Man, this is really the worst case we've been fearing in Germany as well, i.e. an overzealous government that wants access to the master decryption keys of any app using end-to-end encryption so they can backdoor them anytime they like. I really hope they have enough common sense left to reverse their course, and I have to say kudos to Apple for taking this fight.
chaz6 330 days ago [-]
Perhaps there is an app that makes using one-time pads simple. It is really the only way to be reasonably certain that your communication is protected. With storage so abundant it is feasible to share a 100MiB pad for each contact which should be enough for a lifetime of messages.
MattPalmer1086 329 days ago [-]
End to end encryption achieves the same thing without having to share large one time pads. The only people with your key are the people on the ends.
330 days ago [-]
irenmroma 330 days ago [-]
[dead]
330 days ago [-]
amelius 330 days ago [-]
[flagged]
Angostura 330 days ago [-]
Except, in this case you have a US company that I honestly believe takes privacy seriously, fighting to prevent that stance being undermined by the UK government
redserk 330 days ago [-]
The problem is if you want to back up the content of your device securely. Without ADP, you’re stuck sending it into iCloud in a way that allows a government to access the data.
If you wanted to avoid potential prying eyes, you can’t backup the device over the internet to a storage location you own. You can sort of do this with photos, but it’s absolutely a kludge.
Apple is only one US law away from completely shutting down Advanced Data Protection for everyone.
danaris 330 days ago [-]
> Apple is only one US law away from completely shutting down Advanced Data Protection for everyone.
The problem with this is that it's universally applicable.
Any cloud service that has end-to-end encryption today can be forced to break it if the jurisdiction in which they're based passes a law requiring it.
"So use a self-hosted open-source cloud backup system with a VPS?" Not a scalable solution. I genuinely do not believe there is a scalable solution to this problem.
All we can do is either pick the service we trust will remain safe the longest, or DIY it for ourselves and maybe those closest to us. And fight at the ballot box to end the era of ever-expanding government surveillance of everyone's digital data.
jacksnipe 330 days ago [-]
That is, by definition, not e2e encrypted.
danaris 330 days ago [-]
Sorry, which "that" are you referring to?
If you mean this:
> So use a self-hosted open-source cloud backup system with a VPS?
then why not? It just needs to be set up to encrypt before upload, and decrypt after download, and have some means of sharing keys to other clients. Unless I'm being dumb and missing something?
jacksnipe 330 days ago [-]
> Any cloud service that has end-to-end encryption today can be forced to break it if the jurisdiction in which they're based passes a law requiring it.
If a 3rd party can be compelled to decrypt it, it’s not e2e encrypted.
danaris 329 days ago [-]
"Break it" in the same sense as the UK is demanding of Apple: put a backdoor into their encryption that "only the good guys can use".
Before they do that, it is e2ee. After they do that, it is not.
jacksnipe 330 days ago [-]
Encrypted backups are an intractable technical problem. The key is on the device you’ve lost, so another copy of the key must be saved somewhere.
There has to be an element of trust, or else the actual use case that 99.9% of users have — I lost my device and want to restore my <whatever> - can’t be met.
It’s not like there’s some great alternative solution they’re intentionally neglecting.
like_any_other 330 days ago [-]
> another copy of the key must be saved somewhere
Like a password you memorize? Or write down on a piece of paper and store it somewhere safe?
gruez 330 days ago [-]
Both will inevitably get lost/forgotten, especially if it's a password that isn't used on a regular basis. Even for regular backups users rarely test recovery protocols. They just turn it on and call it a day. Heck, sometimes even companies don't even bother doing it, and find out that their disaster recovery protocols aren't up to snuff after they've been ransomwared.
like_any_other 330 days ago [-]
There's nothing inevitable about it. If a user would rather risk forgetting/losing a password, than governments covertly and cheaply spying on them, they can do that, and the problem is perfectly tractable. It's only intractable under the demented requirements of delegating all security to someone else, and at the same time expecting to be secure against the entity you have delegated all security to.
gruez 330 days ago [-]
>If you wanted to avoid potential prying eyes, you can’t backup the device over the internet to a storage location you own. You can sort of do this with photos, but it’s absolutely a kludge.
