Hacker News new | ask | show | jobs
by brookst 2 days ago
You should read the paper.

Like any good security paper, it doesn’t assert immunity to particular parties. Instead, covers things like how PCC attests that the running software image is identical to the publicly-available, forensically-studied one.

Fear is real for sure, but don’t let fear be an excuse to lose rigor in thinking.
2 comments
TalkingCodeMonk 2 days ago
What if the CA certs are compromised, as was alluded to for GCP in the Snowden leaks?

All server security measures are irrelevant if every client req/res is dragnet siphoned off to NSA servers in plaintext. It would also afford the corporation deniability even if they were aware or involved.

This is why everything than can feasibly be E2EE (or performed locally) should be, unless the data is explicitly public. There are too many opportunities for compromise even when the provider has the best of intentions, and ruling class psychopaths aren't intentionally destroying democracy or implementing big brother.

link
brookst 2 days ago
I’m having a hard time parsing that.

Are you suggesting that PCC specifically is sending things in plaintext, or that the security promises in the server and arch are false, or that a compromised CA means… IDK what?

I’m with you on the big principles, but are you implying more specific attack vectors or just kind of maybe everything could be compromised somehow?

link
TalkingCodeMonk 2 days ago
> In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data reside. In hand-printed letters, the drawing notes that encryption is “added and removed here!”

http://web.archive.org/web/20140101231153/https://www.washin...

https://blog.cryptographyengineering.com/2013/09/06/on-nsa/

link
brookst 2 days ago
So still just innuendo, nothing specific to how PCC works?
link
criley2 2 days ago
This is a non-answer, and in fact, a statement like "don't let fear be an excuse to lose rigor in thinking" in response to my question "how verifiable are their claims" is insulting and sloppy. Rigor in thinking includes human discussion and humans asking questions, but yet you shot that down.

ChatGPT, do what this user wouldn't, and answer the dang question:

> No, Apple cannot verify that Private Cloud Compute is completely immune to nation-state actors, contains no zero-days, or could never be subjected to secret legal compulsion. Nobody can honestly establish those absolutes for a complicated, evolving computer system operating across multiple jurisdictions.

> What Apple has done is more meaningful than ordinary corporate “due diligence,” however. PCC is specifically engineered to make clandestine access—whether by hackers, insiders, or governments—technically difficult, difficult to target, and more likely to leave externally detectable evidence...

> Against ordinary attackers, rogue employees, conventional cloud administrators and routine government data requests, PCC appears exceptionally strong for a cloud AI service.

> Against a targeted nation-state willing to combine zero-days, supply-chain compromise, endpoint exploitation, legal pressure and secrecy, the right description is: Highly resistant, deliberately difficult to target, and unusually auditable—but not immune.

Thanks ChatGPT. Don't know why I bother to ask humans anymore, it's StackOverflow the whole way down.

link
chipotle_coyote 2 days ago
"I did not like your answer, therefore I will use the 100% reliable, bullet-proof method of having an algorithm generate the statistically most likely words that form a plausible answer to my question."
link
TalkingCodeMonk 2 days ago
If you knew what you were talking about, you would've already used your brain to verify that ChatGPT's response was accurate.
link