

Apple’s Commitment to Customer Privacy - jcurbo
https://www.apple.com/apples-commitment-to-customer-privacy/

======
chm
"For example, conversations which take place over iMessage and FaceTime are
protected by end-to-end encryption so no one but the sender and receiver can
see or read them. Apple cannot decrypt that data. Similarly, we do not store
data related to customers’ location, Map searches or Siri requests in any
identifiable form."

If all of this statement is true, then I'm impressed. I would have thought
Apple to keep more information, such as iMessage logs, for the sake of
analytics and Ad revenue.

Good.

~~~
LoganCale
Apple has never made the iMessage protocol publicly available for review, but
from reverse engineering people have not been able to find evidence of end-to-
end encryption, just SSL/TLS to and from Apple's servers.

> I do not see anything about retrieving public keys of users you are sending
> messages to; hence your message is completely readable/editable by someone
> at apple's servers.

[http://security.stackexchange.com/questions/18908/the-
inner-...](http://security.stackexchange.com/questions/18908/the-inner-
workings-of-imessage-security)

Further, an iMessage message can be received simultaneously on all your
devices. Unless your private key is synced via Apple's servers, how would end
to end decryption work?

And finally, there were incidents some time back where people were receiving
messages intended for other people, but were able to read them unencrypted.

It would be nice to get some clarification from Apple on this, along with
making the protocol and its security public.

~~~
eigenvector
If Apple is using the Obama administration's definition of "can't", then
"Apple cannot decrypt that data" simply means, "Apple does not decrypt that
data".

------
harryf
That term "direct access" crops up again.

> We do not provide any government agency with direct access to our servers

------
vondur
Taken at face value, this statement seems good enough. Without actually seeing
the data they have, we have to take there word for it.

------
CaptJax
> The most common form of request comes from police investigating robberies
> and other crimes, searching for missing children, trying to locate a patient
> with Alzheimer’s disease, or hoping to prevent a suicide.

AKA Terrorism

------
brilee
This is the first time I've heard that iMessage and Facetime are end-to-end
encrypted. Can somebody comment on that? I imagine it only works if both ends
of the conversation are on iMessage.

~~~
LoganCale
See my comment at
[https://news.ycombinator.com/item?id=5897497](https://news.ycombinator.com/item?id=5897497)
for some concerns I have that seem to cast doubt on the claim, along with a
link to discussion of reverse engineering efforts that suggest no end to end
encryption.

