[LoganCale]

Any evidence of this? I had read and posted about the same, but more recently found an older discussion on HN (which, absurdly, I cannot find now) which explains in more detail how the end to end encryption actually works and does so in a way that Apple almost definitely cannot intercept the plaintext messages.

[jmillikin]

See my first post in this thread.

Short version: Users can enable iMessage on their devices by signing in to their Apple account. Therefore, Apple is capable by themselves of configuring which devices receive messages from particular accounts. Therefore, Apple is capable of configuring a device you do not control to receive your messages.

[LoganCale]

They could do so, yes, but it would pop up a message on your actual devices which you would have to agree to before that device can receive and decrypt new messages.

[jmillikin]

In the case of a wiretap, I assume Apple would choose not to notify the target that they have been wiretapped.

[embolism]

You still don't understand how this works. Apple can't complete the provisinig process alone - the user unlocking the keybag on the device with their password is an essential part of provisioning a device.

When a new device is added to the keybag, the other devices report the change - this isn't controlled by the server and isn't optional. Apple can control the transport infrastructure, but they cannot enrol new devices into the cryptographic session without the user being involved.

[embolism]

You are pretending that this is equivalent to asserting that they have access to arbitrary message histories, which they in fact do not.

[jmillikin]

No, I'm not. At no point have I ever claimed that being able to intercept messages is equivalent to having access to previous messages.

[embolism]

Fair enough, but actually your other point doesn't stand either because the prevailing understanding is that the keybag mechanism allows the clients to detect and report when another device is provisioned, and that the password is needed to join a new device to the keybag.

Therefore although Apple could add another device to the communication protocol, without the password another device cannot be added to the encryption session, or without alerting the end user.