Hacker News new | past | comments | ask | show | jobs | submit login

Private Cloud Compute servers have no persistent storage so there would be nothing to see upon opening the kimono. You'd need some sort of government requested live wire tap thing to harvest the data out of the incoming requests, which might be a different situation. I'm, of course, just some dude on the internet, thinking up a counter-point to this concern, who knows if I am even remotely in the right ballpark.



Apple already services US Gov cloud data requests, see e.g. https://www.reddit.com/r/privacy/comments/eqg5gc/apple_compl...


> Private Cloud Compute servers have no persistent storage so there would be nothing to see upon opening the kimono

It doesn't actually say there is no persistent storage, it says that the compute node will not store it for longer than the request. There's nothing to stop the data coming from a datastore outside of the "PCC" in another part of apple's infrastructure.


> have no persistent storage

How often do PCC servers reboot and wipe the temporary encryption key?


mandatory 30 day retention policies or something like it


You can't mandate retention on stuff you're not storing anyway - or because of encryption can't store.


You would think that, but cell carriers have been found to retain both plaintext and encrypted traffic for several years in some cases: https://www.vice.com/en/article/m7vqkv/how-fbi-gets-phone-da...


Cell carriers aren't a bastion of end to end encryption, the tech just can't do it.

That's why you use them just as dumb pipes forwarding encrypted data traffic from one place to another.

No SMS, no phone calls if you can avoid it.


Speaking of tech, has anyone ever independently audited Apple's encrypted infrastructure a-la what they're promising for Private Compute? I'm unconvinced that the government couldn't crack that if they wanted.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: