
How encrypted communications apps failed to protect Michael Cohen - jamroom
https://www.fastcompany.com/90223739/how-encrypted-communications-apps-failed-to-protect-michael-cohen
======
amaccuish
There's nothing in this article on the "How". Misleading title to a fairly
vacuous piece.

~~~
chanfest22
Agree that it is fairly vacuous, however the article does say that the content
of the communications were backed up to Apple's cloud leading to it getting
compromised.

~~~
amaccuish
That was talking about Manafort, not Cohen. See

[About Cohen] > It’s unclear if the FBI actually broke through any layers of
encryption to get the data

[About Manafort] > Paul Manafort, himself found ... Those messages appeared to
have been found through Manafort’s Apple iCloud account.

------
rconti
Article does not follow from headline.

"It’s unclear if the FBI actually broke through any layers of encryption to
get the data. It’s possible that Cohen, who apparently at times taped
conversations, stored the conversation logs in a less-than-secure way."

~~~
goalieca
Protecting data in transit vs data at rest. Classic.

Reminds me of.. « Yes your database was encrypted but the key was stored in a
file on the server adjacent. »

------
AdmiralAsshat
Security is only as good as its weakest link.

Case in point, all of _my_ messages in Signal are locked behind a password
phrase, which I have to re-enter every time the phone restarts or the app gets
updated. I figured it was iron-clad. Until I discovered that the whole
password-protected message vault is entirely optional (must've been one of
those things I toggled years ago and never looked back). My girlfriend, of
course, uses Signal but does _not_ have that turned on, so if they really
wanted a record of our communications, all they'd have to do is subpoena her
phone instead of mine.

~~~
lisper
This is not a problem unique to Signal. Any communication can be compromised
via any participant regardless of medium or protocol.

------
21
Not a big surprise. Being secure against the FBI (not to mention NSA) is
really hard, even for a technical person.

If you want to be secure against a possible prosecution you really need to
hire an expert to setup your devices and teach you how to use them securely.
And you also need to think about physical security.

~~~
jopsen
Indeed mostly we encrypt phones, laptops, disks, etc. to protect in case of
theft.

------
mtgx
I blame Apple for forcing users to backup iMessage messages to iCloud if they
keep iCloud itself enabled.

