https://arstechnica.com/gadgets/2022/12/apple-adds-end-to-end-encryption-to-icloud-device-backups-and-more/
Apple adds end-to-end encryption to iCloud backups & Apple

Apple abandons its plans for CSAM scanning, too. https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/

Previously, 14 data categories within iCloud were protected. This new
feature brings that count to 23, including photos, notes, voice memos, reminders, Safari bookmarks, and iCloud backups of the contents of your devices. Not everything is encrypted in this way, though. Critically,
calendar and mail are untouched here. Apple says they are not covered.
US-based participants in the Apple Beta Software Program can start using Advanced Data Protection today, and it will roll out to more Americans by year's end. If you're outside the US, you'll have to wait until sometime in 2023, Apple says.

Apple also announced iCloud users may now use hardware security keys like YubiKeys. Both NFC keys and plug-in keys are supported.

Second, there's iMessage Contact Key Verification, which can alert "users
who face extraordinary digital threats," like journalists, if
state-sponsored actors are hijacking or spying on their conversations, in
some cases.

In tandem with today's announcements, Apple confirmed something most of us already figured: It is no longer working on a controversial system that was intended to identify child sexual-abuse material on users' iPhones-the
company changed course after a public privacy and security backlash.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-08, NewsKrawler <newskrawl@krawl.org> wrote:

Apple abandons its plans for CSAM scanning, too.

Actually, this has nothing to do with Apple's proposed CSAM
functionality, which would be done on-device rather than on Apple
servers as *all* of their competitors do. Apple's proposed CSAM scanning maintained user privacy in significant ways compared to the competition.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-07, Jolly Roger <jollyroger@pobox.com> wrote:

Apple abandons its plans for CSAM scanning, too.

Actually, this has nothing to do with Apple's proposed CSAM
functionality, which would be done on-device rather than on Apple
servers as *all* of their competitors do. Apple's proposed CSAM scanning maintained user privacy in significant ways compared to the competition.

https://www.macrumors.com/2021/12/15/apple-nixes-csam-references-website/

Apple spokesperson Shane Bauer told The Verge that though the CSAM
detection feature is no longer mentioned on its website, plans for CSAM detection have not changed since September, which means CSAM detection is
still coming in the future.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/7/2022 8:08 PM, NewsKrawler wrote:

<snip>

Apple spokesperson Shane Bauer told The Verge that though the CSAM
detection feature is no longer mentioned on its website, plans for CSAM detection have not changed since September, which means CSAM detection is still coming in the future.

The Wall Street Journal article implied that the whole CSAM proposal is
no longer being pursued:

"Apple now says it has stopped development of the system, following
criticism from privacy and security researchers who worried that the
software could be misused by governments or hackers to gain access to
sensitive information on the phone.

Mr. Federighi said Apple’s focus related to protecting children has been
on areas such as communication and giving parents tools to protect
children in iMessage. “Child sexual abuse can be headed off before it occurs,” he said. “That’s where we’re putting our energy going forward.”"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/8/2022 6:36 AM, sms wrote:

On 12/7/2022 8:08 PM, NewsKrawler wrote:

<snip>

Apple spokesperson Shane Bauer told The Verge that though the CSAM
detection feature is no longer mentioned on its website, plans for CSAM
detection have not changed since September, which means CSAM detection is
still coming in the future.

The Wall Street Journal article implied that the whole CSAM proposal is
no longer being pursued:

"Apple now says it has stopped development of the system, following
criticism from privacy and security researchers who worried that the
software could be misused by governments or hackers to gain access to sensitive information on the phone.

Mr. Federighi said Apple’s focus related to protecting children has been
on areas such as communication and giving parents tools to protect
children in iMessage. “Child sexual abuse can be headed off before it occurs,” he said. “That’s where we’re putting our energy going forward.”"

Sorry, forgot the link: <https://www.wsj.com/articles/apple-plans-new-encryption-system-to-ward-off-hackers-and-protect-icloud-data-11670435635>.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-08, NewsKrawler <newskrawl@krawl.org> wrote:

On 2022-12-07, Jolly Roger <jollyroger@pobox.com> wrote:

Apple abandons its plans for CSAM scanning, too.

Actually, this has nothing to do with Apple's proposed CSAM
functionality, which would be done on-device rather than on Apple
servers as *all* of their competitors do. Apple's proposed CSAM
scanning maintained user privacy in significant ways compared to the
competition.

Apple spokesperson Shane Bauer told The Verge that though the CSAM
detection feature is no longer mentioned on its website, plans for
CSAM detection have not changed since September, which means CSAM
detection is still coming in the future.

At least you can admit you were wrong. Good on you.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Dec 08, 2022, sms wrote
(in article<news:tmt211$t66i$1@dont-email.me>):

Sorry, forgot the link: <https://www.wsj.com/articles/apple-plans-new-encryption-system-to-ward-off-hackers-and-protect-icloud-data-11670435635>.

