[jmillikin]

  > Compare this to Apple's iMessage or FaceTime - Apple
  > cannot decrypt the contents of the messages, and
  > therefore cannot give the contents to the government.

This is not correct.

First, when you buy a new iPhone, the way you authenticate yourself is by entering your Apple ID and password. Once entered, your new device will begin receiving iMessage data. This means that Apple is capable of provisioning a virtual device with your credentials, which will receive your messages. From there, they can be either stored or forwarded to third parties.

Second, your iPhone runs binaries distributed by Apple. There is no technical reason why these binaries could not contain code to forward historical messages to Apple or to a third party. Even if they don't now, a future update to iOS (which you won't be able to audit) could introduce such code.

The only way to have private communication is for all parties to run open-source clients. Each party must have the technical skill to audit the source code, or there must be at least one (preferably multiple) trusted third-party auditor. They must distribute encryption keys through a separate channel which does not depend on the communication host.

In other words, the standard Thunderbird+GPG+keyparty system that is popular among nerds but has seen no uptake among the general population.

[embolism]

First, when you buy a new iPhone, the way you authenticate yourself is by entering your Apple ID and password. Once entered, your new device will begin receiving iMessage data. This means that Apple is capable of provisioning a virtual device with your credentials, which will receive your messages. From there, they can be either stored or forwarded to third parties.

Wrong. As others who have examined the protocol have noted, your password is used to unlock a keybag on the device itself. Apple doesn't have your password (only a secure hash) and therefore can't unlock the keybag. The security depends on the strength of your password, which is a weakness, but it is in your control, not Apples.

Yes, the binaries of any system can contain arbitrary spyware or be infected with such at any stage from development through to decommissioning. Open source is no absolute protection against that.

At the moment we are trusting that companies are not baldly lying to us, even Google.

[jmillikin]

  > As others who have examined the protocol have noted,
  > your password is used to unlock a keybag on the device
  > itself. Apple doesn't have your password (only a secure
  > hash) and therefore can't unlock the keybag.

Re-read what I wrote, and think about what it means.

Setting up iMessage on a new iPhone does not involve copying a "keybag" (sic), inputting a private key, or any other form of strong client-side authentication. All you have to do is sign into the device using your Apple ID, and you can then receive iMessage messages.

If there were any additional barrier preventing Apple from provisioning iMessage entpoints, iPhone users would not be able to activate iMessage with only their Apple ID.

Do you understand now?

  > Yes, the binaries of any system can contain arbitrary
  > spyware or be infected with such at any stage from
  > development through to decommissioning. Open source is
  > no absolute protection against that.

It's not an absolute protection, but it is very good protection.

Staying inside your house is not absolute protection against being eaten by bears, but your chances of being eaten by bears are much much lower than if you walk around Yellowstone dressed in steak.

[embolism]

   Re-read what I wrote, and think about what it means.

I think it means you have a false belief about the limits of the system.

   If there were any additional barrier preventing Apple from provisioning iMessage entpoints, iPhone users would not be able to activate iMessage with only their Apple ID.

Wrong. Apple doesn't have your password. Only a hash. Verifying against the hash allows apple to add another device to the backend but does not unlock the keys to the message history. Only the password does that.

There is some understanding about how the protocol works here: https://news.ycombinator.com/item?id=5493514

There are other sources around the net that you can refer to to understand more about how such a protocol can be built, but I don't have a lot of faith in you as a conversation partner now that you've demonstrated that you can't be bothered to inform yourself before responding incorrectly with condescending certainty.

[jmillikin]

  > Verifying against the hash allows apple to add another
  > device to the backend but does not unlock the keys to
  > the message history

Isn't this what I've been claiming? If Apple can provision additional endpoints, they can provision a virtual endpoint which receives messages and forwards them to third parties.

[embolism]

Doing that wouldn't provide access to the history. Unless they always do this for every single device, there is no mountain of data to analyze.

The point we are discussing is not whether iMessage provides perfect security. The point is that iMessage doesn't give Apple a stockpile of personal data that can be indiscriminately targeted at any time the way GMail can.

I'm not saying it's a panacea or arguing in favor of Apple. iMessage proves that Google could engineer a system to protect users privacy by not stockpiling data if they wanted to, which you have incorrectly denied.

[jmillikin]

  > iMessage proves that Google could engineer a system
  > to protect users privacy

iMessage does not protect privacy, because Apple is capable of intercepting your messages messages and sending them to third parties. To be a private communications medium, it should be considered impossible for messages to be intercepted.

The only thing worse than a product that doesn't offer privacy is a product which claims to, but actually doesn't.

IMO, Apple's claim that iMessage is private is irresponsible because it endangers people who take that claim at face value.