the DCA certificate authority in this case). There’s some data somewhere that simply asserts that a particular key was generated inside a CPU, and everything is chained off that. There’s currently no good way to prove this step so you just have to take it on faith. Forge such an assertion and you can sign statements that device X is actually a Y and it’s game over, it’s not detectable remotely.
Therefore, you must take on faith the organization providing the root of trust i.e. the CPU. No way around it. Apple does the best it can within this constraint by trying to have numerous employees be involved, and there’s this third party auditor they hired, but that auditor is ultimately engaging in a process controlled by Apple. It’s a good start but the whole thing assumes either that Apple employees will become whistleblowers if given a sufficiently powerful order, or that the third party auditor will be willing and able to shut down Apple Intelligence if they aren’t satisfied with the audit. Given Apple’s legal resources and famously leak-proof operation, is this a convincing proposition?
Conventional confidential computing conceptually works, because the people designing and selling the CPUs are different to the people deploying them to run confidential workloads. The deployers can’t forge an attestation (assuming absence of bugs) because they don’t have access to the root signing keys. The CPU makers could, theoretically, but they have no reason to because they aren’t running any confidential workloads so there’s no data to steal. And they are in practice constrained by basic problems like not knowing what CPU the deployers actually have, not being able to force changes to other people’s hardware, not being able to intercept the network connections and so on.
[…]
In this case, Apple is doing everything right except that the root of trust for everything is Apple itself. They can publish in their log an entry that claims to be an Apple CPU but for which the key was generated outside of the manufacturing process, and that’s all it takes to dismantle the entire architecture.
It’s good that Apple is building in these safeguards because there are many scenarios where they would help. We just need to realize that there are limits to the marketing claims.
Jeff Johnson:
The Apple Security Research blog now has an RSS feed, though it’s not properly advertised.
Previously:
Update (2024-11-06): Apple (via Hacker News):
This guide is designed to walk you through these requirements and provide the resources you need to verify them for yourself, including a comprehensive look at the technical design of PCC and the specific implementation details needed to validate it.
Apple Intelligence Apple Security Bounty Artificial Intelligence iOS iOS 18 Mac macOS 15 Sequoia Open Source Privacy Private Cloud Compute Security
Apple:
As previewed earlier this year, changes to the browser choice screen, default apps, and app deletion for EU users, as well as support in Safari for exporting user data and for web browsers to import that data, are now available in the beta versions of iOS 18.2 and iPadOS 18.2.
[…]
Following feedback from the European Commission and from developers, in these releases developers can develop and test EU-specific features, such as alternative browser engines, contactless apps, marketplace installations from web browsers, and marketplace apps, from anywhere in the world. Developers of apps that use alternative browser engines can now use WebKit in those same apps.
John Gruber:
I just spent a few minutes trying to figure out how this works, but haven’t found it. If anyone can point me to the answer, let me know. It’s kind of bananas that EU-specific features couldn’t even be tested outside the EU until now.
Riley Testut:
If you’re on 18.2 you can test installing alternative marketplaces from websites (e.g https://altstore.io/download), which means they’ll download but you still can’t launch them
I’m also assuming it means I’ll be able to actually test installing apps with AltStore PAL without having to fly back to Europe, but need to wait ~72 hours for Apple to process my UDID to confirm.
Juli Clover (Hacker News):
With iOS 18.2, iPhone users in the European Union can fully delete a number of core apps, including the App Store, Safari, Messages, Camera, and Photos.
John Gruber:
Clearly this wouldn’t be in iOS 18.2 anywhere in the world if the European Commission weren’t demanding it for DMA compliance, but given that Apple had to do it for the EU, why not make it worldwide?
Previously:
App Marketplaces Digital Markets Act (DMA) European Union iOS iOS 18 Near-Field Communication (NFC) Testing
Juli Clover:
The change was noted on Reddit over the weekend, and there are details on the Disney+ and Hulu websites. Both the Disney+ and Hulu websites say that new and returning subscribers cannot sign up for and pay through Apple, but existing Apple-billed subscribers are not affected.
[…]
Eliminating the in-app purchase fees paid to Apple seems to be part of an effort to boost streaming revenue, paired with price hikes and also a recent crackdown on password sharing.
Disney+ and Hulu will no longer be eligible for Apple’s Video Partner Program going forward, and subscribers may notice a change in tvOS and the Apple TV app. The Video Partner Program provides integration with Apple technologies like AirPlay, Universal Search, zero sign-on, and more for streaming video apps that support in-app purchase.
Peter Kafka (Slashdot):
Disney’s rationale is clear here: When customers sign up for Disney subscription services via Apple, Apple takes up to 15% of the monthly fees those services generate. And Disney CEO Bob Iger has made it clear that he doesn’t want to pay that anymore.
Dare Obasanjo:
As Disney focuses on getting its streaming services to profitability, avoiding the Apple tax is a no brainer.
It’s telling that even the largest companies in the world find the Apple tax to business impairing. The more you tighten your grip, the more companies will slip through your fingers.
Damien Petrilli:
Disney, one of the biggest Apple ally doesn’t want to pay the Apple tax anymore?
I don’t understand, it’s bringing them so much value, don’t they get it?
Even with all the special treatment they got.
Tim Sweeney:
But Apple only allows video, audio, and e-book apps to do this[…]
Joe Rosensteel (post):
Sure, it sucks if you prefer to manage your subscriptions through Apple, just like when Netflix bailed, but Apple charges a lot for that convenience and it does limit what these platforms can do in terms of moving people to bundle pricing, which Disney is very interested in. Apple fails to justify their cut, or offer options that are more appealing than handling this themselves, so even BFF Disney is leaving.
Nick Heer:
As of writing a day after Disney made this change, Disney Plus is still listed as a member on Apple’s Video Partner Program page. I wrote about that program four years ago in the context of Apple seemingly retconning it into being a longstanding and “established” option available to developers of media applications.
[…]
It is hard to feel anything at all, really, about the business decisions of one massive conglomerate compared to another. But Apple’s subscription management is — in a vacuum and distinct from anything else — one of the nicest around, and it ultimately hurts users that it is so unattractive to some developers when given other options.
Previously:
App Store Business Disney Hulu In-App Purchase iOS iOS 18