Like, there’s a lot of people freaking out about Apple ending End to End encryption in iCloud in UK. I’m just like: So What? It was probably backdoored from the beginning
So is Big Tech’s E2E actually not backdoored? Or is that just a PR stunt to trick people into trusting iCloud, and this is a secret honeypot? 🤔
What are your thoughts?
There’s also a big difference between published specifications and threat models for the encryption which professionals can investigate in the code delivered to users, versus no published security information at all with pure reverse engineering as the only option
Apple at least has public specifications. Experts can dig into it and compare against the specs, which is far easier than digging into that kind of code blindly. The spec describes what it does when and why, so you don’t have to figure that out through reverse engineering, instead you can focus on looking for discrepancies
Proper open source with deterministic builds would be even better, but we aren’t getting that out of Apple. Specs is the next best thing.
BTW, plugging our cryptography community: [email protected]