[makeitdouble]

I get your point, but we can also agree "send us your data, we can't access it anyway, right ?" is a completely different proposition from physically removing the data.

In particular if a flaw was to be revealed on the secure enclave or encryption, it would be too late to act on it after the machines have been sent in for years.

To be clear, I'm reacting on the "Apple is privacy focused" part. I wouldn't care if they snoop my bank statements on disk, but as a system I see them as behind what other players are doing in the market.

[traceroute66]

> if a flaw was ...

I hear the point you're making and I respect the angle, its fair-enough, but ...

The trouble with venturing into what-if territory is the same applies to you...

What if the disk you took out was subjected to an evil-maid attack ?

What if the crypto implementation used on the disk you took out was poor ?

What if someone had infiltrated your OS already and been quietly exfiltrating your data over the years ?

The trouble with IT security is you have you trust someone and something because even with open-source, you're never going to sit and read the code (of the program AND its dependency tree), and even with open-hardware you still need to trust all those parts you bought that were made in China unless you're planning to open your own chip-fab and motherboard plant ?

Its the same with Let's Encrypt certs, every man and his dog are happy to use them these days. But there's still a lot of underlying trust going on there, no ?

So all things considered, if you did a risk-assessment, being able to trust Apple ? Most people would say that's a reasonable assumption ?

[nkmskdmfodf]

> even with open-source, you're never going to sit and read the code (of the program AND its dependency tree)

You don't have to. The fact that it's possible for you to do so, and the fact that there are many other people in the open source community able to do so and share their findings, already makes it much more trust-worthy than any closed apple product.

[ddingus]

THIS!

Back when I was new to all of this, the idea of people evaluating their computing environment seemed crazy!

Who does that?

Almost nobody by percentage, but making sure any of us CAN is where the real value is.

[stephenr]

Jia Tan has entered the chat.

[tobias2014]

I hope you bring that up as an example in favor on open-source, as an example that open-source works. In a closed-source situation it would either not be detected or reach the light of day.

[stephenr]

In a closed source situation people using a pseudonym don't just randomly approach a company and say "hey can I help out with that?"

It was caught by sheer luck and chance, at the last minute - the project explicitly didn't have a bunch of eyeballs looking at it and providing a crowd-sourced verification of what it does.

I am all for open source - everything I produce through my company to make client work easier is open, and I've contributed to dozens of third party packages.

But let's not pretend that it's a magical wand which fixes all issues related to software development - open source means anyone could audit the code. Not that anyone necessarily does.

[talldayo]

> What if the disk you took out was subjected to an evil-maid attack ?

Well, have fun with my encrypted data. Then I get my laptop back, and it's either a) running the unmodified, signed and encrypted system I set before or b) obviously tampered with to a comical degree.

> What if the crypto implementation used on the disk you took out was poor ?

I feel like that is 100x more likely to be a concern when you can't control disc cryptography in any meaningful way. The same question applies to literally all encryption schemes ever made, and if feds blow a zero day to crack my laptop that's a victory through attrition in anyone's book.

> What if someone had infiltrated your OS already and been quietly exfiltrating your data over the years ?

What if aliens did it?

Openness is a response to a desire for accountability, not perfect security (because that's foolish to assume from anyone, Apple or otherwise). People promote Linux and BSD-like models not because they cherry-pick every exploit like Microsoft and Apple does but because deliberate backdoors must accept that they are being submit to a hostile environment. Small patches will be scrutinized line-by-line - large patches will be delayed until they are tested and verified by maintainers. Maybe my trust is misplaced in the maintainers, but no serious exploit developer is foolish enough to assume they'll never be found. They are publishing themselves to the world, irrevocably.

[mixmastamyk]

What if the disk could be removed, put inside a thunderbolt enclosure, and worked on another machine while waiting for the other? That's what I did with my Framework.

Framework has demonstrated in more than one way that Apple's soldered/glued-in hardware strategy is not necessary.