Use iTunes backup and then upload the files from your PC to an online storage provider of your choice?
redserk 329 days ago [-]
That’s a workaround, that’s not a solution.
That is a solution for 2005 when the iPod wasn’t an internet connected device. In 2025 when devices are connected, performing network backups is overwhelmingly the correct answer.
Angostura 328 days ago [-]
You can still make an encrypted back-up to your local Mac - and I guess Windows box.
That's what I do - sync it to my Mac
conorjh 330 days ago [-]
Apple regularly comply with Law Enforcement requests for customer data though...
gruez 330 days ago [-]
What else are they supposed to do? Defy court orders? That's why they introduced ADP, which avoids this problem by making it impossible for them to comply.
amelius 329 days ago [-]
I wouldn't be surprised if it were made illegal. In fact, they probably have a deal with the government where they have a back door, and can still claim all these nice privacy things. I don't see any other way where this would be allowed.
oneplane 330 days ago [-]
There is no silicon for useful laptops that isn't US-controlled or China-controlled. On top of that, there is no ISA or reference CPU that isn't US-based.
In the future, we might have RISC-V, but right now, we don't. You can get laptops with Intel, AMD, ARM or IBM, and that's about it. All of the chips that are fast enough to be useful are US-based (in design and manufacturing instructions, but Asia-based in physical construction).
Say you'd be more interested in something that looks/feels like it's not from the US, you are pretty much restricted to stuff that's from ODMs in Asia. But it's the same hardware from the same production facilities, running the same firmware and operating systems.
Havoc 330 days ago [-]
>On top of that, there is no ISA or reference CPU that isn't US-based.
ARM HQ is in Cambridge & owned by Japan (Softbank group)
oneplane 330 days ago [-]
I suppose that's true. My mind was already on the likes of Qualcomm, Apple, Ampere and Broadcom but the base ISA and some of the reference designs used in public are indeed pure ARM (the company).
Ideally there'd be a player like Fujitsu (also an ARM licensee), they can do an entire laptop where only the manufacturing and software is not in-house (they don't have the capacity to do that AFAIK). If you then slap some coreboot (or U-Boot) and linux on it, you'd be pretty close to a much less US-attached laptop.
robin_reala 330 days ago [-]
You can get pure(ish)-China laptops if you’re willing to go that far to get away from the US. Hauwei have a range of laptops using HiSense ARM cores: https://qingyun.huawei.com/
oneplane 330 days ago [-]
Didn't Samsung try to do the same? That'd be a Korean option if amelius has that in scope. Unless they are using Snapdragon for those of course.
traceroute66 330 days ago [-]
> laptop of a non-US origin soon
Maybe NitroPad[1] from Nitrokey (Germany) ?
I don't think Fujitsu Siemens make PCs/Laptops any more, only servers. But that would have been an option as their factory is in Germany.
Thanks, and glad to see a comment that actually answers my question :) rather than telling me things like who Europeans should or should not trust.
rightbyte 330 days ago [-]
Bringing up UK in the context made me worried about you.
amelius 330 days ago [-]
Snowden made me worry a lot more about a lot of people.
rightbyte 330 days ago [-]
Yes.
itscrush 330 days ago [-]
Certainly not the UK, they're spearheading much of the privacy problem.
rightbyte 330 days ago [-]
Your own government is usually the biggest threat to your privacy. And namedropping the UK as some gov you would prefer from a privacy point of view is silly.
whynotmaybe 330 days ago [-]
I don't have any gov app installed on my phone, though it came with the whole Google suite, Facebook and Instagram installed.
And I can't remove it unless I root it.
If you're in a country where the gov is a threat to your privacy, you're in a dictatorship.
A democratic gov does not really care a lot about personal data, it only wants tax money.
A private company cares a lot about personal data because each bit of personal information is sellable to anyone interested.
vladvasiliu 330 days ago [-]
Didn't the UK have an issue with Apple the other day, trying to get some "backdoor" to icloud? Which prompted Apple to say they'd remove E2E encryption for those users?
