[pluckytree]

Agreed, but the article is focused on why these companies that have done significant things to protect users with encryption technologies haven’t been a lot more vocal like Tim Cook has. This issue is so important to them and to everyone that they could spare a little time to speak their minds. Otherwise it just looks like that "kooky Apple" going against the grain. Who cares, they are going out of business soon, right?

[tptacek]

Why are we supposed to play dumb about the subtext behind Cook's comment?

I'm sure Cook believes what he's saying, but the real marketing strategy here isn't "crypto versus plaintext"; it's "consumer product company" versus "online service provider".

Seen through this lens, there's an argument that what Cook is doing is counterproductive. He's making an argument that Google can't sign on to, and using crypto as a wedge to drive the argument home. "Be a consumer product company, because then you can protect users with crypto".

Also: the kind of encryption that Apple is really making a stand for? They do a better job of it than Android, but Android provides the same encryption: what scares the USG about Apple is that iPhones are locked by default, and when they're locked, they can't be imaged easily. That's true of Google's phones as well.

Meanwhile, Google is doing a much better job of securing browser crypto than Apple is; Apple is almost an obstacle to better browser crypto.

[chaz72]

I disagree that what Cook is doing is counterproductive. I think Google could take a stronger line to secure user data if they wanted to. They don't have to become a consumer product company to run a messaging system which they cannot read. If Google can't sign on to that, maybe they should change something so that they can.

[tptacek]

iMessage is better than Google's chat offerings in this regard, but not that much better.

If you want secure messaging, you need to be using OTR or Signal. Apple isn't really helping you here.

[sarciszewski]

I'd just like to add: NOT Telegram.

Because some people need it explicitly stated.

[chaz72]

I don't claim that Apple is as good as OTR or Signal, only that Google could do more, Google should do more, and Google should be out there helping Tim Cook make a case that back doors are a terrible idea.

edit: Microsoft, Apple, Google, they all need to step up their game and make their case in public. Apple's not perfect but they're slightly ahead of the other two major OS vendors here.

[tptacek]

But everyone can do more, including Apple. Meanwhile, I think if you build a scoreboard for this, it's not at all clear that Apple is ahead of Google.

[chaz72]

Google's not making a public case. And Google, as far as I know, can read messages you send on Google services. Those are both Big Deals. I don't disagree (I don't have the expertise to!) with what you said on Apple and browser security. There are many parts.

Everybody can step up their game, I absolutely agree there.

[sarciszewski]

Ugh, scoreboards. Historically, they've only caused confusion and muddied the waters. :(

[mindslight]

Erm, Google's business model is to perform MITM for economic advantage. The popularity of this business model is what rekindled this "debate".

Their use of TLS is like an amateur's use of XOR - a secure primitive in a very narrow context that ignores the big picture. Google is the type of backdoor the skinjobs are grooming us to accept.

I think it's only a matter of time until Apple Inc lands on "Game Over", but Google is playing an entirely different game.

[freshhawk]

I think the claim is just that it makes perfect sense for Google to not want to take that stronger line, and perfect sense for Apple to want to do so because of the differences in their businesses.

Google can't show relevant ads for content they cannot read. Nor can they index it.

[Zigurd]

> He's making an argument that Google can't sign on to

That's only true if Google is unwilling to trade ad revenue for subscription revenue. Google Apps for Work is a product area where Google is making that trade-off, and is presumably not cannibalizing their ad business. There is no reason Google can't offer a consumer-friendly subscription service that would be unbreakably private at similar pricing.

[gok]

Google can't sign onto a no back door policy?