That's behind a paywall for me but it macrumours recently picked up on it. https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

For years, Apple has touted its privacy record while leaving its users vulnerable, particularly to police surveillance.

Despite the announcement, S.T.O.P is "disappointed" that end-to-end
encryption will require users to opt-in and is not to be enabled by
default.

Fox Cahn, the group's executive director, said, "it's good to see Apple's privacy protections catching up with its sales pitch, but making these protections opt-in will leave most users vulnerable."

She said that Apple's announcement of end-to-end encryption brings the company's marketing of being privacy-focused to reality.

What she is referring to is Apple's reputation as the pro-privacy tech
company has long been at odds with the reality that iCloud backups aren't secured by end-to-end encryption.

This change in Apple policy means people's personal messages, documents,
and data will be secure from law enforcement, hackers, and Apple itself."
The group is now calling upon Apple to implement RCS messaging into iPhone,
a move the group says is a "non-negotiable next step."

Up until now, much of the data users store on iCloud is just a court order
away from becoming a policing tool. With these changes, Apple will keep up
with the privacy best practices that other companies have followed for
years. But it's disappointing that users have to opt-in to many of these
new protections, leaving the vast majority at risk.

Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages, photos,
and more, meeting the longstanding demand of both users and privacy groups
who have rallied for the company to take the significant step forward in
user privacy.

What Apple calls "Advanced Data Protection," encrypts users' data stored in iCloud, meaning only a trusted device can decrypt and read the data.

Following its announcements, the EFF or Electronic Frontier Foundation, a
group that has long-called for Apple to enable end-to-end encryption and
take more steps to safeguard user privacy, put out a statement applauding
the new feature and Apple's renewed commitment to privacy.

We applaud Apple for listening to experts, child advocates, and users who
want to protect their most sensitive data. Encryption is one of the most important tools we have for maintaining privacy and security online. That's
why we included the demand that Apple let users encrypt iCloud backups in
the Fix It Already campaign that we launched in 2019.

Ron, the humblest guy in town.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-08, Jolly Roger <jollyroger@pobox.com> wrote:

At least you can admit you were wrong. Good on you.

The confirmation from Apple I reported in response was from a year ago.

Many of the recent news reports claim Apple only recently abandoned CSAM.
But they didn't provide any proof coming directly from Apple of that claim.

That means without a clear cite from Apple, nobody can corroborate your
opinion nor that of the already cited news reports that you objected to.

Without a valid cite from you or anyone else, it remains to be seen whether Apple still plans on implementing controversial CSAM on-device scanning.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-08 03:42:32 +0000, NewsKrawler said:

In tandem with today's announcements, Apple confirmed something most of us already figured: It is no longer working on a controversial system that was intended to identify child sexual-abuse material on users' iPhones-the company changed course after a public privacy and security backlash.

Where is the confirmation link Apple is no longer working on CSAM scanning?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/8/2022 9:54 AM, RonTheGuy wrote:

On Dec 08, 2022, sms wrote
(in article<news:tmt211$t66i$1@dont-email.me>):

Sorry, forgot the link:
<https://www.wsj.com/articles/apple-plans-new-encryption-system-to-ward-off-hackers-and-protect-icloud-data-11670435635>.

That's behind a paywall for me but it macrumours recently picked up on it. https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

For some reason it was not behind the WSJ paywall for me, but most WSJ
articles are.

<snip>

This change in Apple policy means people's personal messages, documents,
and data will be secure from law enforcement, hackers, and Apple itself."
The group is now calling upon Apple to implement RCS messaging into iPhone,
a move the group says is a "non-negotiable next step."

Unlikely to happen unless it's required by some government rule like
what happened with USB-C. The last thing Apple wants is a default cross-platform messaging platform. As long as WhatsApp, Signal, etc.,
require that the user install an app, iMessage will remain a big selling
point for the iPhone.

<snip>

Following its announcements, the EFF or Electronic Frontier Foundation, a group that has long-called for Apple to enable end-to-end encryption and
take more steps to safeguard user privacy, put out a statement applauding
the new feature and Apple's renewed commitment to privacy.

We applaud Apple for listening to experts, child advocates, and users who want to protect their most sensitive data. Encryption is one of the most important tools we have for maintaining privacy and security online. That's why we included the demand that Apple let users encrypt iCloud backups in
the Fix It Already campaign that we launched in 2019.