How's that tax related and not caring about personal data? Does that make the UK a dictatorship?
rightbyte 330 days ago [-]
> If you're in a country where the gov is a threat to your privacy, you're in a dictatorship.
Really? Nothing to hide?
Any practical democracy does strange stuff.
FreebasingLLMs 330 days ago [-]
[dead]
londons_explore 330 days ago [-]
> Your own government is usually the biggest threat to your privacy.
Few people think of this. More should.
vvchvb 330 days ago [-]
[dead]
ohgr 330 days ago [-]
The government or other parties will come and take your data wherever you are without a moment's notice. There is no defence against that.
The objective should be to make that as hard as possible by not putting it somewhere you make it easy for them to do so without your knowledge or without legal due process.
And that is NOT in some cloud.
Rendered at 13:39:32 GMT+0000 (Coordinated Universal Time) with Vercel.
If you wanted to avoid potential prying eyes, you can’t backup the device over the internet to a storage location you own. You can sort of do this with photos, but it’s absolutely a kludge.
Apple is only one US law away from completely shutting down Advanced Data Protection for everyone.
The problem with this is that it's universally applicable.
Any cloud service that has end-to-end encryption today can be forced to break it if the jurisdiction in which they're based passes a law requiring it.
"So use a self-hosted open-source cloud backup system with a VPS?" Not a scalable solution. I genuinely do not believe there is a scalable solution to this problem.
All we can do is either pick the service we trust will remain safe the longest, or DIY it for ourselves and maybe those closest to us. And fight at the ballot box to end the era of ever-expanding government surveillance of everyone's digital data.
If you mean this:
> So use a self-hosted open-source cloud backup system with a VPS?
then why not? It just needs to be set up to encrypt before upload, and decrypt after download, and have some means of sharing keys to other clients. Unless I'm being dumb and missing something?
If a 3rd party can be compelled to decrypt it, it’s not e2e encrypted.
Before they do that, it is e2ee. After they do that, it is not.
There has to be an element of trust, or else the actual use case that 99.9% of users have — I lost my device and want to restore my <whatever> - can’t be met.
It’s not like there’s some great alternative solution they’re intentionally neglecting.
Like a password you memorize? Or write down on a piece of paper and store it somewhere safe?
Use iTunes backup and then upload the files from your PC to an online storage provider of your choice?
That is a solution for 2005 when the iPod wasn’t an internet connected device. In 2025 when devices are connected, performing network backups is overwhelmingly the correct answer.
That's what I do - sync it to my Mac
In the future, we might have RISC-V, but right now, we don't. You can get laptops with Intel, AMD, ARM or IBM, and that's about it. All of the chips that are fast enough to be useful are US-based (in design and manufacturing instructions, but Asia-based in physical construction).
Say you'd be more interested in something that looks/feels like it's not from the US, you are pretty much restricted to stuff that's from ODMs in Asia. But it's the same hardware from the same production facilities, running the same firmware and operating systems.
ARM HQ is in Cambridge & owned by Japan (Softbank group)
Ideally there'd be a player like Fujitsu (also an ARM licensee), they can do an entire laptop where only the manufacturing and software is not in-house (they don't have the capacity to do that AFAIK). If you then slap some coreboot (or U-Boot) and linux on it, you'd be pretty close to a much less US-attached laptop.
Maybe NitroPad[1] from Nitrokey (Germany) ?
I don't think Fujitsu Siemens make PCs/Laptops any more, only servers. But that would have been an option as their factory is in Germany.
[1] https://shop.nitrokey.com/shop?&search=nitropad
If you're in a country where the gov is a threat to your privacy, you're in a dictatorship.
A democratic gov does not really care a lot about personal data, it only wants tax money.
A private company cares a lot about personal data because each bit of personal information is sellable to anyone interested.
How's that tax related and not caring about personal data? Does that make the UK a dictatorship?
Really? Nothing to hide?
Any practical democracy does strange stuff.
Few people think of this. More should.
The objective should be to make that as hard as possible by not putting it somewhere you make it easy for them to do so without your knowledge or without legal due process.
And that is NOT in some cloud.