{"id":8053,"date":"2013-10-22T17:07:36","date_gmt":"2013-10-22T21:07:36","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=8053"},"modified":"2018-04-20T10:15:29","modified_gmt":"2018-04-20T14:15:29","slug":"imessage-end-to-end-encryption","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2013\/10\/22\/imessage-end-to-end-encryption\/","title":{"rendered":"iMessage End-to-End Encryption"},"content":{"rendered":"<p><a href=\"http:\/\/daringfireball.net\/2013\/10\/imessage_encryption\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"http:\/\/daringfireball.net\/2013\/10\/imessage_encryption\"><p>Leaving aside the moral implications of flat-out lying to their customers, I would think that if iMessage&rsquo;s back-end were designed with a weakness exploitable by Apple as Quarkslab supposes, Apple would say or promise nothing with regard to iMessage&rsquo;s susceptibility to server-side decryption rather than compound that weakness with blatant lies to the contrary. To lie would be to take an enormous PR risk for a relatively small PR gain. I say &ldquo;small PR gain&rdquo; simply because I doubt most people who use iMessage even know their messages are supposed to be securely encrypted from end-to-end. I say &ldquo;large PR risk&rdquo; because if Apple&rsquo;s statements regarding iMessage encryption are eventually discredited, the backlash in the press will be severe (and justly so).<\/p><\/blockquote>\n<p>I agree, but I <a href=\"http:\/\/mjtsai.com\/blog\/2013\/06\/26\/can-apple-read-your-imessages\/\">still think<\/a> that it&rsquo;s a mistake to focus on the end-to-end encryption and Apple&rsquo;s statements about same. Most iMessage users are probably using iCloud Backup, which <em>does<\/em> retain copies of the messages, and <em>does not<\/em> encrypt them with a device key. There&rsquo;s no need to intercept messages that are already being stored. Since Apple has not, to my knowledge, claimed otherwise, I think it&rsquo;s reasonable to assume that when it <a href=\"http:\/\/www.apple.com\/apples-commitment-to-customer-privacy\/\">provides data to law enforcement<\/a> this includes data from backups.<\/p>\n\n<p>Update (2018-04-20): <a href=\"https:\/\/twitter.com\/agilethumbs\/status\/987206978953920513\">@agilethumbs<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/agilethumbs\/status\/987206978953920513\">\n<p>And end to end encryption only matters if you can verify the identity of the other party, which you can&rsquo;t with iMessage. Wiretapping iMessage is trivial and 100% is happening now. Apple removed their warrant canary four years ago.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>John Gruber: Leaving aside the moral implications of flat-out lying to their customers, I would think that if iMessage&rsquo;s back-end were designed with a weakness exploitable by Apple as Quarkslab supposes, Apple would say or promise nothing with regard to iMessage&rsquo;s susceptibility to server-side decryption rather than compound that weakness with blatant lies to the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-04-20T14:15:31Z","apple_news_api_id":"9438e702-1cfd-4d38-b24a-a95a3d318f55","apple_news_api_modified_at":"2018-04-20T14:15:33Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AlDjnAhz9TTiySqlaPTGPVQ","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[38,146,16,140,355,48],"class_list":["post-8053","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple","tag-backup","tag-icloud","tag-imessage","tag-privacy","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/8053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=8053"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/8053\/revisions"}],"predecessor-version":[{"id":21298,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/8053\/revisions\/21298"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=8053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=8053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=8053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}