{"id":31323,"date":"2021-01-14T16:50:38","date_gmt":"2021-01-14T21:50:38","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=31323"},"modified":"2021-06-07T11:39:01","modified_gmt":"2021-06-07T15:39:01","slug":"reminder-imessage-not-meaningfully-e2e","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/01\/14\/reminder-imessage-not-meaningfully-e2e\/","title":{"rendered":"Reminder: iMessage Not Meaningfully E2E"},"content":{"rendered":"<p><a href=\"https:\/\/twitter.com\/dhh\/status\/1349620868234829824\">David Heinemeier Hansson<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=25777207\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/dhh\/status\/1349620868234829824\"><p>If you use iCloud Backup AT ALL, which is the default, your use of iMessage is not E2E because Apple has a backup of the encryption keys &#x1F92F;. And even if you turn off this backup, your recipient probably didn&rsquo;t. So iMessage is not meaningfully E2E at all!<\/p>\n<p>[&#8230;]<\/p>\n<p>Apple&rsquo;s marketing of iMessage&rsquo;s E2E is seriously deceptive.<\/p><\/blockquote>\n\n<p>You would think a company serious about privacy would explain the situation in plain English. Or allow more granular control so that you don&rsquo;t have to choose between giving Apple all your messages and not having a cloud backup.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/dhh\/status\/1349626377297866752\">David Heinemeier Hansson<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/dhh\/status\/1349626377297866752\">\n<p>I cannot believe Apple conned me into thinking iMessage was meaningfully E2E &#x1F61E;.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/dhh\/status\/1349629183924826112\">David Heinemeier Hansson<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/dhh\/status\/1349629183924826112\"><p>So say you wake up one morning. Realize that Apple has been lying about E2E with asterisks and omissions and defaults, and you then turn off your iCloud backup. How long does it take before these backups are permanently gone from Apple&rsquo;s servers? Can&rsquo;t find a retention answer.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/noahsbwilliams\/status\/1349631407153242123\">Noah Williams<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/noahsbwilliams\/status\/1349631407153242123\"><p>Hey so since \n@dhh\n has just reminded me of all the ways Apple deceives us into thinking their products are secure, I&rsquo;d just like to compile my thoughts on all the ways backdoors currently exist within iOS[&#8230;]<\/p><p>Apple saves your call logs to the cloud unless you turn off iCloud Drive (not iCloud backups)[&#8230;]<\/p><p>[&#8230;]<\/p><p>The default length of an iOS passcode which you&rsquo;re prompted to setup out of the box is six digits, which is laughably easy to brute force.<\/p><p>[&#8230;]<\/p><p>Also, you can&rsquo;t even request to disable server side logging of Siri commands without putting your phone in supervised mode&#8230;<\/p><\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/12\/17\/where-is-end-to-end-encryption-for-icloud\/\">Where Is End-to-End Encryption for iCloud?<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/01\/21\/apple-dropped-plans-for-end-to-end-encrypted-icloud-backups-after-fbi-objected\/\">Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/10\/13\/opting-out-of-sharing-siri-audio-recordings\/\">Opting Out of Sharing Siri Audio Recordings<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2016\/09\/29\/apples-imessage-metadata-logs\/\">Apple&rsquo;s iMessage Metadata Logs<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2016\/02\/17\/fbi-asks-apple-for-secure-golden-key\/\">FBI Asks Apple for Secure Golden Key<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2013\/10\/22\/imessage-end-to-end-encryption\/\">iMessage End-to-End Encryption<\/a><\/li>\n<\/ul>\n\n<p id=\"reminder-imessage-not-meaningfully-e2e-update-2021-01-18\">Update (2021-01-18): See also: <a href=\"https:\/\/news.ycombinator.com\/item?id=25796820\">Hacker News<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>David Heinemeier Hansson (Hacker News): If you use iCloud Backup AT ALL, which is the default, your use of iMessage is not E2E because Apple has a backup of the encryption keys &#x1F92F;. And even if you turn off this backup, your recipient probably didn&rsquo;t. So iMessage is not meaningfully E2E at all! [&#8230;] Apple&rsquo;s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-01-14T21:50:43Z","apple_news_api_id":"703e4a3b-3954-41ee-b6d9-c9e44bf8e9fc","apple_news_api_modified_at":"2021-06-07T15:39:04Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAw==","apple_news_api_share_url":"https:\/\/apple.news\/AcD5KOzlUQe622cnkS_jp_A","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[146,16,913,140,31,1837,30,1891,141,1454,355,1227],"class_list":["post-31323","post","type-post","status-publish","format-standard","hentry","category-technology","tag-backup","tag-icloud","tag-icloud-drive","tag-imessage","tag-ios","tag-ios-14","tag-mac","tag-macos-11-0","tag-messages","tag-phone-app","tag-privacy","tag-top-posts"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/31323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=31323"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/31323\/revisions"}],"predecessor-version":[{"id":31502,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/31323\/revisions\/31502"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=31323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=31323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=31323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}