Love the EFF! And kudos to Apple for both the end to end encryption and
the abandonment of CSAM scanning.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <mk7l8t9t52oo$.dlg@news.solani.org>, RonTheGuy
<ron@null.invalid> wrote:

What does RCS have to do with privacy?

it lacks it

I didn't see anything from Apple that said they'd abandon CSAM scanning.

keep looking

Did Apple say anywhere on the net that they have stopped working on CSAM?

they did with respect to scanning uploads. messaging, however,
continues to check.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Dec 08, 2022, sms wrote
(in article<news:tmtdoe$u3ih$1@dont-email.me>):

This change in Apple policy means people's personal messages, documents,
and data will be secure from law enforcement, hackers, and Apple itself."
The group is now calling upon Apple to implement RCS messaging into iPhone, >> a move the group says is a "non-negotiable next step."

Unlikely to happen unless it's required by some government rule like
what happened with USB-C. The last thing Apple wants is a default cross-platform messaging platform. As long as WhatsApp, Signal, etc.,
require that the user install an app, iMessage will remain a big selling point for the iPhone.

But why did Fight for the Future (a privacy-focused advocacy group) say RCS
is a non-negotiable next step in privacy?

What does RCS have to do with privacy?

Love the EFF! And kudos to Apple for both the end to end encryption and
the abandonment of CSAM scanning.

I didn't see anything from Apple that said they'd abandon CSAM scanning.
Did Apple say anywhere on the net that they have stopped working on CSAM?

Ron, the humblest guy in town.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <tmthha$uc7n$1@dont-email.me>, sms
<scharf.steven@geemail.com> wrote:

What does RCS have to do with privacy?

It's much more secure than SMS since it has end-to-end encryption,

that is false.

<https://www.horisen.com/en/blog/why-rcs-isnt-killing-sms>
RCS currently has one major weakness: it is not end-to-end
encrypted. From the security point of view, this is a huge issue.
However, Google claims they are not keeping messages that went
through their servers. The moment the message has been delivered to
the end-user, it is deleted from the RCS backend service. The only
reason why the messages could be kept for some time is to be
delivered when the end-user goes online. Still, lack of encryption
means service providers could read messages, and in case of some
governmental inquiry, they could be provided for inspection.

The second hurdle to overcome is the fact the protocol needs to
be accepted by all operators. We have mentioned earlier that 76
operators have already rolled out the service. Having in mind there
are some 800 mobile phone operators worldwide, it is easy to
conclude this is a rather small percentage.


<https://www.androidauthority.com/rcs-google-3090142/>
In a word, RCS is like SMS, but better. Except that it isn�t. Not
every operator has enabled it yet. Not all phones support it. Not
every implementation is the same � especially in terms of encryption
since that bit is optional. And even if you download Google Messages
and use the now-supposedly worldwide �Chat features� there, you�re
still at the mercy of Google�s servers which can go down or become
buggy any time. Which they have done rather frequently.


google has added end-to-end encryption to *their* messages app,
originally for individual messages and just recently for group chats.

that means that there's a lock-in for the google messages app for there
to be an encrypted conversation. anyone not using the google messages
app (i.e., iphone users) will *not* be encrypted.

google would need to provide and support their implementation to others
for there to be cross-platform interoperability.

history has shown that they are unlikely to do that.

I didn't see anything from Apple that said they'd abandon CSAM scanning. Did Apple say anywhere on the net that they have stopped working on CSAM?

They did not say it directly, in an effort to save face, but they
implied it.

they did say it directly, and it was not done to save face.

note that there is more than one aspect of their csam detection. it's
important to understand what apple is actually doing and how it works
rather than spew the usual mindless propaganda.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 12/8/2022 11:46 AM, RonTheGuy wrote:

On Dec 08, 2022, sms wrote
(in article<news:tmtdoe$u3ih$1@dont-email.me>):

This change in Apple policy means people's personal messages, documents, >>> and data will be secure from law enforcement, hackers, and Apple itself." >>> The group is now calling upon Apple to implement RCS messaging into iPhone, >>> a move the group says is a "non-negotiable next step."

Unlikely to happen unless it's required by some government rule like
what happened with USB-C. The last thing Apple wants is a default
cross-platform messaging platform. As long as WhatsApp, Signal, etc.,
require that the user install an app, iMessage will remain a big selling
point for the iPhone.

But why did Fight for the Future (a privacy-focused advocacy group) say RCS is a non-negotiable next step in privacy?

What does RCS have to do with privacy?

It's much more secure than SMS since it has end-to-end encryption, and
least for non-group messages. But Signal and WhatsApp are much better
and both are cross-platform.

I've found that most of my contacts have a WhatsApp account and many
have Signal accounts as well.

Love the EFF! And kudos to Apple for both the end to end encryption and
the abandonment of CSAM scanning.

I didn't see anything from Apple that said they'd abandon CSAM scanning.
Did Apple say anywhere on the net that they have stopped working on CSAM?

They did not say it directly, in an effort to save face, but they
implied it. The WSJ article stated: "Apple now says it has stopped
development of the system, following criticism from privacy and security researchers who worried that the software could be misused by
governments or hackers to gain access to sensitive information on the phone.

