[jmclnx]

I hope they really do this. All too often Companies will say this then when the law is passed they back down. Why, stockholders.

Has Apple really removed iMessage and FaceTime anywere else ? Are these available with 100% full encryption in China ? If so then they are just blowing wind :(

[kotaKat]

FaceTime was banned in the UAE up until ~2021 when it suddenly started working again for non-UAE phones[1]. For the longest time iOS/macOS has had feature and region flags at a lower hardware level that could dictate system policy for things like FaceTime as well as the camera shutter sound required in Korea/Japan.

[1] https://apnews.com/article/dubai-middle-east-united-arab-emi...

[epcoa]

> Are these available with 100% full encryption in China ? If so then they are just blowing wind :(

Talk less, read more.

[jmclnx]

Well here is something for you to read, if you are a Chinese Citizen living in China, then these messages can be seen by the Government because iCloud data must be stored in China.

https://www.reddit.com/r/ios/comments/cskufy/imessage_encryp...

[epcoa]

Yeah, ok, try harder than a Reddit thread where supposedly authoritative commenters can’t even spell encrypt.

The idiot pmendes is wrong (if he was correct then no one knowledgeable on the subject would classify that system as E2EE - something more to read about). The encryption keys are not managed in iCloud which you can read yourself:

https://support.apple.com/guide/security/how-imessage-sends-...

https://www.apple.com/legal/privacy/data/en/messages/#:~:tex....

iCloud backup is an opt in feature - you use it full well knowing it effectively damages the affordance of E2E regardless of locale if ADP is not available.

“Read more” did not mean social media.

[philsnow]

> The idiot pmendes is wrong (if he was correct then no one knowledgeable on the subject would classify that system as E2EE

What exactly is pmendes wrong about? Are you referring to this comment:

> In iMessage the message contents are in fact end to end encripted. Each device encripts the message using the recipient keys and then sends the message. The problem is that iCloud manages the keys by itself so you have no way of knowing who is the exact owner of the key. Addionaly, on group chats, they don't even need to be a man in the middle. They can just add their key to the list of encription keys for that chat, and receive a copy of each message.

What's wrong there, aside from spelling? The nit I would pick is that in "iCloud manages the keys", I would change "iCloud" to "Apple" or "Apple's IDS".

How, specifically, does iCloud backup damage the affordance of E2E? This doesn't make any sense.

If you have somebody's GPG public key, you can encrypt a file to that public key and then put up the encrypted file on a public FTP site [0], whence they can download and decrypt it. iMessage does nearly exactly that, except that 1) Apple's identity service effectively solved the key distribution problem, 2) the messages are, even though already encrypted, themselves also transmitted by encrypted channels to Apple's servers during transit.

[0] Well, I wouldn't do this if I were at all concerned about the contents because it doesn't allow for forward secrecy.

[epcoa]

> What's wrong there, aside from spelling?

If you’re going to classify every critical fact as a “nit” then nothing is ever wrong.

IDS vs iCloud is far more than a nit. They’re completely different services. iCloud is run by a 3rd party in China, this is well publicized, whereas IDS is not. So that’s like not a minor detail.

iMessage does not depend on iCloud. You don't need an iCloud account. These are unrelated.

Contact key verification is a more recent addition, and again not dependent on iCloud.

> How, specifically, does iCloud backup damage the affordance of E2E?

Just saying, you can sync your data to whatever encrypted or unencrypted service you want if you choose to. This may diminish the value to the end user of E2EE but it is unrelated. I'm not the one that brought up iCloud first. Take that up with the original commenter.

[isykt]

Can a Chinese person not use iMessage without iCloud? This is possible in the US. In fact, it’s the default.

[decentsafety]

I was looking around to see what china has access to after seeing this post... However, people mention their messages can only be visible if icloud backups are enabled? Seems risky to trust either way.

[epcoa]

People should read actual documentation and expert or academic writing rather than a bunch of terminally online nerds on Reddit. I’ve seen nothing credible that the E2E for iMessage and FaceTime isn’t as advertised. If you backup to the cloud you’re electing to disclose your data outside the boundaries of encryption.

[smoldesu]

> People should read actual documentation

Then they should read the leaked government documents from around the world that contradict what Apple says themselves. Failing that, they should at least be able to read the actual code to corroborate its security, but that's not an option either.

[epcoa]

> Then they should read the leaked government documents from around the world that contradict what Apple says themselves.

On what specifically?

> they should at least be able to read the actual code to corroborate its security, but that's not an option either.

Why does that matter? You're already trusting Apple hardware. Public access to source code doesn't make security systems safer. I'm not sure what a journalist or even 99% of webshits on this forum would do with trying to audit crypto.