zlacker

[parent] [thread] 4 comments
1. Nextgr+(OP)[view] [source] 2020-06-05 03:03:14
Key management is still centralized and controlled by Apple, so they can still MITM communications by messing with the key exchange.

iCloud backups (enabled by default) are not end-to-end encrypted.

So while it's technically E2E, in practice you get very little protection from it because it's broken by design.

I still use iMessage because of the user experience, but let's not be fooled by their misleading E2E claims; it's all just marketing BS.

replies(1): >>ciaran+n
2. ciaran+n[view] [source] 2020-06-05 03:06:04
>>Nextgr+(OP)
If both parties disable iCloud on their phones, does Apple have any way to read messages sent via iMessage?
replies(3): >>frisco+D2 >>Nextgr+c6 >>sneak+2n
◧◩
3. frisco+D2[view] [source] [discussion] 2020-06-05 03:27:17
>>ciaran+n
We have no idea and there’s no real way even in principle for us to know.
◧◩
4. Nextgr+c6[view] [source] [discussion] 2020-06-05 04:16:55
>>ciaran+n
They can still pull off an MITM attack by sending the MITM’s keys (pretending to be the other user’s keys) because they control they key exchange.

It’s an active attack and can’t apply retroactively but within these constraints they can still do it.

◧◩
5. sneak+2n[view] [source] [discussion] 2020-06-05 07:52:09
>>ciaran+n
Yes, if they add a wiretapping key to one or both of your key lists, which is silent/invisible to the sender.
[go to top]