Mr. Federighi said Apple’s focus related to protecting children has been
on areas such as communication and giving parents tools to protect
children in iMessage. “Child sexual abuse can be headed off before it occurs,” he said. “That’s where we’re putting our energy going forward.”"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-08, NewsKrawler <newskrawl@krawl.org> wrote:

On 2022-12-08, Jolly Roger <jollyroger@pobox.com> wrote:

At least you can admit you were wrong. Good on you.

The confirmation from Apple I reported in response was from a year
ago.

without a clear cite from Apple, nobody can corroborate

You shouldn't have made the claim in the first place, genius. Try
honoring your own words, smart guy. Or do your words have no meaning?

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2022-12-08, sms <scharf.steven@geemail.com> wrote:

On 12/8/2022 11:46 AM, RonTheGuy wrote:

What does RCS have to do with privacy?

It's much more secure than SMS

Bullshit.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

nospam wrote:

In article <tmthha$uc7n$1@dont-email.me>, sms
<scharf.steven@geemail.com> wrote:

What does RCS have to do with privacy?

It's much more secure than SMS since it has end-to-end encryption,

that is false.

<https://www.horisen.com/en/blog/why-rcs-isnt-killing-sms>
RCS currently has one major weakness: it is not end-to-end
encrypted. From the security point of view, this is a huge issue.
However, Google claims they are not keeping messages that went
through their servers. The moment the message has been delivered to
the end-user, it is deleted from the RCS backend service. The only
reason why the messages could be kept for some time is to be
delivered when the end-user goes online. Still, lack of encryption
means service providers could read messages, and in case of some
governmental inquiry, they could be provided for inspection.

The second hurdle to overcome is the fact the protocol needs to
be accepted by all operators. We have mentioned earlier that 76
operators have already rolled out the service. Having in mind there
are some 800 mobile phone operators worldwide, it is easy to
conclude this is a rather small percentage.

<https://www.androidauthority.com/rcs-google-3090142/>
In a word, RCS is like SMS, but better. Except that it isn�t. Not
every operator has enabled it yet. Not all phones support it. Not
every implementation is the same � especially in terms of encryption
since that bit is optional. And even if you download Google Messages
and use the now-supposedly worldwide �Chat features� there, you�re
still at the mercy of Google�s servers which can go down or become
buggy any time. Which they have done rather frequently.

google has added end-to-end encryption to *their* messages app,
originally for individual messages and just recently for group chats.

that means that there's a lock-in for the google messages app for there
to be an encrypted conversation. anyone not using the google messages
app (i.e., iphone users) will *not* be encrypted.

google would need to provide and support their implementation to others
for there to be cross-platform interoperability.

history has shown that they are unlikely to do that.

I didn't see anything from Apple that said they'd abandon CSAM scanning. >>> Did Apple say anywhere on the net that they have stopped working on CSAM? >>

They did not say it directly, in an effort to save face, but they
implied it.

they did say it directly, and it was not done to save face.

note that there is more than one aspect of their csam detection. it's important to understand what apple is actually doing and how it works
rather than spew the usual mindless propaganda.

Yes, but some folks don't even give a shit what apple is doing.
Some still buy their phones, even after glorious steve blowjobs
croaked. I have one myself.

We'd like discussions about how these damn phones work, not shit
battles between religious cult assholes.

If you ask a question here, you get crap like "Not needed, and
nobody wants it". Then a full on shit-storm ensues.

Everyone seems to be a goddamn monk at the apple monastery, or else
an evil android wielding satan. Damn.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

NewsKrawler <newskrawl@krawl.org> wrote:

https://arstechnica.com/gadgets/2022/12/apple-adds-end-to-end-encryption-to-icloud-device-backups-and-more/
Apple adds end-to-end encryption to iCloud backups & Apple

Apple abandons its plans for CSAM scanning, too. https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/

Previously, 14 data categories within iCloud were protected. This new
feature brings that count to 23, including photos, notes, voice memos, reminders, Safari bookmarks, and iCloud backups of the contents of your devices. Not everything is encrypted in this way, though. Critically, calendar and mail are untouched here. Apple says they are not covered. US-based participants in the Apple Beta Software Program can start using Advanced Data Protection today, and it will roll out to more Americans by year's end. If you're outside the US, you'll have to wait until sometime in 2023, Apple says.

Apple also announced iCloud users may now use hardware security keys like YubiKeys. Both NFC keys and plug-in keys are supported.

Second, there's iMessage Contact Key Verification, which can alert "users
who face extraordinary digital threats," like journalists, if
state-sponsored actors are hijacking or spying on their conversations, in some cases.

In tandem with today's announcements, Apple confirmed something most of us already figured: It is no longer working on a controversial system that was intended to identify child sexual-abuse material on users' iPhones-the company changed course after a public privacy and security backlash.

More good news.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)