iOS won’t send requests to it unless that node appears in the transparency log.
If it appears in the transparency log, the whole world will be able to see that a suspicious node has started serving requests.
If Apple changes iOS to remove that restriction, the whole world will be able to see that change because it’s client side.
If Apple tries to deliver a custom version of iOS to a single user, the iOS hardware will refuse to run it unless it has a valid signature.
If it has a valid signature, that copy of the firmware is irrefutable evidence that Apple is deliberately breaking its privacy promises and spying on people in a way they specifically said they wouldn’t, which would be extremely harmful to their business.
Apple seems to be going all-out in binding themselves in a way that makes it as difficult as possible to do what you are suggesting.
> Specifically, the user’s device will wrap its request payload key only to the public keys of those PCC nodes whose attested measurements match a software release in the public transparency log.
But what’s stopping Apple from returning a node which lies about its “attested measurements” (possibly even to a specific user)? Whats to prevent any old machine, not running the TPM at all, from receiving a certificate?
I get that “the process is further monitored by a third-party observer not affiliated with Apple”, but I don’t know where I read their report, or even if they are still paid by Apple, so this feels like a trust-based proof.
If it appears in the transparency log, the whole world will be able to see that a suspicious node has started serving requests.
If Apple changes iOS to remove that restriction, the whole world will be able to see that change because it’s client side.
If Apple tries to deliver a custom version of iOS to a single user, the iOS hardware will refuse to run it unless it has a valid signature.
If it has a valid signature, that copy of the firmware is irrefutable evidence that Apple is deliberately breaking its privacy promises and spying on people in a way they specifically said they wouldn’t, which would be extremely harmful to their business.
Apple seems to be going all-out in binding themselves in a way that makes it as difficult as possible to do what you are suggesting.