![]() This already happens to every hosting and storage provider and it's entirely plausible that politicians will start publicly wringing their hands to try and justify an actual invasion of privacy where "the government" will be able to scan devices (and even require it from manufacturers) in the interest of "saving the children". I feel like there's a third option here, though, in that Apple is very likely trying to get ahead of what's likely to be requests from the government that they won't be able to just not abide by. Now that I no longer understand Apple's practices as a steward of my private data, I can no longer trust them with it. Given the details they've provided, I get why they might have thought this was in line with their general privacy ethos of keeping everything on-device, but the fact is that it is too complicated to build a reliable understanding of in my mental model of my own data privacy-and that's for somebody (me) who is quite technical and has even dabbled in crypto. Now Apple is letting the surveillance apparatus reach into my own physical hardware, blurring the lines with some overwrought, proprietary crypto-gobbledygook solution. I am comfortable with my files existing on both sides of this distinction, but only because I understand it. ![]() It's very easy to understand that content on a physical disk I own will not be scanned by some government-friendly surveillance program, and content I upload to somebody else's servers will. > It’s truly disappointing that Apple got so hung up on its particular vision of privacy that it ended up betraying the fulcrum of user control: being able to trust that your device is truly yours. It’s truly disappointing that Apple got so hung up on its particular vision of privacy that it ended up betraying the fulcrum of user control: being able to trust that your device is truly yours. One’s device ought be one’s property, with all of the expectations of ownership and privacy that entails cloud services, meanwhile, are the property of their owners as well, with all of the expectations of societal responsibility and law-abiding which that entails. Yes, you can turn off iCloud Photos to disable Apple’s scanning, but that is a policy decision the capability to reach into a user’s phone now exists, and there is nothing an iPhone user can do to get rid of it.Ī far better solution to the “Flickr problem” I started with is to recognize that the proper point of comparison is not the iPhone and Facebook, but rather Facebook and iCloud. The scope will always broaden.Īpple’s choices in this case, though, go in the opposite direction: instead of adding CSAM-scanning to iCloud Photos in the cloud that they own-and-operate, Apple is compromising the phone that you and I own-and-operate, without any of us having a say in the matter. However you technically can do dropbear SSH prior to decrypting the root filesystem if you can figure out how to implement it.This invasive capability on the device level is a massive intrusion on everyone's privacy and there will be no limits for governments to expand it's reach once implemented. "All processes on the hard disk would run, under encryption" ![]() At this time this is not YET possible but will be soon to: The hardware exists but the software is catching up to provide secure enclaves where your cloud provider cannot see your data at rest, in memory, or even in processing thanks to advances in CPUs and homomorphic encryption. Your use case of preventing Amazon or other cloud providers snooping isn't really going to be stopped by this. I'm not aware of an out of the box solution but v is fairly close so if you're skilled maybe you can get this working on metal. The project dropbear-initramfs can provide ssh prior to mounting your encrypted root filesystem for booting. ![]() You were not incorrect in your thinking, after all there is some software prompting you for your decryption key. ![]() This is possible in initramfs to have an ssh server beforehand but this small part won't be encrypted. ![]()
0 Comments
Leave a Reply. |