Hacker News new | ask | show | jobs
by ramesh31 1062 days ago
>I'm pretty sure the Firefox data is E2E encrypted. As in "If you forget your password, your data is gone."

The argument though is that it's not true E2E without the secure enclave. App data can be compromised in many ways. Apple goes to incredible lengths (including burning the root key which cannot be retrieved or reset from outside the enclave into the silicon during manufacturing with no way of them being able to tell what it is) to ensure a chain of trust from the point that anything physically enters the device.
1 comments
lxgr 1062 days ago
True, but then they also added mandatory key escrow using server-side HSMs with no way to opt out – and these are by their nature much harder to audit than local secure enclaves.

In other words, with Firefox you trust the security of your device, whereas with Apple you trust the security of their entire ecosystem. In most cases, that's probably even a good thing, but I wouldn't exactly label one as strictly better than the other in all scenarios.

link
astrange 1062 days ago
You can opt out.

https://support.apple.com/en-us/HT212520

Although, I don't think that was accurate for iCloud Keychain anyway.

link
lxgr 1062 days ago
I don't think this actually opts you out of key escrow these days. It only replaces SMS-OTP with the recovery key, as far as I understand.

It's impossible to tell, though – Apple's platform security guide has been last updated in April 2022, which predates Advanced Data Protection. (Weirdly they do mention it in the document [1], though, so the date might also be incorrect and they might have added that information since I last looked a year ago.)

At least according to [2], it seems possible to gain access to the encrypted data using the iCloud account password and the passcode/login password of one other device on the iCloud account in any case.

[1] https://help.apple.com/pdf/security/en_US/apple-platform-sec...

[2] https://support.apple.com/en-us/HT202303

link
ramesh31 1061 days ago
>At least according to [2], it seems possible to gain access to the encrypted data using the iCloud account password and the passcode/login password of one other device on the iCloud account in any case.

But iCloud access is forced to 2FA with one of your signed in devices, which requires the local password (pin, touch id, or face id, all of which never leave the enclave) to approve. There's really no way to get something covered by ADP short of physical device access + a stolen/coerced pin number.

link