Hacker News new | past | comments | ask | show | jobs | submit login

iTunes backups support encryption without your computer needing FDE.

There is also the idevicebackup2 commandline tool from the libimobiledevice suite for doing those backups on linux, mac, or windows hosts. Supports the iOS protocols, including the native backup encryption.


Having a secure iOS device is possible: disable iCloud backups, probably disable messages and photos too, and use a custom numeric pin >10 digits (a lot more if you are using it as T9 input). The secure enclave's kdf is only configured for 100ms of stretching IIRC, but it's sufficient with a long pin code.

It would be great if idevicebackup2 supported WiFi sync and not just usb. Being able to do scheduled backups without user intervention means iCloud wins by quite some margin on convenience otherwise.

I'd still rather have FDE, as well. For me, LUKS.

I have both, but if I could only have one I'd rely on the native iOS backup encryption.

I trust Apple's implementation more than I trust myself accidentally leaving my disk unlocked in public. And I do trust myself not to leave my disk unlocked in public.

(I know this is a digression from the topic but we're nicely tucked away at the bottom of the comments)

That's how they got DFS. Two agents pretended to have a lovers' argument at the library, to distract him, and the third grabbed his laptop.

I don't use laptops anymore. Just host machines for VMs. And I always shut them all down, whenever I leave the building. I have a commercial UPS, with a deadman circuit. So I just cabled that line with the CAT6, and there are motorcycle-style kill switches in key places (desk, bathroom, kitchen and bed).

I admire your diligence, although I wonder about your threat model if you are bragging about a drug-kingpin-level setup on a forum.

I've been writing about privacy, anonymity, etc for many years, as Mirimir. And I can't write honestly unless I test stuff.

I don't do anything iffier than many who write using their meatspace identity. But for many years, I wanted to keep that segregated from my professional life. That doesn't matter so much now, but it's Mirimir who I am. So hey.

I didn't take it as bragging; to me it looks like it comes from a position of wanting to teach. Security is basically a collection of things you ought not to forget, so I think exposure is important for people to a hold of it.

I don't do anything cool, at least as of right now, but I still check my locks and I'm happy to impart my knowledge like this. Privacy is a human right! I hope journalists, Uighurs, and whoever else can find their way to decent security information because of mirimir's efforts.

I'd go as far as to say LUKS in plain mode, rather than ever so popular container LUKS.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact